def test_unsupported_saml_provider(client_creator, prompter):
invalid_config = {
'saml_authentication_type': 'form',
'saml_provider': 'unsupported',
'saml_endpoint': 'https://example.com/',
'saml_username': '******',
}
with pytest.raises(ValueError):
SAMLCredentialFetcher(
client_creator=client_creator,
saml_config=invalid_config,
provider_name='unsupported',
password_prompter=prompter,
)
def test_verify_sms_factor(mock_requests_session, prompter, assertion, capsys):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
mock_requests_session.post.return_value = token_response
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
result = authenticator._authenticator.verify_sms_factor(
"url", "statetoken", "passcode")
assert result.status_code == 200
test = json.loads(result.text)
assert test["status"] == "SUCCESS"
def test_get_mfa_choice(mock_requests_session, prompter, assertion, capsys):
def mock_prompter(prompt):
assert prompt == (
"Please choose from the following authentication choices:\r\n"
"1: SMS text message\r\n"
"Enter the number corresponding to your choice or press RETURN to "
"cancel authentication: ")
return "1"
parsed = {"_embedded": {"factors": [{"factorType": "sms"}]}}
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=mock_prompter)
response = authenticator._authenticator.get_mfa_choice(parsed)
assert response == 1
def test_process_response_1(mock_requests_session, assertion, prompter):
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode()
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.get.return_value = assertion_response
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
result = authenticator._authenticator.process_response(
token_response, "endpoint")
assert result == assertion.decode()
def test_process_mfa_push_2(mock_requests_session, prompter, assertion,
capsys):
session_token = {
'sessionToken': 'spam',
'status': 'CANCELLED',
'factorResult': 'FAILED'
}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
mock_requests_session.post.return_value = token_response
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
with pytest.raises(SAMLError):
authenticator._authenticator.process_mfa_push("endpoint", "url",
"statetoken")
def test_process_response_2(mock_requests_session, assertion, prompter):
def mock_prompter(prompt):
assert prompt == "Mock error\r\nPress RETURN to continue\r\n"
return ""
session_token = {
'sessionToken': 'spam',
'status': 'FAILED',
'errorCauses': [{
'errorSummary': "Mock error"
}]
}
token_response = mock.Mock(spec=requests.Response,
status_code=400,
text=json.dumps(session_token))
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=mock_prompter)
result = authenticator._authenticator.process_response(
token_response, "endpoint")
assert result is None