def test_set_validity(self): ''' Setting validity period ''' response = self.app.get(url(controller='admin', action='init'), params={'serial': 'token_set_validity', 'type': 'spass'}) self.assertTrue('"value": true' in response, response) response = self.app.get(url(controller='admin', action='set'), params={'serial': 'token_set_validity', 'validityPeriodStart': '2012-10-12', 'validityPeriodEnd': '2013-12-30', }) self.assertTrue('"status": false' in response, response) self.assertTrue('does not match format' in response, response) response = self.app.get(url(controller='admin', action='set'), params={'serial': 'token_set_validity', 'validityPeriodStart': '12/12/12 10:00', 'validityPeriodEnd': '30/12/13 13:00', }) self.assertTrue('"status": true' in response, response) self.assertTrue('"set validityPeriodStart": 1' in response, response) self.assertTrue('"set validityPeriodEnd": 1' in response, response)
def test_userflexi(self): ''' Manage: testing the userview_flexi method ''' # No realm, no user response = self.app.get(url(controller='manage', action='userview_flexi'), params={}) print "user flexi response 1: %r" % response.testbody assert '"total": 0' in response.testbody # No realm, no user response = self.app.get(url(controller='manage', action='userview_flexi'), params={"page" :1, "rp": 15, "sortname": "username", "sortorder": "asc", "query": "", "qtype": "username", "realm": "realm1"}) print "user flexi response 2: %r" % response.testbody assert '"id": "heinz"' in response.testbody response = self.app.get(url(controller='manage', action='userview_flexi'), params={"page" :1, "rp": 15, "sortname": "username", "sortorder": "desc", "query": "", "qtype": "username", "realm": "realm2"}) print "user flexi response 3: %r" % response.testbody assert '"id": "renate"' in response.testbody
def test_0000_setconfig_typing(self): ''' Test: system/setConfig with typing ''' response = self.app.get(url(controller='system', action='setConfig'), params={'secretkey': 'test123', 'secretkey.type': 'password'}) log.info(response) assert '"setConfig secretkey:test123": true' in response ## the value will be returned transparently response = self.app.get(url(controller='system', action='getConfig'), params={'key': 'secretkey'}) assert "test123" not in response ## the value will be returned transparently response = self.app.get(url(controller='system', action='getConfig'), params={'key': 'enclinotp.secretkey'}) assert "test123" in response response = self.app.get(url(controller='system', action='delConfig'), params={'key':'secretkey'}) log.info(response) return
def test_delete(self): ''' selfservice: testing deleting token ''' self.deleteToken('token01') response = self.app.get(url(controller='admin', action='init'), params={'serial':'token01', 'type': 'hmac', 'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d', 'user': '******' }) print response assert '"status": true' in response response = self.app.get(url(controller='userservice', action='delete'), params={'serial': 'token01', 'selftest_user': '******'}) print response assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response self.createPolicy("delete") response = self.app.get(url(controller='userservice', action='delete'), params={'serial': 'token01', 'selftest_user': '******'}) print response assert '"delete token": 1' in response # UI response = self.app.get(url(controller='selfservice', action='delete'), params={'selftest_user': '******'}) print response assert "<div id='deleteform'>" in response
def test_init(self): ''' selfservice: testing enrollment of token as normal user ''' self.deleteToken('token01') response = self.app.get(url(controller='userservice', action='enroll'), params={'serial':'token01', 'type': 'hmac', 'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d', 'selftest_user': '******' }) print response assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response self.createPolicy('enrollHMAC') response = self.app.get(url(controller='userservice', action='enroll'), params={'serial':'token01', 'type': 'hmac', 'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d', 'selftest_user': '******' }) print response assert '"status": true' in response response = self.app.get(url(controller='admin', action='show'), params={'serial': 'token01'}) print response assert '"LinOtp.TokenSerialnumber": "token01",' in response assert '"LinOtp.Isactive": true' in response
def initToken(self): ''' Initialize the tokens ''' parameters = { 'serial' : 'sms01', 'otpkey' : '1234567890123456789012345678901234567890' + '123456789012345678901234', 'realm' : 'myDefRealm', 'type' : 'sms', 'user' : 'user1', 'pin' : '1234', 'phone' : '016012345678', 'selftest_admin' : 'superadmin' } response = self.app.get(url(controller='admin', action='init'), params=parameters) self.assertTrue('"status": true' in response, response) parameters = { 'serial' : 'sms02', 'otpkey' : '1234567890123456789012345678901234567890' + '123456789012345678901234', 'realm' : 'myDefRealm', 'user' : 'user2', 'type' : 'sms', 'pin' : '1234', 'phone' : '016022222222', 'selftest_admin' : 'superadmin' } response = self.app.get(url(controller='admin', action='init'), params=parameters) self.assertTrue('"status": true' in response, response)
def setUp(self): TestController.setUp(self) parameters = { 'EmailProvider': 'linotp.lib.emailprovider.SMTPEmailProvider', 'EmailProviderConfig': '{ "SMTP_SERVER": "mail.example.com",\ "SMTP_USER": "******",\ "SMTP_PASSWORD": "******" }', 'EmailChallengeValidityTime': self.challenge_validity, 'EmailBlockingTimeout': 0 } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) assert '"status": true' in response # Enroll token parameters = { 'type': 'email', 'serial': self.token_serial, 'description': "E-mail token enrolled in functional tests", 'email_address': self.default_email_address } response = self.app.get(url(controller='admin', action='init'), params=parameters) assert '"value": true' in response parameters = {"serial": self.token_serial, "user": "******", "pin": self.pin} response = self.app.get(url(controller='admin', action='assign'), params=parameters) assert '"value": true' in response # Patch (replace) smtplib.SMTP class to prevent e-mails from being sent out self.patch_smtp = patch('smtplib.SMTP', spec=smtplib.SMTP) mock_smtp_class = self.patch_smtp.start() self.mock_smtp_instance = mock_smtp_class.return_value self.mock_smtp_instance.sendmail.return_value = []
def test_blocking(self): """ Test that no new e-mails are sent out during EmailBlockingTimeout """ parameters = { 'EmailBlockingTimeout': 3 } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) assert '"status": true' in response # Trigger 1st challenge (that should send e-mail) response, _ = self._trigger_challenge() self._assert_email_sent(response) # Trigger 2nd challenge (should send no e-mail) response, _ = self._trigger_challenge() self.assertEqual("e-mail with otp already submitted", response['detail']['message']) time.sleep(5) # wait for blocking timeout to pass # Trigger 3rd challenge (that should send e-mail) response, otp = self._trigger_challenge() self._assert_email_sent(response) response = self.app.get(url(controller='validate', action='check'), params={'user': '******', 'pass': self.pin + otp}) response_json = response.json self.assertTrue(response_json['result']['status']) self.assertTrue(response_json['result']['value']) time.sleep(5) # wait again to prevent problems with other tests
def test_failed_SMS(self): ''' Failed SMS sending with RETURN_FAIL ''' sms_conf = { "URL" : "http://localhost:%s/testing/http2sms" % self.paster_port, "PARAMETER" : {"account" : "clickatel", "username" : "anotherone"}, "SMS_TEXT_KEY":"text", "SMS_PHONENUMBER_KEY":"destination", "HTTP_Method" : "GET", "RETURN_FAIL" : "FAILED" } parameters = { 'SMSProviderConfig' : json.dumps(sms_conf), 'selftest_admin' : 'superadmin' } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) self.assertTrue('"status": true' in response, response) response = self.app.get(url(controller='validate', action='smspin'), params={'user' : 'user1', 'pass' : '1234'}) self.assertTrue('Failed to send SMS. We received a' ' predefined error from the SMS Gateway.' in response) return
def test_successful_SMS(self): ''' Successful SMS sending with RETURN_FAILED ''' sms_conf = { "URL" : "http://localhost:%s/testing/http2sms" % self.paster_port, "PARAMETER" : { "account" : "clickatel", "username" : "legit" }, "SMS_TEXT_KEY":"text", "SMS_PHONENUMBER_KEY":"destination", "HTTP_Method" : "GET", "RETURN_FAILED" : "FAILED" } parameters = { 'SMSProviderConfig' : json.dumps(sms_conf), 'selftest_admin' : 'superadmin' } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) self.assertTrue('"status": true' in response, response) response = self.app.get(url(controller='validate', action='smspin'), params={'user' : 'user1', 'pass' : '1234'}) self.assertTrue('"state"' in response, response) return
def test_enroll_token_twice(self): ''' test to enroll another token with the same serial number ''' response = self.app.get(url(controller='admin', action='init'), params={'serial' : 'token01', 'type' : 'hmac', 'otpkey' : '123456'}) self.assertTrue('"value": true' in response, response) # enrolling the token of the same type is possible response = self.app.get(url(controller='admin', action='init'), params={'serial' : 'token01', 'type' : 'hmac', 'otpkey' : '567890'}) self.assertTrue('"value": true' in response, response) # enrolling of another type is not possible response = self.app.get(url(controller='admin', action='init'), params={'serial' : 'token01', 'type' : 'spass', 'otpkey' : '123456'}) self.assertTrue("already exist with type" in response, response) self.assertTrue("Can not initialize token with new type" in response, response) # clean up response = self.app.get(url(controller='admin', action='remove'), params={'serial' : 'token01'}) self.assertTrue('"status": true' in response, response)
def test_import_DAT(self): ''' Test to import of eToken dat file format ''' data = ''' # ===== SafeWord Authenticator Records $Version: 100$ ===== dn: sccAuthenticatorId=RAINER01 objectclass: sccCompatibleToken sccAuthenticatorId: RAINER01 sccTokenType: eToken-PASS-ES sccTokenData: sccKey=E26BF3661C254BBAB7370296A6DE60D7AC8E0141;sccMode=E;sccPwLen=6;sccVer=6.20; sccSignature:MC0CFGxPAjrb0zg7MwFzrPibnC70klMnAhUAwZzVdGBaKGjA0djXrGuv6ejTtII= dn: sccAuthenticatorId=RAINER02 objectclass: sccCompatibleToken sccAuthenticatorId: RAINER02 sccTokenType: eToken-PASS-TS sccTokenData: sccKey=535CC2CB9DEA0B55B0A2D585EAB648EBCE73AC8B;sccMode=T;sccPwLen=6;sccVer=6.20;sccTick=30;sccPrTime=2013/03/12 00:00:00 sccSignature: MC4CFQDju23MCRqmkWC7Z9sVDB0y0TeEOwIVAOIibmqMFxhPiY7mLlkt5qmRT/xn ''' response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':data, 'type':'dat', 'startdate':'1.1.2000', }) print response assert '"imported": 2' in response data = "" response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':data, 'type':'dat', 'startdate':'1.1.2000', }) print response assert 'Error loading tokens. File or Type empty' in response data = """ #### """ response = self.app.post(url(controller='admin', action='loadtokens'), params={'file': data, 'type': 'dat', 'startdate': '1.1.2000', }) print response assert '"imported": 0' in response ## test: no startdate response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':data, 'type':'dat', }) print response assert '"imported": 0' in response ## test: wrong startdate response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':data, 'type':'dat', 'startdate': '2000-12-12', }) print response assert '"imported": 0' in response
def test_10_usergetmultiotp(self): """ test for the correct OTP value for a users own token """ parameters = { "name": "usertoken", "scope": "selfservice", "realm": "mydefrealm", "action": "max_count_dpw=10, max_count_hotp=10, max_count_totp=10", } response = self.app.get(url(controller="system", action="setPolicy"), params=parameters) print "setPolicy:", response assert '"status": true' in response parameters = { "serial": "totp1", "curTime": self.TOTPcurTime, "count": "20", "selftest_user": "******", } response = self.app.get(url(controller="selfservice", action="usergetmultiotp"), params=parameters) print response resp = loads(response.body) otps = resp.get("result").get("value").get("otp") otp1 = otps.get("44576668") assert otp1.get("otpval") == "75301418" assert otp1.get("time") == "2012-05-18 02:14:00" otp2 = otps.get("44576669") assert otp2.get("otpval") == "28155992" assert otp2.get("time") == "2012-05-18 02:14:30" return
def test_httperror(self): param = { 'otpkey': 'AD8EABE235FC57C815B26CEF3709075580B44738', 'user': '******', 'pin':'pin', 'serial':'T2', 'type':'spass', 'resConf':'def' } response = self.app.get(url(controller='admin', action='init'), params=param) assert '"status": false,' in response param = { 'otpkey': 'AD8EABE235FC57C815B26CEF3709075580B44738', 'user': '******', 'pin':'pin', 'serial':'T2', 'type':'spass', 'resConf':'def', 'httperror':'400' } try: response = self.app.get(url(controller='admin', action='init'), params=param) except Exception as e: httperror = e.args[0] assert "400 Bad Request" in httperror param = { 'otpkey': 'AD8EABE235FC57C815B26CEF3709075580B44738', 'user': '******', 'pin':'pin', 'serial':'T2', 'type':'spass', 'resConf':'def', 'httperror':'' } try: response = self.app.get(url(controller='admin', action='init'), params=param) except Exception as e: httperror = e.args[0] assert "500 Internal Server Error" in httperror return
def test_yubico_mode(self): """ Enroll and verify otp for the Yubikey in yubico (AES) mode test with public_uid and without public_uid """ public_uids = ["ecebeeejedecebeg", ''] for public_uid in public_uids: serial = self.init_token(public_uid=public_uid) for otp in self.valid_otps: params = {'serial': serial, 'pass': otp} response = self.app.get(url(controller='validate', action='check_s'), params=params) self.assertTrue('"value": true' in response, "Response: %r" % response) # Repeat an old (therefore invalid) OTP value invalid_otp = public_uid + "fcniufvgvjturjgvinhebbbertjnihit" params = {'serial': serial, 'pass': invalid_otp} response = self.app.get(url(controller='validate', action='check_s'), params=params) self.assertTrue('"value": false' in response, "Response: %r" % response) return
def test_ticket_2909(self): ''' Test #2909: HSM problems will raise an HSM Exception which could trigger an HTTP Error ''' param = {'__HSMEXCEPTION__':'__ON__'} response = self.app.get(url(controller='system', action='setupSecurityModule'), params=param) param = {'key':'sec', 'value':'mySec', 'type':'password'} response = self.app.get(url(controller='system', action='setConfig'), params=param) assert '707' in response assert 'hsm not ready' in response res = '' try: param = {'key':'sec', 'value':'mySec', 'type':'password', 'httperror':'503'} response = self.app.get(url(controller='system', action='setConfig'), params=param) except Exception as exx: log.info(response) res = type(exx).__name__ assert res == 'AppError' ## restore default param = {'__HSMEXCEPTION__':'__OFF__'} response = self.app.get(url(controller='system', action='setupSecurityModule'), params=param) return
def test_10_usergetmultiotp(self): ''' test for the correct OTP value for a users own token ''' parameters = { 'name' : 'usertoken', 'scope' : 'selfservice', 'realm' : 'mydefrealm', 'action' : 'max_count_dpw=10, max_count_hotp=10, max_count_totp=10' } response = self.app.get(url(controller='system', action='setPolicy'), params=parameters) print "setPolicy:" , response assert '"status": true' in response parameters = {'serial' : 'totp1', 'curTime' : self.TOTPcurTime, 'count' : "20", 'selftest_user' : 'localuser@mydefrealm' } response = self.app.get(url(controller='userservice', action='getmultiotp'), params=parameters) print response resp = loads(response.body) otps = resp.get('result').get('value').get('otp') otp1 = otps.get('44576668') assert otp1.get('otpval') == '75301418' assert otp1.get('time') == "2012-05-18 02:14:00" otp2 = otps.get('44576669') assert otp2.get('otpval') == '28155992' assert otp2.get('time') == "2012-05-18 02:14:30" return
def test_0000_policy(self): ''' test the replication of policies ''' policyDef = { "Policy.enrollPolicy.action": "maxtoken=3,", "Policy.enrollPolicy.scope": "enrollment", "Policy.enrollPolicy.client": None, "Policy.enrollPolicy.time": None, "Policy.enrollPolicy.realm": "*", "Policy.enrollPolicy.user": "******", } ''' 0 - cleanup''' parameters = {'key':'enableReplication' } resp = self.app.get(url(controller='system', action='delConfig'), params=parameters) assert('"delConfig enableReplication": true' in resp) for k in policyDef: self.delData(k) ''' 1. switch on replication ''' parameters = {'enableReplication' : 'true' } resp = self.app.get(url(controller='system', action='setConfig'), params=parameters) assert('"setConfig enableReplication:true": true' in resp) ''' 2 write sql data ''' for k in policyDef: self.addData(k, policyDef.get(k), '') ''' 3. getPolicy ''' parameters = {'name' : 'enrollPolicy' } resp = self.app.get(url(controller='system', action='getPolicy'), params=parameters) assert('"action": "maxtoken=3' in resp) ''' 5 - cleanup''' for k in policyDef: self.delData(k) ''' 5b. lookup for the policy definition''' parameters = {'name' : 'enrollPolicy' } resp = self.app.get(url(controller='system', action='getPolicy'), params=parameters) res = ('"action": "maxtoken=3' in resp) assert res == False ''' 5c. reset replication ''' parameters = {'key':'enableReplication' } resp = self.app.get(url(controller='system', action='delConfig'), params=parameters) assert('"delConfig enableReplication": true' in resp) return
def setPolicy(self, parameters): response = self.app.get(url(controller='system', action='setPolicy'), params=parameters) print "setPolicy:" , response assert '"status": true' in response # check for policy response = self.app.get(url(controller='system', action='getPolicy'), params=parameters) print "getPolicy:", response assert '"action": ' in response
def deleteRadiusToken(self): parameters = {"serial": "radius1"} response = self.app.get(url(controller="admin", action="remove"), params=parameters) parameters = {"serial": "radius2"} response = self.app.get(url(controller="admin", action="remove"), params=parameters) log.debug(response)
def test_tokenflexi(self): ''' Manage: testing the tokenview_flexi method ''' response = self.app.get(url(controller='manage', action='tokenview_flexi'), params={}) testbody = response.body.replace('\n', ' ').replace('\r', '').\ replace(" ", " ") log.info("token flexi response 1: %r" % response) self.assertTrue('"total": 3' in testbody, testbody) self.assertTrue('"token1", true, "heinz"' in testbody, testbody) self.assertTrue('"token2", true, "nick"' in testbody, testbody) self.assertTrue('"token3", true, "renate"' in testbody, testbody) # only renates token response = self.app.get(url(controller='manage', action='tokenview_flexi'), params={'qtype': 'loginname', 'query': 'renate'}) testbody = response.body.replace('\n', ' ').replace('\r', '').\ replace(" ", " ") log.info("token flexi response 2: %r" % response) self.assertTrue('"total": 1' in testbody, testbody) self.assertTrue('"token3", true, "renate"' in testbody, testbody) # only tokens in realm1 response = self.app.get(url(controller='manage', action='tokenview_flexi'), params={'qtype': 'realm', 'query': 'realm1'}) log.info("token flexi response 3: %r" % response) self.assertTrue('"total": 2' in response, response) testbody = response.body.replace('\n', ' ').replace('\r', '').\ replace(" ", " ") self.assertTrue('"token1", true, "heinz"' in testbody, testbody) self.assertTrue('"token2", true, "nick"' in testbody, testbody) # search in all columns response = self.app.get(url(controller='manage', action='tokenview_flexi'), params={'qtype': 'all', 'query': 'token2'}) log.info("token flexi response 4: %r" % response) self.assertTrue('"total": 1' in response, response) testbody = response.body.replace('\n', ' ').replace('\r', '').\ replace(" ", " ") self.assertTrue('"token2", true, "nick"' in testbody, testbody)
def test_userlist(self): """ test the admin/userlist for iteration reply and paging scope of test: - stabilty of the userlist api - support of result paging """ # first standard query for users parameters = {"username": "******"} response = self.app.get(url(controller='admin', action='userlist'), params=parameters) self.assertTrue('"status": true,' in response, response) resp = json.loads(response.body) values = resp.get('result', {}).get('value', []) self.assertTrue(len(values) > 15, "not enough users returned %r" % resp) # paged query parameters = {"username": "******", "rp": 5, "page": 2} response = self.app.get(url(controller='admin', action='userlist'), params=parameters) self.assertTrue('"status": true,' in response, response) resp = json.loads(response.body) entries = parameters['rp'] values = resp.get('result', {}).get('value', []) self.assertEqual(len(values), parameters['rp'], resp) num = parameters['rp'] * (parameters['page'] + 1) queried = resp.get('result', {}).get('queried', 0) self.assertEqual(queried, num, resp) # test for optional pagesize, which falls back to the pagesize of 15 parameters = {"username": "******", "page": 0} response = self.app.get(url(controller='admin', action='userlist'), params=parameters) self.assertTrue('"status": true,' in response, response) resp = json.loads(response.body) values = resp.get('result', {}).get('value', []) self.assertEqual(len(values), 15, resp) # test for ValueError Exception if page or rp is not of int # though the returned data is a json response parameters = {"username": "******", "page": 'page'} response = self.app.get(url(controller='admin', action='userlist'), params=parameters) # check that status is false self.assertTrue('"status": false,' in response, response) # check for valid json resp = json.loads(response.body) value = resp.get('result', {}).get('error', {}).get("code", 0) self.assertEqual(value, 9876, resp) return
def test_setDefault(self): ''' Testing setting default values ''' """ response = self.app.get(url_for(controller='page', action='view', id=1)) get(url, params=None, headers=None, extra_environ=None, status=None, expect_errors=False) setDefault: parameters are\ DefaultMaxFailCount\ DefaultSyncWindow\ DefaultCountWindow\ DefaultOtpLen\ DefaultResetFailCount\ " """ parameters = { "DefaultMaxFailCount":"21", "DefaultSyncWindow":"200", "DefaultCountWindow" : "20", "DefaultOtpLen" : "8", "DefaultResetFailCount" : "False" } response = self.app.get(url(controller='system', action='setDefault'), params=parameters) #log.debug("response %s\n",response) assert '"set DefaultSyncWindow": true' in response assert '"set DefaultMaxFailCount": true' in response assert '"set DefaultResetFailCount": true' in response assert '"set DefaultSyncWindow": true' in response assert '"set DefaultMaxFailCount": true' in response assert '"set DefaultCountWindow": true'in response parameters = { "DefaultMaxFailCount":"10", "DefaultSyncWindow":"1000", "DefaultCountWindow" : "10", "DefaultOtpLen" : "6", "DefaultResetFailCount" : "True" } response = self.app.get(url(controller='system', action='setDefault'), params=parameters) #log.info("response %s\n",response) assert '"set DefaultSyncWindow": true' in response assert '"set DefaultMaxFailCount": true' in response assert '"set DefaultResetFailCount": true' in response assert '"set DefaultSyncWindow": true' in response assert '"set DefaultMaxFailCount": true' in response assert '"set DefaultCountWindow": true'in response
def test_missing_param(self): ''' Missing parameter at the SMS Gateway config. send SMS will fail ''' sms_conf = { "URL" : "http://localhost:%s/testing/http2sms" % self.paster_port, "PARAMETER" : {"account" : "clickatel", "username" : "legit"}, "SMS_TEXT_KEY":"text", "SMS_PHONENUMBER_KEY":"to", "HTTP_Method" : "GET", "RETURN_SUCCESS" : "ID", } parameters = { 'SMSProviderConfig' : json.dumps(sms_conf), 'selftest_admin' : 'superadmin' } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) self.assertTrue('"status": true' in response, response) # check the saved configuration response = self.app.get(url(controller='system', action='getConfig'), {'key' : 'SMSProviderConfig'}) self.assertIn( 'http://localhost:%s/testing/http2sms' % self.paster_port, response, response ) response = self.app.get(url(controller='validate', action='smspin') , params={'user' : 'user1', 'pass' : '1234'}) self.assertTrue('Failed to send SMS.' in response, response) # check last audit entry response = self.last_audit() val = "-1" if '"total": null,' not in response: resp = json.loads(response.body) rows = resp.get("rows", []) for row in rows: cell = row.get('cell', {}) if "validate/smspin" in cell: idx = cell.index('validate/smspin') val = cell[idx + 1] break self.assertTrue(val == "0", response) return
def addSqlRealm(self, realmName, resolverName, defaultRealm=False): parameters = { 'realm' : realmName, 'resolvers' :'useridresolver.SQLIdResolver.IdResolver.%s' % (resolverName) } resp = self.app.get(url(controller='system', action='setRealm'), params=parameters) assert('"value": true' in resp) resp = self.app.get(url(controller='system', action='getRealms')) assert('"default": "true"' in resp) return
def test_yubico_mode(self): """ Enroll and test the Yubikey in yubico (AES) mode """ serialnum = "01382015" yubi_slot = 1 self.serial = "UBAM%s_%s" % (serialnum, yubi_slot) otpkey = "9163508031b20d2fbb1868954e041729" parameters = { "type": "yubikey", "serial": self.serial, "otpkey": otpkey, "otplen": 48, "description": "Yubikey enrolled in functional tests", } public_uid = "ecebeeejedecebeg" response = self.app.get(url(controller="admin", action="init"), params=parameters) self.assertTrue('"value": true' in response, "Response: %r" % response) ## test initial assign parameters = {"serial": self.serial, "user": "******"} response = self.app.get(url(controller="admin", action="assign"), params=parameters) # Test response... self.assertTrue('"value": true' in response, "Response: %r" % response) valid_otps = [ public_uid + "fcniufvgvjturjgvinhebbbertjnihit", public_uid + "tbkfkdhnfjbjnkcbtbcckklhvgkljifu", public_uid + "ktvkekfgufndgbfvctgfrrkinergbtdj", public_uid + "jbefledlhkvjjcibvrdfcfetnjdjitrn", public_uid + "druecevifbfufgdegglttghghhvhjcbh", public_uid + "nvfnejvhkcililuvhntcrrulrfcrukll", public_uid + "kttkktdergcenthdredlvbkiulrkftuk", public_uid + "hutbgchjucnjnhlcnfijckbniegbglrt", public_uid + "vneienejjnedbfnjnnrfhhjudjgghckl", public_uid + "krgevltjnujcnuhtngjndbhbiiufbnki", public_uid + "kehbefcrnlfejedfdulubuldfbhdlicc", public_uid + "ljlhjbkejkctubnejrhuvljkvglvvlbk", public_uid + "eihtnehtetluntirtirrvblfkttbjuih", ] for otp in valid_otps: response = self.app.get( url(controller="validate", action="check_s"), params={"serial": self.serial, "pass": otp} ) self.assertTrue('"value": true' in response, "Response: %r" % response) # Repeat an old (therefore invalid) OTP value invalid_otp = public_uid + "fcniufvgvjturjgvinhebbbertjnihit" response = self.app.get( url(controller="validate", action="check_s"), params={"serial": self.serial, "pass": invalid_otp} ) self.assertTrue('"value": false' in response, "Response: %r" % response)
def deleteRadiusToken(self): parameters = { "serial" : "radius1", } response = self.app.get(url(controller='admin', action='remove'), params=parameters) parameters = { "serial" : "radius2", } response = self.app.get(url(controller='admin', action='remove'), params=parameters) log.debug(response)
def test_session(self): ''' Testing getting session and dropping session ''' response = self.app.get(url(controller='admin', action='getsession'), params={}) self.assertTrue('"value": true' in response, response) response = self.app.get(url(controller='admin', action='dropsession'), params={}) self.assertTrue('' in response, response)
def test_assign(self): ''' selfservice: testing assign token and unassign token ''' self.deleteToken('token01') # init token response = self.app.get(url(controller='admin', action='init'), params={'serial':'token01', 'type': 'hmac', 'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d' }) print response assert '"status": true' in response # put into realm response = self.app.get(url(controller='admin', action='tokenrealm'), params={'serial': 'token01', 'realms': 'myDefRealm'}) print response assert '"value": 1' in response # Now try to assign response = self.app.get(url(controller='userservice', action='assign'), params={'selftest_user': '******', 'serial': 'token01'}) print response assert '"message": "ERR410: ' in response self.createPolicy("assign") response = self.app.get(url(controller='userservice', action='assign'), params={'selftest_user': '******', 'serial': 'token01'}) print response assert '"assign token": true' in response # unassign response = self.app.get(url(controller='userservice', action='unassign'), params={'selftest_user': '******', 'serial': 'token01'}) print response assert '"message": "ERR410: The policy settings do not allow you to issue this request!",' in response self.createPolicy("unassign") response = self.app.get(url(controller='userservice', action='unassign'), params={'selftest_user': '******', 'serial': 'token01'}) print response assert '"unassign token": true' in response # UI response = self.app.get(url(controller='selfservice', action='assign'), params={'selftest_user': '******'}) print response assert "<div id='assignform'>" in response response = self.app.get(url(controller='selfservice', action='unassign'), params={'selftest_user': '******'}) print response assert "<div id='unassignform'>" in response
def test_001_resolvers(self): self.delete_all_realms() parameters = { "username":"******", } response = self.app.get(url(controller='admin', action='userlist'), params=parameters) parameters = { "username":"******", "realm":"myMixRealm" } response = self.app.get(url(controller='admin', action='userlist'), params=parameters) log.debug(response)
def test_timeout(self): """ Test that challenges timeout after 'EmailChallengeValidityTime' """ response, otp = self._trigger_challenge() self._assert_email_sent(response) time.sleep(int(self.challenge_validity * 1.2)) # we wait 120% of the challenge timeout response = self.app.get(url(controller='validate', action='check'), params={'user': '******', 'pass': self.pin + otp}) response = response.json self.assertTrue(response['result']['status']) self.assertFalse(response['result']['value'], "Challenge should have timed out")
def _authentication2(self, transactionid, authentication_response_message): """ Performs the second authentication step """ parameters = {'user': '******', 'transactionid': transactionid} parameters['pass'] = authentication_response_message response = self.app.get(url(controller='validate', action='check'), params=parameters) return response
def addToken(self, user): param = {'user': user, 'pin': user, 'serial': 's' + user, 'type': 'spass'} response = self.app.get(url(controller='admin', action='init'), params=param) self.assertTrue('"status": true,' in response, response) return
def test_setconfig_backwards(self): ''' testing setconfig backward compat ''' response = self.app.get(url(controller='system', action='setConfig'), params={ 'key': 'test', 'value': 'old', 'description': 'old value' }) print response assert '"setConfig test": true' in response response = self.app.get(url(controller='system', action='setConfig'), params={ 'key': 'some.resolver.config', 'value': 'resolverText', 'description': 'resolver test' }) print response assert '"setConfig some.resolver.config": true' in response
def initProvider(self): ''' Initialize the HttpSMSProvider ''' parameters = { 'SMSProvider': 'smsprovider.HttpSMSProvider.HttpSMSProvider', 'selftest_admin': 'superadmin' } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) self.assertTrue('"status": true' in response, response)
def addSqlResolver(self, name): parameters = copy.deepcopy(self.sqlResolverDef) parameters['name'] = name parameters['type'] = 'sqlresolver' parameters['Limit'] = '20' resp = self.app.get(url(controller='system', action='setResolver'), params=parameters) assert ('"value": true' in resp) resp = self.app.get(url(controller='system', action='getResolvers')) assert ('"resolvername": "%s"' % (name) in resp) param2 = {'resolver': name} resp = self.app.get(url(controller='system', action='getResolver'), params=param2) assert ('"Table": "User2"' in resp) return
def createPolicy(self, policy): response = self.app.get(url(controller='system', action='setPolicy'), params={ 'name': 'self01', 'scope': 'selfservice', 'realm': 'myDefRealm', 'action': policy, 'selftest_admin': 'superadmin' }) print response assert '"status": true' in response assert '"setPolicy self01": {' in response
def test_07_pinpolicy(self): ''' Auth Test 07: check on a client, that is not contained in policy => authenticate with OTP PIN ''' parameters = {'user' : 'horst', 'pass' : '1234secret2', 'client' : '192.168.200.10' } response = self.app.get(url(controller='validate', action='check'), params=parameters) print "validate/check: ", response assert '"value": true' in response
def test_02_check_token_local_pin(self): ''' Checking if token with local PIN works To successfully test the remote token, the paster must run locally. ''' parameters = {"serial": "LSPW2", "pass": "******"} response = self.app.get(url(controller='validate', action='check_s'), params=parameters) log.error(response) assert '"value": true' in response parameters = {"user": "******", "pass": "******"} response = self.app.get(url(controller='validate', action='check'), params=parameters) log.error(response) assert '"value": true' in response return
def createTokenSHA256(self, serial="SHA256"): parameters = { "serial": serial, "otpkey": "47F6EE05C06FA1CDB8B9AADF520FCF86221DB0A107731452AE140EED0EB518B0", "type": "hmac", "hashlib": "sha256" } response = self.app.get(url(controller='admin', action='init'), params=parameters) self.assertTrue('"value": true' in response, response) return serial
def test_04_check_token_local_pin_fail(self): ''' Checking if a missing local PIN will fail ''' parameters = {"user": "******", "pass": "******"} response = self.app.get(url(controller='validate', action='check'), params=parameters) assert '"value": false' in response return
def test_06_check_token_remote_pin_fail2(self): ''' Checking if a wrong remote PIN will fail ''' parameters = {"user": "******", "pass": "******"} response = self.app.get(url(controller='validate', action='check'), params=parameters) assert '"value": false' in response return
def test_import_unknown(self): ''' Test to import unknown type ''' response = self.app.post(url(controller='admin', action='loadtokens'), params={ 'file': XML_PSKC, 'type': 'XYZ' }) print response assert '"status": false' in response assert 'Unknown file type' in response
def test_06_getmultiotp(self): ''' test for the correct otp value of the HOTP token ''' parameters = {'serial' : 'hotp1', 'curTime' : self.curTime, 'count' : "20", 'selftest_admin' : 'admin' } response = self.app.get(url(controller='gettoken', action='getmultiotp'), params=parameters) print response assert '"0": "819132"' in response assert '"1": "301156"' in response
def setOtpPinPolicy(self, name='ldapOtpPin', realm='ldap_realm'): parameters = { 'name' : name, 'user' : '*', 'action' : 'otppin=1, ', 'scope' : 'authentication', 'realm' : realm, 'time' : '', 'client' : '', } response = self.app.get(url(controller='system', action='setPolicy'), params=parameters) log.error(response)
def test_03_localuser_not_allowed(self): ''' Auth Test 03: localuser is not allowed to authenticate to another host than 172.16.200.X localuser is not authorized, since he tries to login to 10.1.1.3 ''' parameters = {'user' : 'localuser', 'pass' : '1234secret1', 'client' : '10.1.1.3' } response = self.app.get(url(controller='validate', action='check'), params=parameters) print "validate/check: ", response assert '"value": false' in response
def test_resync(self): self.createToken() ## test resync of token 2 parameters = {"user": "******", "otp1": "359864", "otp2": "348449"} response = self.app.get(url(controller='admin', action='resync'), params=parameters) #log.error("response %s\n",response) self.assertTrue('"value": false' in response, response) parameters = {"user": "******", "otp1": "359864", "otp2": "348448"} response = self.app.get(url(controller='admin', action='resync'), params=parameters) # Test response... log.error("response %s\n", response) self.assertTrue('"value": true' in response, response) self.removeTokenBySerial("F722364") self.removeTokenBySerial("F722363") self.removeTokenBySerial("F722362")
def test_03_getmultiotp(self): ''' test for the correct otp value of the DPW token ''' parameters = {'serial' : 'dpw1', 'curTime' : self.curTime, 'count' : "10", 'selftest_admin' : 'admin' } response = self.app.get(url(controller='gettoken', action='getmultiotp'), params=parameters) print response assert '"12-05-17": "028193"' in response assert '"12-05-18": "857788"' in response
def test_02_token01_success(self): ''' test for the otp of the first token, with all realms ''' parameters = {'otp': '359152'} response = self.app.get(url(controller='admin', action='getSerialByOtp'), params=parameters) print response assert '"serial": "oath_mydef"' in response # test for the otp of the first token, with only in realm mydef # But it fails, due to same OTP value! parameters = {'otp': '359152', 'realm': 'mydef'} response = self.app.get(url(controller='admin', action='getSerialByOtp'), params=parameters) print response assert '"serial": ""' in response ''' test for the otp of the first token, with only in realm mydef ''' parameters = {'otp': '969429', 'realm': 'mydef'} response = self.app.get(url(controller='admin', action='getSerialByOtp'), params=parameters) print response assert '"serial": "oath_mydef"' in response ''' The OTP of the first token shall not be found in the second realm ''' parameters = {'otp': '338314', 'realm': 'myrealm'} response = self.app.get(url(controller='admin', action='getSerialByOtp'), params=parameters) print response assert '"serial": ""' in response
def test_assign(self): serial = self.createToken2(serial="F722362") response = self.app.get(url(controller='admin', action='show')) respRealms = self.app.get(url(controller='system', action='getRealms'), params=None) log.debug(respRealms) ## test initial assign parameters = {"serial": serial, "user": "******"} response = self.app.get(url(controller='admin', action='assign'), params=parameters) # log.error("response %s\n",response) # Test response... self.assertTrue('"value": true' in response, response) ## test initial assign update parameters = {"serial": serial, "user": "******", "pin": "NewPin"} response = self.app.get(url(controller='admin', action='assign'), params=parameters) #log.error("response %s\n",response) # Test response... self.assertTrue('"value": true' in response, response) response = self.app.get(url(controller='admin', action='show')) #log.error("response %s\n",response) self.assertTrue('"User.userid": "0", ' in response, response) ## test initial assign update parameters = {"serial": serial, "user": "******"} response = self.app.get(url(controller='admin', action='unassign'), params=parameters) #log.error("response %s\n",response) self.assertTrue('"value": true' in response, response) ## test wrong assign parameters = {"serial": serial, "user": "******"} response = self.app.get(url(controller='admin', action='assign'), params=parameters) #log.error("response %s\n",response) self.assertTrue( 'getUserId failed: no user >NoBody< found!' in response, response) response = self.app.get(url(controller='admin', action='show')) #log.error("response %s\n",response) self.assertTrue('"User.userid": "",' in response, response) self.delete_token(serial)
def test_enroll_token_twice(self): ''' test to enroll another token with the same serial number ''' response = self.app.get(url(controller='admin', action='init'), params={ 'serial': 'token01', 'type': 'hmac', 'otpkey': '123456' }) self.assertTrue('"value": true' in response, response) # enrolling the token of the same type is possible response = self.app.get(url(controller='admin', action='init'), params={ 'serial': 'token01', 'type': 'hmac', 'otpkey': '567890' }) self.assertTrue('"value": true' in response, response) # enrolling of another type is not possible response = self.app.get(url(controller='admin', action='init'), params={ 'serial': 'token01', 'type': 'spass', 'otpkey': '123456' }) self.assertTrue("already exist with type" in response, response) self.assertTrue("Can not initialize token with new type" in response, response) # clean up response = self.app.get(url(controller='admin', action='remove'), params={'serial': 'token01'}) self.assertTrue('"status": true' in response, response)
def test_userflexi(self): ''' Manage: testing the userview_flexi method ''' # No realm, no user response = self.app.get(url(controller='manage', action='userview_flexi'), params={}) print "user flexi response 1: %r" % response.testbody assert '"total": 0' in response.testbody # No realm, no user response = self.app.get(url(controller='manage', action='userview_flexi'), params={ "page": 1, "rp": 15, "sortname": "username", "sortorder": "asc", "query": "", "qtype": "username", "realm": "realm1" }) print "user flexi response 2: %r" % response.testbody assert '"id": "heinz"' in response.testbody response = self.app.get(url(controller='manage', action='userview_flexi'), params={ "page": 1, "rp": 15, "sortname": "username", "sortorder": "desc", "query": "", "qtype": "username", "realm": "realm2" }) print "user flexi response 3: %r" % response.testbody assert '"id": "renate"' in response.testbody
def test_set(self): self.createToken() parameters = { "serial": "F722364", "pin": "pin", "MaxFailCount": "20", "SyncWindow": "400", "OtpLen": "6", "hashlib": "sha256" } response = self.app.get(url(controller='admin', action='set'), params=parameters) #log.debug("response %s",response) self.assertTrue('"set pin": 1' in response, response) self.assertTrue('"set SyncWindow": 1' in response, response) self.assertTrue('"set OtpLen": 1' in response, response) self.assertTrue('"set MaxFailCount": 1' in response, response) self.assertTrue('"set hashlib": 1' in response, response) parameters = { "user": "******", "pin": "pin", "MaxFailCount": "20", "SyncWindow": "400", "OtpLen": "6", } response = self.app.get(url(controller='admin', action='set'), params=parameters) #log.error("response %s",response) self.assertTrue('"set pin": 3' in response, response) self.assertTrue('"set SyncWindow": 3' in response, response) self.assertTrue('"set OtpLen": 3' in response, response) self.assertTrue('"set MaxFailCount": 3' in response, response) self.delete_token("F722362") response = self.removeTokenByUser("root") self.assertTrue('"value": 2' in response, response)
def test_ticket_864(self): ''' #2864: admin/tokenrealm with multiple realms remarks: the problem is independent of sqlite, the reason is that realms are treated case insensitive 1. create a token 2. add some realms to the token 3. verify, that the token is part of the realms ''' sqlconnect = self.appconf.get('sqlalchemy.url') log.debug('current test against %s' % (sqlconnect)) self.add_token('root', serial='troot', typ='spass', key='1234') param = {'serial':'troot', 'realms':'myDefRealm,myMixRealm'} response = self.app.get(url(controller='admin', action='tokenrealm'), params=param) if '"value": 1' not in response.body: assert '"value": 1' in response.body param = {} ## the admin show returns slices of 10 token and our troot is not in ## the first slice :-( - so we now search directly for the token param['serial'] = 'troot' response = self.app.get(url(controller='admin', action='show'), params=param) resp = json.loads(response.body) tok_data = resp.get('result').get('value').get('data')[0] realms = tok_data.get('LinOtp.RealmNames') t_ser = tok_data.get("LinOtp.TokenSerialnumber") assert t_ser == 'troot' assert 'mydefrealm' in realms assert 'mymixrealm' in realms self.del_token('troot') return
def last_audit(self, num=3, page=1): ''' Checks the last audit entry ''' # audit/search?sortorder=desc&rp=1 response = self.app.get(url(controller="audit", action="search"), params={ 'sortorder': 'desc', 'rp': num, 'page': page, 'selftest_admin': 'superadmin' }) return response
def setUp(self): TestController.setUp(self) parameters = { 'EmailProvider': 'linotp.lib.emailprovider.SMTPEmailProvider', 'EmailProviderConfig': '{ "SMTP_SERVER": "mail.example.com",\ "SMTP_USER": "******",\ "SMTP_PASSWORD": "******" }', 'EmailChallengeValidityTime': self.challenge_validity, 'EmailBlockingTimeout': 0 } response = self.app.get(url(controller='system', action='setConfig'), params=parameters) assert '"status": true' in response # Enroll token parameters = { 'type': 'email', 'serial': self.token_serial, 'description': "E-mail token enrolled in functional tests", 'email_address': self.default_email_address } response = self.app.get(url(controller='admin', action='init'), params=parameters) assert '"value": true' in response parameters = { "serial": self.token_serial, "user": "******", "pin": self.pin } response = self.app.get(url(controller='admin', action='assign'), params=parameters) assert '"value": true' in response # Patch (replace) smtplib.SMTP class to prevent e-mails from being sent out self.patch_smtp = patch('smtplib.SMTP', spec=smtplib.SMTP) mock_smtp_class = self.patch_smtp.start() self.mock_smtp_instance = mock_smtp_class.return_value self.mock_smtp_instance.sendmail.return_value = []
def test_resync(self): ''' Selfservice: Testing user resync ''' response = self.app.get(url(controller='userservice', action='resync'), params={'selftest_user': '******'}) print response assert '"status": false' in response assert '"code": -311' in response self.createPolicy("resync") response = self.app.get(url(controller='userservice', action='resync'), params={'selftest_user': '******'}) print response assert 'Missing parameter' in response assert '"code": 905' in response response = self.app.get(url(controller='admin', action='init'), params={ 'serial': 'token01', 'type': 'hmac', 'user': '******', 'pin': "secret", 'otpkey': '6161e082d736d3d9d67bc1d4711ff1a81af26160' }) print response assert '"status": true' in response response = self.app.get(url(controller='userservice', action='resync'), params={ 'selftest_user': '******', 'serial': 'XXXX', "otp1": "359864", "otp2": "348448" }) print response assert '"status": false' in response assert 'no token found!' in response response = self.app.get(url(controller='userservice', action='resync'), params={ 'selftest_user': '******', 'serial': 'token01', "otp1": "885497", "otp2": "696793" }) print response assert '"status": true' in response assert '"resync Token": true' in response response = self.app.get(url(controller='selfservice', action='resync'), params={'selftest_user': '******'}) print response assert "<div id='resyncform'>" in response
def test_delete(self): ''' selfservice: testing deleting token ''' self.deleteToken('token01') response = self.app.get(url(controller='admin', action='init'), params={ 'serial': 'token01', 'type': 'hmac', 'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d', 'user': '******' }) print response assert '"status": true' in response response = self.app.get(url(controller='userservice', action='delete'), params={ 'serial': 'token01', 'selftest_user': '******' }) print response assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response self.createPolicy("delete") response = self.app.get(url(controller='userservice', action='delete'), params={ 'serial': 'token01', 'selftest_user': '******' }) print response assert '"delete token": 1' in response # UI response = self.app.get(url(controller='selfservice', action='delete'), params={'selftest_user': '******'}) print response assert "<div id='deleteform'>" in response
def test_import_PSKC(self): ''' Test to import PSKC data ''' response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':XML_PSKC, 'type':'pskc', 'pskc_type': 'plain', 'pskc_password': "", 'pskc_preshared': ""}) print response assert '"imported": 6' in response response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':XML_PSKC, 'type':'pskc', 'pskc_type': 'plain', 'pskc_password': "", 'pskc_preshared': "", 'pskc_checkserial': 'true'}) print response assert '"imported": 0' in response
def test_import_empty_file(self): ''' Test loading empty file ''' response = self.app.post(url(controller='admin', action='loadtokens'), params={'file':"", 'type':'pskc', 'pskc_type': 'plain', 'pskc_password': "", 'pskc_preshared': ""}) print response assert '"status": false' in response assert '"message": "Error loading tokens. File or Type empty!",' in response