From 7352f37b05f9cef94b1df1e1f6330fea9f407246 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Mon, 4 Nov 2024 19:33:31 +0100 Subject: [PATCH 1/2] enterprise/rac: fix API Schema for invalidation_flow (#11907) * enterprise/rac: fix API Schema for invalidation_flow Signed-off-by: Jens Langhammer * fix tests Signed-off-by: Jens Langhammer * add tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .../enterprise/providers/rac/api/providers.py | 19 +++++++- .../providers/rac/tests/test_api.py | 46 +++++++++++++++++++ .../providers/rac/tests/test_endpoints_api.py | 3 -- blueprints/schema.json | 8 +--- schema.yml | 23 +++------- 5 files changed, 70 insertions(+), 29 deletions(-) create mode 100644 authentik/enterprise/providers/rac/tests/test_api.py diff --git a/authentik/enterprise/providers/rac/api/providers.py b/authentik/enterprise/providers/rac/api/providers.py index 892e081c96..9d0439ee7e 100644 --- a/authentik/enterprise/providers/rac/api/providers.py +++ b/authentik/enterprise/providers/rac/api/providers.py @@ -16,13 +16,28 @@ class RACProviderSerializer(EnterpriseRequiredMixin, ProviderSerializer): class Meta: model = RACProvider - fields = ProviderSerializer.Meta.fields + [ + fields = [ + "pk", + "name", + "authentication_flow", + "authorization_flow", + "property_mappings", + "component", + "assigned_application_slug", + "assigned_application_name", + "assigned_backchannel_application_slug", + "assigned_backchannel_application_name", + "verbose_name", + "verbose_name_plural", + "meta_model_name", "settings", "outpost_set", "connection_expiry", "delete_token_on_disconnect", ] - extra_kwargs = ProviderSerializer.Meta.extra_kwargs + extra_kwargs = { + "authorization_flow": {"required": True, "allow_null": False}, + } class RACProviderViewSet(UsedByMixin, ModelViewSet): diff --git a/authentik/enterprise/providers/rac/tests/test_api.py b/authentik/enterprise/providers/rac/tests/test_api.py new file mode 100644 index 0000000000..da71133e80 --- /dev/null +++ b/authentik/enterprise/providers/rac/tests/test_api.py @@ -0,0 +1,46 @@ +"""Test RAC Provider""" + +from datetime import timedelta +from time import mktime +from unittest.mock import MagicMock, patch + +from django.urls import reverse +from django.utils.timezone import now +from rest_framework.test import APITestCase + +from authentik.core.tests.utils import create_test_admin_user, create_test_flow +from authentik.enterprise.license import LicenseKey +from authentik.enterprise.models import License +from authentik.lib.generators import generate_id + + +class TestAPI(APITestCase): + """Test Provider API""" + + def setUp(self) -> None: + self.user = create_test_admin_user() + + @patch( + "authentik.enterprise.license.LicenseKey.validate", + MagicMock( + return_value=LicenseKey( + aud="", + exp=int(mktime((now() + timedelta(days=3000)).timetuple())), + name=generate_id(), + internal_users=100, + external_users=100, + ) + ), + ) + def test_create(self): + """Test creation of RAC Provider""" + License.objects.create(key=generate_id()) + self.client.force_login(self.user) + response = self.client.post( + reverse("authentik_api:racprovider-list"), + data={ + "name": generate_id(), + "authorization_flow": create_test_flow().pk, + }, + ) + self.assertEqual(response.status_code, 201) diff --git a/authentik/enterprise/providers/rac/tests/test_endpoints_api.py b/authentik/enterprise/providers/rac/tests/test_endpoints_api.py index 4916e74ed5..1ad9b70daf 100644 --- a/authentik/enterprise/providers/rac/tests/test_endpoints_api.py +++ b/authentik/enterprise/providers/rac/tests/test_endpoints_api.py @@ -68,7 +68,6 @@ class TestEndpointsAPI(APITestCase): "name": self.provider.name, "authentication_flow": None, "authorization_flow": None, - "invalidation_flow": None, "property_mappings": [], "connection_expiry": "hours=8", "delete_token_on_disconnect": False, @@ -121,7 +120,6 @@ class TestEndpointsAPI(APITestCase): "name": self.provider.name, "authentication_flow": None, "authorization_flow": None, - "invalidation_flow": None, "property_mappings": [], "component": "ak-provider-rac-form", "assigned_application_slug": self.app.slug, @@ -151,7 +149,6 @@ class TestEndpointsAPI(APITestCase): "name": self.provider.name, "authentication_flow": None, "authorization_flow": None, - "invalidation_flow": None, "property_mappings": [], "component": "ak-provider-rac-form", "assigned_application_slug": self.app.slug, diff --git a/blueprints/schema.json b/blueprints/schema.json index fb53856754..6b60555194 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -6974,7 +6974,7 @@ "spnego_server_name": { "type": "string", "title": "Spnego server name", - "description": "Force the use of a specific server name for SPNEGO" + "description": "Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname" }, "spnego_keytab": { "type": "string", @@ -13383,12 +13383,6 @@ "title": "Authorization flow", "description": "Flow used when authorizing this provider." }, - "invalidation_flow": { - "type": "string", - "format": "uuid", - "title": "Invalidation flow", - "description": "Flow used ending the session from a provider." - }, "property_mappings": { "type": "array", "items": { diff --git a/schema.yml b/schema.yml index 9960eccc59..609c40bca5 100644 --- a/schema.yml +++ b/schema.yml @@ -42975,7 +42975,8 @@ components: readOnly: true spnego_server_name: type: string - description: Force the use of a specific server name for SPNEGO + description: Force the use of a specific server name for SPNEGO. Must be + in the form HTTP@hostname spnego_ccache: type: string description: Credential cache to use for SPNEGO in form type:residual @@ -43144,7 +43145,8 @@ components: be in the form TYPE:residual spnego_server_name: type: string - description: Force the use of a specific server name for SPNEGO + description: Force the use of a specific server name for SPNEGO. Must be + in the form HTTP@hostname spnego_keytab: type: string writeOnly: true @@ -48448,7 +48450,8 @@ components: be in the form TYPE:residual spnego_server_name: type: string - description: Force the use of a specific server name for SPNEGO + description: Force the use of a specific server name for SPNEGO. Must be + in the form HTTP@hostname spnego_keytab: type: string writeOnly: true @@ -49461,10 +49464,6 @@ components: type: string format: uuid description: Flow used when authorizing this provider. - invalidation_flow: - type: string - format: uuid - description: Flow used ending the session from a provider. property_mappings: type: array items: @@ -51696,10 +51695,6 @@ components: type: string format: uuid description: Flow used when authorizing this provider. - invalidation_flow: - type: string - format: uuid - description: Flow used ending the session from a provider. property_mappings: type: array items: @@ -51757,7 +51752,6 @@ components: - assigned_backchannel_application_slug - authorization_flow - component - - invalidation_flow - meta_model_name - name - outpost_set @@ -51781,10 +51775,6 @@ components: type: string format: uuid description: Flow used when authorizing this provider. - invalidation_flow: - type: string - format: uuid - description: Flow used ending the session from a provider. property_mappings: type: array items: @@ -51801,7 +51791,6 @@ components: description: When set to true, connection tokens will be deleted upon disconnect. required: - authorization_flow - - invalidation_flow - name RadiusCheckAccess: type: object From 0f8d49741372b73f9f449690a91c9cd047d3c683 Mon Sep 17 00:00:00 2001 From: "authentik-automation[bot]" <135050075+authentik-automation[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 18:53:26 +0000 Subject: [PATCH 2/2] web: bump API Client version (#11909) --- web/package-lock.json | 8 ++++---- web/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index b8a1c52ede..b04527795f 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -23,7 +23,7 @@ "@floating-ui/dom": "^1.6.11", "@formatjs/intl-listformat": "^7.5.7", "@fortawesome/fontawesome-free": "^6.6.0", - "@goauthentik/api": "^2024.10.0-1730331602", + "@goauthentik/api": "^2024.10.0-1730745228", "@lit-labs/ssr": "^3.2.2", "@lit/context": "^1.1.2", "@lit/localize": "^0.12.2", @@ -1775,9 +1775,9 @@ } }, "node_modules/@goauthentik/api": { - "version": "2024.10.0-1730331602", - "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.10.0-1730331602.tgz", - "integrity": "sha512-VaXywdDCFkIs9RgmHVYt8jGf5xnc+czsu5ILEThNQOuXvBjkGa0J8aPWVSdfP++GiHnkjddWVFzJ6R6LOoHbWQ==" + "version": "2024.10.0-1730745228", + "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.10.0-1730745228.tgz", + "integrity": "sha512-YIPhEj7+ZbAJNwCGEJKcY0xeL2qLLG2f0xAHQ+c6gtWpo3p0d14RcPPG8lu5TP21VyqSUcXuUY2CwQ0vW0HWMA==" }, "node_modules/@goauthentik/web": { "resolved": "", diff --git a/web/package.json b/web/package.json index e3a06342ac..e4017953df 100644 --- a/web/package.json +++ b/web/package.json @@ -11,7 +11,7 @@ "@floating-ui/dom": "^1.6.11", "@formatjs/intl-listformat": "^7.5.7", "@fortawesome/fontawesome-free": "^6.6.0", - "@goauthentik/api": "^2024.10.0-1730331602", + "@goauthentik/api": "^2024.10.0-1730745228", "@lit-labs/ssr": "^3.2.2", "@lit/context": "^1.1.2", "@lit/localize": "^0.12.2",