6b155621fe
* add password policy to default password change flow This change complies with the minimal compositional requirements by NIST SP 800-63 Digital Identity Guidelines. See https://pages.nist.gov/800-63-4/sp800-63b.html#password More work is needed to comply with other parts of the Guidelines, specifically > If the chosen password is found on the blocklist, the CSP or verifier > [...] SHALL provide the reason for rejection. and > Verifiers SHALL offer guidance to the subscriber to assist the user in > choosing a strong password. This is particularly important following > the rejection of a password on the blocklist as it discourages trivial > modification of listed weak passwords. * add docs for default Password policy * remove HIBP from default Password policy * add zxcvbn to default Password policy * add fallback password error message to password policy, fix validation policy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reword docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> * add HIBP caveat Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> * separate policy into separate blueprint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use password policy for oobe flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * kiss Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
41 lines
1.3 KiB
Python
41 lines
1.3 KiB
Python
"""test packaged blueprints"""
|
|
|
|
from collections.abc import Callable
|
|
from pathlib import Path
|
|
|
|
from django.test import TransactionTestCase
|
|
|
|
from authentik.blueprints.models import BlueprintInstance
|
|
from authentik.blueprints.tests import apply_blueprint
|
|
from authentik.blueprints.v1.importer import Importer
|
|
from authentik.brands.models import Brand
|
|
|
|
|
|
class TestPackaged(TransactionTestCase):
|
|
"""Empty class, test methods are added dynamically"""
|
|
|
|
@apply_blueprint("default/default-brand.yaml")
|
|
def test_decorator_static(self):
|
|
"""Test @apply_blueprint decorator"""
|
|
self.assertTrue(Brand.objects.filter(domain="authentik-default").exists())
|
|
|
|
|
|
def blueprint_tester(file_name: Path) -> Callable:
|
|
"""This is used instead of subTest for better visibility"""
|
|
|
|
def tester(self: TestPackaged):
|
|
base = Path("blueprints/")
|
|
rel_path = Path(file_name).relative_to(base)
|
|
importer = Importer.from_string(BlueprintInstance(path=str(rel_path)).retrieve())
|
|
validation, logs = importer.validate()
|
|
self.assertTrue(validation, logs)
|
|
self.assertTrue(importer.apply())
|
|
|
|
return tester
|
|
|
|
|
|
for blueprint_file in Path("blueprints/").glob("**/*.yaml"):
|
|
if "local" in str(blueprint_file):
|
|
continue
|
|
setattr(TestPackaged, f"test_blueprint_{blueprint_file}", blueprint_tester(blueprint_file))
|