core: add API to directly send recovery link to user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/core/tests/test_users_api.py

@@ -3,6 +3,9 @@ from django.urls.base import reverse
 from rest_framework.test import APITestCase
 
 from authentik.core.models import User
+from authentik.flows.models import Flow, FlowDesignation
+from authentik.stages.email.models import EmailStage
+from authentik.tenants.models import Tenant
 
 
 class TestUsersAPI(APITestCase):
@@ -27,3 +30,78 @@ class TestUsersAPI(APITestCase):
             reverse("authentik_api:user-metrics", kwargs={"pk": self.user.pk})
         )
         self.assertEqual(response.status_code, 403)
+
+    def test_recovery_no_flow(self):
+        """Test user recovery link (no recovery flow set)"""
+        self.client.force_login(self.admin)
+        response = self.client.get(
+            reverse("authentik_api:user-recovery", kwargs={"pk": self.user.pk})
+        )
+        self.assertEqual(response.status_code, 404)
+
+    def test_recovery(self):
+        """Test user recovery link (no recovery flow set)"""
+        flow = Flow.objects.create(
+            name="test", title="test", slug="test", designation=FlowDesignation.RECOVERY
+        )
+        tenant: Tenant = Tenant.objects.first()
+        tenant.flow_recovery = flow
+        tenant.save()
+        self.client.force_login(self.admin)
+        response = self.client.get(
+            reverse("authentik_api:user-recovery", kwargs={"pk": self.user.pk})
+        )
+        self.assertEqual(response.status_code, 200)
+
+    def test_recovery_email_no_flow(self):
+        """Test user recovery link (no recovery flow set)"""
+        self.client.force_login(self.admin)
+        response = self.client.get(
+            reverse("authentik_api:user-recovery-email", kwargs={"pk": self.user.pk})
+        )
+        self.assertEqual(response.status_code, 404)
+        self.user.email = "foo@bar.baz"
+        self.user.save()
+        response = self.client.get(
+            reverse("authentik_api:user-recovery-email", kwargs={"pk": self.user.pk})
+        )
+        self.assertEqual(response.status_code, 404)
+
+    def test_recovery_email_no_stage(self):
+        """Test user recovery link (no email stage)"""
+        self.user.email = "foo@bar.baz"
+        self.user.save()
+        flow = Flow.objects.create(
+            name="test", title="test", slug="test", designation=FlowDesignation.RECOVERY
+        )
+        tenant: Tenant = Tenant.objects.first()
+        tenant.flow_recovery = flow
+        tenant.save()
+        self.client.force_login(self.admin)
+        response = self.client.get(
+            reverse("authentik_api:user-recovery-email", kwargs={"pk": self.user.pk})
+        )
+        self.assertEqual(response.status_code, 404)
+
+    def test_recovery_email(self):
+        """Test user recovery link"""
+        self.user.email = "foo@bar.baz"
+        self.user.save()
+        flow = Flow.objects.create(
+            name="test", title="test", slug="test", designation=FlowDesignation.RECOVERY
+        )
+        tenant: Tenant = Tenant.objects.first()
+        tenant.flow_recovery = flow
+        tenant.save()
+
+        stage = EmailStage.objects.create(name="email")
+
+        self.client.force_login(self.admin)
+        response = self.client.get(
+            reverse(
+                "authentik_api:user-recovery-email",
+                kwargs={"pk": self.user.pk},
+            )
+            + f"?email_stage={stage.pk}"
+        )
+        self.assertEqual(response.status_code, 204)