...bandit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
yeah
2025-03-23 21:07:31 +00:00 · 2025-03-23 20:51:47 +00:00 · 2025-03-23 20:43:39 +00:00 · 2025-03-23 19:30:24 +00:00
4 changed files with 27 additions and 15 deletions
--- a/tests/e2e/test_provider_oauth2_github.py
+++ b/tests/e2e/test_provider_oauth2_github.py
@ -47,10 +47,12 @@ class TestProviderOAuth2Github(SeleniumTestCase):
                "GF_AUTH_GITHUB_AUTH_URL": self.url(
                    "authentik_providers_oauth2_root:github-authorize"
                ),
-                "GF_AUTH_GITHUB_TOKEN_URL": self.url(
+                "GF_AUTH_GITHUB_TOKEN_URL": self.host_url(
                    "authentik_providers_oauth2_root:github-access-token"
                ),
-                "GF_AUTH_GITHUB_API_URL": self.url("authentik_providers_oauth2_root:github-user"),
+                "GF_AUTH_GITHUB_API_URL": self.host_url(
+                    "authentik_providers_oauth2_root:github-user"
+                ),
                "GF_LOG_LEVEL": "debug",
            },
        )
--- a/tests/e2e/test_provider_oauth2_grafana.py
+++ b/tests/e2e/test_provider_oauth2_grafana.py
@ -53,8 +53,12 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
                "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET": self.client_secret,
                "GF_AUTH_GENERIC_OAUTH_SCOPES": "openid email profile",
                "GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url("authentik_providers_oauth2:authorize"),
-                "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url("authentik_providers_oauth2:token"),
-                "GF_AUTH_GENERIC_OAUTH_API_URL": self.url("authentik_providers_oauth2:userinfo"),
+                "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.host_url(
+                    "authentik_providers_oauth2:token"
+                ),
+                "GF_AUTH_GENERIC_OAUTH_API_URL": self.host_url(
+                    "authentik_providers_oauth2:userinfo"
+                ),
                "GF_AUTH_SIGNOUT_REDIRECT_URL": self.url(
                    "authentik_providers_oauth2:end-session",
                    application_slug=self.app_slug,
--- a/tests/e2e/test_source_scim.py
+++ b/tests/e2e/test_source_scim.py
@ -42,7 +42,9 @@ class TestSourceSCIM(SeleniumTestCase):
        test_launch = session.post(
            "http://localhost:8080/test/run",
            data={
-                "endPoint": self.live_server_url + f"/source/scim/{source.slug}/v2",
+                "endPoint": self.host_url(
+                    "authentik_sources_scim:v2-root", source_slug=source.slug
+                ),
                "username": "foo",
                "password": source.token.key,
                "jwtToken": None,
--- a/tests/e2e/utils.py
+++ b/tests/e2e/utils.py
@ -2,7 +2,6 @@

 import json
 import os
-import socket
 from collections.abc import Callable
 from functools import lru_cache, wraps
 from os import environ
@ -36,8 +35,8 @@ from authentik.core.models import User
 from authentik.core.tests.utils import create_test_admin_user
 from authentik.lib.generators import generate_id

-RETRIES = int(environ.get("RETRIES", "3"))
 IS_CI = "CI" in environ
+RETRIES = int(environ.get("RETRIES", "3")) if IS_CI else 1


 def get_docker_tag() -> str:
@ -51,13 +50,6 @@ def get_docker_tag() -> str:
    return f"gh-{branch_name}"


-def get_local_ip() -> str:
-    """Get the local machine's IP"""
-    hostname = socket.gethostname()
-    ip_addr = socket.gethostbyname(hostname)
-    return ip_addr
-
-
 class DockerTestCase(TestCase):
    """Mixin for dealing with containers"""

@ -113,6 +105,9 @@ class DockerTestCase(TestCase):
            specs["network"] = self.__network.name
        specs["labels"] = self.docker_labels
        specs["detach"] = True
+        specs["extra_hosts"] = {
+            "host.docker.internal": "host-gateway",
+        }
        if hasattr(self, "live_server_url"):
            specs.setdefault("environment", {})
            specs["environment"]["AUTHENTIK_HOST"] = self.live_server_url
@ -155,7 +150,7 @@ class DockerTestCase(TestCase):
 class SeleniumTestCase(DockerTestCase, StaticLiveServerTestCase):
    """StaticLiveServerTestCase which automatically creates a Webdriver instance"""

-    host = get_local_ip()
+    host = "0.0.0.0"  # nosec Required for containers to reach us directly on the host
    wait_timeout: int
    user: User

@ -210,6 +205,15 @@ class SeleniumTestCase(DockerTestCase, StaticLiveServerTestCase):
            f"URL {self.driver.current_url} doesn't match expected URL {desired_url}",
        )

+    def host_url(self, view, query: dict | None = None, **kwargs) -> str:
+        """reverse `view` with `**kwargs` into full URL using live_server_url"""
+        url = f"http://host.docker.internal:{self.server_thread.port}" + reverse(
+            view, kwargs=kwargs
+        )
+        if query:
+            return url + "?" + urlencode(query)
+        return url
+
    def url(self, view, query: dict | None = None, **kwargs) -> str:
        """reverse `view` with `**kwargs` into full URL using live_server_url"""
        url = self.live_server_url + reverse(view, kwargs=kwargs)
Author	SHA1	Message	Date
Jens Langhammer	25181d079e	...bandit Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-03-23 21:07:31 +00:00
Jens Langhammer	5b91cb5ff3	yeah Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-03-23 20:51:47 +00:00
Jens Langhammer	8ba5fde5ba	fix Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-03-23 20:43:39 +00:00
Jens Langhammer	2802deb497	tests/e2e: don't rely DNS to get host's IP for container access Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-03-23 19:30:24 +00:00