Beispiel #1
0
    def test_01_create_update_delete(self):
        eid = set_event("token_init", "UserNotification", "sendmail",
                      condition="bla",
                      options={"emailconfig": "themis"})
        self.assertEqual(eid, 1)

        # create a new event!
        r = set_event("token_init, token_assign",
                      "UserNotification", "sendmail",
                      condition="",
                      options={"emailconfig": "themis",
                               "always": "immer"})

        self.assertEqual(r, 2)
        # Update the first event
        r = set_event("token_init, token_assign",
                      "UserNotification", "sendmail",
                      condition="",
                      options={"emailconfig": "themis",
                               "always": "immer"},
                      id=eid)
        self.assertEqual(r, eid)

        event_config = EventConfiguration()
        self.assertEqual(len(event_config.events), 2)
        # delete
        r = delete_event(eid)
        self.assertTrue(r)
        event_config = EventConfiguration()
        self.assertEqual(len(event_config.events), 1)

        r = delete_event(2)
        self.assertTrue(r)
        event_config = EventConfiguration()
        self.assertEqual(len(event_config.events), 0)
Beispiel #2
0
    def test_01_setup_eventhandlers(self):
        # This test create an HOTP token with C/R with a pre-event handler
        # and the user uses this HOTP token to directly login to /auth

        # Setup realm
        rid = save_resolver({
            "resolver": self.resolvername1,
            "type": "passwdresolver",
            "fileName": PWFILE
        })
        self.assertTrue(rid > 0, rid)

        (added, failed) = set_realm(self.realm1, [self.resolvername1])
        self.assertTrue(len(failed) == 0)
        self.assertTrue(len(added) == 1)

        set_default_realm(self.realm1)

        # set a policy to authenticate against privacyIDEA
        set_policy("piLogin",
                   scope=SCOPE.WEBUI,
                   action="{0!s}=privacyIDEA".format(ACTION.LOGINMODE))
        # set a policy to for otppin=userstore
        set_policy("otppin",
                   scope=SCOPE.AUTH,
                   action="{0!s}=userstore".format(ACTION.OTPPIN))
        # Set a policy to do C/R with HOTP tokens
        set_policy("crhotp",
                   scope=SCOPE.AUTH,
                   action="{0!s}=hotp".format(ACTION.CHALLENGERESPONSE))

        # Create an event handler, that creates HOTP token on /auth with default OTP key
        eid = set_event(
            "createtoken",
            event=["auth"],
            handlermodule="Token",
            action="enroll",
            position="pre",
            conditions={CONDITION.USER_TOKEN_NUMBER: 0},
            options={
                "tokentype": "hotp",
                "user": "******",
                "additional_params": {
                    'otpkey': self.otpkey,
                    # We need to set gekey=0, otherwise the Tokenhandler will
                    # generate a random otpkey
                    'genkey': 0
                }
            })
        # cleanup tokens
        remove_token(user=User("someuser", self.realm1))

        # user tries to log in with his userstore password and gets a transaction_id
        with self.app.test_request_context('/auth',
                                           method='POST',
                                           data={
                                               "username": "******",
                                               "password": "******"
                                           }):
            res = self.app.full_dispatch_request()
            self.assertEqual(401, res.status_code, res)
            result = res.json.get("result")
            self.assertFalse(result.get("status"), result)
            detail = res.json.get("detail")
            self.assertEqual("please enter otp: ", detail.get("message"))
            transaction_id = detail.get("transaction_id")

        # Check if the token was enrolled
        toks = get_tokens(user=User("someuser", self.realm1))
        self.assertEqual(len(toks), 1)
        self.assertEqual(toks[0].token.tokentype, "hotp")
        serial = toks[0].token.serial
        # Check if the correct otpkey was used
        hotptoken = toks[0]
        r = hotptoken.check_otp(self.valid_otp_values[1])
        self.assertTrue(r >= 0)

        # Now the user logs in with the second step of C/R with OTP value of new token
        with self.app.test_request_context('/auth',
                                           method='POST',
                                           data={
                                               "username": "******",
                                               "transaction_id":
                                               transaction_id,
                                               "password":
                                               self.valid_otp_values[2]
                                           }):
            res = self.app.full_dispatch_request()
            self.assertEqual(200, res.status_code, res)
            result = res.json.get("result")
            self.assertTrue(result.get("status"))
            self.assertTrue(result.get("value"))

        # Check that there is still only one token
        toks = get_tokens(user=User("someuser", self.realm1))
        self.assertEqual(len(toks), 1)
        self.assertEqual(toks[0].token.tokentype, "hotp")
        self.assertEqual(serial, toks[0].token.serial)

        # cleanup
        delete_policy("piLogin")
        delete_policy("otppin")
        delete_policy("crhotp")
        delete_event(eid)
        remove_token(hotptoken.token.serial)
    def test_01_user_attribute_with_handler_tokenowner(self):
        user = User('cornelius', self.realm1)
        tok = init_token({'type': 'spass', 'pin': 'test'})
        self.assertNotIn('foo', user.attributes, user.attributes)

        # First try to delete a non-existing attribute
        eid = set_event("user_atts",
                        event=["validate_check"],
                        action=ACTION_TYPE.DELETE_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.TOKENOWNER,
                            'attrkey': 'foo'
                        })

        # what happens if the token has no user
        with self.app.test_request_context('/validate/check',
                                           data={
                                               "serial": tok.token.serial,
                                               "pass": '******'
                                           },
                                           method='POST'):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            result = res.json.get("result")
            self.assertTrue(result.get("value"), result)
            self.assertNotIn('foo', user.attributes, user.attributes)

        # now we attach the token to a user
        tok.add_user(user)
        with self.app.test_request_context('/validate/check',
                                           data={
                                               "user": '******',
                                               "pass": '******'
                                           },
                                           method='POST'):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            result = res.json.get("result")
            self.assertTrue(result.get("value"), result)
            self.assertNotIn('foo', user.attributes, user.attributes)

        # update event to add an attribute
        eid = set_event("user_atts",
                        event=["validate_check"],
                        id=eid,
                        action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.TOKENOWNER,
                            'attrkey': 'foo',
                            'attrvalue': 'bar'
                        })
        with self.app.test_request_context('/validate/check',
                                           data={
                                               "user": "******",
                                               "pass": '******'
                                           },
                                           method='POST'):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            result = res.json.get("result")
            self.assertTrue(result.get("value"), result)
            self.assertEqual('bar', user.attributes.get('foo'),
                             user.attributes)

        # update event to update an attribute
        eid = set_event("user_atts",
                        event=["validate_check"],
                        id=eid,
                        action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.TOKENOWNER,
                            'attrkey': 'foo',
                            'attrvalue': 'baz'
                        })
        with self.app.test_request_context('/validate/check',
                                           data={
                                               "user": "******",
                                               "pass": '******'
                                           },
                                           method='POST'):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            result = res.json.get("result")
            self.assertTrue(result.get("value"), result)
            self.assertEqual('baz', user.attributes.get('foo'),
                             user.attributes)

        # now delete the added attribute
        eid = set_event("user_atts",
                        event=["validate_check"],
                        id=eid,
                        action=ACTION_TYPE.DELETE_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.TOKENOWNER,
                            'attrkey': 'foo'
                        })
        with self.app.test_request_context('/validate/check',
                                           data={
                                               "user": "******",
                                               "pass": '******'
                                           },
                                           method='POST'):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            result = res.json.get("result")
            self.assertTrue(result.get("value"), result)
            self.assertNotIn('foo', user.attributes, user.attributes)

        delete_event(eid)
        remove_token(tok.token.serial)
    def test_02_user_attribute_with_handler_logged_in_user(self):
        user = User('cornelius', realm=self.realm1)
        self.assertNotIn('foo', user.attributes, user.attributes)

        # get the auth-token for the user
        with self.app.test_request_context('/auth',
                                           data={
                                               "username": '******',
                                               "password": '******'
                                           },
                                           method='POST'):
            res = self.app.full_dispatch_request()
            self.assertEqual(200, res.status_code, res)
            result = res.json.get("result")
            self.assertTrue(result.get("status"), result)
            user_token = result.get("value").get("token")

        # try to delete a non-existing attribute
        eid = set_event("user_atts",
                        event=["token_list"],
                        action=ACTION_TYPE.DELETE_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.LOGGED_IN_USER,
                            'attrkey': 'foo'
                        })
        with self.app.test_request_context(
                '/token/', method='GET', headers={'Authorization':
                                                  user_token}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            self.assertNotIn('foo', user.attributes, user.attributes)

        # delete an existing attribute
        user.set_attribute('foo', 'bar')
        self.assertIn('foo', user.attributes, user.attributes)
        with self.app.test_request_context(
                '/token/', method='GET', headers={'Authorization':
                                                  user_token}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            self.assertNotIn('foo', user.attributes, user.attributes)

        # add an attribute
        eid = set_event("user_atts",
                        event=["token_list"],
                        id=eid,
                        action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.LOGGED_IN_USER,
                            'attrkey': 'foo',
                            'attrvalue': 'bar'
                        })
        with self.app.test_request_context(
                '/token/', method='GET', headers={'Authorization':
                                                  user_token}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            self.assertEqual('bar', user.attributes['foo'], user.attributes)

        # overwrite an attribute
        eid = set_event("user_atts",
                        event=["token_list"],
                        id=eid,
                        action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
                        handlermodule="CustomUserAttributes",
                        conditions={},
                        options={
                            'user': USER_TYPE.LOGGED_IN_USER,
                            'attrkey': 'foo',
                            'attrvalue': 'baz'
                        })
        with self.app.test_request_context(
                '/token/', method='GET', headers={'Authorization':
                                                  user_token}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            self.assertEqual('baz', user.attributes['foo'], user.attributes)

        delete_event(eid)
        user.delete_attribute('foo')
Beispiel #5
0
    def test_15_unassign_missing_user(self):
        """
        Unassign a token from a user that does not exist anymore.

        There is a token which is owned by a user, who was deleted fromt he
        userstore.
        An Event Handler, to notifiy the user via email on unassign is defined.
        This testcase must NOT throw an exception. Well, the user can not be
        notified anymore, since the email also does not exist in the
        userstore anymore.
        """
        # Create our realm and resolver
        parameters = {
            'resolver':
            "notify_resolver",
            "type":
            "sqlresolver",
            'Driver':
            'sqlite',
            'Server':
            '/tests/testdata/',
            'Database':
            "testuser.sqlite",
            'Table':
            'users',
            'Encoding':
            'utf8',
            'Editable':
            True,
            'Map':
            '{ "username": "******", \
                        "userid" : "id", \
                        "email" : "email", \
                        "surname" : "name", \
                        "givenname" : "givenname", \
                        "password" : "password", \
                        "phone": "phone", \
                        "mobile": "mobile"}'
        }
        r = save_resolver(parameters)
        self.assertTrue(r)

        success, fail = set_realm("notify_realm", ["notify_resolver"])
        self.assertEqual(len(success), 1)
        self.assertEqual(len(fail), 0)

        # Create a user
        ## First delete it, in case the user exist
        User("notify_user", "notify_realm").delete()
        uid = create_user("notify_resolver", {"username": "******"})
        self.assertTrue(uid)
        user = User("notify_user", "notify_realm")
        self.assertEqual(user.login, "notify_user")
        self.assertEqual(user.realm, "notify_realm")

        # Create a token for this user
        r = init_token({"type": "spass", "serial": "SPNOTIFY"}, user=user)
        self.assertTrue(r)

        # create notification handler
        eid = set_event("token_unassign", "UserNotification", "sendmail")
        self.assertTrue(eid)

        # delete the user
        r = user.delete()
        self.assertTrue(r)

        # unassign the token from the non-existing user
        # call the notification handler implicitly
        with self.app.test_request_context('/token/unassign',
                                           method='POST',
                                           data={"serial": "SPNOTIFY"},
                                           headers={'Authorization': self.at}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            result = json.loads(res.data).get("result")
            self.assertTrue(result.get("value") is True, result)

        # Cleanup
        delete_event(eid)
        delete_realm("notify_realm")
        delete_resolver("notify_resolver")
        remove_token("SPNOTIFY")