diff --git a/pykanidm/kanidm/radius/__init__.py b/pykanidm/kanidm/radius/__init__.py index fc528d08c..e4ada5a17 100644 --- a/pykanidm/kanidm/radius/__init__.py +++ b/pykanidm/kanidm/radius/__init__.py @@ -1,4 +1,3 @@ - """ kanidm RADIUS module """ import asyncio from functools import reduce @@ -33,7 +32,6 @@ def instantiate(_: Any) -> Any: ) logging.info("Starting up!") - config_path = None for config_file_path in CONFIG_PATHS: config_path = Path(config_file_path).expanduser().resolve() @@ -54,6 +52,7 @@ def instantiate(_: Any) -> Any: logging.info("Config file: %s", config_path.as_posix()) return radiusd.RLM_MODULE_OK + async def _get_radius_token( username: Optional[str] = None, ) -> Optional[Dict[str, Any]]: @@ -74,6 +73,7 @@ async def _get_radius_token( logging.debug(response.data) return response.data + # pylint: disable=too-many-locals def authorize( args: Any = Dict[Any, Any], @@ -120,7 +120,9 @@ def authorize( except Exception as error_message: # pylint: disable=broad-except logging.error("kanidm exception: %s, %s", type(error_message), error_message) if tok is None: - logging.info("kanidm RLM_MODULE_REJECT - unable to retrieve radius information token") + logging.info( + "kanidm RLM_MODULE_REJECT - unable to retrieve radius information token" + ) return radiusd.RLM_MODULE_REJECT # Get values out of the token @@ -164,8 +166,6 @@ def authorize( return (radiusd.RLM_MODULE_OK, reply, config_object) - - def authenticate( acct: str, password: str, diff --git a/pykanidm/kanidm/radius/utils.py b/pykanidm/kanidm/radius/utils.py index 2e6db587b..cbd3fe1f0 100644 --- a/pykanidm/kanidm/radius/utils.py +++ b/pykanidm/kanidm/radius/utils.py @@ -7,6 +7,7 @@ import os from .. import KanidmClient from ..types import RadiusTokenGroup + def check_vlan( acc: int, group: RadiusTokenGroup, @@ -25,7 +26,9 @@ def check_vlan( for radius_group in kanidm_client.config.radius_groups: logging.debug( - "Checking vlan group '%s' against user group %s", radius_group.spn, group.spn + "Checking vlan group '%s' against user group %s", + radius_group.spn, + group.spn, ) if radius_group.spn == group.spn: logging.info("returning new vlan: %s", radius_group.vlan) diff --git a/pykanidm/tests/test_radius_token.py b/pykanidm/tests/test_radius_token.py index 31c049fac..4936b5c95 100644 --- a/pykanidm/tests/test_radius_token.py +++ b/pykanidm/tests/test_radius_token.py @@ -22,7 +22,9 @@ async def test_radius_call(client_configfile: KanidmClient) -> None: print("Doing auth_init using token") if client_configfile.config.auth_token is None: - pytest.skip("You can't test auth if you don't have an auth_token in ~/.config/kanidm") + pytest.skip( + "You can't test auth if you don't have an auth_token in ~/.config/kanidm" + ) result = await client_configfile.get_radius_token(RADIUS_TEST_USER) print(f"{result=}") diff --git a/pykanidm/tests/test_ssl_ca.py b/pykanidm/tests/test_ssl_ca.py index 44e383008..d0a3d7b35 100644 --- a/pykanidm/tests/test_ssl_ca.py +++ b/pykanidm/tests/test_ssl_ca.py @@ -112,10 +112,19 @@ async def test_ssl_wrong_hostname_verify_certificate() -> None: @pytest.mark.network @pytest.mark.asyncio async def test_ssl_revoked() -> None: - """tests with a revoked certificate, it'll pass but one day this should be a thing""" + """tests with a revoked certificate""" + + with pytest.raises(aiohttp.ClientConnectorCertificateError): + client = KanidmClient( + uri="https://revoked.badssl.com/", + verify_certificate=True, + ) + result = await client.call_get("/") + assert result.content client = KanidmClient( uri="https://revoked.badssl.com/", + verify_certificate=False, ) result = await client.call_get("/") assert result.content