def test_get_selfservice_action_value(self, mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions):
"""Verify the policy evaluation via helper get_selfservice_action_value"""
mocked__get_client.return_value = '127.0.0.1'
simple_user = LinotpUser(login='******', realm='defaultrealm')
anonym_user = LinotpUser(login='******', realm='defaultrealm')
policy_set = copy.deepcopy(PolicySet)
# ----------------------------------------------------------------- --
mocked_get_policy_definitions.return_value = {
'selfservice': {
'otp_pin_maxlength': {
'type': 'int'
},
'enrollHMAC': {
'type': 'bool'
},
'reset': {
'type': 'bool'
},
}
}
# verify that general policy is honored
policy_set['general']['action'] = (
'otp_pin_maxlength=4, enrollHMAC, reset')
mocked__get_policies.return_value = policy_set
res = get_selfservice_action_value('otp_pin_maxlength',
user=simple_user)
assert res == 4
# ----------------------------------------------------------------- --
# verify that user specific policy is honored
policy_set['simple_user']['action'] = (
'otp_pin_maxlength=6, delete, reset')
mocked__get_policies.return_value = policy_set
res = get_selfservice_action_value('otp_pin_maxlength',
user=simple_user)
assert res == 6
# ----------------------------------------------------------------- --
# verify that user specific policy is honored but only for the user
res = get_selfservice_action_value('otp_pin_maxlength',
user=anonym_user)
assert res == 4
def test_autoenrollment(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""Verify that the autoenrollment is evaluated from general."""
mocked__get_client.return_value = "127.0.0.1"
policy_set = copy.deepcopy(PolicySet)
mocked_get_policy_definitions.return_value = {
"enrollment": {
"autoenrollment": {
"type":
"str",
"desc":
"users can enroll a token just by using the "
"pin to authenticate and will an otp for authentication",
},
}
}
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set["general"]["action"] = "autoenrollment=email"
mocked__get_policies.return_value = policy_set
fake_user = LinotpUser(login="******", realm="defaultrealm")
is_enabled, token_type = get_auto_enrollment(fake_user)
assert is_enabled, "autoenrollment should be defined!"
assert token_type == ["email"]
# ----------------------------------------------------------------- --
# verify that if set, user specific policy is honored
policy_set["fake_user"]["action"] = "autoenrollment=sms"
mocked__get_policies.return_value = policy_set
fake_user = LinotpUser(login="******", realm="defaultrealm")
is_enabled, token_type = get_auto_enrollment(fake_user)
assert is_enabled, "autoenrollment should be defined!"
assert token_type == ["sms"]
def test_get_partition(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""verify that client in the policy is honored for get_partition"""
m_policy = {
"general": {
"realm": "*",
"active": "True",
"client": "127.0.0.1/24",
"user": "******",
"time": "* * * * * *;",
"action": "partition=2",
"scope": "enrollment",
}
}
mocked_get_policy_definitions.return_value = {
"enrollment": {
"partition": {"type": "int", "desc": "partition"},
}
}
mocked__get_policies.return_value = m_policy
user = LinotpUser(login="******", realm="defaultrealm")
mocked__get_client.return_value = "127.0.0.1"
assert get_partition(["defaultrealm"], user=user) == 2
mocked__get_client.return_value = "128.0.0.1"
assert get_partition(["defaultrealm"], user=user) == 0
def test_getOTPPINEncrypt(self, mocked__get_client, mocked__get_policies,
mocked__get_realms,
mocked_get_policy_definitions):
"""verify that client in the policy is honored for getOTPPINEncrypt"""
m_policy = {
'general': {
'realm': '*',
'active': 'True',
'client': '127.0.0.1/24',
'user': '******',
'time': '* * * * * *;',
'action': 'otp_pin_encrypt',
'scope': 'enrollment',
}
}
mocked__get_policies.return_value = m_policy
mocked__get_realms.return_value = ['defaultrealm']
mocked_get_policy_definitions.return_value = {
'enrollment': {
'otp_pin_encrypt': {
'type': 'int',
'value': [0, 1]
},
}
}
user = LinotpUser(login='******', realm='defaultrealm')
mocked__get_client.return_value = '127.0.0.1'
assert getOTPPINEncrypt(user=user) == 1
mocked__get_client.return_value = '128.0.0.1'
assert getOTPPINEncrypt(user=user) == 0
def test_autoenrollment(self, mocked__get_client, mocked__get_policies,
mocked_get_policy_definitions):
"""Verify that the autoenrollment is evaluated from general."""
mocked__get_client.return_value = '127.0.0.1'
policy_set = copy.deepcopy(PolicySet)
mocked_get_policy_definitions.return_value = {
'enrollment': {
'autoenrollment': {
'type':
'str',
'desc':
'users can enroll a token just by using the '
'pin to authenticate and will an otp for authentication'
},
}
}
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set['general']['action'] = 'autoenrollment=email'
mocked__get_policies.return_value = policy_set
fake_user = LinotpUser(login='******', realm='defaultrealm')
is_enabled, token_type = get_auto_enrollment(fake_user)
assert is_enabled, 'autoenrollment should be defined!'
assert token_type == ['email']
# ----------------------------------------------------------------- --
# verify that if set, user specific policy is honored
policy_set['fake_user']['action'] = 'autoenrollment=sms'
mocked__get_policies.return_value = policy_set
fake_user = LinotpUser(login='******', realm='defaultrealm')
is_enabled, token_type = get_auto_enrollment(fake_user)
assert is_enabled, 'autoenrollment should be defined!'
assert token_type == ['sms']
def test_maxtoken_type_evaluation2(
self,
mocked_getTokens4UserOrSerial,
mocked__get_client,
mocked__getUserRealms,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""Check if maxtoken type policy works correctly."""
fake_user = LinotpUser(login="******", realm="defaultrealm")
mocked_getTokens4UserOrSerial.return_value = [Token("hmac")]
mocked__get_client.return_value = "127.0.0.1"
mocked__getUserRealms.return_value = ["defaultrealm", "otherrealm"]
mocked_get_policy_definitions.return_value = {
"enrollment": {
"maxtoken": {
"type": "int"
},
"maxtokenHMAC": {
"type": "int"
},
"maxtokenPUSH": {
"type": "int"
},
}
}
policy_set = copy.deepcopy(PolicySet)
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set["general"]["action"] = "maxtokenHMAC=2, maxtokenPUSH=2,"
mocked__get_policies.return_value = policy_set
try:
check_maxtoken_for_user_by_type(fake_user, "hmac")
except PolicyException:
assert not True, ("_checkTokenAssigned: Exception raised, but "
"token count was still in boundaries")
# ----------------------------------------------------------------- --
# verify that if set, the user specific policy is honored
policy_set["fake_user"]["action"] = "maxtokenHMAC=1"
mocked__get_policies.return_value = policy_set
try:
check_maxtoken_for_user_by_type(fake_user, "hmac")
except PolicyException:
assert True, ("_checkTokenAssigned: Exception raised, but "
"token count was not in boundaries")
def test_maxtoken_type_evaluation2(self, mocked_getTokens4UserOrSerial,
mocked__get_client,
mocked__getUserRealms,
mocked__get_policies,
mocked_get_policy_definitions):
"""Check if maxtoken type policy works correctly."""
fake_user = LinotpUser(login='******', realm='defaultrealm')
mocked_getTokens4UserOrSerial.return_value = [Token('hmac')]
mocked__get_client.return_value = '127.0.0.1'
mocked__getUserRealms.return_value = ['defaultrealm', 'otherrealm']
mocked_get_policy_definitions.return_value = {
'enrollment': {
'maxtoken': {
'type': 'int'
},
'maxtokenHMAC': {
'type': 'int'
},
'maxtokenPUSH': {
'type': 'int'
},
}
}
policy_set = copy.deepcopy(PolicySet)
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set['general']['action'] = 'maxtokenHMAC=2, maxtokenPUSH=2,'
mocked__get_policies.return_value = policy_set
try:
check_maxtoken_for_user_by_type(fake_user, 'hmac')
except PolicyException:
assert not True, '_checkTokenAssigned: Exception raised, but ' \
'token count was still in boundaries'
# ----------------------------------------------------------------- --
# verify that if set, the user specific policy is honored
policy_set['fake_user']['action'] = 'maxtokenHMAC=1'
mocked__get_policies.return_value = policy_set
try:
check_maxtoken_for_user_by_type(fake_user, 'hmac')
except PolicyException:
assert True, '_checkTokenAssigned: Exception raised, but ' \
'token count was not in boundaries'
def test_autoassignment(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""Verify that the autoassignment is evaluated from general."""
mocked__get_client.return_value = "127.0.0.1"
policy_set = copy.deepcopy(PolicySet)
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set["general"]["action"] = "autoassignment"
mocked__get_policies.return_value = policy_set
mocked_get_policy_definitions.return_value = {
"enrollment": {
"autoassignment": {
"type":
"bool",
"desc":
"users can assign a token just by using the "
"unassigned token to authenticate.",
},
}
}
fake_user = LinotpUser(login="******", realm="defaultrealm")
assert get_autoassignment(fake_user), "autoassigment should be set!"
# ----------------------------------------------------------------- --
# verify that if set, user specific policy is honored
policy_set["fake_user"]["action"] = "tokenissuer=<u>, autoassignment"
mocked__get_policies.return_value = policy_set
issuer = get_tokenissuer(user="******",
realm="defaultrealm",
serial="mySerial")
assert issuer == "fake_user"
def test_autoassignment(self, mocked__get_client, mocked__get_policies,
mocked_get_policy_definitions):
"""Verify that the autoassignment is evaluated from general."""
mocked__get_client.return_value = '127.0.0.1'
policy_set = copy.deepcopy(PolicySet)
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set['general']['action'] = 'autoassignment'
mocked__get_policies.return_value = policy_set
mocked_get_policy_definitions.return_value = {
'enrollment': {
'autoassignment': {
'type':
'bool',
'desc':
'users can assign a token just by using the '
'unassigned token to authenticate.'
},
}
}
fake_user = LinotpUser(login='******', realm='defaultrealm')
assert get_autoassignment(fake_user), 'autoassigment should be set!'
# ----------------------------------------------------------------- --
# verify that if set, user specific policy is honored
policy_set['fake_user']['action'] = 'tokenissuer=<u>, autoassignment'
mocked__get_policies.return_value = policy_set
issuer = get_tokenissuer(user='******',
realm='defaultrealm',
serial='mySerial')
assert issuer == 'fake_user'
def test_getOTPPINEncrypt(
self,
mocked__get_client,
mocked__get_policies,
mocked__get_realms,
mocked_get_policy_definitions,
):
"""verify that client in the policy is honored for getOTPPINEncrypt"""
m_policy = {
"general": {
"realm": "*",
"active": "True",
"client": "127.0.0.1/24",
"user": "******",
"time": "* * * * * *;",
"action": "otp_pin_encrypt",
"scope": "enrollment",
}
}
mocked__get_policies.return_value = m_policy
mocked__get_realms.return_value = ["defaultrealm"]
mocked_get_policy_definitions.return_value = {
"enrollment": {
"otp_pin_encrypt": {"type": "int", "value": [0, 1]},
}
}
user = LinotpUser(login="******", realm="defaultrealm")
mocked__get_client.return_value = "127.0.0.1"
assert getOTPPINEncrypt(user=user) == 1
mocked__get_client.return_value = "128.0.0.1"
assert getOTPPINEncrypt(user=user) == 0
def test_get_partition(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""verify that client in the policy is honored for get_partition"""
m_policy = {
'general': {
'realm': '*',
'active': 'True',
'client': '127.0.0.1/24',
'user': '******',
'time': '* * * * * *;',
'action': 'partition=2',
'scope': 'enrollment',
}
}
mocked_get_policy_definitions.return_value = {
'enrollment': {
'partition': {
'type': 'int',
'desc': 'partition'
},
}
}
mocked__get_policies.return_value = m_policy
user = LinotpUser(login='******', realm='defaultrealm')
mocked__get_client.return_value = '127.0.0.1'
assert get_partition(['defaultrealm'], user=user) == 2
mocked__get_client.return_value = '128.0.0.1'
assert get_partition(['defaultrealm'], user=user) == 0
def test_losttoken(self, mocked_getTokenOwner, mocked__get_policies,
mocked_get_policy_definitions):
"""Verify the policy evaluation in losttoken honores general actions."""
fake_user = LinotpUser(login='******', realm='defaultrealm')
mocked_getTokenOwner.return_value = fake_user
policy_set = copy.deepcopy(PolicySet)
mocked_get_policy_definitions.return_value = {
'enrollment': {
'lostTokenPWLen': {
'type':
'int',
'desc':
'The length of the password in case of '
'temporary token.'
},
'lostTokenPWContents': {
'type':
'str',
'desc':
'The contents of the temporary password, '
'described by the characters C, c, n, s.'
},
'lostTokenValid': {
'type':
'set',
'value': ['int', 'duration'],
'desc':
'The length of the validity for the temporary '
'token as days or duration with "d"-days, "h"-hours,'
' "m"-minutes, "s"-seconds.'
},
}
}
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set['general']['action'] = (
'lostTokenPWLen=5, lostTokenPWContents=n, lostTokenValid=2')
mocked__get_policies.return_value = policy_set
end_date = (datetime.date.today() +
datetime.timedelta(days=2)).strftime("%d/%m/%y")
end_date = "%s 23:59" % end_date
th = TokenHandler()
res = th.losttoken('mySerial', 'mySerial_new')
assert res['password'].isdigit()
assert len(res['password']) == 5
assert res['end_date'] == end_date
# ----------------------------------------------------------------- --
# verify that user specific policy is honored
policy_set['fake_user']['action'] = (
'lostTokenPWLen=3, lostTokenPWContents=c, lostTokenValid=1')
mocked__get_policies.return_value = policy_set
end_date = (datetime.date.today() +
datetime.timedelta(days=1)).strftime("%d/%m/%y")
end_date = "%s 23:59" % end_date
th = TokenHandler()
res = th.losttoken(serial='mySerial', new_serial='mySerial_new')
assert not res['password'].isdigit()
assert len(res['password']) == 3
assert res['end_date'] == end_date
def test_losttoken(
self,
mocked_getTokenOwner,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""Verify the policy evaluation in losttoken honores general actions."""
fake_user = LinotpUser(login="******", realm="defaultrealm")
mocked_getTokenOwner.return_value = fake_user
policy_set = copy.deepcopy(PolicySet)
mocked_get_policy_definitions.return_value = {
"enrollment": {
"lostTokenPWLen": {
"type":
"int",
"desc":
"The length of the password in case of "
"temporary token.",
},
"lostTokenPWContents": {
"type":
"str",
"desc":
"The contents of the temporary password, "
"described by the characters C, c, n, s.",
},
"lostTokenValid": {
"type":
"set",
"value": ["int", "duration"],
"desc":
"The length of the validity for the temporary "
'token as days or duration with "d"-days, "h"-hours,'
' "m"-minutes, "s"-seconds.',
},
}
}
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set["general"][
"action"] = "lostTokenPWLen=5, lostTokenPWContents=n, lostTokenValid=2"
mocked__get_policies.return_value = policy_set
end_date = (datetime.date.today() +
datetime.timedelta(days=2)).strftime("%d/%m/%y")
end_date = "%s 23:59" % end_date
th = TokenHandler()
res = th.losttoken("mySerial", "mySerial_new")
assert res["password"].isdigit()
assert len(res["password"]) == 5
assert res["end_date"] == end_date
# ----------------------------------------------------------------- --
# verify that user specific policy is honored
policy_set["fake_user"][
"action"] = "lostTokenPWLen=3, lostTokenPWContents=c, lostTokenValid=1"
mocked__get_policies.return_value = policy_set
end_date = (datetime.date.today() +
datetime.timedelta(days=1)).strftime("%d/%m/%y")
end_date = "%s 23:59" % end_date
th = TokenHandler()
res = th.losttoken(serial="mySerial", new_serial="mySerial_new")
assert not res["password"].isdigit()
assert len(res["password"]) == 3
assert res["end_date"] == end_date
def test_get_selfservice_actions(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""Verify the policy evaluation via helper get_selfservice_actions"""
mocked__get_client.return_value = "127.0.0.1"
simple_user = LinotpUser(login="******", realm="defaultrealm")
anonym_user = LinotpUser(login="******", realm="defaultrealm")
policy_set = copy.deepcopy(PolicySet)
mocked_get_policy_definitions.return_value = {
"selfservice": {
"setDescription": {
"type": "bool"
},
"enrollHMAC": {
"type": "bool"
},
"reset": {
"type": "bool"
},
}
}
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set["general"]["action"] = "setDescription, enrollHMAC, reset"
mocked__get_policies.return_value = policy_set
res = get_selfservice_actions(simple_user, "setDescription")
assert "setDescription" in res
assert res["setDescription"]
res = get_selfservice_actions(simple_user)
assert "setDescription" not in res
assert "disable" in res
assert get_selfservice_actions(simple_user, "setDescription")
assert not get_selfservice_actions(anonym_user, "disable")
# ----------------------------------------------------------------- --
# verify that user specific policy is honored
policy_set["simple_user"]["action"] = "setDescription, disable"
mocked__get_policies.return_value = policy_set
res = get_selfservice_actions(simple_user)
assert "setDescription" in res
assert "disable" in res
assert "reset" not in res
def test_get_selfservice_action_value(
self,
mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions,
):
"""Verify the policy evaluation via helper get_selfservice_action_value"""
mocked__get_client.return_value = "127.0.0.1"
simple_user = LinotpUser(login="******", realm="defaultrealm")
anonym_user = LinotpUser(login="******", realm="defaultrealm")
policy_set = copy.deepcopy(PolicySet)
# ----------------------------------------------------------------- --
mocked_get_policy_definitions.return_value = {
"selfservice": {
"otp_pin_maxlength": {
"type": "int"
},
"enrollHMAC": {
"type": "bool"
},
"reset": {
"type": "bool"
},
}
}
# verify that general policy is honored
policy_set["general"][
"action"] = "otp_pin_maxlength=4, enrollHMAC, reset"
mocked__get_policies.return_value = policy_set
res = get_selfservice_action_value("otp_pin_maxlength",
user=simple_user)
assert res == 4
# ----------------------------------------------------------------- --
# verify that user specific policy is honored
policy_set["simple_user"][
"action"] = "otp_pin_maxlength=6, delete, reset"
mocked__get_policies.return_value = policy_set
res = get_selfservice_action_value("otp_pin_maxlength",
user=simple_user)
assert res == 6
# ----------------------------------------------------------------- --
# verify that user specific policy is honored but only for the user
res = get_selfservice_action_value("otp_pin_maxlength",
user=anonym_user)
assert res == 4
def test_get_selfservice_actions(self, mocked__get_client,
mocked__get_policies,
mocked_get_policy_definitions):
"""Verify the policy evaluation via helper get_selfservice_actions"""
mocked__get_client.return_value = '127.0.0.1'
simple_user = LinotpUser(login='******', realm='defaultrealm')
anonym_user = LinotpUser(login='******', realm='defaultrealm')
policy_set = copy.deepcopy(PolicySet)
mocked_get_policy_definitions.return_value = {
'selfservice': {
'setDescription': {
'type': 'bool'
},
'enrollHMAC': {
'type': 'bool'
},
'reset': {
'type': 'bool'
},
}
}
# ----------------------------------------------------------------- --
# verify that general policy is honored
policy_set['general']['action'] = ('setDescription, enrollHMAC, reset')
mocked__get_policies.return_value = policy_set
res = get_selfservice_actions(simple_user, 'setDescription')
assert 'setDescription' in res
assert res['setDescription']
res = get_selfservice_actions(simple_user)
assert 'setDescription' not in res
assert 'disable' in res
assert get_selfservice_actions(simple_user, 'setDescription')
assert not get_selfservice_actions(anonym_user, 'disable')
# ----------------------------------------------------------------- --
# verify that user specific policy is honored
policy_set['simple_user']['action'] = ('setDescription, disable')
mocked__get_policies.return_value = policy_set
res = get_selfservice_actions(simple_user)
assert 'setDescription' in res
assert 'disable' in res
assert 'reset' not in res
