habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: fix CVE 2024 52289 (#12113)

Browse Source 
* initial migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix loading

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start dynamic ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add serialize

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add error message handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix/add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* prepare docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate to new input

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L.
2024-11-21 14:46:43 +01:00
committed by GitHub
parent 5ea4580884
commit 85bb638243
37 changed files with 687 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/e2e/test_provider_oauth2_github.py
View File

@ -12,7 +12,12 @@ from authentik.flows.models import Flow
from authentik.lib.generators import generate_id, generate_key
from authentik.policies.expression.models import ExpressionPolicy
from authentik.policies.models import PolicyBinding
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider
from authentik.providers.oauth2.models import (
ClientTypes,
OAuth2Provider,
RedirectURI,
RedirectURIMatchingMode,
)
from tests.e2e.utils import SeleniumTestCase, retry
@ -73,7 +78,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
client_type=ClientTypes.CONFIDENTIAL,
redirect_uris="http://localhost:3000/login/github",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/github")
],
authorization_flow=authorization_flow,
)
Application.objects.create(
@ -128,7 +135,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
client_type=ClientTypes.CONFIDENTIAL,
redirect_uris="http://localhost:3000/login/github",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/github")
],
authorization_flow=authorization_flow,
)
app = Application.objects.create(
@ -199,7 +208,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
client_type=ClientTypes.CONFIDENTIAL,
redirect_uris="http://localhost:3000/login/github",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/github")
],
authorization_flow=authorization_flow,
)
app = Application.objects.create(

34
tests/e2e/test_provider_oauth2_grafana.py
View File

@ -19,7 +19,13 @@ from authentik.providers.oauth2.constants import (
SCOPE_OPENID_EMAIL,
SCOPE_OPENID_PROFILE,
)
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
from authentik.providers.oauth2.models import (
ClientTypes,
OAuth2Provider,
RedirectURI,
RedirectURIMatchingMode,
ScopeMapping,
)
from tests.e2e.utils import SeleniumTestCase, retry
@ -82,7 +88,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:3000/",
redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/")],
authorization_flow=authorization_flow,
)
provider.property_mappings.set(
@ -131,7 +137,11 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:3000/login/generic_oauth",
redirect_uris=[
RedirectURI(
RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/generic_oauth"
)
],
authorization_flow=authorization_flow,
)
provider.property_mappings.set(
@ -200,7 +210,11 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:3000/login/generic_oauth",
redirect_uris=[
RedirectURI(
RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/generic_oauth"
)
],
authorization_flow=authorization_flow,
invalidation_flow=invalidation_flow,
)
@ -275,7 +289,11 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:3000/login/generic_oauth",
redirect_uris=[
RedirectURI(
RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/generic_oauth"
)
],
)
provider.property_mappings.set(
ScopeMapping.objects.filter(
@ -355,7 +373,11 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:3000/login/generic_oauth",
redirect_uris=[
RedirectURI(
RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/generic_oauth"
)
],
)
provider.property_mappings.set(
ScopeMapping.objects.filter(

22
tests/e2e/test_provider_oidc.py
View File

@ -19,7 +19,13 @@ from authentik.providers.oauth2.constants import (
SCOPE_OPENID_EMAIL,
SCOPE_OPENID_PROFILE,
)
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
from authentik.providers.oauth2.models import (
ClientTypes,
OAuth2Provider,
RedirectURI,
RedirectURIMatchingMode,
ScopeMapping,
)
from tests.e2e.utils import SeleniumTestCase, retry
@ -67,7 +73,7 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/",
redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/")],
authorization_flow=authorization_flow,
)
provider.property_mappings.set(
@ -116,7 +122,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/auth/callback",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
],
authorization_flow=authorization_flow,
)
provider.property_mappings.set(
@ -188,7 +196,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/auth/callback",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
],
)
provider.property_mappings.set(
ScopeMapping.objects.filter(
@ -259,7 +269,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/auth/callback",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
],
)
provider.property_mappings.set(
ScopeMapping.objects.filter(

22
tests/e2e/test_provider_oidc_implicit.py
View File

@ -19,7 +19,13 @@ from authentik.providers.oauth2.constants import (
SCOPE_OPENID_EMAIL,
SCOPE_OPENID_PROFILE,
)
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
from authentik.providers.oauth2.models import (
ClientTypes,
OAuth2Provider,
RedirectURI,
RedirectURIMatchingMode,
ScopeMapping,
)
from tests.e2e.utils import SeleniumTestCase, retry
@ -68,7 +74,7 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/",
redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/")],
authorization_flow=authorization_flow,
)
provider.property_mappings.set(
@ -117,7 +123,9 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/implicit/",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
],
authorization_flow=authorization_flow,
)
provider.property_mappings.set(
@ -170,7 +178,9 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/implicit/",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
],
)
provider.property_mappings.set(
ScopeMapping.objects.filter(
@ -238,7 +248,9 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
client_id=self.client_id,
client_secret=self.client_secret,
signing_key=create_test_cert(),
redirect_uris="http://localhost:9009/implicit/",
redirect_uris=[
RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/implicit/")
],
)
provider.property_mappings.set(
ScopeMapping.objects.filter(