def test_12_multiple_resolvers(self):
        # one realm, two SQL resolvers
        parameters_a = self.sql_parameters.copy()
        # first resolver only contains users with phone numbers
        parameters_a['Where'] = 'phone LIKE %'
        parameters_a['resolver'] = 'reso_a'
        rid_a = save_resolver(parameters_a)
        self.assertTrue(rid_a > 0, rid_a)
        # second resolver contains all users
        parameters_b = self.sql_parameters.copy()
        parameters_b['resolver'] = 'reso_b'
        rid_b = save_resolver(parameters_b)
        self.assertTrue(rid_b > 0, rid_b)

        # First ask reso_a, then reso_b
        (added, failed) = set_realm(self.sql_realm, ['reso_a', 'reso_b'], {
            'reso_a': 1,
            'reso_b': 2
        })
        self.assertEqual(len(failed), 0)
        self.assertEqual(len(added), 2)

        # Now, query the user and populate the cache
        self.assertEqual(UserCache.query.count(), 0)
        user1 = User('wordpressuser', self.sql_realm)
        self.assertEqual(user1.uid, '6')
        # Assert it was found in reso_b (as it does not have a phone number)!
        self.assertEqual(user1.resolver, 'reso_b')
        self.assertEqual(
            UserCache.query.filter(UserCache.username == 'wordpressuser',
                                   UserCache.user_id == 6).one().resolver,
            'reso_b')
        # Add a phone number. We do not use the User API to do that to simulate that the change is performed
        # out of privacyIDEA's control. Using `update_user_info` would invalidate the cache, which would be unrealistic.
        info = user1.info
        new_info = info.copy()
        new_info['phone'] = '123456'
        get_resolver_object('reso_a').update_user(user1.uid, new_info)
        # Ensure that the user's association with reso_b is still cached.
        self.assertEqual(
            UserCache.query.filter(UserCache.username == 'wordpressuser',
                                   UserCache.user_id == 6).one().resolver,
            'reso_b')
        # Now, it should be located in reso_a!
        user2 = User('wordpressuser', self.sql_realm)
        self.assertEqual(user2.uid, '6')
        self.assertEqual(user2.resolver, 'reso_a')
        # ... but the cache still contains entries for both!
        resolver_query = UserCache.query.filter(
            UserCache.username == 'wordpressuser',
            UserCache.user_id == 6).order_by(UserCache.timestamp.desc())
        cached_resolvers = [entry.resolver for entry in resolver_query.all()]
        self.assertEqual(cached_resolvers, ['reso_a', 'reso_b'])
        # Remove the phone number.
        get_resolver_object('reso_a').update_user(user1.uid, {'phone': None})
        delete_realm(self.sql_realm)
        delete_resolver('reso_a')
        delete_resolver('reso_b')
Example #2
0
    def test_05_create_resolver_object(self):
        from privacyidea.lib.resolvers.PasswdIdResolver import IdResolver

        reso_obj = get_resolver_object(self.resolvername1)
        self.assertTrue(isinstance(reso_obj, IdResolver), type(reso_obj))

        # resolver, that does not exist
        reso_obj = get_resolver_object("unknown")
        self.assertTrue(reso_obj is None, reso_obj)
Example #3
0
    def test_05_create_resolver_object(self):
        from privacyidea.lib.resolvers.PasswdIdResolver import IdResolver

        reso_obj = get_resolver_object(self.resolvername1)
        self.assertTrue(isinstance(reso_obj, IdResolver), type(reso_obj))

        # resolver, that does not exist
        reso_obj = get_resolver_object("unknown")
        self.assertTrue(reso_obj is None, reso_obj)
Example #4
0
    def test_12_multiple_resolvers(self):
        # one realm, two SQL resolvers
        parameters_a = self.sql_parameters.copy()
        # first resolver only contains users with phone numbers
        parameters_a['Where'] = 'phone LIKE %'
        parameters_a['resolver'] = 'reso_a'
        rid_a = save_resolver(parameters_a)
        self.assertTrue(rid_a > 0, rid_a)
        # second resolver contains all users
        parameters_b = self.sql_parameters.copy()
        parameters_b['resolver'] = 'reso_b'
        rid_b = save_resolver(parameters_b)
        self.assertTrue(rid_b > 0, rid_b)

        # First ask reso_a, then reso_b
        (added, failed) = set_realm(self.sql_realm, ['reso_a', 'reso_b'], {
            'reso_a': 1,
            'reso_b': 2
        })
        self.assertEqual(len(failed), 0)
        self.assertEqual(len(added), 2)

        # Now, query the user and populate the cache
        self.assertEqual(UserCache.query.count(), 0)
        user1 = User('wordpressuser', self.sql_realm)
        self.assertEqual(user1.uid, 6)
        # Assert it was found in reso_b (as it does not have a phone number)!
        self.assertEqual(user1.resolver, 'reso_b')
        self.assertEqual(UserCache.query.filter(UserCache.username == 'wordpressuser',
                                                UserCache.user_id == 6).one().resolver,
                         'reso_b')
        # Add a phone number. We do not use the User API to do that to simulate that the change is performed
        # out of privacyIDEA's control. Using `update_user_info` would invalidate the cache, which would be unrealistic.
        info = user1.info
        new_info = info.copy()
        new_info['phone'] = '123456'
        get_resolver_object('reso_a').update_user(user1.uid, new_info)
        # Ensure that the user's association with reso_b is still cached.
        self.assertEqual(UserCache.query.filter(UserCache.username == 'wordpressuser',
                                                UserCache.user_id == 6).one().resolver,
                         'reso_b')
        # Now, it should be located in reso_a!
        user2 = User('wordpressuser', self.sql_realm)
        self.assertEqual(user2.uid, 6)
        self.assertEqual(user2.resolver, 'reso_a')
        # ... but the cache still contains entries for both!
        resolver_query = UserCache.query.filter(UserCache.username == 'wordpressuser',
                                                UserCache.user_id == 6).order_by(UserCache.timestamp.desc())
        cached_resolvers = [entry.resolver for entry in resolver_query.all()]
        self.assertEqual(cached_resolvers, ['reso_a', 'reso_b'])
        # Remove the phone number.
        get_resolver_object('reso_a').update_user(user1.uid, {'phone': None})
        delete_realm(self.sql_realm)
        delete_resolver('reso_a')
        delete_resolver('reso_b')
Example #5
0
def _get_attributes_from_param(param):
    from privacyidea.lib.resolver import get_resolver_object
    map = get_resolver_object(getParam(param, "resolver", optional=False)).map
    username = getParam(param, "user", optional=False)

    # Add attributes
    attributes = {"username": username}
    for attribute in map.keys():
        value = getParam(param, attribute)
        if value:
            attributes[attribute] = getParam(param, attribute)

    return attributes
Example #6
0
def _get_attributes_from_param(param):
    from privacyidea.lib.resolver import get_resolver_object
    map = get_resolver_object(getParam(param, "resolver", optional=False)).map
    username = getParam(param, "user", optional=False)

    # Add attributes
    attributes = {"username": username}
    for attribute in map.keys():
        value = getParam(param, attribute)
        if value:
            attributes[attribute] = getParam(param, attribute)

    return attributes
Example #7
0
    def test_11_base_resolver_class(self):
        save_resolver({"resolver": "baseresolver", "type": "UserIdResolver"})
        y = get_resolver_object("baseresolver")
        self.assertTrue(y, y)
        rtype = y.getResolverType()
        self.assertTrue(rtype == "UserIdResolver", rtype)
        # close hook
        desc = y.getResolverDescriptor()
        self.assertTrue("clazz" in desc.get("UserIdResolver"), desc)
        self.assertTrue("config" in desc.get("UserIdResolver"), desc)

        id = y.getUserId("some user")
        self.assertTrue(id == "dummy_user_id", id)
        name = y.getUsername("some user")
        self.assertTrue(name == "dummy_user_name", name)

        self.assertTrue(y.getUserInfo("dummy") == {})
        self.assertTrue(len(y.getUserList()) == 1)
        self.assertTrue(len(y.getUserList()) == 1)
        rid = y.getResolverId()
        self.assertTrue(rid == "baseid", rid)
        self.assertFalse(y.checkPass("dummy", "pw"))
        y.close()
Example #8
0
    def test_11_base_resolver_class(self):
        save_resolver({"resolver": "baseresolver", "type": "UserIdResolver"})
        y = get_resolver_object("baseresolver")
        self.assertTrue(y, y)
        rtype = y.getResolverType()
        self.assertTrue(rtype == "UserIdResolver", rtype)
        # close hook
        desc = y.getResolverDescriptor()
        self.assertTrue("clazz" in desc.get("UserIdResolver"), desc)
        self.assertTrue("config" in desc.get("UserIdResolver"), desc)

        id = y.getUserId("some user")
        self.assertTrue(id == "dummy_user_id", id)
        name = y.getUsername("some user")
        self.assertTrue(name == "dummy_user_name", name)

        self.assertTrue(y.getUserInfo("dummy") == {})
        self.assertTrue(len(y.getUserList()) == 1)
        self.assertTrue(len(y.getUserList()) == 1)
        rid = y.getResolverId()
        self.assertTrue(rid == "baseid", rid)
        self.assertFalse(y.checkPass("dummy", "pw"))
        y.close()
Example #9
0
    def test_12_passwdresolver(self):
        # Create a resolver with an empty filename
        # will use the filename /etc/passwd
        rid = save_resolver({
            "resolver": self.resolvername1,
            "type": "passwdresolver",
            "fileName": "",
            "type.fileName": "string",
            "desc.fileName": "The name of the file"
        })
        self.assertTrue(rid > 0, rid)
        y = get_resolver_object(self.resolvername1)
        y.loadFile()
        delete_resolver(self.resolvername1)

        # Load a file with an empty line
        rid = save_resolver({
            "resolver": self.resolvername1,
            "type": "passwdresolver",
            "fileName": PWFILE,
            "type.fileName": "string",
            "desc.fileName": "The name of the file"
        })
        self.assertTrue(rid > 0, rid)
        y = get_resolver_object(self.resolvername1)
        y.loadFile()

        ulist = y.getUserList({"username": "******"})
        self.assertTrue(len(ulist) > 1, ulist)

        self.assertTrue(y.checkPass("1000", "test"))
        self.assertFalse(y.checkPass("1000", "wrong password"))
        self.assertRaises(NotImplementedError, y.checkPass, "1001", "secret")
        self.assertFalse(y.checkPass("1002", "no pw at all"))
        self.assertTrue(
            y.getUsername("1000") == "cornelius", y.getUsername("1000"))
        self.assertTrue(
            y.getUserId(u"cornelius") == "1000", y.getUserId("cornelius"))
        self.assertTrue(y.getUserId("user does not exist") == "")
        sF = y.getSearchFields({"username": "******"})
        self.assertTrue(sF.get("username") == "text", sF)
        # unknown search fields. We get an empty userlist
        r = y.getUserList({"blabla": "something"})
        self.assertTrue(r == [], r)
        # list exactly one user
        r = y.getUserList({"userid": "=1000"})
        self.assertTrue(len(r) == 1, r)
        r = y.getUserList({"userid": "<1001"})
        self.assertTrue(len(r) == 1, r)
        r = y.getUserList({"userid": ">1000"})
        self.assertTrue(len(r) > 1, r)
        r = y.getUserList({"userid": "between 1000, 1001"})
        self.assertTrue(len(r) == 2, r)
        r = y.getUserList({"userid": "between 1001, 1000"})
        self.assertTrue(len(r) == 2, r)
        r = y.getUserList({"userid": "<=1000"})
        self.assertTrue(len(r) == 1, "%s" % r)
        r = y.getUserList({"userid": ">=1000"})
        self.assertTrue(len(r) > 1, r)

        r = y.getUserList({"description": "field1"})
        self.assertTrue(len(r) == 0, r)
        r = y.getUserList({"email": "field1"})
        self.assertTrue(len(r) == 0, r)

        rid = y.getResolverId()
        self.assertTrue(rid == PWFILE, rid)
        rtype = y.getResolverType()
        self.assertTrue(rtype == "passwdresolver", rtype)
        rdesc = y.getResolverDescriptor()
        self.assertTrue("config" in rdesc.get("passwdresolver"), rdesc)
        self.assertTrue("clazz" in rdesc.get("passwdresolver"), rdesc)
        # internal stringMatch function
        self.assertTrue(y._stringMatch(u"Hallo", "*lo"))
        self.assertTrue(y._stringMatch("Hallo", u"Hal*"))
        self.assertFalse(y._stringMatch("Duda", "Hal*"))
        self.assertTrue(y._stringMatch("HalloDuda", "*Du*"))
        self.assertTrue(y._stringMatch("Duda", "Duda"))
Example #10
0
    def test_12_passwdresolver(self):
        # Create a resolver with an empty filename
        # will use the filename /etc/passwd
        rid = save_resolver(
            {
                "resolver": self.resolvername1,
                "type": "passwdresolver",
                "fileName": "",
                "type.fileName": "string",
                "desc.fileName": "The name of the file",
            }
        )
        self.assertTrue(rid > 0, rid)
        y = get_resolver_object(self.resolvername1)
        y.loadFile()
        delete_resolver(self.resolvername1)

        # Load a file with an empty line
        rid = save_resolver(
            {
                "resolver": self.resolvername1,
                "type": "passwdresolver",
                "fileName": PWFILE,
                "type.fileName": "string",
                "desc.fileName": "The name of the file",
            }
        )
        self.assertTrue(rid > 0, rid)
        y = get_resolver_object(self.resolvername1)
        y.loadFile()

        ulist = y.getUserList({"username": "******"})
        self.assertTrue(len(ulist) > 1, ulist)

        self.assertTrue(y.checkPass("1000", "test"))
        self.assertFalse(y.checkPass("1000", "wrong password"))
        self.assertRaises(NotImplementedError, y.checkPass, "1001", "secret")
        self.assertFalse(y.checkPass("1002", "no pw at all"))
        self.assertTrue(y.getUsername("1000") == "cornelius", y.getUsername("1000"))
        self.assertTrue(y.getUserId(u"cornelius") == "1000", y.getUserId("cornelius"))
        self.assertTrue(y.getUserId("user does not exist") == "")
        sF = y.getSearchFields({"username": "******"})
        self.assertTrue(sF.get("username") == "text", sF)
        # unknown search fields. We get an empty userlist
        r = y.getUserList({"blabla": "something"})
        self.assertTrue(r == [], r)
        # list exactly one user
        r = y.getUserList({"userid": "=1000"})
        self.assertTrue(len(r) == 1, r)
        r = y.getUserList({"userid": "<1001"})
        self.assertTrue(len(r) == 1, r)
        r = y.getUserList({"userid": ">1000"})
        self.assertTrue(len(r) > 1, r)
        r = y.getUserList({"userid": "between 1000, 1001"})
        self.assertTrue(len(r) == 2, r)
        r = y.getUserList({"userid": "between 1001, 1000"})
        self.assertTrue(len(r) == 2, r)
        r = y.getUserList({"userid": "<=1000"})
        self.assertTrue(len(r) == 1, "%s" % r)
        r = y.getUserList({"userid": ">=1000"})
        self.assertTrue(len(r) > 1, r)

        r = y.getUserList({"description": "field1"})
        self.assertTrue(len(r) == 0, r)
        r = y.getUserList({"email": "field1"})
        self.assertTrue(len(r) == 0, r)

        rid = y.getResolverId()
        self.assertTrue(rid == PWFILE, rid)
        rtype = y.getResolverType()
        self.assertTrue(rtype == "passwdresolver", rtype)
        rdesc = y.getResolverDescriptor()
        self.assertTrue("config" in rdesc.get("passwdresolver"), rdesc)
        self.assertTrue("clazz" in rdesc.get("passwdresolver"), rdesc)
        # internal stringMatch function
        self.assertTrue(y._stringMatch(u"Hallo", "*lo"))
        self.assertTrue(y._stringMatch("Hallo", u"Hal*"))
        self.assertFalse(y._stringMatch("Duda", "Hal*"))
        self.assertTrue(y._stringMatch("HalloDuda", "*Du*"))
        self.assertTrue(y._stringMatch("Duda", "Duda"))