authentik.stages.deny.tests
deny tests
1"""deny tests""" 2 3from django.urls import reverse 4 5from authentik.core.tests.utils import create_test_admin_user, create_test_flow 6from authentik.flows.markers import StageMarker 7from authentik.flows.models import FlowDesignation, FlowStageBinding 8from authentik.flows.planner import FlowPlan 9from authentik.flows.tests import FlowTestCase 10from authentik.flows.views.executor import SESSION_KEY_PLAN 11from authentik.stages.deny.models import DenyStage 12 13 14class TestUserDenyStage(FlowTestCase): 15 """Deny tests""" 16 17 def setUp(self): 18 super().setUp() 19 self.user = create_test_admin_user() 20 self.flow = create_test_flow(FlowDesignation.AUTHENTICATION) 21 self.stage = DenyStage.objects.create(name="logout") 22 self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) 23 24 def test_valid_get(self): 25 """Test with a valid pending user and backend""" 26 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 27 session = self.client.session 28 session[SESSION_KEY_PLAN] = plan 29 session.save() 30 31 response = self.client.get( 32 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 33 ) 34 35 self.assertStageResponse(response, self.flow, component="ak-stage-access-denied") 36 37 def test_valid_post(self): 38 """Test with a valid pending user and backend""" 39 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 40 session = self.client.session 41 session[SESSION_KEY_PLAN] = plan 42 session.save() 43 44 response = self.client.post( 45 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 46 ) 47 48 self.assertStageResponse(response, self.flow, component="ak-stage-access-denied") 49 50 def test_message_static(self): 51 """Test with a static error message""" 52 self.stage.deny_message = "foo" 53 self.stage.save() 54 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 55 session = self.client.session 56 session[SESSION_KEY_PLAN] = plan 57 session.save() 58 59 response = self.client.get( 60 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 61 ) 62 63 self.assertStageResponse( 64 response, self.flow, component="ak-stage-access-denied", error_message="foo" 65 ) 66 67 def test_message_overwrite(self): 68 """Test with an overwritten error message""" 69 self.stage.deny_message = "foo" 70 self.stage.save() 71 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 72 plan.context["deny_message"] = "bar" 73 session = self.client.session 74 session[SESSION_KEY_PLAN] = plan 75 session.save() 76 77 response = self.client.get( 78 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 79 ) 80 81 self.assertStageResponse( 82 response, self.flow, component="ak-stage-access-denied", error_message="bar" 83 )
15class TestUserDenyStage(FlowTestCase): 16 """Deny tests""" 17 18 def setUp(self): 19 super().setUp() 20 self.user = create_test_admin_user() 21 self.flow = create_test_flow(FlowDesignation.AUTHENTICATION) 22 self.stage = DenyStage.objects.create(name="logout") 23 self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) 24 25 def test_valid_get(self): 26 """Test with a valid pending user and backend""" 27 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 28 session = self.client.session 29 session[SESSION_KEY_PLAN] = plan 30 session.save() 31 32 response = self.client.get( 33 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 34 ) 35 36 self.assertStageResponse(response, self.flow, component="ak-stage-access-denied") 37 38 def test_valid_post(self): 39 """Test with a valid pending user and backend""" 40 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 41 session = self.client.session 42 session[SESSION_KEY_PLAN] = plan 43 session.save() 44 45 response = self.client.post( 46 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 47 ) 48 49 self.assertStageResponse(response, self.flow, component="ak-stage-access-denied") 50 51 def test_message_static(self): 52 """Test with a static error message""" 53 self.stage.deny_message = "foo" 54 self.stage.save() 55 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 56 session = self.client.session 57 session[SESSION_KEY_PLAN] = plan 58 session.save() 59 60 response = self.client.get( 61 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 62 ) 63 64 self.assertStageResponse( 65 response, self.flow, component="ak-stage-access-denied", error_message="foo" 66 ) 67 68 def test_message_overwrite(self): 69 """Test with an overwritten error message""" 70 self.stage.deny_message = "foo" 71 self.stage.save() 72 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 73 plan.context["deny_message"] = "bar" 74 session = self.client.session 75 session[SESSION_KEY_PLAN] = plan 76 session.save() 77 78 response = self.client.get( 79 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 80 ) 81 82 self.assertStageResponse( 83 response, self.flow, component="ak-stage-access-denied", error_message="bar" 84 )
Deny tests
def
setUp(self):
18 def setUp(self): 19 super().setUp() 20 self.user = create_test_admin_user() 21 self.flow = create_test_flow(FlowDesignation.AUTHENTICATION) 22 self.stage = DenyStage.objects.create(name="logout") 23 self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
Hook method for setting up the test fixture before exercising it.
def
test_valid_get(self):
25 def test_valid_get(self): 26 """Test with a valid pending user and backend""" 27 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 28 session = self.client.session 29 session[SESSION_KEY_PLAN] = plan 30 session.save() 31 32 response = self.client.get( 33 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 34 ) 35 36 self.assertStageResponse(response, self.flow, component="ak-stage-access-denied")
Test with a valid pending user and backend
def
test_valid_post(self):
38 def test_valid_post(self): 39 """Test with a valid pending user and backend""" 40 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 41 session = self.client.session 42 session[SESSION_KEY_PLAN] = plan 43 session.save() 44 45 response = self.client.post( 46 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 47 ) 48 49 self.assertStageResponse(response, self.flow, component="ak-stage-access-denied")
Test with a valid pending user and backend
def
test_message_static(self):
51 def test_message_static(self): 52 """Test with a static error message""" 53 self.stage.deny_message = "foo" 54 self.stage.save() 55 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 56 session = self.client.session 57 session[SESSION_KEY_PLAN] = plan 58 session.save() 59 60 response = self.client.get( 61 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 62 ) 63 64 self.assertStageResponse( 65 response, self.flow, component="ak-stage-access-denied", error_message="foo" 66 )
Test with a static error message
def
test_message_overwrite(self):
68 def test_message_overwrite(self): 69 """Test with an overwritten error message""" 70 self.stage.deny_message = "foo" 71 self.stage.save() 72 plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) 73 plan.context["deny_message"] = "bar" 74 session = self.client.session 75 session[SESSION_KEY_PLAN] = plan 76 session.save() 77 78 response = self.client.get( 79 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 80 ) 81 82 self.assertStageResponse( 83 response, self.flow, component="ak-stage-access-denied", error_message="bar" 84 )
Test with an overwritten error message