def test_suffix_with_valid_config_file(self):
config_format = (
"[OktaAPI]\n"
"Url: {}\n"
"Token: {}\n"
"UsernameSuffix: {}\n")
cfg = tempfile.NamedTemporaryFile()
cfg.file.write(config_format.format(
self.okta_url,
self.okta_token,
self.username_suffix))
cfg.file.seek(0)
env = MockEnviron({
'common_name': self.username_prefix,
'password': self.config['password']
})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
validator.read_configuration_file()
validator.load_environment_variables()
# Disable Public Key Pinning
validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]
rv = validator.authenticate()
self.assertEquals(rv, True)
last_error = self.okta_log_messages['info'][-1:][0]
self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_with_valid_config_file(self):
config_format = (
"[OktaAPI]\n"
"Url: {}\n"
"Token: {}\n")
cfg = tempfile.NamedTemporaryFile()
cfg.file.write(config_format.format(
self.okta_url,
self.okta_token))
cfg.file.seek(0)
env = MockEnviron({
'common_name': self.config['username'],
'password': self.config['password']
})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
validator.read_configuration_file()
validator.load_environment_variables()
# Disable Public Key Pinning
validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]
rv = validator.authenticate()
self.assertEquals(rv, True)
last_error = self.okta_log_messages['info'][-1:][0]
self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_with_valid_config_file_with_untrusted_user_disabled(self):
for val in ['yes', '1', 'true', 'ok', 'False', '0']:
config_format = (
"[OktaAPI]\n"
"Url: {}\n"
"Token: {}\n"
"AllowUntrustedUsers: {}")
cfg = tempfile.NamedTemporaryFile()
cfg.file.write(config_format.format(
self.okta_url,
self.okta_token,
val))
cfg.file.seek(0)
env = MockEnviron({
'username': self.config['username'],
'password': self.config['password']
})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
validator.read_configuration_file()
validator.load_environment_variables()
# Disable Public Key Pinning
validator.okta_config['assert_pinset'] = [
self.herokuapp_dot_com_pin]
rv = validator.authenticate()
self.assertEquals(rv, False)
def test_invalid_configuration_file(self):
validator = OktaOpenVPNValidator()
validator.config_file = '/dev/false'
rv = validator.read_configuration_file()
self.assertEquals(rv, False)
last_error = self.okta_log_messages['critical'][-1:][0]
self.assertIn('Failed to load config', last_error)
def test_with_valid_config_file_with_untrusted_user_disabled(self):
for val in ["yes", "1", "true", "ok", "False", "0"]:
config_format = "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: {}"
cfg = tempfile.NamedTemporaryFile()
cfg.file.write(config_format.format(self.okta_url, self.okta_token, val))
cfg.file.seek(0)
env = MockEnviron({"username": self.config["username"], "password": self.config["password"]})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
validator.read_configuration_file()
validator.load_environment_variables()
# Disable Public Key Pinning
validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin]
rv = validator.authenticate()
self.assertEquals(rv, False)
def test_invalid_configuration_file(self):
validator = OktaOpenVPNValidator()
validator.config_file = '/dev/false'
rv = validator.read_configuration_file()
self.assertEquals(rv, False)
last_error = self.okta_log_messages['critical'][-1:][0]
self.assertIn('Failed to load config', last_error)
def test_with_valid_config_file_with_untrusted_user_enabled(self):
config_format = "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: True"
cfg = tempfile.NamedTemporaryFile()
cfg.file.write(config_format.format(self.okta_url, self.okta_token))
cfg.file.seek(0)
env = MockEnviron({"username": self.config["username"], "password": self.config["password"]})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
validator.read_configuration_file()
validator.load_environment_variables()
# Disable Public Key Pinning
validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin]
rv = validator.authenticate()
self.assertEquals(rv, True)
last_error = self.okta_log_messages["info"][-1:][0]
self.assertIn("is now authenticated with MFA via Okta API", last_error)
def test_with_invalid_config_file(self):
cfg = tempfile.NamedTemporaryFile()
cfg.file.write("invalidconfig")
cfg.file.seek(0)
env = MockEnviron({"common_name": self.config["username"], "password": self.config["password"]})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
rv = validator.read_configuration_file()
self.assertEquals(rv, False)
def test_with_invalid_config_file(self):
cfg = tempfile.NamedTemporaryFile()
cfg.file.write('invalidconfig')
cfg.file.seek(0)
env = MockEnviron({
'common_name': self.config['username'],
'password': self.config['password']
})
validator = OktaOpenVPNValidator()
validator.config_file = cfg.name
validator.env = env
rv = validator.read_configuration_file()
self.assertEquals(rv, False)
