fix more

Signed-off-by: Jens Langhammer <[email protected]>

authentik/enterprise/providers/google_workspace/api/groups.py

@@ -30,8 +30,8 @@ class Meta:
 
 
 class GoogleWorkspaceProviderGroupViewSet(
-    OutgoingSyncConnectionCreateMixin,
     mixins.CreateModelMixin,
+    OutgoingSyncConnectionCreateMixin,
     mixins.RetrieveModelMixin,
     mixins.DestroyModelMixin,
     UsedByMixin,

authentik/enterprise/providers/google_workspace/api/users.py

@@ -30,8 +30,8 @@ class Meta:
 
 
 class GoogleWorkspaceProviderUserViewSet(
-    OutgoingSyncConnectionCreateMixin,
     mixins.CreateModelMixin,
+    OutgoingSyncConnectionCreateMixin,
     mixins.RetrieveModelMixin,
     mixins.DestroyModelMixin,
     UsedByMixin,

authentik/enterprise/providers/microsoft_entra/api/groups.py

@@ -30,8 +30,8 @@ class Meta:
 
 
 class MicrosoftEntraProviderGroupViewSet(
-    OutgoingSyncConnectionCreateMixin,
     mixins.CreateModelMixin,
+    OutgoingSyncConnectionCreateMixin,
     mixins.RetrieveModelMixin,
     mixins.DestroyModelMixin,
     UsedByMixin,

authentik/enterprise/providers/microsoft_entra/tests/test_users.py

@@ -3,16 +3,18 @@
 from unittest.mock import AsyncMock, MagicMock, patch
 
 from azure.identity.aio import ClientSecretCredential
-from django.test import TestCase
+from django.urls import reverse
 from msgraph.generated.models.group_collection_response import GroupCollectionResponse
 from msgraph.generated.models.organization import Organization
 from msgraph.generated.models.organization_collection_response import OrganizationCollectionResponse
 from msgraph.generated.models.user import User as MSUser
 from msgraph.generated.models.user_collection_response import UserCollectionResponse
 from msgraph.generated.models.verified_domain import VerifiedDomain
+from rest_framework.test import APITestCase
 
 from authentik.blueprints.tests import apply_blueprint
 from authentik.core.models import Application, Group, User
+from authentik.core.tests.utils import create_test_admin_user
 from authentik.enterprise.providers.microsoft_entra.models import (
     MicrosoftEntraProvider,
     MicrosoftEntraProviderMapping,
@@ -25,11 +27,12 @@
 from authentik.tenants.models import Tenant
 
 
-class MicrosoftEntraUserTests(TestCase):
+class MicrosoftEntraUserTests(APITestCase):
     """Microsoft Entra User tests"""
 
     @apply_blueprint("system/providers-microsoft-entra.yaml")
     def setUp(self) -> None:
+
         # Delete all users and groups as the mocked HTTP responses only return one ID
         # which will cause errors with multiple users
         Tenant.objects.update(avatars="none")
@@ -371,3 +374,45 @@ def test_sync_task(self):
             )
             self.assertFalse(Event.objects.filter(action=EventAction.SYSTEM_EXCEPTION).exists())
             user_list.assert_called_once()
+
+    def test_connect_manual(self):
+        """test manual user connection"""
+        uid = generate_id()
+        self.app.backchannel_providers.remove(self.provider)
+        admin = create_test_admin_user()
+        different_user = User.objects.create(
+            username=uid,
+            email=f"{uid}@goauthentik.io",
+        )
+        self.app.backchannel_providers.add(self.provider)
+        with (
+            patch(
+                "authentik.enterprise.providers.microsoft_entra.models.MicrosoftEntraProvider.microsoft_credentials",
+                MagicMock(return_value={"credentials": self.creds}),
+            ),
+            patch(
+                "msgraph.generated.organization.organization_request_builder.OrganizationRequestBuilder.get",
+                AsyncMock(
+                    return_value=OrganizationCollectionResponse(
+                        value=[
+                            Organization(verified_domains=[VerifiedDomain(name="goauthentik.io")])
+                        ]
+                    )
+                ),
+            ),
+            patch(
+                "authentik.enterprise.providers.microsoft_entra.clients.users.MicrosoftEntraUserClient.update_single_attribute",
+                MagicMock(),
+            ) as user_get,
+        ):
+            self.client.force_login(admin)
+            response = self.client.post(
+                reverse("authentik_api:microsoftentraprovideruser-list"),
+                data={
+                    "microsoft_id": generate_id(),
+                    "user": different_user.pk,
+                    "provider": self.provider.pk,
+                },
+            )
+            self.assertEqual(response.status_code, 201)
+            user_get.assert_called_once()

authentik/lib/sync/outgoing/api.py

@@ -58,6 +58,7 @@ def sync_status(self, request: Request, pk: int) -> Response:
 
 
 class OutgoingSyncConnectionCreateMixin:
+    """Mixin for connection objects that fetches remote data upon creation"""
 
     def perform_create(self, serializer: ModelSerializer):
         super().perform_create(serializer)

authentik/providers/scim/api/groups.py

@@ -28,8 +28,8 @@ class Meta:
 
 
 class SCIMProviderGroupViewSet(
-    OutgoingSyncConnectionCreateMixin,
     mixins.CreateModelMixin,
+    OutgoingSyncConnectionCreateMixin,
     mixins.RetrieveModelMixin,
     mixins.DestroyModelMixin,
     UsedByMixin,

authentik/providers/scim/api/users.py

@@ -28,8 +28,8 @@ class Meta:
 
 
 class SCIMProviderUserViewSet(
-    OutgoingSyncConnectionCreateMixin,
     mixins.CreateModelMixin,
+    OutgoingSyncConnectionCreateMixin,
     mixins.RetrieveModelMixin,
     mixins.DestroyModelMixin,
     UsedByMixin,