enterprise/providers/google_workspace: ensure no group is created when no property mappings are set (#9783)
* enterprise/providers/google_workspace: ensure no group is created when no property mappings are set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests for that to all sync providers Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
@ -36,9 +36,7 @@ class GoogleWorkspaceGroupClient(
|
|||||||
|
|
||||||
def to_schema(self, obj: Group, creating: bool) -> dict:
|
def to_schema(self, obj: Group, creating: bool) -> dict:
|
||||||
"""Convert authentik group"""
|
"""Convert authentik group"""
|
||||||
raw_google_group = {
|
raw_google_group = {}
|
||||||
"email": f"{slugify(obj.name)}@{self.provider.default_group_email_domain}"
|
|
||||||
}
|
|
||||||
for mapping in (
|
for mapping in (
|
||||||
self.provider.property_mappings_group.all().order_by("name").select_subclasses()
|
self.provider.property_mappings_group.all().order_by("name").select_subclasses()
|
||||||
):
|
):
|
||||||
@ -67,7 +65,9 @@ class GoogleWorkspaceGroupClient(
|
|||||||
raise StopSync(exc, obj, mapping) from exc
|
raise StopSync(exc, obj, mapping) from exc
|
||||||
if not raw_google_group:
|
if not raw_google_group:
|
||||||
raise StopSync(ValueError("No group mappings configured"), obj)
|
raise StopSync(ValueError("No group mappings configured"), obj)
|
||||||
|
raw_google_group.setdefault(
|
||||||
|
"email", f"{slugify(obj.name)}@{self.provider.default_group_email_domain}"
|
||||||
|
)
|
||||||
return raw_google_group
|
return raw_google_group
|
||||||
|
|
||||||
def delete(self, obj: Group):
|
def delete(self, obj: Group):
|
||||||
|
|||||||
@ -57,8 +57,7 @@ class GoogleWorkspaceUserClient(GoogleWorkspaceSyncClient[User, GoogleWorkspaceP
|
|||||||
raise StopSync(exc, obj, mapping) from exc
|
raise StopSync(exc, obj, mapping) from exc
|
||||||
if not raw_google_user:
|
if not raw_google_user:
|
||||||
raise StopSync(ValueError("No user mappings configured"), obj)
|
raise StopSync(ValueError("No user mappings configured"), obj)
|
||||||
if "primaryEmail" not in raw_google_user:
|
raw_google_user.setdefault("primaryEmail", str(obj.email))
|
||||||
raw_google_user["primaryEmail"] = str(obj.email)
|
|
||||||
return delete_none_values(raw_google_user)
|
return delete_none_values(raw_google_user)
|
||||||
|
|
||||||
def delete(self, obj: User):
|
def delete(self, obj: User):
|
||||||
|
|||||||
@ -82,6 +82,27 @@ class GoogleWorkspaceGroupTests(TestCase):
|
|||||||
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
self.assertEqual(len(http.requests()), 2)
|
self.assertEqual(len(http.requests()), 2)
|
||||||
|
|
||||||
|
def test_group_not_created(self):
|
||||||
|
"""Test without group property mappings, no group is created"""
|
||||||
|
self.provider.property_mappings_group.clear()
|
||||||
|
uid = generate_id()
|
||||||
|
http = MockHTTP()
|
||||||
|
http.add_response(
|
||||||
|
f"https://admin.googleapis.com/admin/directory/v1/customer/my_customer/domains?key={self.api_key}&alt=json",
|
||||||
|
domains_list_v1_mock,
|
||||||
|
)
|
||||||
|
with patch(
|
||||||
|
"authentik.enterprise.providers.google_workspace.models.GoogleWorkspaceProvider.google_credentials",
|
||||||
|
MagicMock(return_value={"developerKey": self.api_key, "http": http}),
|
||||||
|
):
|
||||||
|
group = Group.objects.create(name=uid)
|
||||||
|
google_group = GoogleWorkspaceProviderGroup.objects.filter(
|
||||||
|
provider=self.provider, group=group
|
||||||
|
).first()
|
||||||
|
self.assertIsNone(google_group)
|
||||||
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
|
self.assertEqual(len(http.requests()), 1)
|
||||||
|
|
||||||
def test_group_create_update(self):
|
def test_group_create_update(self):
|
||||||
"""Test group updating"""
|
"""Test group updating"""
|
||||||
uid = generate_id()
|
uid = generate_id()
|
||||||
|
|||||||
@ -86,6 +86,31 @@ class GoogleWorkspaceUserTests(TestCase):
|
|||||||
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
self.assertEqual(len(http.requests()), 2)
|
self.assertEqual(len(http.requests()), 2)
|
||||||
|
|
||||||
|
def test_user_not_created(self):
|
||||||
|
"""Test without property mappings, no group is created"""
|
||||||
|
self.provider.property_mappings.clear()
|
||||||
|
uid = generate_id()
|
||||||
|
http = MockHTTP()
|
||||||
|
http.add_response(
|
||||||
|
f"https://admin.googleapis.com/admin/directory/v1/customer/my_customer/domains?key={self.api_key}&alt=json",
|
||||||
|
domains_list_v1_mock,
|
||||||
|
)
|
||||||
|
with patch(
|
||||||
|
"authentik.enterprise.providers.google_workspace.models.GoogleWorkspaceProvider.google_credentials",
|
||||||
|
MagicMock(return_value={"developerKey": self.api_key, "http": http}),
|
||||||
|
):
|
||||||
|
user = User.objects.create(
|
||||||
|
username=uid,
|
||||||
|
name=f"{uid} {uid}",
|
||||||
|
email=f"{uid}@goauthentik.io",
|
||||||
|
)
|
||||||
|
google_user = GoogleWorkspaceProviderUser.objects.filter(
|
||||||
|
provider=self.provider, user=user
|
||||||
|
).first()
|
||||||
|
self.assertIsNone(google_user)
|
||||||
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
|
self.assertEqual(len(http.requests()), 1)
|
||||||
|
|
||||||
def test_user_create_update(self):
|
def test_user_create_update(self):
|
||||||
"""Test user updating"""
|
"""Test user updating"""
|
||||||
uid = generate_id()
|
uid = generate_id()
|
||||||
|
|||||||
@ -93,6 +93,38 @@ class MicrosoftEntraGroupTests(TestCase):
|
|||||||
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
group_create.assert_called_once()
|
group_create.assert_called_once()
|
||||||
|
|
||||||
|
def test_group_not_created(self):
|
||||||
|
"""Test without group property mappings, no group is created"""
|
||||||
|
self.provider.property_mappings_group.clear()
|
||||||
|
uid = generate_id()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"authentik.enterprise.providers.microsoft_entra.models.MicrosoftEntraProvider.microsoft_credentials",
|
||||||
|
MagicMock(return_value={"credentials": self.creds}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"msgraph.generated.organization.organization_request_builder.OrganizationRequestBuilder.get",
|
||||||
|
AsyncMock(
|
||||||
|
return_value=OrganizationCollectionResponse(
|
||||||
|
value=[
|
||||||
|
Organization(verified_domains=[VerifiedDomain(name="goauthentik.io")])
|
||||||
|
]
|
||||||
|
)
|
||||||
|
),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"msgraph.generated.groups.groups_request_builder.GroupsRequestBuilder.post",
|
||||||
|
AsyncMock(return_value=MSGroup(id=generate_id())),
|
||||||
|
) as group_create,
|
||||||
|
):
|
||||||
|
group = Group.objects.create(name=uid)
|
||||||
|
microsoft_group = MicrosoftEntraProviderGroup.objects.filter(
|
||||||
|
provider=self.provider, group=group
|
||||||
|
).first()
|
||||||
|
self.assertIsNone(microsoft_group)
|
||||||
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
|
group_create.assert_not_called()
|
||||||
|
|
||||||
def test_group_create_update(self):
|
def test_group_create_update(self):
|
||||||
"""Test group updating"""
|
"""Test group updating"""
|
||||||
uid = generate_id()
|
uid = generate_id()
|
||||||
|
|||||||
@ -94,6 +94,42 @@ class MicrosoftEntraUserTests(TestCase):
|
|||||||
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
user_create.assert_called_once()
|
user_create.assert_called_once()
|
||||||
|
|
||||||
|
def test_user_not_created(self):
|
||||||
|
"""Test without property mappings, no group is created"""
|
||||||
|
self.provider.property_mappings.clear()
|
||||||
|
uid = generate_id()
|
||||||
|
with (
|
||||||
|
patch(
|
||||||
|
"authentik.enterprise.providers.microsoft_entra.models.MicrosoftEntraProvider.microsoft_credentials",
|
||||||
|
MagicMock(return_value={"credentials": self.creds}),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"msgraph.generated.organization.organization_request_builder.OrganizationRequestBuilder.get",
|
||||||
|
AsyncMock(
|
||||||
|
return_value=OrganizationCollectionResponse(
|
||||||
|
value=[
|
||||||
|
Organization(verified_domains=[VerifiedDomain(name="goauthentik.io")])
|
||||||
|
]
|
||||||
|
)
|
||||||
|
),
|
||||||
|
),
|
||||||
|
patch(
|
||||||
|
"msgraph.generated.users.users_request_builder.UsersRequestBuilder.post",
|
||||||
|
AsyncMock(return_value=MSUser(id=generate_id())),
|
||||||
|
) as user_create,
|
||||||
|
):
|
||||||
|
user = User.objects.create(
|
||||||
|
username=uid,
|
||||||
|
name=f"{uid} {uid}",
|
||||||
|
email=f"{uid}@goauthentik.io",
|
||||||
|
)
|
||||||
|
microsoft_user = MicrosoftEntraProviderUser.objects.filter(
|
||||||
|
provider=self.provider, user=user
|
||||||
|
).first()
|
||||||
|
self.assertIsNone(microsoft_user)
|
||||||
|
self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
|
||||||
|
user_create.assert_not_called()
|
||||||
|
|
||||||
def test_user_create_update(self):
|
def test_user_create_update(self):
|
||||||
"""Test user updating"""
|
"""Test user updating"""
|
||||||
uid = generate_id()
|
uid = generate_id()
|
||||||
|
|||||||
Reference in New Issue
Block a user