outposts: improve API validation for config attribute, ensure all required attributes are set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-10 19:24:42 +02:00
parent 8eaaaae2a7
commit cd629dfbaa
4 changed files with 50 additions and 19 deletions
--- a/authentik/outposts/api/outposts.py
+++ b/authentik/outposts/api/outposts.py
@ -1,23 +1,33 @@
 """Outpost API Views"""
+from dacite.core import from_dict
+from dacite.exceptions import DaciteError
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework.decorators import action
 from rest_framework.fields import BooleanField, CharField, DateTimeField
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import JSONField, ModelSerializer
+from rest_framework.serializers import JSONField, ModelSerializer, ValidationError
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.providers import ProviderSerializer
 from authentik.core.api.utils import PassiveSerializer, is_dict
-from authentik.outposts.models import Outpost, default_outpost_config
+from authentik.outposts.models import Outpost, OutpostConfig, default_outpost_config


 class OutpostSerializer(ModelSerializer):
    """Outpost Serializer"""

-    _config = JSONField(validators=[is_dict])
+    config = JSONField(validators=[is_dict], source="_config")
    providers_obj = ProviderSerializer(source="providers", many=True, read_only=True)

+    def validate_config(self, config) -> dict:
+        """Check that the config has all required fields"""
+        try:
+            from_dict(OutpostConfig, config)
+        except DaciteError as exc:
+            raise ValidationError(f"Failed to validate config: {str(exc)}") from exc
+        return config
+
    class Meta:

        model = Outpost
@ -29,7 +39,7 @@ class OutpostSerializer(ModelSerializer):
            "providers_obj",
            "service_connection",
            "token_identifier",
-            "_config",
+            "config",
        ]


--- a/authentik/outposts/tests/test_api.py
+++ b/authentik/outposts/tests/test_api.py
@ -3,6 +3,10 @@ from django.urls import reverse
 from rest_framework.test import APITestCase

 from authentik.core.models import PropertyMapping, User
+from authentik.flows.models import Flow
+from authentik.outposts.api.outposts import OutpostSerializer
+from authentik.outposts.models import default_outpost_config
+from authentik.providers.proxy.models import ProxyProvider


 class TestOutpostServiceConnectionsAPI(APITestCase):
@ -22,3 +26,20 @@ class TestOutpostServiceConnectionsAPI(APITestCase):
            reverse("authentik_api:outpostserviceconnection-types"),
        )
        self.assertEqual(response.status_code, 200)
+
+    def test_outpost_config(self):
+        """Test Outpost's config field"""
+        provider = ProxyProvider.objects.create(name="test", authorization_flow=Flow.objects.first())
+        invalid = OutpostSerializer(data={
+            "name": "foo",
+            "providers": [provider.pk],
+            "config": {}
+        })
+        self.assertFalse(invalid.is_valid())
+        self.assertIn("config", invalid.errors)
+        valid = OutpostSerializer(data={
+            "name": "foo",
+            "providers": [provider.pk],
+            "config": default_outpost_config("foo")
+        })
+        self.assertTrue(valid.is_valid())