def test_10_auth_items(self):
# create an SSH token
token_obj = init_token({"serial": self.serial2, "type": "sshkey",
"sshkey": sshkey})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial2,
application="ssh", options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh")
sshkey_auth_items = ai.get("ssh")
self.assertEquals(len(sshkey_auth_items), 1)
self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith(
"ssh-rsa"))
# fetch the auth_items with user restriction for SSH
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh",
filter_param={"user": "******"})
sshkey_auth_items = ai.get("ssh")
self.assertEquals(len(sshkey_auth_items), 1)
self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith(
"ssh-rsa"))
# try to fetch SSH keys for user, who has no ssh keys
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh",
filter_param={"user": "******"})
sshkey_auth_items = ai.get("ssh")
# None or an empty list
self.assertFalse(sshkey_auth_items)
def offline_info(request, response):
"""
This decorator is used with the function /validate/check.
It is not triggered by an ordinary policy but by a MachineToken definition.
If for the given Client and Token an offline application is defined,
the response is enhanced with the offline information - the hashes of the
OTP.
"""
content = json.loads(response.data)
# check if the authentication was successful
if content.get("result").get("value") is True and g.client_ip:
# If there is no remote address, we can not determine
# offline information
client_ip = netaddr.IPAddress(g.client_ip)
# check if there is a MachineToken definition
detail = content.get("detail", {})
serial = detail.get("serial")
try:
# if the hostname can not be identified, there might be no
# offline definition!
hostname = get_hostname(ip=client_ip)
auth_items = get_auth_items(hostname=hostname,
ip=client_ip,
serial=serial,
application="offline",
challenge=request.all_data.get("pass"))
if auth_items:
content["auth_items"] = auth_items
response.data = json.dumps(content)
except Exception as exx:
log.info(exx)
return response
def offline_info(request, response):
"""
This decorator is used with the function /validate/check.
It is not triggered by an ordinary policy but by a MachineToken definition.
If for the given Client and Token an offline application is defined,
the response is enhanced with the offline information - the hashes of the
OTP.
"""
content = json.loads(response.data)
# check if the authentication was successful
if content.get("result").get("value") is True:
# If there is no remote address, we can not determine offline information
if request.remote_addr:
client_ip = netaddr.IPAddress(request.remote_addr)
# check if there is a MachineToken definition
detail = content.get("detail", {})
serial = detail.get("serial")
try:
# if the hostname can not be identified, there might be no
# offline definition!
hostname = get_hostname(ip=client_ip)
auth_items = get_auth_items(hostname=hostname, ip=client_ip,
serial=serial, application="offline",
challenge=request.all_data.get("pass"))
if auth_items:
content["auth_items"] = auth_items
response.data = json.dumps(content)
except Exception as exx:
log.info(exx)
return response
def test_13_get_authitems_without_machine(self):
# fetch the auth_items for application offline and token serialHotp
ai = get_auth_items(application="offline", serial=self.serialHotp)
offline_auth_items = ai.get("offline")
self.assertEqual(len(offline_auth_items), 1)
offline_auth_item = offline_auth_items[0]
self.assertIn("refilltoken", offline_auth_item)
self.assertIn("response", offline_auth_item)
# The counter of the HOTP token is set to >100
tok = get_tokens(serial=self.serialHotp)[0]
self.assertEqual(tok.token.count, 100)
def test_10_auth_items(self):
# create an SSH token
token_obj = init_token({"serial": self.serial2, "type": "sshkey",
"sshkey": sshkey})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial2,
application="ssh", options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh")
sshkey_auth_items = ai.get("ssh")
self.assertEquals(len(sshkey_auth_items), 1)
self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith(
"ssh-rsa"))
def offline_info(request, response):
"""
This decorator is used with the function /validate/check.
It is not triggered by an ordinary policy but by a MachineToken definition.
If for the given Token an offline application is defined,
the response is enhanced with the offline information - the hashes of the
OTP.
"""
content = response.json
# check if the authentication was successful
if content.get("result").get("value") is True and g.client_ip:
# check if there is a MachineToken definition
serial = content.get("detail", {}).get("serial")
try:
auth_items = get_auth_items(serial=serial,
application="offline",
challenge=request.all_data.get("pass"))
if auth_items:
content["auth_items"] = auth_items
response.set_data(json.dumps(content))
except Exception as exx:
log.info(exx)
return response
