f89cc98014
* set auth_via Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow requests with json content type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix group schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start improving error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim group patch for members Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated #1: fix debug check on startup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated fix #2: fix path for user page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group view tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more user tests too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
228 lines
7.6 KiB
Python
228 lines
7.6 KiB
Python
"""Test SCIM User"""
|
|
|
|
from json import dumps
|
|
from uuid import uuid4
|
|
|
|
from django.urls import reverse
|
|
from rest_framework.test import APITestCase
|
|
|
|
from authentik.core.tests.utils import create_test_user
|
|
from authentik.events.models import Event, EventAction
|
|
from authentik.lib.generators import generate_id
|
|
from authentik.providers.scim.clients.schema import User as SCIMUserSchema
|
|
from authentik.sources.scim.models import SCIMSource, SCIMSourcePropertyMapping, SCIMSourceUser
|
|
from authentik.sources.scim.views.v2.base import SCIM_CONTENT_TYPE
|
|
|
|
|
|
class TestSCIMUsers(APITestCase):
|
|
"""Test SCIM User view"""
|
|
|
|
def setUp(self) -> None:
|
|
self.source = SCIMSource.objects.create(name=generate_id(), slug=generate_id())
|
|
|
|
def test_user_list(self):
|
|
"""Test full user list"""
|
|
response = self.client.get(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
},
|
|
),
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
def test_user_list_single(self):
|
|
"""Test full user list (single user)"""
|
|
user = create_test_user()
|
|
SCIMSourceUser.objects.create(
|
|
source=self.source,
|
|
user=user,
|
|
id=str(uuid4()),
|
|
)
|
|
response = self.client.get(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
"user_id": str(user.uuid),
|
|
},
|
|
),
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 200)
|
|
SCIMUserSchema.model_validate_json(response.content, strict=True)
|
|
|
|
def test_user_create(self):
|
|
"""Test user create"""
|
|
user = create_test_user()
|
|
ext_id = generate_id()
|
|
response = self.client.post(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
},
|
|
),
|
|
data=dumps(
|
|
{
|
|
"userName": generate_id(),
|
|
"externalId": ext_id,
|
|
"emails": [
|
|
{
|
|
"primary": True,
|
|
"value": user.email,
|
|
}
|
|
],
|
|
}
|
|
),
|
|
content_type=SCIM_CONTENT_TYPE,
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 201)
|
|
self.assertTrue(SCIMSourceUser.objects.filter(source=self.source, id=ext_id).exists())
|
|
self.assertTrue(
|
|
Event.objects.filter(
|
|
action=EventAction.MODEL_CREATED, user__username=self.source.token.user.username
|
|
).exists()
|
|
)
|
|
|
|
def test_user_create_duplicate_by_username(self):
|
|
"""Test user create"""
|
|
user = create_test_user()
|
|
username = generate_id()
|
|
obj1 = {
|
|
"userName": username,
|
|
"externalId": generate_id(),
|
|
"emails": [
|
|
{
|
|
"primary": True,
|
|
"value": user.email,
|
|
}
|
|
],
|
|
}
|
|
obj2 = obj1.copy()
|
|
obj2.update({"externalId": generate_id()})
|
|
response = self.client.post(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
},
|
|
),
|
|
data=dumps(obj1),
|
|
content_type=SCIM_CONTENT_TYPE,
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 201)
|
|
self.assertTrue(
|
|
SCIMSourceUser.objects.filter(source=self.source, user__username=username).exists()
|
|
)
|
|
self.assertTrue(
|
|
Event.objects.filter(
|
|
action=EventAction.MODEL_CREATED, user__username=self.source.token.user.username
|
|
).exists()
|
|
)
|
|
response = self.client.post(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
},
|
|
),
|
|
data=dumps(obj2),
|
|
content_type=SCIM_CONTENT_TYPE,
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 409)
|
|
|
|
def test_user_property_mappings(self):
|
|
"""Test user property_mappings"""
|
|
self.source.user_property_mappings.set(
|
|
[
|
|
SCIMSourcePropertyMapping.objects.create(
|
|
name=generate_id(),
|
|
expression='return {"attributes": {"phone": data.get("phoneNumber")}}',
|
|
)
|
|
]
|
|
)
|
|
user = create_test_user()
|
|
ext_id = generate_id()
|
|
response = self.client.post(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
},
|
|
),
|
|
data=dumps(
|
|
{
|
|
"userName": generate_id(),
|
|
"externalId": ext_id,
|
|
"emails": [
|
|
{
|
|
"primary": True,
|
|
"value": user.email,
|
|
}
|
|
],
|
|
"phoneNumber": "0123456789",
|
|
}
|
|
),
|
|
content_type=SCIM_CONTENT_TYPE,
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 201)
|
|
self.assertEqual(
|
|
SCIMSourceUser.objects.get(source=self.source, id=ext_id).user.attributes["phone"],
|
|
"0123456789",
|
|
)
|
|
|
|
def test_user_update(self):
|
|
"""Test user update"""
|
|
user = create_test_user()
|
|
existing = SCIMSourceUser.objects.create(source=self.source, user=user, id=uuid4())
|
|
ext_id = generate_id()
|
|
response = self.client.put(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
"user_id": str(user.uuid),
|
|
},
|
|
),
|
|
data=dumps(
|
|
{
|
|
"id": str(existing.pk),
|
|
"userName": generate_id(),
|
|
"externalId": ext_id,
|
|
"emails": [
|
|
{
|
|
"primary": True,
|
|
"value": user.email,
|
|
}
|
|
],
|
|
}
|
|
),
|
|
content_type=SCIM_CONTENT_TYPE,
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
def test_user_delete(self):
|
|
"""Test user delete"""
|
|
user = create_test_user()
|
|
SCIMSourceUser.objects.create(source=self.source, user=user, id=uuid4())
|
|
response = self.client.delete(
|
|
reverse(
|
|
"authentik_sources_scim:v2-users",
|
|
kwargs={
|
|
"source_slug": self.source.slug,
|
|
"user_id": str(user.uuid),
|
|
},
|
|
),
|
|
content_type=SCIM_CONTENT_TYPE,
|
|
HTTP_AUTHORIZATION=f"Bearer {self.source.token.key}",
|
|
)
|
|
self.assertEqual(response.status_code, 204)
|