def test_00_get_config(self):
# set the config
set_privacyidea_config(key="Hallo", value="What?", typ="string",
desc="Some dumb value")
# get the complete config
conf = get_from_config()
self.assertTrue("Hallo" in conf, conf)
conf = get_from_config("Hallo")
self.assertTrue(conf == "What?", conf)
conf = get_from_config("Hello", "Does not exist")
self.assertTrue(conf == "Does not exist", conf)
conf = get_privacyidea_config()
self.assertTrue("Hallo" in conf, conf)
# delete privacyidea config
delete_privacyidea_config("Hallo")
conf = get_from_config("Hallo")
self.assertFalse(conf == "What?", conf)
# set more values to create a timestamp and overwrite
set_privacyidea_config(key="k1", value="v1")
set_privacyidea_config(key="k2", value="v2")
set_privacyidea_config(key="k3", value="v3")
conf = get_from_config("k3")
self.assertTrue(conf == "v3", conf)
set_privacyidea_config(key="k3", value="new", typ="string", desc="n")
conf = get_from_config("k3")
self.assertTrue(conf == "new", conf)
def test_00_get_config(self):
# set the config
set_privacyidea_config(key="Hallo", value="What?", typ="string",
desc="Some dumb value")
# get the complete config
conf = get_from_config()
self.assertTrue("Hallo" in conf, conf)
conf = get_from_config("Hallo")
self.assertTrue(conf == "What?", conf)
conf = get_from_config("Hello", "Does not exist")
self.assertTrue(conf == "Does not exist", conf)
conf = get_privacyidea_config()
self.assertTrue("Hallo" in conf, conf)
# delete privacyidea config
delete_privacyidea_config("Hallo")
conf = get_from_config("Hallo")
self.assertFalse(conf == "What?", conf)
# set more values to create a timestamp and overwrite
set_privacyidea_config(key="k1", value="v1")
set_privacyidea_config(key="k2", value="v2")
set_privacyidea_config(key="k3", value="v3")
conf = get_from_config("k3")
self.assertTrue(conf == "v3", conf)
set_privacyidea_config(key="k3", value="new", typ="string", desc="n")
conf = get_from_config("k3")
self.assertTrue(conf == "new", conf)
def test_16_autoresync_hotp(self):
serial = "autosync1"
token = init_token({"serial": serial,
"otpkey": self.otpkey,
"pin": "async"}, User("cornelius", self.realm2))
set_privacyidea_config("AutoResync", True)
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8, is out of sync
with self.app.test_request_context('/validate/check',
method='POST',
data={"user":
"******"+self.realm2,
"pass": "******"}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
self.assertEqual(result.get("value"), False)
# counter = 9, will be autosynced.
# Authentication is successful
with self.app.test_request_context('/validate/check',
method='POST',
data={"user":
"******"+self.realm2,
"pass": "******"}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
self.assertEqual(result.get("value"), True)
delete_privacyidea_config("AutoResync")
def test_15_validate_at_sign(self):
self.setUp_user_realm2()
serial1 = "Split001"
serial2 = "Split002"
init_token({"serial": serial1,
"type": "spass",
"pin": serial1}, user=User("cornelius", self.realm1))
init_token({"serial": serial2,
"type": "spass",
"pin": serial2}, user=User("cornelius", self.realm2))
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"pass": serial1}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value"))
set_privacyidea_config("splitAtSign", "0")
with self.app.test_request_context('/validate/check',
method='POST',
data={"user":
"******"+self.realm2,
"pass": serial2}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
set_privacyidea_config("splitAtSign", "1")
with self.app.test_request_context('/validate/check',
method='POST',
data={"user":
"******"+self.realm2,
"pass": serial2}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value"))
# The default behaviour - if the config entry does not exist,
# is to split the @Sign
delete_privacyidea_config("splitAtSign")
with self.app.test_request_context('/validate/check',
method='POST',
data={"user":
"******"+self.realm2,
"pass": serial2}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value"))
def test_22_new_email_config(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
transactionid = "123456098717"
# send the email with the new configuration
r = add_smtpserver(identifier="myServer", server="1.2.3.4")
set_privacyidea_config("email.identifier", "myServer")
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge(transactionid)
self.assertTrue(c[0], c)
otp = c[1]
self.assertTrue(c[3].get("state"), transactionid)
# check for the challenges response
r = token.check_challenge_response(passw=otp)
self.assertTrue(r, r)
delete_smtpserver("myServer")
delete_privacyidea_config("email.identifier")
def test_22_new_email_config(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
transactionid = "123456098717"
# send the email with the new configuration
r = add_smtpserver(identifier="myServer", server="1.2.3.4")
set_privacyidea_config("email.identifier", "myServer")
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge(transactionid)
self.assertTrue(c[0], c)
otp = c[1]
self.assertTrue(c[3].get("state"), transactionid)
# check for the challenges response
r = token.check_challenge_response(passw=otp)
self.assertTrue(r, r)
delete_smtpserver("myServer")
delete_privacyidea_config("email.identifier")
def test_16_autoresync_hotp(self):
serial = "autosync1"
token = init_token(
{
"serial": serial,
"otpkey": self.otpkey,
"pin": "async"
}, User("cornelius", self.realm2))
set_privacyidea_config("AutoResync", True)
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8, is out of sync
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user":
"******" + self.realm2,
"pass": "******"
}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
self.assertEqual(result.get("value"), False)
# counter = 9, will be autosynced.
# Authentication is successful
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user":
"******" + self.realm2,
"pass": "******"
}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
self.assertEqual(result.get("value"), True)
delete_privacyidea_config("AutoResync")
def test_04_set_policy(self):
with self.app.test_request_context('/policy/pol1',
data={
'action': "enroll",
'scope': "selfservice",
'realm': "r1",
'resolver': "test",
'user': ["admin"],
'time': "",
'client': "127.12.12.12",
'active': True
},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol1": 1' in res.data, res.data)
# Set a policy with a more complicated client which might interfere
# with override client
set_privacyidea_config(SYSCONF.OVERRIDECLIENT, "10.0.0.1")
with self.app.test_request_context('/policy/pol1',
data={
'action': "enroll",
'scope': "selfservice",
'realm': "r1",
'resolver': "test",
'user': ["admin"],
'time': "",
'client': "10.0.0.0/8, "
"172.16.200.1",
'active': True
},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol1": 1' in res.data, res.data)
delete_privacyidea_config(SYSCONF.OVERRIDECLIENT)
# setting policy with invalid name fails
with self.app.test_request_context('/policy/invalid policy name',
data={
'action': "enroll",
'scope': "selfservice",
'client': "127.12.12.12",
'active': True
},
method='POST',
headers={'Authorization': self.at}):
# An invalid policy name raises an exception
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
# setting policy with an empty name
with self.app.test_request_context('/policy/enroll',
data={
'scope': "selfservice",
'client': "127.12.12.12",
'active': True
},
method='POST',
headers={'Authorization': self.at}):
# An invalid policy name raises an exception
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
def test_04_set_policy(self):
with self.app.test_request_context('/policy/pol1',
data={'action': "enroll",
'scope': "selfservice",
'realm': "r1",
'resolver': "test",
'user': ["admin"],
'time': "",
'client': "127.12.12.12",
'active': True},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol1": 1' in res.data, res.data)
# Set a policy with a more complicated client which might interfere
# with override client
set_privacyidea_config(SYSCONF.OVERRIDECLIENT, "10.0.0.1")
with self.app.test_request_context('/policy/pol1',
data={'action': "enroll",
'scope': "selfservice",
'realm': "r1",
'resolver': "test",
'user': ["admin"],
'time': "",
'client': "10.0.0.0/8, "
"172.16.200.1",
'active': True},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol1": 1' in res.data, res.data)
delete_privacyidea_config(SYSCONF.OVERRIDECLIENT)
# setting policy with invalid name fails
with self.app.test_request_context('/policy/invalid policy name',
data={'action': "enroll",
'scope': "selfservice",
'client': "127.12.12.12",
'active': True},
method='POST',
headers={'Authorization': self.at}):
# An invalid policy name raises an exception
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
# setting policy with an empty name
with self.app.test_request_context('/policy/enroll',
data={'scope': "selfservice",
'client': "127.12.12.12",
'active': True},
method='POST',
headers={'Authorization': self.at}):
# An invalid policy name raises an exception
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
def test_15_validate_at_sign(self):
self.setUp_user_realm2()
serial1 = "Split001"
serial2 = "Split002"
init_token({
"serial": serial1,
"type": "spass",
"pin": serial1
},
user=User("cornelius", self.realm1))
init_token({
"serial": serial2,
"type": "spass",
"pin": serial2
},
user=User("cornelius", self.realm2))
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user": "******",
"pass": serial1
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value"))
set_privacyidea_config("splitAtSign", "0")
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user":
"******" + self.realm2,
"pass": serial2
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
set_privacyidea_config("splitAtSign", "1")
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user":
"******" + self.realm2,
"pass": serial2
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value"))
# The default behaviour - if the config entry does not exist,
# is to split the @Sign
delete_privacyidea_config("splitAtSign")
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user":
"******" + self.realm2,
"pass": serial2
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value"))
