add test for internal password update

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

authentik/sources/kerberos/signals.py

@@ -33,7 +33,7 @@ def kerberos_sync_password(sender, user: User, password: str, **_):
     """Connect to kerberos and update password."""
     user_source_connections = UserKerberosSourceConnection.objects.select_related(
         "source__kerberossource"
-    ).filter(user=user, source__kerberossource__sync_users_password=True)
+    ).filter(user=user, source__kerberossource__sync_users=True, source__kerberossource__sync_users_password=True)
     for user_source_connection in user_source_connections:
         source = user_source_connection.source.kerberossource
         with Krb5ConfContext(source):

authentik/sources/kerberos/tests/test_auth.py

@@ -1,5 +1,6 @@
 """Kerberos Source Auth tests"""
 
+from django.contrib.auth.hashers import is_password_usable
 from authentik.core.models import User
 from authentik.lib.generators import generate_id
 from authentik.sources.kerberos.auth import KerberosBackend
@@ -16,8 +17,11 @@ def setUp(self):
             slug="kerberos",
             realm=self.realm.realm,
             sync_users=False,
+            sync_users_password=False,
+            password_login_update_internal_password=True,
         )
         self.user = User.objects.create(username=generate_id())
+        self.user.set_unusable_password()
         UserKerberosSourceConnection.objects.create(
             source=self.source, user=self.user, identifier=self.realm.user_princ
         )
@@ -41,3 +45,12 @@ def test_auth_principal(self):
             ),
             self.user,
         )
+
+    def test_internal_password_update(self):
+        """Test internal password update"""
+        backend = KerberosBackend()
+        backend.authenticate(
+            None, username=self.realm.user_princ, password=self.realm.password("user")
+        )
+        self.user.refresh_from_db()
+        self.assertTrue(is_password_usable(self.user.password))