*: apply new black styling
This commit is contained in:
Jens Langhammer
@ -104,7 +104,8 @@ class TestFlowsEnroll(SeleniumTestCase):
|
||||
|
||||
self.wait_for_url(self.url("passbook_core:user-settings"))
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, "foo",
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
"foo",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
||||
@ -208,7 +209,8 @@ class TestFlowsEnroll(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "user-settings").click()
|
||||
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, "foo",
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
"foo",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
||||
|
||||
@ -21,5 +21,6 @@ class TestFlowsLogin(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, USER().username,
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
USER().username,
|
||||
)
|
||||
|
||||
@ -48,7 +48,8 @@ class TestFlowsOTP(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_code").send_keys(Keys.ENTER)
|
||||
self.wait_for_url(self.url("passbook_core:overview"))
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, USER().username,
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
USER().username,
|
||||
)
|
||||
|
||||
def test_otp_totp_setup(self):
|
||||
@ -62,7 +63,8 @@ class TestFlowsOTP(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, USER().username,
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
USER().username,
|
||||
)
|
||||
|
||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-page__header").click()
|
||||
@ -107,7 +109,8 @@ class TestFlowsOTP(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, USER().username,
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
USER().username,
|
||||
)
|
||||
|
||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-page__header").click()
|
||||
|
||||
@ -77,7 +77,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||
authorization_flow=authorization_flow,
|
||||
)
|
||||
Application.objects.create(
|
||||
name="Grafana", slug="grafana", provider=provider,
|
||||
name="Grafana",
|
||||
slug="grafana",
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
self.driver.get("http://localhost:3000")
|
||||
@ -129,7 +131,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||
authorization_flow=authorization_flow,
|
||||
)
|
||||
app = Application.objects.create(
|
||||
name="Grafana", slug="grafana", provider=provider,
|
||||
name="Grafana",
|
||||
slug="grafana",
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
self.driver.get("http://localhost:3000")
|
||||
@ -143,13 +147,17 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||
sleep(1)
|
||||
|
||||
self.assertEqual(
|
||||
app.name, self.driver.find_element(By.ID, "application-name").text,
|
||||
app.name,
|
||||
self.driver.find_element(By.ID, "application-name").text,
|
||||
)
|
||||
self.assertEqual(
|
||||
"GitHub Compatibility: Access you Email addresses",
|
||||
self.driver.find_element(By.ID, "scope-user:email").text,
|
||||
)
|
||||
self.driver.find_element(By.CSS_SELECTOR, ("[type=submit]"),).click()
|
||||
self.driver.find_element(
|
||||
By.CSS_SELECTOR,
|
||||
("[type=submit]"),
|
||||
).click()
|
||||
|
||||
self.wait_for_url("http://localhost:3000/?orgId=1")
|
||||
self.driver.get("http://localhost:3000/profile")
|
||||
@ -192,7 +200,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||
authorization_flow=authorization_flow,
|
||||
)
|
||||
app = Application.objects.create(
|
||||
name="Grafana", slug="grafana", provider=provider,
|
||||
name="Grafana",
|
||||
slug="grafana",
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
negative_policy = ExpressionPolicy.objects.create(
|
||||
|
||||
@ -104,7 +104,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name="Grafana", slug=APPLICATION_SLUG, provider=provider,
|
||||
name="Grafana",
|
||||
slug=APPLICATION_SLUG,
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
self.driver.get("http://localhost:3000")
|
||||
@ -144,7 +146,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name="Grafana", slug=APPLICATION_SLUG, provider=provider,
|
||||
name="Grafana",
|
||||
slug=APPLICATION_SLUG,
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
self.driver.get("http://localhost:3000")
|
||||
@ -203,7 +207,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name="Grafana", slug=APPLICATION_SLUG, provider=provider,
|
||||
name="Grafana",
|
||||
slug=APPLICATION_SLUG,
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
self.driver.get("http://localhost:3000")
|
||||
@ -270,7 +276,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
app = Application.objects.create(
|
||||
name="Grafana", slug=APPLICATION_SLUG, provider=provider,
|
||||
name="Grafana",
|
||||
slug=APPLICATION_SLUG,
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
self.driver.get("http://localhost:3000")
|
||||
@ -282,7 +290,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||
|
||||
self.assertEqual(
|
||||
app.name, self.driver.find_element(By.ID, "application-name").text,
|
||||
app.name,
|
||||
self.driver.find_element(By.ID, "application-name").text,
|
||||
)
|
||||
self.wait.until(
|
||||
ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
|
||||
@ -340,7 +349,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
app = Application.objects.create(
|
||||
name="Grafana", slug=APPLICATION_SLUG, provider=provider,
|
||||
name="Grafana",
|
||||
slug=APPLICATION_SLUG,
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
negative_policy = ExpressionPolicy.objects.create(
|
||||
|
||||
@ -100,7 +100,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name=self.application_slug, slug=self.application_slug, provider=provider,
|
||||
name=self.application_slug,
|
||||
slug=self.application_slug,
|
||||
provider=provider,
|
||||
)
|
||||
self.container = self.setup_client()
|
||||
|
||||
@ -141,7 +143,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name=self.application_slug, slug=self.application_slug, provider=provider,
|
||||
name=self.application_slug,
|
||||
slug=self.application_slug,
|
||||
provider=provider,
|
||||
)
|
||||
self.container = self.setup_client()
|
||||
|
||||
@ -189,7 +193,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
app = Application.objects.create(
|
||||
name=self.application_slug, slug=self.application_slug, provider=provider,
|
||||
name=self.application_slug,
|
||||
slug=self.application_slug,
|
||||
provider=provider,
|
||||
)
|
||||
self.container = self.setup_client()
|
||||
|
||||
@ -202,7 +208,8 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||
|
||||
self.assertEqual(
|
||||
app.name, self.driver.find_element(By.ID, "application-name").text,
|
||||
app.name,
|
||||
self.driver.find_element(By.ID, "application-name").text,
|
||||
)
|
||||
self.wait.until(
|
||||
ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
|
||||
@ -246,7 +253,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||
)
|
||||
provider.save()
|
||||
app = Application.objects.create(
|
||||
name=self.application_slug, slug=self.application_slug, provider=provider,
|
||||
name=self.application_slug,
|
||||
slug=self.application_slug,
|
||||
provider=provider,
|
||||
)
|
||||
|
||||
negative_policy = ExpressionPolicy.objects.create(
|
||||
|
||||
@ -84,7 +84,9 @@ class TestProviderSAML(SeleniumTestCase):
|
||||
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name="SAML", slug="passbook-saml", provider=provider,
|
||||
name="SAML",
|
||||
slug="passbook-saml",
|
||||
provider=provider,
|
||||
)
|
||||
self.container = self.setup_client(provider)
|
||||
self.driver.get("http://localhost:9009")
|
||||
@ -121,7 +123,9 @@ class TestProviderSAML(SeleniumTestCase):
|
||||
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
|
||||
provider.save()
|
||||
app = Application.objects.create(
|
||||
name="SAML", slug="passbook-saml", provider=provider,
|
||||
name="SAML",
|
||||
slug="passbook-saml",
|
||||
provider=provider,
|
||||
)
|
||||
self.container = self.setup_client(provider)
|
||||
self.driver.get("http://localhost:9009")
|
||||
@ -131,7 +135,8 @@ class TestProviderSAML(SeleniumTestCase):
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||
self.assertEqual(
|
||||
app.name, self.driver.find_element(By.ID, "application-name").text,
|
||||
app.name,
|
||||
self.driver.find_element(By.ID, "application-name").text,
|
||||
)
|
||||
sleep(1)
|
||||
self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
|
||||
@ -163,7 +168,9 @@ class TestProviderSAML(SeleniumTestCase):
|
||||
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
|
||||
provider.save()
|
||||
Application.objects.create(
|
||||
name="SAML", slug="passbook-saml", provider=provider,
|
||||
name="SAML",
|
||||
slug="passbook-saml",
|
||||
provider=provider,
|
||||
)
|
||||
self.container = self.setup_client(provider)
|
||||
self.driver.get(
|
||||
@ -209,7 +216,9 @@ class TestProviderSAML(SeleniumTestCase):
|
||||
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
|
||||
provider.save()
|
||||
app = Application.objects.create(
|
||||
name="SAML", slug="passbook-saml", provider=provider,
|
||||
name="SAML",
|
||||
slug="passbook-saml",
|
||||
provider=provider,
|
||||
)
|
||||
PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)
|
||||
self.container = self.setup_client(provider)
|
||||
|
||||
@ -144,13 +144,15 @@ class TestSourceOAuth2(SeleniumTestCase):
|
||||
self.driver.get(self.url("passbook_core:user-settings"))
|
||||
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, "foo",
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
"foo",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_name").get_attribute("value"), "admin",
|
||||
self.driver.find_element(By.ID, "id_name").get_attribute("value"),
|
||||
"admin",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_email").get_attribute("value"),
|
||||
@ -225,13 +227,15 @@ class TestSourceOAuth2(SeleniumTestCase):
|
||||
self.driver.get(self.url("passbook_core:user-settings"))
|
||||
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, "foo",
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
"foo",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_name").get_attribute("value"), "admin",
|
||||
self.driver.find_element(By.ID, "id_name").get_attribute("value"),
|
||||
"admin",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_email").get_attribute("value"),
|
||||
@ -317,7 +321,8 @@ class TestSourceOAuth1(SeleniumTestCase):
|
||||
self.driver.get(self.url("passbook_core:user-settings"))
|
||||
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "user-settings").text, "example-user",
|
||||
self.driver.find_element(By.ID, "user-settings").text,
|
||||
"example-user",
|
||||
)
|
||||
self.assertEqual(
|
||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"),
|
||||
|
||||
@ -98,7 +98,9 @@ class TestSourceSAML(SeleniumTestCase):
|
||||
authentication_flow = Flow.objects.get(slug="default-source-authentication")
|
||||
enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
|
||||
keypair = CertificateKeyPair.objects.create(
|
||||
name="test-idp-cert", certificate_data=IDP_CERT, key_data=IDP_KEY,
|
||||
name="test-idp-cert",
|
||||
certificate_data=IDP_CERT,
|
||||
key_data=IDP_KEY,
|
||||
)
|
||||
|
||||
SAMLSource.objects.create(
|
||||
@ -145,7 +147,9 @@ class TestSourceSAML(SeleniumTestCase):
|
||||
authentication_flow = Flow.objects.get(slug="default-source-authentication")
|
||||
enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
|
||||
keypair = CertificateKeyPair.objects.create(
|
||||
name="test-idp-cert", certificate_data=IDP_CERT, key_data=IDP_KEY,
|
||||
name="test-idp-cert",
|
||||
certificate_data=IDP_CERT,
|
||||
key_data=IDP_KEY,
|
||||
)
|
||||
|
||||
SAMLSource.objects.create(
|
||||
@ -194,7 +198,9 @@ class TestSourceSAML(SeleniumTestCase):
|
||||
authentication_flow = Flow.objects.get(slug="default-source-authentication")
|
||||
enrollment_flow = Flow.objects.get(slug="default-source-enrollment")
|
||||
keypair = CertificateKeyPair.objects.create(
|
||||
name="test-idp-cert", certificate_data=IDP_CERT, key_data=IDP_KEY,
|
||||
name="test-idp-cert",
|
||||
certificate_data=IDP_CERT,
|
||||
key_data=IDP_KEY,
|
||||
)
|
||||
|
||||
SAMLSource.objects.create(
|
||||
|
||||
@ -49,7 +49,9 @@ class YAMLField(forms.JSONField):
|
||||
converted = yaml.safe_load(value)
|
||||
except yaml.YAMLError:
|
||||
raise forms.ValidationError(
|
||||
self.error_messages["invalid"], code="invalid", params={"value": value},
|
||||
self.error_messages["invalid"],
|
||||
code="invalid",
|
||||
params={"value": value},
|
||||
)
|
||||
if isinstance(converted, str):
|
||||
return YAMLString(converted)
|
||||
|
||||
@ -191,10 +191,20 @@ urlpatterns = [
|
||||
),
|
||||
# Flows
|
||||
path("flows/", flows.FlowListView.as_view(), name="flows"),
|
||||
path("flows/create/", flows.FlowCreateView.as_view(), name="flow-create",),
|
||||
path("flows/import/", flows.FlowImportView.as_view(), name="flow-import",),
|
||||
path(
|
||||
"flows/<uuid:pk>/update/", flows.FlowUpdateView.as_view(), name="flow-update",
|
||||
"flows/create/",
|
||||
flows.FlowCreateView.as_view(),
|
||||
name="flow-create",
|
||||
),
|
||||
path(
|
||||
"flows/import/",
|
||||
flows.FlowImportView.as_view(),
|
||||
name="flow-import",
|
||||
),
|
||||
path(
|
||||
"flows/<uuid:pk>/update/",
|
||||
flows.FlowUpdateView.as_view(),
|
||||
name="flow-update",
|
||||
),
|
||||
path(
|
||||
"flows/<uuid:pk>/execute/",
|
||||
@ -202,10 +212,14 @@ urlpatterns = [
|
||||
name="flow-execute",
|
||||
),
|
||||
path(
|
||||
"flows/<uuid:pk>/export/", flows.FlowExportView.as_view(), name="flow-export",
|
||||
"flows/<uuid:pk>/export/",
|
||||
flows.FlowExportView.as_view(),
|
||||
name="flow-export",
|
||||
),
|
||||
path(
|
||||
"flows/<uuid:pk>/delete/", flows.FlowDeleteView.as_view(), name="flow-delete",
|
||||
"flows/<uuid:pk>/delete/",
|
||||
flows.FlowDeleteView.as_view(),
|
||||
name="flow-delete",
|
||||
),
|
||||
# Property Mappings
|
||||
path(
|
||||
@ -273,9 +287,15 @@ urlpatterns = [
|
||||
name="certificatekeypair-delete",
|
||||
),
|
||||
# Outposts
|
||||
path("outposts/", outposts.OutpostListView.as_view(), name="outposts",),
|
||||
path(
|
||||
"outposts/create/", outposts.OutpostCreateView.as_view(), name="outpost-create",
|
||||
"outposts/",
|
||||
outposts.OutpostListView.as_view(),
|
||||
name="outposts",
|
||||
),
|
||||
path(
|
||||
"outposts/create/",
|
||||
outposts.OutpostCreateView.as_view(),
|
||||
name="outpost-create",
|
||||
),
|
||||
path(
|
||||
"outposts/<uuid:pk>/update/",
|
||||
|
||||
@ -100,7 +100,9 @@ class FlowDebugExecuteView(LoginRequiredMixin, PermissionRequiredMixin, DetailVi
|
||||
plan = planner.plan(self.request, {PLAN_CONTEXT_PENDING_USER: request.user})
|
||||
self.request.session[SESSION_KEY_PLAN] = plan
|
||||
return redirect_with_qs(
|
||||
"passbook_flows:flow-executor-shell", self.request.GET, flow_slug=flow.slug,
|
||||
"passbook_flows:flow-executor-shell",
|
||||
self.request.GET,
|
||||
flow_slug=flow.slug,
|
||||
)
|
||||
|
||||
|
||||
|
||||
@ -114,7 +114,9 @@ info = openapi.Info(
|
||||
license=openapi.License(name="MIT License"),
|
||||
)
|
||||
SchemaView = get_schema_view(
|
||||
info, public=True, permission_classes=(CustomObjectPermissions,),
|
||||
info,
|
||||
public=True,
|
||||
permission_classes=(CustomObjectPermissions,),
|
||||
)
|
||||
|
||||
urlpatterns = [
|
||||
|
||||
@ -47,7 +47,10 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
("date", models.DateTimeField(auto_now_add=True)),
|
||||
("app", models.TextField()),
|
||||
("context", models.JSONField(blank=True, default=dict),),
|
||||
(
|
||||
"context",
|
||||
models.JSONField(blank=True, default=dict),
|
||||
),
|
||||
("client_ip", models.GenericIPAddressField(null=True)),
|
||||
("created", models.DateTimeField(auto_now_add=True)),
|
||||
(
|
||||
|
||||
@ -49,10 +49,15 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name="event", name="user_json", field=models.JSONField(default=dict),
|
||||
model_name="event",
|
||||
name="user_json",
|
||||
field=models.JSONField(default=dict),
|
||||
),
|
||||
migrations.RunPython(convert_user_to_json),
|
||||
migrations.RemoveField(model_name="event", name="user",),
|
||||
migrations.RemoveField(
|
||||
model_name="event",
|
||||
name="user",
|
||||
),
|
||||
migrations.RenameField(
|
||||
model_name="event", old_name="user_json", new_name="user"
|
||||
),
|
||||
|
||||
@ -108,11 +108,18 @@ class Migration(migrations.Migration):
|
||||
("uuid", models.UUIDField(default=uuid.uuid4, editable=False)),
|
||||
("name", models.TextField(help_text="User's display name.")),
|
||||
("password_change_date", models.DateTimeField(auto_now_add=True)),
|
||||
("attributes", models.JSONField(blank=True, default=dict),),
|
||||
(
|
||||
"attributes",
|
||||
models.JSONField(blank=True, default=dict),
|
||||
),
|
||||
],
|
||||
options={"permissions": (("reset_user_password", "Reset Password"),),},
|
||||
options={
|
||||
"permissions": (("reset_user_password", "Reset Password"),),
|
||||
},
|
||||
bases=(guardian.mixins.GuardianUserMixin, models.Model),
|
||||
managers=[("objects", django.contrib.auth.models.UserManager()),],
|
||||
managers=[
|
||||
("objects", django.contrib.auth.models.UserManager()),
|
||||
],
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="PropertyMapping",
|
||||
@ -192,7 +199,9 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
],
|
||||
options={"unique_together": {("user", "source")},},
|
||||
options={
|
||||
"unique_together": {("user", "source")},
|
||||
},
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="Token",
|
||||
@ -223,7 +232,10 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
],
|
||||
options={"verbose_name": "Token", "verbose_name_plural": "Tokens",},
|
||||
options={
|
||||
"verbose_name": "Token",
|
||||
"verbose_name_plural": "Tokens",
|
||||
},
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="Provider",
|
||||
@ -258,7 +270,10 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
("name", models.CharField(max_length=80, verbose_name="name")),
|
||||
("attributes", models.JSONField(blank=True, default=dict),),
|
||||
(
|
||||
"attributes",
|
||||
models.JSONField(blank=True, default=dict),
|
||||
),
|
||||
(
|
||||
"parent",
|
||||
models.ForeignKey(
|
||||
@ -270,7 +285,9 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
],
|
||||
options={"unique_together": {("name", "parent")},},
|
||||
options={
|
||||
"unique_together": {("name", "parent")},
|
||||
},
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="Application",
|
||||
|
||||
@ -12,7 +12,10 @@ class Migration(migrations.Migration):
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(model_name="application", name="skip_authorization",),
|
||||
migrations.RemoveField(
|
||||
model_name="application",
|
||||
name="skip_authorization",
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name="source",
|
||||
name="authentication_flow",
|
||||
|
||||
@ -25,8 +25,14 @@ class Migration(migrations.Migration):
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(model_name="user", name="is_superuser",),
|
||||
migrations.RemoveField(model_name="user", name="is_staff",),
|
||||
migrations.RemoveField(
|
||||
model_name="user",
|
||||
name="is_superuser",
|
||||
),
|
||||
migrations.RemoveField(
|
||||
model_name="user",
|
||||
name="is_staff",
|
||||
),
|
||||
migrations.RunPython(create_default_user),
|
||||
migrations.AddField(
|
||||
model_name="user",
|
||||
|
||||
@ -13,7 +13,10 @@ def create_default_admin_group(apps: Apps, schema_editor: BaseDatabaseSchemaEdit
|
||||
|
||||
# Creates a default admin group
|
||||
group, _ = Group.objects.using(db_alias).get_or_create(
|
||||
is_superuser=True, defaults={"name": "passbook Admins",}
|
||||
is_superuser=True,
|
||||
defaults={
|
||||
"name": "passbook Admins",
|
||||
},
|
||||
)
|
||||
group.users.set(User.objects.filter(username="pbadmin"))
|
||||
group.save()
|
||||
@ -26,8 +29,14 @@ class Migration(migrations.Migration):
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(model_name="user", name="is_superuser",),
|
||||
migrations.RemoveField(model_name="user", name="is_staff",),
|
||||
migrations.RemoveField(
|
||||
model_name="user",
|
||||
name="is_superuser",
|
||||
),
|
||||
migrations.RemoveField(
|
||||
model_name="user",
|
||||
name="is_staff",
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="user",
|
||||
name="pb_groups",
|
||||
@ -44,6 +53,9 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
migrations.RunPython(create_default_admin_group),
|
||||
migrations.AlterModelManagers(
|
||||
name="user", managers=[("objects", passbook.core.models.UserManager()),],
|
||||
name="user",
|
||||
managers=[
|
||||
("objects", passbook.core.models.UserManager()),
|
||||
],
|
||||
),
|
||||
]
|
||||
|
||||
@ -56,7 +56,12 @@ class Group(models.Model):
|
||||
|
||||
class Meta:
|
||||
|
||||
unique_together = (("name", "parent",),)
|
||||
unique_together = (
|
||||
(
|
||||
"name",
|
||||
"parent",
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class UserManager(DjangoUserManager):
|
||||
|
||||
@ -30,9 +30,9 @@ def user_stages(context: RequestContext) -> List[UIUserSettings]:
|
||||
def user_sources(context: RequestContext) -> List[UIUserSettings]:
|
||||
"""Return a list of all sources which are enabled for the user"""
|
||||
user = context.get("request").user
|
||||
_all_sources: Iterable[Source] = (
|
||||
Source.objects.filter(enabled=True).select_subclasses()
|
||||
)
|
||||
_all_sources: Iterable[Source] = Source.objects.filter(
|
||||
enabled=True
|
||||
).select_subclasses()
|
||||
matching_sources: List[UIUserSettings] = []
|
||||
for source in _all_sources:
|
||||
user_settings = source.ui_user_settings
|
||||
|
||||
@ -36,7 +36,8 @@ class CertificateBuilder:
|
||||
x509.Name(
|
||||
[
|
||||
x509.NameAttribute(
|
||||
NameOID.COMMON_NAME, "passbook Self-signed Certificate",
|
||||
NameOID.COMMON_NAME,
|
||||
"passbook Self-signed Certificate",
|
||||
),
|
||||
x509.NameAttribute(NameOID.ORGANIZATION_NAME, "passbook"),
|
||||
x509.NameAttribute(
|
||||
@ -49,7 +50,8 @@ class CertificateBuilder:
|
||||
x509.Name(
|
||||
[
|
||||
x509.NameAttribute(
|
||||
NameOID.COMMON_NAME, "passbook Self-signed Certificate",
|
||||
NameOID.COMMON_NAME,
|
||||
"passbook Self-signed Certificate",
|
||||
),
|
||||
]
|
||||
)
|
||||
|
||||
@ -58,7 +58,9 @@ class Command(BaseCommand): # pragma: no cover
|
||||
help="How many processes should be started.",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--csv", action="store_true", help="Output results as CSV",
|
||||
"--csv",
|
||||
action="store_true",
|
||||
help="Output results as CSV",
|
||||
)
|
||||
|
||||
def benchmark_flows(self, proc_count) -> str:
|
||||
|
||||
@ -53,7 +53,10 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
],
|
||||
options={"verbose_name": "Flow", "verbose_name_plural": "Flows",},
|
||||
options={
|
||||
"verbose_name": "Flow",
|
||||
"verbose_name_plural": "Flows",
|
||||
},
|
||||
bases=("passbook_policies.policybindingmodel",),
|
||||
),
|
||||
migrations.CreateModel(
|
||||
|
||||
@ -21,13 +21,18 @@ class Migration(migrations.Migration):
|
||||
},
|
||||
),
|
||||
migrations.RenameField(
|
||||
model_name="flowstagebinding", old_name="flow", new_name="target",
|
||||
model_name="flowstagebinding",
|
||||
old_name="flow",
|
||||
new_name="target",
|
||||
),
|
||||
migrations.RenameField(
|
||||
model_name="flow", old_name="pbm", new_name="policybindingmodel_ptr",
|
||||
model_name="flow",
|
||||
old_name="pbm",
|
||||
new_name="policybindingmodel_ptr",
|
||||
),
|
||||
migrations.AlterUniqueTogether(
|
||||
name="flowstagebinding", unique_together={("target", "stage", "order")},
|
||||
name="flowstagebinding",
|
||||
unique_together={("target", "stage", "order")},
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="flow",
|
||||
|
||||
@ -42,16 +42,30 @@ def create_default_authentication_flow(
|
||||
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||
slug="default-authentication-flow",
|
||||
designation=FlowDesignation.AUTHENTICATION,
|
||||
defaults={"name": "Welcome to passbook!",},
|
||||
defaults={
|
||||
"name": "Welcome to passbook!",
|
||||
},
|
||||
)
|
||||
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||
target=flow, stage=identification_stage, defaults={"order": 0,},
|
||||
target=flow,
|
||||
stage=identification_stage,
|
||||
defaults={
|
||||
"order": 0,
|
||||
},
|
||||
)
|
||||
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||
target=flow, stage=password_stage, defaults={"order": 1,},
|
||||
target=flow,
|
||||
stage=password_stage,
|
||||
defaults={
|
||||
"order": 1,
|
||||
},
|
||||
)
|
||||
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||
target=flow, stage=login_stage, defaults={"order": 2,},
|
||||
target=flow,
|
||||
stage=login_stage,
|
||||
defaults={
|
||||
"order": 2,
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
@ -70,12 +84,16 @@ def create_default_invalidation_flow(
|
||||
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||
slug="default-invalidation-flow",
|
||||
designation=FlowDesignation.INVALIDATION,
|
||||
defaults={"name": "Logout",},
|
||||
defaults={
|
||||
"name": "Logout",
|
||||
},
|
||||
)
|
||||
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||
target=flow,
|
||||
stage=UserLogoutStage.objects.using(db_alias).first(),
|
||||
defaults={"order": 0,},
|
||||
defaults={
|
||||
"order": 0,
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
|
||||
@ -44,7 +44,9 @@ def create_default_source_enrollment_flow(
|
||||
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||
slug="default-source-enrollment",
|
||||
designation=FlowDesignation.ENROLLMENT,
|
||||
defaults={"name": "Welcome to passbook!",},
|
||||
defaults={
|
||||
"name": "Welcome to passbook!",
|
||||
},
|
||||
)
|
||||
PolicyBinding.objects.using(db_alias).update_or_create(
|
||||
policy=flow_policy, target=flow, defaults={"order": 0}
|
||||
@ -114,14 +116,18 @@ def create_default_source_authentication_flow(
|
||||
# Create a policy that only allows this flow when doing an SSO Request
|
||||
flow_policy, _ = ExpressionPolicy.objects.using(db_alias).update_or_create(
|
||||
name="default-source-authentication-if-sso",
|
||||
defaults={"expression": FLOW_POLICY_EXPRESSION,},
|
||||
defaults={
|
||||
"expression": FLOW_POLICY_EXPRESSION,
|
||||
},
|
||||
)
|
||||
|
||||
# This creates a Flow used by sources to authenticate users
|
||||
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||
slug="default-source-authentication",
|
||||
designation=FlowDesignation.AUTHENTICATION,
|
||||
defaults={"name": "Welcome to passbook!",},
|
||||
defaults={
|
||||
"name": "Welcome to passbook!",
|
||||
},
|
||||
)
|
||||
PolicyBinding.objects.using(db_alias).update_or_create(
|
||||
policy=flow_policy, target=flow, defaults={"order": 0}
|
||||
|
||||
@ -47,6 +47,8 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
migrations.RunPython(add_title_for_defaults),
|
||||
migrations.AlterField(
|
||||
model_name="flow", name="title", field=models.TextField(),
|
||||
model_name="flow",
|
||||
name="title",
|
||||
field=models.TextField(),
|
||||
),
|
||||
]
|
||||
|
||||
@ -21,6 +21,8 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="stage", name="name", field=models.TextField(unique=True),
|
||||
model_name="stage",
|
||||
name="name",
|
||||
field=models.TextField(unique=True),
|
||||
),
|
||||
]
|
||||
|
||||
@ -177,6 +177,7 @@ class FlowPlanner:
|
||||
marker = ReevaluateMarker(binding=binding, user=user)
|
||||
plan.markers.append(marker)
|
||||
LOGGER.debug(
|
||||
"f(plan): Finished building", flow=self.flow,
|
||||
"f(plan): Finished building",
|
||||
flow=self.flow,
|
||||
)
|
||||
return plan
|
||||
|
||||
@ -52,7 +52,8 @@ class TestFlowPlanner(TestCase):
|
||||
planner.plan(request)
|
||||
|
||||
@patch(
|
||||
"passbook.policies.engine.PolicyEngine.result", POLICY_RETURN_FALSE,
|
||||
"passbook.policies.engine.PolicyEngine.result",
|
||||
POLICY_RETURN_FALSE,
|
||||
)
|
||||
def test_non_applicable_plan(self):
|
||||
"""Test that empty plan raises exception"""
|
||||
|
||||
@ -39,7 +39,9 @@ class TestFlowTransfer(TransactionTestCase):
|
||||
title=generate_client_id(),
|
||||
)
|
||||
FlowStageBinding.objects.update_or_create(
|
||||
target=flow, stage=login_stage, order=0,
|
||||
target=flow,
|
||||
stage=login_stage,
|
||||
order=0,
|
||||
)
|
||||
|
||||
exporter = FlowExporter(flow)
|
||||
@ -59,7 +61,8 @@ class TestFlowTransfer(TransactionTestCase):
|
||||
stage_name = generate_client_id()
|
||||
with transaction_rollback():
|
||||
flow_policy = ExpressionPolicy.objects.create(
|
||||
name=generate_client_id(), expression="return True",
|
||||
name=generate_client_id(),
|
||||
expression="return True",
|
||||
)
|
||||
flow = Flow.objects.create(
|
||||
slug=flow_slug,
|
||||
|
||||
@ -63,10 +63,12 @@ class TestFlowExecutor(TestCase):
|
||||
self.assertEqual(cancel_mock.call_count, 2)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
@patch(
|
||||
"passbook.policies.engine.PolicyEngine.result", POLICY_RETURN_FALSE,
|
||||
"passbook.policies.engine.PolicyEngine.result",
|
||||
POLICY_RETURN_FALSE,
|
||||
)
|
||||
def test_invalid_non_applicable_flow(self):
|
||||
"""Tests that a non-applicable flow returns the correct error message"""
|
||||
@ -85,7 +87,8 @@ class TestFlowExecutor(TestCase):
|
||||
self.assertInHTML(FlowNonApplicableException.__doc__, response.rendered_content)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_invalid_empty_flow(self):
|
||||
"""Tests that an empty flow returns the correct error message"""
|
||||
@ -117,7 +120,8 @@ class TestFlowExecutor(TestCase):
|
||||
response = self.client.get(url + f"?{NEXT_ARG_NAME}={dest}")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertJSONEqual(
|
||||
force_str(response.content), {"type": "redirect", "to": dest},
|
||||
force_str(response.content),
|
||||
{"type": "redirect", "to": dest},
|
||||
)
|
||||
|
||||
def test_multi_stage_flow(self):
|
||||
|
||||
@ -15,8 +15,12 @@ class TestHelperView(TestCase):
|
||||
|
||||
def test_default_view(self):
|
||||
"""Test that ToDefaultFlow returns the expected URL"""
|
||||
flow = Flow.objects.filter(designation=FlowDesignation.INVALIDATION,).first()
|
||||
response = self.client.get(reverse("passbook_flows:default-invalidation"),)
|
||||
flow = Flow.objects.filter(
|
||||
designation=FlowDesignation.INVALIDATION,
|
||||
).first()
|
||||
response = self.client.get(
|
||||
reverse("passbook_flows:default-invalidation"),
|
||||
)
|
||||
expected_url = reverse(
|
||||
"passbook_flows:flow-executor-shell", kwargs={"flow_slug": flow.slug}
|
||||
)
|
||||
@ -25,13 +29,17 @@ class TestHelperView(TestCase):
|
||||
|
||||
def test_default_view_invalid_plan(self):
|
||||
"""Test that ToDefaultFlow returns the expected URL (with an invalid plan)"""
|
||||
flow = Flow.objects.filter(designation=FlowDesignation.INVALIDATION,).first()
|
||||
flow = Flow.objects.filter(
|
||||
designation=FlowDesignation.INVALIDATION,
|
||||
).first()
|
||||
plan = FlowPlan(flow_pk=flow.pk.hex + "aa")
|
||||
session = self.client.session
|
||||
session[SESSION_KEY_PLAN] = plan
|
||||
session.save()
|
||||
|
||||
response = self.client.get(reverse("passbook_flows:default-invalidation"),)
|
||||
response = self.client.get(
|
||||
reverse("passbook_flows:default-invalidation"),
|
||||
)
|
||||
expected_url = reverse(
|
||||
"passbook_flows:flow-executor-shell", kwargs={"flow_slug": flow.slug}
|
||||
)
|
||||
|
||||
@ -103,7 +103,9 @@ class BaseEvaluator:
|
||||
param_keys = self._context.keys()
|
||||
try:
|
||||
compile(
|
||||
self.wrap_expression(expression, param_keys), self._filename, "exec",
|
||||
self.wrap_expression(expression, param_keys),
|
||||
self._filename,
|
||||
"exec",
|
||||
)
|
||||
return True
|
||||
except (ValueError, SyntaxError) as exc:
|
||||
|
||||
@ -71,7 +71,14 @@ def gravatar(email, size=None, rating=None):
|
||||
md5(email.encode("utf-8")).hexdigest(), # nosec
|
||||
)
|
||||
|
||||
parameters = [p for p in (("s", size or "158"), ("r", rating or "g"),) if p[1]]
|
||||
parameters = [
|
||||
p
|
||||
for p in (
|
||||
("s", size or "158"),
|
||||
("r", rating or "g"),
|
||||
)
|
||||
if p[1]
|
||||
]
|
||||
|
||||
if parameters:
|
||||
gravatar_url += "?" + urlencode(parameters, doseq=True)
|
||||
|
||||
@ -34,5 +34,8 @@ def bad_request_message(
|
||||
) -> TemplateResponse:
|
||||
"""Return generic error page with message, with status code set to 400"""
|
||||
return TemplateResponse(
|
||||
request, template, {"message": message, "card_title": _(title)}, status=400,
|
||||
request,
|
||||
template,
|
||||
{"message": message, "card_title": _(title)},
|
||||
status=400,
|
||||
)
|
||||
|
||||
@ -29,7 +29,9 @@ class DockerComposeView(LoginRequiredMixin, View):
|
||||
def get(self, request: HttpRequest, outpost_pk: str) -> HttpResponse:
|
||||
"""Render docker-compose file"""
|
||||
outpost: Outpost = get_object_for_user_or_404(
|
||||
request.user, "passbook_outposts.view_outpost", pk=outpost_pk,
|
||||
request.user,
|
||||
"passbook_outposts.view_outpost",
|
||||
pk=outpost_pk,
|
||||
)
|
||||
manifest = ""
|
||||
if outpost.type == OutpostType.PROXY:
|
||||
@ -45,7 +47,9 @@ class KubernetesManifestView(LoginRequiredMixin, View):
|
||||
def get(self, request: HttpRequest, outpost_pk: str) -> HttpResponse:
|
||||
"""Render deployment template"""
|
||||
outpost: Outpost = get_object_for_user_or_404(
|
||||
request.user, "passbook_outposts.view_outpost", pk=outpost_pk,
|
||||
request.user,
|
||||
"passbook_outposts.view_outpost",
|
||||
pk=outpost_pk,
|
||||
)
|
||||
manifest = ""
|
||||
if outpost.type == OutpostType.PROXY:
|
||||
|
||||
@ -47,7 +47,8 @@ class PolicyBindingSerializer(ModelSerializer):
|
||||
# Because we're not interested in the PolicyBindingModel's PK but rather the subclasses PK,
|
||||
# we have to manually declare this field
|
||||
target = PolicyBindingModelForeignKey(
|
||||
queryset=PolicyBindingModel.objects.select_subclasses(), required=True,
|
||||
queryset=PolicyBindingModel.objects.select_subclasses(),
|
||||
required=True,
|
||||
)
|
||||
|
||||
class Meta:
|
||||
|
||||
@ -16,7 +16,9 @@ class PolicyBindingForm(forms.ModelForm):
|
||||
queryset=PolicyBindingModel.objects.all().select_subclasses(),
|
||||
to_field_name="pbm_uuid",
|
||||
)
|
||||
policy = GroupedModelChoiceField(queryset=Policy.objects.all().select_subclasses(),)
|
||||
policy = GroupedModelChoiceField(
|
||||
queryset=Policy.objects.all().select_subclasses(),
|
||||
)
|
||||
|
||||
class Meta:
|
||||
|
||||
|
||||
@ -12,7 +12,9 @@ class TestHIBPPolicy(TestCase):
|
||||
|
||||
def test_false(self):
|
||||
"""Failing password case"""
|
||||
policy = HaveIBeenPwendPolicy.objects.create(name="test_false",)
|
||||
policy = HaveIBeenPwendPolicy.objects.create(
|
||||
name="test_false",
|
||||
)
|
||||
request = PolicyRequest(get_anonymous_user())
|
||||
request.context["password"] = "password"
|
||||
result: PolicyResult = policy.passes(request)
|
||||
@ -21,7 +23,9 @@ class TestHIBPPolicy(TestCase):
|
||||
|
||||
def test_true(self):
|
||||
"""Positive password case"""
|
||||
policy = HaveIBeenPwendPolicy.objects.create(name="test_true",)
|
||||
policy = HaveIBeenPwendPolicy.objects.create(
|
||||
name="test_true",
|
||||
)
|
||||
request = PolicyRequest(get_anonymous_user())
|
||||
request.context["password"] = generate_client_secret()
|
||||
result: PolicyResult = policy.passes(request)
|
||||
|
||||
@ -32,7 +32,9 @@ class Migration(migrations.Migration):
|
||||
("order", models.IntegerField(default=0)),
|
||||
("timeout", models.IntegerField(default=30)),
|
||||
],
|
||||
options={"abstract": False,},
|
||||
options={
|
||||
"abstract": False,
|
||||
},
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="PolicyBinding",
|
||||
|
||||
@ -21,9 +21,18 @@ class Migration(migrations.Migration):
|
||||
"verbose_name_plural": "Policies",
|
||||
},
|
||||
),
|
||||
migrations.RemoveField(model_name="policy", name="negate",),
|
||||
migrations.RemoveField(model_name="policy", name="order",),
|
||||
migrations.RemoveField(model_name="policy", name="timeout",),
|
||||
migrations.RemoveField(
|
||||
model_name="policy",
|
||||
name="negate",
|
||||
),
|
||||
migrations.RemoveField(
|
||||
model_name="policy",
|
||||
name="order",
|
||||
),
|
||||
migrations.RemoveField(
|
||||
model_name="policy",
|
||||
name="timeout",
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name="policybinding",
|
||||
name="negate",
|
||||
@ -41,7 +50,9 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="policybinding", name="order", field=models.IntegerField(),
|
||||
model_name="policybinding",
|
||||
name="order",
|
||||
field=models.IntegerField(),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="policybinding",
|
||||
@ -53,6 +64,7 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
migrations.AlterUniqueTogether(
|
||||
name="policybinding", unique_together={("policy", "target", "order")},
|
||||
name="policybinding",
|
||||
unique_together={("policy", "target", "order")},
|
||||
),
|
||||
]
|
||||
|
||||
@ -73,7 +73,10 @@ class PolicyAccessMixin(BaseMixin, AccessMixin):
|
||||
policy_engine.build()
|
||||
result = policy_engine.result
|
||||
LOGGER.debug(
|
||||
"AccessMixin user_has_access", user=user, app=application, result=result,
|
||||
"AccessMixin user_has_access",
|
||||
user=user,
|
||||
app=application,
|
||||
result=result,
|
||||
)
|
||||
if not result.passing:
|
||||
for message in result.messages:
|
||||
|
||||
@ -48,7 +48,9 @@ class PolicyProcess(Process):
|
||||
|
||||
def execute(self) -> PolicyResult:
|
||||
"""Run actual policy, returns result"""
|
||||
with Hub.current.start_span(op="policy.process.execute",) as span:
|
||||
with Hub.current.start_span(
|
||||
op="policy.process.execute",
|
||||
) as span:
|
||||
span: Span
|
||||
span.set_data("policy", self.binding.policy)
|
||||
span.set_data("request", self.request)
|
||||
|
||||
@ -283,7 +283,10 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
],
|
||||
options={"verbose_name": "Token", "verbose_name_plural": "Tokens",},
|
||||
options={
|
||||
"verbose_name": "Token",
|
||||
"verbose_name_plural": "Tokens",
|
||||
},
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="AuthorizationCode",
|
||||
|
||||
@ -11,6 +11,7 @@ class Migration(migrations.Migration):
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(
|
||||
model_name="oauth2provider", name="post_logout_redirect_uris",
|
||||
model_name="oauth2provider",
|
||||
name="post_logout_redirect_uris",
|
||||
),
|
||||
]
|
||||
|
||||
@ -292,13 +292,19 @@ class OAuth2Provider(Provider):
|
||||
"provider": self,
|
||||
"issuer": self.get_issuer(request),
|
||||
"authorize": request.build_absolute_uri(
|
||||
reverse("passbook_providers_oauth2:authorize",)
|
||||
reverse(
|
||||
"passbook_providers_oauth2:authorize",
|
||||
)
|
||||
),
|
||||
"token": request.build_absolute_uri(
|
||||
reverse("passbook_providers_oauth2:token",)
|
||||
reverse(
|
||||
"passbook_providers_oauth2:token",
|
||||
)
|
||||
),
|
||||
"userinfo": request.build_absolute_uri(
|
||||
reverse("passbook_providers_oauth2:userinfo",)
|
||||
reverse(
|
||||
"passbook_providers_oauth2:userinfo",
|
||||
)
|
||||
),
|
||||
"provider_info": request.build_absolute_uri(
|
||||
reverse(
|
||||
|
||||
@ -13,7 +13,11 @@ from passbook.providers.oauth2.views.token import TokenView
|
||||
from passbook.providers.oauth2.views.userinfo import UserInfoView
|
||||
|
||||
urlpatterns = [
|
||||
path("authorize/", AuthorizationFlowInitView.as_view(), name="authorize",),
|
||||
path(
|
||||
"authorize/",
|
||||
AuthorizationFlowInitView.as_view(),
|
||||
name="authorize",
|
||||
),
|
||||
path("token/", csrf_exempt(TokenView.as_view()), name="token"),
|
||||
path(
|
||||
"userinfo/",
|
||||
|
||||
@ -257,7 +257,8 @@ class OAuthFulfillmentStage(StageView):
|
||||
]
|
||||
elif self.params.grant_type in [GrantTypes.IMPLICIT, GrantTypes.HYBRID]:
|
||||
token = self.provider.create_refresh_token(
|
||||
user=self.request.user, scope=self.params.scope,
|
||||
user=self.request.user,
|
||||
scope=self.params.scope,
|
||||
)
|
||||
|
||||
# Check if response_type must include access_token in the response.
|
||||
@ -272,7 +273,8 @@ class OAuthFulfillmentStage(StageView):
|
||||
# We don't need id_token if it's an OAuth2 request.
|
||||
if SCOPE_OPENID in self.params.scope:
|
||||
id_token = token.create_id_token(
|
||||
user=self.request.user, request=self.request,
|
||||
user=self.request.user,
|
||||
request=self.request,
|
||||
)
|
||||
id_token.nonce = self.params.nonce
|
||||
|
||||
|
||||
@ -35,7 +35,8 @@ class TokenIntrospectionParams:
|
||||
|
||||
if not self.token.id_token:
|
||||
LOGGER.debug(
|
||||
"token not an authentication token", token=self.token,
|
||||
"token not an authentication token",
|
||||
token=self.token,
|
||||
)
|
||||
raise TokenIntrospectionError()
|
||||
|
||||
|
||||
@ -96,7 +96,8 @@ class TokenParams:
|
||||
|
||||
except RefreshToken.DoesNotExist:
|
||||
LOGGER.warning(
|
||||
"Refresh token does not exist", token=raw_token,
|
||||
"Refresh token does not exist",
|
||||
token=raw_token,
|
||||
)
|
||||
raise TokenError("invalid_grant")
|
||||
|
||||
@ -178,7 +179,8 @@ class TokenView(View):
|
||||
|
||||
if self.params.authorization_code.is_open_id:
|
||||
id_token = refresh_token.create_id_token(
|
||||
user=self.params.authorization_code.user, request=self.request,
|
||||
user=self.params.authorization_code.user,
|
||||
request=self.request,
|
||||
)
|
||||
id_token.nonce = self.params.authorization_code.nonce
|
||||
id_token.at_hash = refresh_token.at_hash
|
||||
@ -221,13 +223,15 @@ class TokenView(View):
|
||||
provider: OAuth2Provider = self.params.refresh_token.provider
|
||||
|
||||
refresh_token: RefreshToken = provider.create_refresh_token(
|
||||
user=self.params.refresh_token.user, scope=self.params.scope,
|
||||
user=self.params.refresh_token.user,
|
||||
scope=self.params.scope,
|
||||
)
|
||||
|
||||
# If the Token has an id_token it's an Authentication request.
|
||||
if self.params.refresh_token.id_token:
|
||||
refresh_token.id_token = refresh_token.create_id_token(
|
||||
user=self.params.refresh_token.user, request=self.request,
|
||||
user=self.params.refresh_token.user,
|
||||
request=self.request,
|
||||
)
|
||||
refresh_token.id_token.at_hash = refresh_token.at_hash
|
||||
|
||||
|
||||
@ -92,7 +92,10 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
|
||||
)
|
||||
|
||||
certificate = models.ForeignKey(
|
||||
CertificateKeyPair, on_delete=models.SET_NULL, null=True, blank=True,
|
||||
CertificateKeyPair,
|
||||
on_delete=models.SET_NULL,
|
||||
null=True,
|
||||
blank=True,
|
||||
)
|
||||
|
||||
cookie_secret = models.TextField(default=get_cookie_secret)
|
||||
|
||||
@ -10,5 +10,8 @@ class Migration(migrations.Migration):
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(model_name="samlprovider", name="processor_path",),
|
||||
migrations.RemoveField(
|
||||
model_name="samlprovider",
|
||||
name="processor_path",
|
||||
),
|
||||
]
|
||||
|
||||
@ -72,7 +72,10 @@ class SAMLProvider(Provider):
|
||||
|
||||
digest_algorithm = models.CharField(
|
||||
max_length=50,
|
||||
choices=(("sha1", _("SHA1")), ("sha256", _("SHA256")),),
|
||||
choices=(
|
||||
("sha1", _("SHA1")),
|
||||
("sha256", _("SHA256")),
|
||||
),
|
||||
default="sha256",
|
||||
)
|
||||
signature_algorithm = models.CharField(
|
||||
|
||||
@ -47,7 +47,7 @@ SESSION_KEY_AUTH_N_REQUEST = "authn_request"
|
||||
|
||||
|
||||
class SAMLSSOView(PolicyAccessMixin, View):
|
||||
""""SAML SSO Base View, which plans a flow and injects our final stage.
|
||||
""" "SAML SSO Base View, which plans a flow and injects our final stage.
|
||||
Calls get/post handler."""
|
||||
|
||||
application: Application
|
||||
|
||||
@ -38,7 +38,11 @@ for _passbook_app in get_apps():
|
||||
for module, mountpoint in mountpoints.items():
|
||||
namespace = _passbook_app.label + module.replace(base_url_module, "")
|
||||
_path = path(
|
||||
mountpoint, include((module, _passbook_app.label), namespace=namespace,),
|
||||
mountpoint,
|
||||
include(
|
||||
(module, _passbook_app.label),
|
||||
namespace=namespace,
|
||||
),
|
||||
)
|
||||
urlpatterns.append(_path)
|
||||
LOGGER.debug(
|
||||
|
||||
@ -91,7 +91,8 @@ class LDAPSynchronizer:
|
||||
try:
|
||||
defaults = self._build_object_properties(attributes)
|
||||
user, created = User.objects.update_or_create(
|
||||
attributes__ldap_uniq=uniq, defaults=defaults,
|
||||
attributes__ldap_uniq=uniq,
|
||||
defaults=defaults,
|
||||
)
|
||||
except IntegrityError as exc:
|
||||
LOGGER.warning("Failed to create user", exc=exc)
|
||||
|
||||
@ -69,7 +69,8 @@ class OAuthSource(Source):
|
||||
def ui_user_settings(self) -> Optional[UIUserSettings]:
|
||||
view_name = "passbook_sources_oauth:oauth-client-user"
|
||||
return UIUserSettings(
|
||||
name=self.name, url=reverse(view_name, kwargs={"source_slug": self.slug}),
|
||||
name=self.name,
|
||||
url=reverse(view_name, kwargs={"source_slug": self.slug}),
|
||||
)
|
||||
|
||||
def __str__(self) -> str:
|
||||
|
||||
@ -147,7 +147,9 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||
plan = planner.plan(self.request, kwargs)
|
||||
self.request.session[SESSION_KEY_PLAN] = plan
|
||||
return redirect_with_qs(
|
||||
"passbook_flows:flow-executor-shell", self.request.GET, flow_slug=flow.slug,
|
||||
"passbook_flows:flow-executor-shell",
|
||||
self.request.GET,
|
||||
flow_slug=flow.slug,
|
||||
)
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
|
||||
@ -21,7 +21,8 @@ class SAMLSourceForm(forms.ModelForm):
|
||||
designation=FlowDesignation.ENROLLMENT
|
||||
)
|
||||
self.fields["signing_kp"].queryset = CertificateKeyPair.objects.filter(
|
||||
certificate_data__isnull=False, key_data__isnull=False,
|
||||
certificate_data__isnull=False,
|
||||
key_data__isnull=False,
|
||||
)
|
||||
|
||||
class Meta:
|
||||
|
||||
@ -14,12 +14,19 @@ class Migration(migrations.Migration):
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RemoveField(model_name="samlsource", name="auto_logout",),
|
||||
migrations.RenameField(
|
||||
model_name="samlsource", old_name="idp_url", new_name="sso_url",
|
||||
migrations.RemoveField(
|
||||
model_name="samlsource",
|
||||
name="auto_logout",
|
||||
),
|
||||
migrations.RenameField(
|
||||
model_name="samlsource", old_name="idp_logout_url", new_name="slo_url",
|
||||
model_name="samlsource",
|
||||
old_name="idp_url",
|
||||
new_name="sso_url",
|
||||
),
|
||||
migrations.RenameField(
|
||||
model_name="samlsource",
|
||||
old_name="idp_logout_url",
|
||||
new_name="slo_url",
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name="samlsource",
|
||||
|
||||
@ -191,5 +191,7 @@ class ResponseProcessor:
|
||||
kwargs[PLAN_CONTEXT_SSO] = True
|
||||
request.session[SESSION_KEY_PLAN] = FlowPlanner(flow).plan(request, kwargs)
|
||||
return redirect_with_qs(
|
||||
"passbook_flows:flow-executor-shell", request.GET, flow_slug=flow.slug,
|
||||
"passbook_flows:flow-executor-shell",
|
||||
request.GET,
|
||||
flow_slug=flow.slug,
|
||||
)
|
||||
|
||||
@ -23,7 +23,8 @@ class TestConsentStage(TestCase):
|
||||
username="unittest", email="test@beryju.org"
|
||||
)
|
||||
self.application = Application.objects.create(
|
||||
name="test-application", slug="test-application",
|
||||
name="test-application",
|
||||
slug="test-application",
|
||||
)
|
||||
self.client = Client()
|
||||
|
||||
|
||||
@ -22,9 +22,13 @@ class TestDummyStage(TestCase):
|
||||
slug="test-dummy",
|
||||
designation=FlowDesignation.AUTHENTICATION,
|
||||
)
|
||||
self.stage = DummyStage.objects.create(name="dummy",)
|
||||
self.stage = DummyStage.objects.create(
|
||||
name="dummy",
|
||||
)
|
||||
FlowStageBinding.objects.create(
|
||||
target=self.flow, stage=self.stage, order=0,
|
||||
target=self.flow,
|
||||
stage=self.stage,
|
||||
order=0,
|
||||
)
|
||||
|
||||
def test_valid_render(self):
|
||||
|
||||
@ -23,7 +23,12 @@ def send_mails(stage: EmailStage, *messages: List[EmailMultiAlternatives]):
|
||||
|
||||
|
||||
@CELERY_APP.task(
|
||||
bind=True, autoretry_for=(SMTPException, ConnectionError,), retry_backoff=True
|
||||
bind=True,
|
||||
autoretry_for=(
|
||||
SMTPException,
|
||||
ConnectionError,
|
||||
),
|
||||
retry_backoff=True,
|
||||
)
|
||||
# pylint: disable=unused-argument
|
||||
def _send_mail_task(self, email_stage_pk: int, message: Dict[Any, Any]):
|
||||
|
||||
@ -30,7 +30,9 @@ class TestEmailStage(TestCase):
|
||||
slug="test-email",
|
||||
designation=FlowDesignation.AUTHENTICATION,
|
||||
)
|
||||
self.stage = EmailStage.objects.create(name="email",)
|
||||
self.stage = EmailStage.objects.create(
|
||||
name="email",
|
||||
)
|
||||
FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
|
||||
|
||||
def test_rendering(self):
|
||||
|
||||
@ -32,7 +32,9 @@ class TestIdentificationStage(TestCase):
|
||||
template=Templates.DEFAULT_LOGIN,
|
||||
)
|
||||
FlowStageBinding.objects.create(
|
||||
target=self.flow, stage=self.stage, order=0,
|
||||
target=self.flow,
|
||||
stage=self.stage,
|
||||
order=0,
|
||||
)
|
||||
|
||||
# OAuthSource for the login view
|
||||
@ -92,7 +94,9 @@ class TestIdentificationStage(TestCase):
|
||||
self.stage.enrollment_flow = flow
|
||||
self.stage.save()
|
||||
FlowStageBinding.objects.create(
|
||||
target=flow, stage=self.stage, order=0,
|
||||
target=flow,
|
||||
stage=self.stage,
|
||||
order=0,
|
||||
)
|
||||
|
||||
response = self.client.get(
|
||||
@ -113,7 +117,9 @@ class TestIdentificationStage(TestCase):
|
||||
self.stage.recovery_flow = flow
|
||||
self.stage.save()
|
||||
FlowStageBinding.objects.create(
|
||||
target=flow, stage=self.stage, order=0,
|
||||
target=flow,
|
||||
stage=self.stage,
|
||||
order=0,
|
||||
)
|
||||
|
||||
response = self.client.get(
|
||||
|
||||
@ -58,7 +58,10 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
),
|
||||
("expires", models.DateTimeField(blank=True, default=None, null=True)),
|
||||
("fixed_data", models.JSONField(default=dict),),
|
||||
(
|
||||
"fixed_data",
|
||||
models.JSONField(default=dict),
|
||||
),
|
||||
(
|
||||
"created_by",
|
||||
models.ForeignKey(
|
||||
|
||||
@ -41,7 +41,8 @@ class TestUserLoginStage(TestCase):
|
||||
self.assertEqual(InvitationStageForm(data).is_valid(), True)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_without_invitation_fail(self):
|
||||
"""Test without any invitation, continue_flow_without_invitation not set."""
|
||||
|
||||
@ -14,7 +14,10 @@ def get_authentication_backends():
|
||||
"django.contrib.auth.backends.ModelBackend",
|
||||
_("passbook-internal Userdatabase"),
|
||||
),
|
||||
("passbook.sources.ldap.auth.LDAPBackend", _("passbook LDAP"),),
|
||||
(
|
||||
"passbook.sources.ldap.auth.LDAPBackend",
|
||||
_("passbook LDAP"),
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
||||
@ -71,7 +71,8 @@ def update_default_stage_change(apps: Apps, schema_editor: BaseDatabaseSchemaEdi
|
||||
Flow = apps.get_model("passbook_flows", "Flow")
|
||||
|
||||
flow = Flow.objects.get(
|
||||
slug="default-password-change", designation=FlowDesignation.STAGE_CONFIGURATION,
|
||||
slug="default-password-change",
|
||||
designation=FlowDesignation.STAGE_CONFIGURATION,
|
||||
)
|
||||
|
||||
stages = PasswordStage.objects.filter(name="default-authentication-password")
|
||||
|
||||
@ -45,7 +45,8 @@ class TestPasswordStage(TestCase):
|
||||
FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_without_user(self):
|
||||
"""Test without user"""
|
||||
@ -163,7 +164,8 @@ class TestPasswordStage(TestCase):
|
||||
self.assertNotIn(SESSION_KEY_PLAN, self.client.session)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
@patch(
|
||||
"django.contrib.auth.backends.ModelBackend.authenticate",
|
||||
|
||||
@ -65,7 +65,9 @@ class ListPolicyEngine(PolicyEngine):
|
||||
|
||||
def _iter_bindings(self) -> Iterator[PolicyBinding]:
|
||||
for policy in self.__list:
|
||||
yield PolicyBinding(policy=policy,)
|
||||
yield PolicyBinding(
|
||||
policy=policy,
|
||||
)
|
||||
|
||||
|
||||
class PromptForm(forms.Form):
|
||||
|
||||
@ -64,7 +64,10 @@ class Migration(migrations.Migration):
|
||||
("placeholder", models.TextField(blank=True)),
|
||||
("order", models.IntegerField(default=0)),
|
||||
],
|
||||
options={"verbose_name": "Prompt", "verbose_name_plural": "Prompts",},
|
||||
options={
|
||||
"verbose_name": "Prompt",
|
||||
"verbose_name_plural": "Prompts",
|
||||
},
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="PromptStage",
|
||||
|
||||
@ -33,7 +33,8 @@ class TestUserDeleteStage(TestCase):
|
||||
FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_no_user(self):
|
||||
"""Test without user set"""
|
||||
|
||||
@ -59,7 +59,8 @@ class TestUserLoginStage(TestCase):
|
||||
)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_without_user(self):
|
||||
"""Test a plan without any pending user, resulting in a denied"""
|
||||
@ -80,7 +81,8 @@ class TestUserLoginStage(TestCase):
|
||||
self.assertIsInstance(response, AccessDeniedResponse)
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_without_backend(self):
|
||||
"""Test a plan with pending user, without backend, resulting in a denied"""
|
||||
|
||||
@ -13,7 +13,9 @@ class UserLogoutStageView(StageView):
|
||||
|
||||
def get(self, request: HttpRequest) -> HttpResponse:
|
||||
LOGGER.debug(
|
||||
"Logged out", user=request.user, flow_slug=self.executor.flow.slug,
|
||||
"Logged out",
|
||||
user=request.user,
|
||||
flow_slug=self.executor.flow.slug,
|
||||
)
|
||||
logout(self.request)
|
||||
return self.executor.stage_ok()
|
||||
|
||||
@ -33,7 +33,8 @@ class UserWriteStageView(StageView):
|
||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||
] = class_to_path(ModelBackend)
|
||||
LOGGER.debug(
|
||||
"Created new user", flow_slug=self.executor.flow.slug,
|
||||
"Created new user",
|
||||
flow_slug=self.executor.flow.slug,
|
||||
)
|
||||
user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
|
||||
# Before we change anything, check if the user is the same as in the request
|
||||
@ -68,6 +69,8 @@ class UserWriteStageView(StageView):
|
||||
update_session_auth_hash(self.request, user)
|
||||
LOGGER.debug("Updated session hash", user=user)
|
||||
LOGGER.debug(
|
||||
"Updated existing user", user=user, flow_slug=self.executor.flow.slug,
|
||||
"Updated existing user",
|
||||
user=user,
|
||||
flow_slug=self.executor.flow.slug,
|
||||
)
|
||||
return self.executor.stage_ok()
|
||||
|
||||
@ -111,7 +111,8 @@ class TestUserWriteStage(TestCase):
|
||||
self.assertEqual(user_qs.first().attributes["some-custom-attribute"], "test")
|
||||
|
||||
@patch(
|
||||
"passbook.flows.views.to_stage_response", TO_STAGE_RESPONSE_MOCK,
|
||||
"passbook.flows.views.to_stage_response",
|
||||
TO_STAGE_RESPONSE_MOCK,
|
||||
)
|
||||
def test_without_data(self):
|
||||
"""Test without data results in error"""
|
||||
|
||||
Reference in New Issue
Block a user