def test_01_create_update_delete(self):
eid = set_event("token_init", "UserNotification", "sendmail",
condition="bla",
options={"emailconfig": "themis"})
self.assertEqual(eid, 1)
# create a new event!
r = set_event("token_init, token_assign",
"UserNotification", "sendmail",
condition="",
options={"emailconfig": "themis",
"always": "immer"})
self.assertEqual(r, 2)
# Update the first event
r = set_event("token_init, token_assign",
"UserNotification", "sendmail",
condition="",
options={"emailconfig": "themis",
"always": "immer"},
id=eid)
self.assertEqual(r, eid)
event_config = EventConfiguration()
self.assertEqual(len(event_config.events), 2)
# delete
r = delete_event(eid)
self.assertTrue(r)
event_config = EventConfiguration()
self.assertEqual(len(event_config.events), 1)
r = delete_event(2)
self.assertTrue(r)
event_config = EventConfiguration()
self.assertEqual(len(event_config.events), 0)
def test_01_setup_eventhandlers(self):
# This test create an HOTP token with C/R with a pre-event handler
# and the user uses this HOTP token to directly login to /auth
# Setup realm
rid = save_resolver({
"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": PWFILE
})
self.assertTrue(rid > 0, rid)
(added, failed) = set_realm(self.realm1, [self.resolvername1])
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 1)
set_default_realm(self.realm1)
# set a policy to authenticate against privacyIDEA
set_policy("piLogin",
scope=SCOPE.WEBUI,
action="{0!s}=privacyIDEA".format(ACTION.LOGINMODE))
# set a policy to for otppin=userstore
set_policy("otppin",
scope=SCOPE.AUTH,
action="{0!s}=userstore".format(ACTION.OTPPIN))
# Set a policy to do C/R with HOTP tokens
set_policy("crhotp",
scope=SCOPE.AUTH,
action="{0!s}=hotp".format(ACTION.CHALLENGERESPONSE))
# Create an event handler, that creates HOTP token on /auth with default OTP key
eid = set_event(
"createtoken",
event=["auth"],
handlermodule="Token",
action="enroll",
position="pre",
conditions={CONDITION.USER_TOKEN_NUMBER: 0},
options={
"tokentype": "hotp",
"user": "******",
"additional_params": {
'otpkey': self.otpkey,
# We need to set gekey=0, otherwise the Tokenhandler will
# generate a random otpkey
'genkey': 0
}
})
# cleanup tokens
remove_token(user=User("someuser", self.realm1))
# user tries to log in with his userstore password and gets a transaction_id
with self.app.test_request_context('/auth',
method='POST',
data={
"username": "******",
"password": "******"
}):
res = self.app.full_dispatch_request()
self.assertEqual(401, res.status_code, res)
result = res.json.get("result")
self.assertFalse(result.get("status"), result)
detail = res.json.get("detail")
self.assertEqual("please enter otp: ", detail.get("message"))
transaction_id = detail.get("transaction_id")
# Check if the token was enrolled
toks = get_tokens(user=User("someuser", self.realm1))
self.assertEqual(len(toks), 1)
self.assertEqual(toks[0].token.tokentype, "hotp")
serial = toks[0].token.serial
# Check if the correct otpkey was used
hotptoken = toks[0]
r = hotptoken.check_otp(self.valid_otp_values[1])
self.assertTrue(r >= 0)
# Now the user logs in with the second step of C/R with OTP value of new token
with self.app.test_request_context('/auth',
method='POST',
data={
"username": "******",
"transaction_id":
transaction_id,
"password":
self.valid_otp_values[2]
}):
res = self.app.full_dispatch_request()
self.assertEqual(200, res.status_code, res)
result = res.json.get("result")
self.assertTrue(result.get("status"))
self.assertTrue(result.get("value"))
# Check that there is still only one token
toks = get_tokens(user=User("someuser", self.realm1))
self.assertEqual(len(toks), 1)
self.assertEqual(toks[0].token.tokentype, "hotp")
self.assertEqual(serial, toks[0].token.serial)
# cleanup
delete_policy("piLogin")
delete_policy("otppin")
delete_policy("crhotp")
delete_event(eid)
remove_token(hotptoken.token.serial)
def test_01_user_attribute_with_handler_tokenowner(self):
user = User('cornelius', self.realm1)
tok = init_token({'type': 'spass', 'pin': 'test'})
self.assertNotIn('foo', user.attributes, user.attributes)
# First try to delete a non-existing attribute
eid = set_event("user_atts",
event=["validate_check"],
action=ACTION_TYPE.DELETE_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.TOKENOWNER,
'attrkey': 'foo'
})
# what happens if the token has no user
with self.app.test_request_context('/validate/check',
data={
"serial": tok.token.serial,
"pass": '******'
},
method='POST'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertTrue(result.get("value"), result)
self.assertNotIn('foo', user.attributes, user.attributes)
# now we attach the token to a user
tok.add_user(user)
with self.app.test_request_context('/validate/check',
data={
"user": '******',
"pass": '******'
},
method='POST'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertTrue(result.get("value"), result)
self.assertNotIn('foo', user.attributes, user.attributes)
# update event to add an attribute
eid = set_event("user_atts",
event=["validate_check"],
id=eid,
action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.TOKENOWNER,
'attrkey': 'foo',
'attrvalue': 'bar'
})
with self.app.test_request_context('/validate/check',
data={
"user": "******",
"pass": '******'
},
method='POST'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertTrue(result.get("value"), result)
self.assertEqual('bar', user.attributes.get('foo'),
user.attributes)
# update event to update an attribute
eid = set_event("user_atts",
event=["validate_check"],
id=eid,
action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.TOKENOWNER,
'attrkey': 'foo',
'attrvalue': 'baz'
})
with self.app.test_request_context('/validate/check',
data={
"user": "******",
"pass": '******'
},
method='POST'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertTrue(result.get("value"), result)
self.assertEqual('baz', user.attributes.get('foo'),
user.attributes)
# now delete the added attribute
eid = set_event("user_atts",
event=["validate_check"],
id=eid,
action=ACTION_TYPE.DELETE_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.TOKENOWNER,
'attrkey': 'foo'
})
with self.app.test_request_context('/validate/check',
data={
"user": "******",
"pass": '******'
},
method='POST'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertTrue(result.get("value"), result)
self.assertNotIn('foo', user.attributes, user.attributes)
delete_event(eid)
remove_token(tok.token.serial)
def test_02_user_attribute_with_handler_logged_in_user(self):
user = User('cornelius', realm=self.realm1)
self.assertNotIn('foo', user.attributes, user.attributes)
# get the auth-token for the user
with self.app.test_request_context('/auth',
data={
"username": '******',
"password": '******'
},
method='POST'):
res = self.app.full_dispatch_request()
self.assertEqual(200, res.status_code, res)
result = res.json.get("result")
self.assertTrue(result.get("status"), result)
user_token = result.get("value").get("token")
# try to delete a non-existing attribute
eid = set_event("user_atts",
event=["token_list"],
action=ACTION_TYPE.DELETE_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.LOGGED_IN_USER,
'attrkey': 'foo'
})
with self.app.test_request_context(
'/token/', method='GET', headers={'Authorization':
user_token}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
self.assertNotIn('foo', user.attributes, user.attributes)
# delete an existing attribute
user.set_attribute('foo', 'bar')
self.assertIn('foo', user.attributes, user.attributes)
with self.app.test_request_context(
'/token/', method='GET', headers={'Authorization':
user_token}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
self.assertNotIn('foo', user.attributes, user.attributes)
# add an attribute
eid = set_event("user_atts",
event=["token_list"],
id=eid,
action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.LOGGED_IN_USER,
'attrkey': 'foo',
'attrvalue': 'bar'
})
with self.app.test_request_context(
'/token/', method='GET', headers={'Authorization':
user_token}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
self.assertEqual('bar', user.attributes['foo'], user.attributes)
# overwrite an attribute
eid = set_event("user_atts",
event=["token_list"],
id=eid,
action=ACTION_TYPE.SET_CUSTOM_USER_ATTRIBUTES,
handlermodule="CustomUserAttributes",
conditions={},
options={
'user': USER_TYPE.LOGGED_IN_USER,
'attrkey': 'foo',
'attrvalue': 'baz'
})
with self.app.test_request_context(
'/token/', method='GET', headers={'Authorization':
user_token}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
self.assertEqual('baz', user.attributes['foo'], user.attributes)
delete_event(eid)
user.delete_attribute('foo')
def test_15_unassign_missing_user(self):
"""
Unassign a token from a user that does not exist anymore.
There is a token which is owned by a user, who was deleted fromt he
userstore.
An Event Handler, to notifiy the user via email on unassign is defined.
This testcase must NOT throw an exception. Well, the user can not be
notified anymore, since the email also does not exist in the
userstore anymore.
"""
# Create our realm and resolver
parameters = {
'resolver':
"notify_resolver",
"type":
"sqlresolver",
'Driver':
'sqlite',
'Server':
'/tests/testdata/',
'Database':
"testuser.sqlite",
'Table':
'users',
'Encoding':
'utf8',
'Editable':
True,
'Map':
'{ "username": "******", \
"userid" : "id", \
"email" : "email", \
"surname" : "name", \
"givenname" : "givenname", \
"password" : "password", \
"phone": "phone", \
"mobile": "mobile"}'
}
r = save_resolver(parameters)
self.assertTrue(r)
success, fail = set_realm("notify_realm", ["notify_resolver"])
self.assertEqual(len(success), 1)
self.assertEqual(len(fail), 0)
# Create a user
## First delete it, in case the user exist
User("notify_user", "notify_realm").delete()
uid = create_user("notify_resolver", {"username": "******"})
self.assertTrue(uid)
user = User("notify_user", "notify_realm")
self.assertEqual(user.login, "notify_user")
self.assertEqual(user.realm, "notify_realm")
# Create a token for this user
r = init_token({"type": "spass", "serial": "SPNOTIFY"}, user=user)
self.assertTrue(r)
# create notification handler
eid = set_event("token_unassign", "UserNotification", "sendmail")
self.assertTrue(eid)
# delete the user
r = user.delete()
self.assertTrue(r)
# unassign the token from the non-existing user
# call the notification handler implicitly
with self.app.test_request_context('/token/unassign',
method='POST',
data={"serial": "SPNOTIFY"},
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result.get("value") is True, result)
# Cleanup
delete_event(eid)
delete_realm("notify_realm")
delete_resolver("notify_resolver")
remove_token("SPNOTIFY")