Ejemplo n.º 1
0
def test_default_provision_user():
    user_id = '10'
    auth.provision_user(user_id)

    auth_user = auth.load_user(user_id)
    assert auth_user.user_id == '10'
    assert len(auth_user.secret) == auth.SECRET_KEY_BYTES
    assert auth_user.key_length == 6
    assert auth_user.hash_algorithm == 'SHA256'
Ejemplo n.º 2
0
def test_default_provision_user():
    user_id = "10"
    auth.provision_user(user_id)

    auth_user = auth.load_user(user_id)
    assert auth_user.user_id == "10"
    assert len(auth_user.secret) == auth.SECRET_KEY_BYTES
    assert auth_user.key_length == 6
    assert auth_user.hash_algorithm == "SHA256"
Ejemplo n.º 3
0
def test_consume_recovery_code_success():
    user_id = '18'
    auth_user = auth.provision_user(user_id)
    recovery_code = auth_user.recovery_codes[0]

    auth.consume_recovery_code(user_id, recovery_code.code)
    assert recovery_code.used is True
Ejemplo n.º 4
0
def test_consume_recovery_code_success():
    user_id = "18"
    auth_user = auth.provision_user(user_id)
    recovery_code = auth_user.recovery_codes[0]

    auth.consume_recovery_code(user_id, recovery_code.code)
    assert recovery_code.used is True
Ejemplo n.º 5
0
def test_consume_recovery_code_already_consumed():
    user_id = "20"
    auth_user = auth.provision_user(user_id)
    recovery_code = auth_user.recovery_codes[0]

    auth.consume_recovery_code(user_id, recovery_code.code)
    with pytest.raises(auth.RecoveryCodeConsumptionError):
        auth.consume_recovery_code(user_id, recovery_code.code)
Ejemplo n.º 6
0
def test_consume_recovery_code_already_consumed():
    user_id = '20'
    auth_user = auth.provision_user(user_id)
    recovery_code = auth_user.recovery_codes[0]

    auth.consume_recovery_code(user_id, recovery_code.code)
    with pytest.raises(auth.RecoveryCodeConsumptionError):
        auth.consume_recovery_code(user_id, recovery_code.code)
Ejemplo n.º 7
0
def test_authorize_user():
    user_id = "14"
    user = auth.provision_user(user_id)

    totp = auth.get_totp(user.secret, user.key_length, user.hash_algorithm, 30)
    code_to_validate = totp.generate(time.time())

    assert auth.authorize_user(user_id, code_to_validate)
Ejemplo n.º 8
0
def test_authorize_user():
    user_id = '14'
    user = auth.provision_user(user_id)

    totp = auth.get_totp(user.secret, user.key_length, user.hash_algorithm, 30)
    code_to_validate = totp.generate(time.time())

    assert auth.authorize_user(user_id, code_to_validate)
Ejemplo n.º 9
0
def test_consume_recovery_code_wrong_user():
    user_id = "19"
    auth_user = auth.provision_user(user_id)
    recovery_code = auth_user.recovery_codes[0]

    with pytest.raises(auth.RecoveryCodeConsumptionError):
        auth.consume_recovery_code(18, recovery_code.code)

    assert recovery_code.used is False
Ejemplo n.º 10
0
def test_consume_recovery_code_wrong_user():
    user_id = '19'
    auth_user = auth.provision_user(user_id)
    recovery_code = auth_user.recovery_codes[0]

    with pytest.raises(auth.RecoveryCodeConsumptionError):
        auth.consume_recovery_code(18, recovery_code.code)

    assert recovery_code.used is False
Ejemplo n.º 11
0
def test_regenerate_user_recovery_codes():
    user_id = "17"
    auth_user = auth.provision_user(user_id)
    current_recovery_codes = set(recovery_code.code for recovery_code in auth_user.recovery_codes)

    auth.regenerate_user_recovery_codes(user_id)
    new_recovery_codes = set(recovery_code.code for recovery_code in auth_user.recovery_codes)

    assert current_recovery_codes != new_recovery_codes
    assert len(new_recovery_codes) == auth.RECOVERY_CODE_COUNT
Ejemplo n.º 12
0
def test_regenerate_user_recovery_codes():
    user_id = '17'
    auth_user = auth.provision_user(user_id)
    current_recovery_codes = set(recovery_code.code
                                 for recovery_code in auth_user.recovery_codes)

    auth.regenerate_user_recovery_codes(user_id)
    new_recovery_codes = set(recovery_code.code
                             for recovery_code in auth_user.recovery_codes)

    assert current_recovery_codes != new_recovery_codes
    assert len(new_recovery_codes) == auth.RECOVERY_CODE_COUNT
Ejemplo n.º 13
0
def user_provision():
    data = request.get_json(force=True)
    try:
        validate(data, USER_PROVISION_SCHEMA)
    except ValidationError as e:
        return jsonify(error_message=str(e), error_code='INVALID_PARAMS'), 400

    try:
        auth_user = auth.provision_user(**data)
    except auth.UserCreationException as e:
        return jsonify(error_message=str(e),
                       error_code='USER_PROVISION_FAILURE'), 400

    return format_auth_user_response(auth_user)
Ejemplo n.º 14
0
def test_auth_uri():
    user_id = "15"
    user = auth.provision_user(user_id)

    auth_uri = urlparse(auth.user_auth_uri(user_id, "*****@*****.**", "someissuer"))

    assert auth_uri.scheme == "otpauth"
    assert auth_uri.netloc == "totp"
    assert auth_uri.path == "/someissuer:ausername%40example.org"

    query = parse_qs(auth_uri.query)
    assert query["algorithm"] == ["SHA256"]
    assert query["period"] == [str(user.key_valid_duration)]
    assert query["issuer"] == ["someissuer"]
    assert query["secret"] == [b32encode(user.secret).decode("ASCII")]
    assert query["digits"] == [str(user.key_length)]
Ejemplo n.º 15
0
def user_provision():
    data = request.get_json(force=True)
    try:
        validate(data, USER_PROVISION_SCHEMA)
    except ValidationError as e:
        return jsonify(error_message=str(e), error_code='INVALID_PARAMS'), 400

    try:
        auth_user = auth.provision_user(**data)
    except auth.UserCreationException as e:
        return jsonify(
            error_message=str(e),
            error_code='USER_PROVISION_FAILURE'
        ), 400

    return format_auth_user_response(auth_user)
Ejemplo n.º 16
0
def test_auth_uri():
    user_id = '15'
    user = auth.provision_user(user_id)

    auth_uri = urlparse(
        auth.user_auth_uri(user_id, '*****@*****.**', 'someissuer'), )

    assert auth_uri.scheme == 'otpauth'
    assert auth_uri.netloc == 'totp'
    assert auth_uri.path == '/someissuer:ausername%40example.org'

    query = parse_qs(auth_uri.query)
    assert query['algorithm'] == ['SHA256']
    assert query['period'] == [str(user.key_valid_duration)]
    assert query['issuer'] == ['someissuer']
    assert query['secret'] == [b32encode(user.secret).decode('ASCII')]
    assert query['digits'] == [str(user.key_length)]
Ejemplo n.º 17
0
def test_user_exists():
    user_id = '13'
    auth.provision_user(user_id)
    with pytest.raises(auth.UserCreationException):
        auth.provision_user(user_id)
Ejemplo n.º 18
0
def test_provision_user_unsupported_hash_algorithm():
    with pytest.raises(auth.UserCreationException):
        auth.provision_user(1, hash_algorithm='MD5')
Ejemplo n.º 19
0
def test_provision_user_alternate_algorithm():
    user_id = '12'
    auth.provision_user(user_id, hash_algorithm='SHA1')
    auth_user = auth.load_user(user_id)
    assert auth_user.hash_algorithm == 'SHA1'
Ejemplo n.º 20
0
def test_unsupported_key_length():
    with pytest.raises(auth.UserCreationException):
        auth.provision_user(1, key_length=10)
Ejemplo n.º 21
0
def test_consume_recovery_code_wrong_code():
    auth.provision_user(21)
    with pytest.raises(auth.RecoveryCodeConsumptionError):
        auth.consume_recovery_code(21, 'foobar')
Ejemplo n.º 22
0
def test_provision_user_alternate_key_length():
    user_id = "11"
    auth.provision_user(user_id, key_length=8)

    auth_user = auth.load_user(user_id)
    assert auth_user.key_length == 8
Ejemplo n.º 23
0
def test_provision_user_generates_recovery_codes():
    user_id = "16"
    auth_user = auth.provision_user(user_id)
    assert len(auth_user.recovery_codes) == 10
Ejemplo n.º 24
0
def test_consume_recovery_code_wrong_code():
    auth.provision_user(21)
    with pytest.raises(auth.RecoveryCodeConsumptionError):
        auth.consume_recovery_code(21, "foobar")
Ejemplo n.º 25
0
def test_unsupported_key_length():
    with pytest.raises(auth.UserCreationException):
        auth.provision_user(1, key_length=10)
Ejemplo n.º 26
0
def test_provision_user_generates_recovery_codes():
    user_id = '16'
    auth_user = auth.provision_user(user_id)
    assert len(auth_user.recovery_codes) == 10
Ejemplo n.º 27
0
def test_provision_user_alternate_key_length():
    user_id = '11'
    auth.provision_user(user_id, key_length=8)

    auth_user = auth.load_user(user_id)
    assert auth_user.key_length == 8
Ejemplo n.º 28
0
def test_provision_user_alternate_algorithm():
    user_id = "12"
    auth.provision_user(user_id, hash_algorithm="SHA1")
    auth_user = auth.load_user(user_id)
    assert auth_user.hash_algorithm == "SHA1"
Ejemplo n.º 29
0
def test_provision_user_unsupported_hash_algorithm():
    with pytest.raises(auth.UserCreationException):
        auth.provision_user(1, hash_algorithm="MD5")
Ejemplo n.º 30
0
def test_user_exists():
    user_id = "13"
    auth.provision_user(user_id)
    with pytest.raises(auth.UserCreationException):
        auth.provision_user(user_id)