def test_handle_mfa_response_trigger_sms_otp(self):
client = okta.Okta("organization", "username", "password")
client.handle_push_factors = mock.MagicMock()
client.handle_push_factors.return_value = False
client.handle_response_factors = mock.MagicMock(
name="handle_response_factors", )
passcode = okta.PasscodeRequired("", "", "")
client.handle_response_factors.side_effect = passcode
with self.assertRaises(okta.PasscodeRequired):
client.handle_mfa_response(MFA_CHALLENGE_SMS_OTP)
client.handle_response_factors.assert_has_calls([
mock.call(
[
{
"factorType": "sms",
"provider": "OKTA",
"id": "abcd",
"profile": {
"phoneNumber": "(xxx) xxx-1234"
},
},
],
"token",
),
], )
def test_class_properties(self):
error_response = None
try:
raise okta.PasscodeRequired('fid', 'state_token', 'provider')
except okta.PasscodeRequired as err:
error_response = err
self.assertEqual(error_response.fid, 'fid')
self.assertEqual(error_response.state_token, 'state_token')
self.assertEqual(error_response.provider, 'provider')
def test_class_properties(self):
error_response = None
try:
raise okta.PasscodeRequired("fid", "state_token", "provider")
except okta.PasscodeRequired as err:
error_response = err
self.assertEqual(error_response.fid, "fid")
self.assertEqual(error_response.state_token, "state_token")
self.assertEqual(error_response.provider, "provider")
def test_entry_point_mfa(self, pass_mock, config_mock, okta_mock, aws_mock,
input_mock):
# First call to this is the password. Second call is the mis-typed
# passcode. Third call is a valid passcode.
pass_mock.side_effect = ['test_password']
input_mock.side_effect = ['123', '123456']
# Just mock out the entire Okta object, we won't really instantiate it
fake_okta = mock.MagicMock(name='OktaSaml')
okta_mock.return_value = fake_okta
aws_mock.return_value = mock.MagicMock()
# Make sure we don't get stuck in a loop, always have to mock out the
# reup option.
fake_parser = mock.MagicMock(name='fake_parser')
fake_parser.reup = 0
config_mock.return_value = fake_parser
# Now, when we auth() throw a okta.PasscodeRequired exception to
# trigger the MFA requirement. Note, this is only the manually entered
# in passcode MFA req. OktaSaml client automatically handles Okta
# Verify with Push MFA reqs.
fake_okta.auth.side_effect = okta.PasscodeRequired(
fid='test_factor_id', state_token='test_token')
# Pretend that the validate_mfa() call fails the first time, and
# succeeds the second time. This simulates a typo on the MFA code.
fake_okta.validate_mfa.side_effect = [False, True]
main.main('test')
# Ensure that getpass was called once for the password
pass_mock.assert_has_calls([
mock.call(),
])
# Ensure that we called auth, then called validate_mfa() twice - each
# with different passcodes. Validating that the user was indeed asked
# for a passcode on each iteration.
fake_okta.assert_has_calls([
mock.call.auth(),
mock.call.validate_mfa('test_factor_id', 'test_token', '123'),
mock.call.validate_mfa('test_factor_id', 'test_token', '123456'),
])
# Ensure that user_input was called twice; once for the bad input and
# once for the retry
input_mock.assert_has_calls([
mock.call('MFA Passcode: '),
mock.call('MFA Passcode: '),
])
def test_auth_okta_mfa(self, _config_mock):
keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz'])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.PasscodeRequired(
'a', 'b', 'c')
keyman.okta_client.validate_mfa.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = '000000'
keyman.auth_okta()
keyman.okta_client.validate_mfa.assert_has_calls([
mock.call('a', 'b', '000000'),
])
def test_handle_mfa_response_trigger_sms_otp(self):
client = okta.Okta('organization', 'username', 'password')
client.handle_push_factors = mock.MagicMock()
client.handle_push_factors.return_value = False
client.handle_response_factors = mock.MagicMock(
name='handle_response_factors')
passcode = okta.PasscodeRequired('', '', '')
client.handle_response_factors.side_effect = passcode
with self.assertRaises(okta.PasscodeRequired):
client.handle_mfa_response(MFA_CHALLENGE_SMS_OTP)
client.handle_response_factors.assert_has_calls([
mock.call([{'factorType': 'sms', 'provider': 'OKTA', 'id': 'abcd',
'profile': {'phoneNumber': '(xxx) xxx-1234'}}],
'token')
])
def test_auth_okta_mfa(self, _config_mock):
keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"])
keyman.okta_client = mock.MagicMock()
keyman.okta_client.auth.side_effect = okta.PasscodeRequired(
"a",
"b",
"c",
)
keyman.okta_client.validate_mfa.return_value = True
keyman.user_input = mock.MagicMock()
keyman.user_input.return_value = "000000"
keyman.auth_okta()
keyman.okta_client.validate_mfa.assert_has_calls(
[
mock.call("a", "b", "000000"),
],
)
