def test_verify_response(self):
request_sig = duo_web.sign_request(IKEY, SKEY, AKEY, USER)
duo_sig, valid_app_sig = request_sig.split(':')
request_sig = duo_web.sign_request(IKEY, SKEY, 'invalid' * 6, USER)
duo_sig, invalid_app_sig = request_sig.split(':')
request_sig = duo_web.sign_enroll_request(IKEY, SKEY, AKEY, USER)
duo_sig, valid_enroll_sig = request_sig.split(':')
request_sig = duo_web.sign_enroll_request(IKEY, SKEY, 'invalid' * 6,
USER)
duo_sig, invalid_enroll_sig = request_sig.split(':')
invalid_user = duo_web.verify_response(
IKEY, SKEY, AKEY, INVALID_RESPONSE + ':' + valid_app_sig)
self.assertEqual(invalid_user, None)
expired_user = duo_web.verify_response(
IKEY, SKEY, AKEY, EXPIRED_RESPONSE + ':' + valid_app_sig)
self.assertEqual(expired_user, None)
future_user = duo_web.verify_response(
IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + invalid_app_sig)
self.assertEqual(future_user, None)
future_user = duo_web.verify_response(
IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig)
self.assertEqual(future_user, USER)
future_user = duo_web.verify_response(
IKEY, SKEY, AKEY, WRONG_PARAMS_RESPONSE + ':' + valid_app_sig)
self.assertEqual(future_user, None)
future_user = duo_web.verify_response(
IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + WRONG_PARAMS_APP)
self.assertEqual(future_user, None)
future_user = duo_web.verify_response(
WRONG_IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig)
self.assertEqual(future_user, None)
enroll_user = duo_web.verify_enroll_response(
IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + valid_enroll_sig)
self.assertEqual(enroll_user, USER)
enroll_user = duo_web.verify_enroll_response(
IKEY, SKEY, AKEY,
FUTURE_ENROLL_RESPONSE + ':' + invalid_enroll_sig)
self.assertEqual(enroll_user, None)
def do_POST(self):
try:
sig_response = self.require_post('sig_response')
except ValueError:
self.error('sig_response post parameter is required')
return
user = duo_web.verify_response(self.server.ikey, self.server.skey,
self.server.akey, sig_response)
self.send_response(200)
self.end_headers()
if user is None:
# See if it was a response to an ENROLL_REQUEST
user = duo_web.verify_enroll_response(self.server.ikey,
self.server.skey,
self.server.akey,
sig_response)
if user is None:
self.wfile.write(
('Did not authenticate with Duo.'.encode('utf-8')))
else:
self.wfile.write(
('Enrolled with Duo as %s.' % user).encode('utf-8'))
else:
self.wfile.write(
('Authenticated with Duo as %s.' % user).encode('utf-8'))
def do_POST(self):
try:
sig_response = self.require_post('sig_response')
except ValueError:
self.error('sig_response post parameter is required')
return
user = duo_web.verify_response(
self.server.ikey, self.server.skey, self.server.akey, sig_response)
self.send_response(200)
self.end_headers()
if user is None:
# See if it was a response to an ENROLL_REQUEST
user = duo_web.verify_enroll_response(
self.server.ikey, self.server.skey,
self.server.akey, sig_response)
if user is None:
self.wfile.write(
('Did not authenticate with Duo.'.encode('utf-8')))
else:
self.wfile.write(
('Enrolled with Duo as %s.' % user).encode('utf-8'))
else:
self.wfile.write(
('Authenticated with Duo as %s.' % user).encode('utf-8'))
def test_verify_response(self):
request_sig = duo_web.sign_request(IKEY, SKEY, AKEY, USER)
duo_sig, valid_app_sig = request_sig.split(':')
request_sig = duo_web.sign_request(IKEY, SKEY, 'invalid' * 6, USER)
duo_sig, invalid_app_sig = request_sig.split(':')
request_sig = duo_web.sign_enroll_request(IKEY, SKEY, AKEY, USER)
duo_sig, valid_enroll_sig = request_sig.split(':')
request_sig = duo_web.sign_enroll_request(IKEY, SKEY, 'invalid' * 6, USER)
duo_sig, invalid_enroll_sig = request_sig.split(':')
invalid_user = duo_web.verify_response(IKEY, SKEY, AKEY, INVALID_RESPONSE + ':' + valid_app_sig)
self.assertEqual(invalid_user, None)
expired_user = duo_web.verify_response(IKEY, SKEY, AKEY, EXPIRED_RESPONSE + ':' + valid_app_sig)
self.assertEqual(expired_user, None)
future_user = duo_web.verify_response(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + invalid_app_sig)
self.assertEqual(future_user, None)
future_user = duo_web.verify_response(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig)
self.assertEqual(future_user, USER)
future_user = duo_web.verify_response(IKEY, SKEY, AKEY, WRONG_PARAMS_RESPONSE + ':' + valid_app_sig)
self.assertEqual(future_user, None)
future_user = duo_web.verify_response(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + WRONG_PARAMS_APP)
self.assertEqual(future_user, None)
future_user = duo_web.verify_response(WRONG_IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig)
self.assertEqual(future_user, None)
enroll_user = duo_web.verify_enroll_response(IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + valid_enroll_sig)
self.assertEqual(enroll_user, USER)
enroll_user = duo_web.verify_enroll_response(IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + invalid_enroll_sig)
self.assertEqual(enroll_user, None)