def test_11_challenge_response_hotp(self): # set a chalresp policy for HOTP with self.app.test_request_context('/policy/pol_chal_resp', data={'action': "challenge_response=hotp", 'scope': "authentication", 'realm': '', 'active': True}, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data, res.data) serial = "CHALRESP1" pin = "chalresp1" # create a token and assign to the user db_token = Token(serial, tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) token.set_user(User("cornelius", self.realm1)) token.set_pin(pin) # create the challenge by authenticating with the OTP PIN with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "pass": pin}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertFalse(result.get("value")) self.assertEqual(detail.get("message"), "please enter otp: ") transaction_id = detail.get("transaction_id") # send the OTP value with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "transaction_id": transaction_id, "pass": "******"}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertTrue(result.get("value")) # delete the token remove_token(serial=serial)
def test_00_create_realms(self): self.setUp_user_realms() # create a token and assign it to the user db_token = Token(self.serials[0], tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) self.assertTrue(token.token.serial == self.serials[0], token) token.set_user(User("cornelius", self.realm1)) token.set_pin("pin") self.assertTrue(token.token.user_id == "1000", token.token.user_id)
def test_13_challenge_response_email(self): serial = "CHALRESP3" pin = "chalresp3" # create a token and assign to the user db_token = Token(serial, tokentype="email") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) token.set_user(User("cornelius", self.realm1)) token.set_pin(pin) # create the challenge by authenticating with the OTP PIN with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "pass": pin}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertFalse(result.get("value")) self.assertEqual(detail.get("message"), "please enter otp: ") transaction_id = detail.get("transaction_id") # send the OTP value # Test with parameter state. with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "state": transaction_id, "pass": "******"}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertTrue(result.get("value")) # delete the token remove_token(serial=serial)
def test_11_challenge_response_hotp(self): # set a chalresp policy for HOTP with self.app.test_request_context('/policy/pol_chal_resp', data={ 'action': "challenge_response=hotp", 'scope': "authentication", 'realm': '', 'active': True }, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data, res.data) serial = "CHALRESP1" pin = "chalresp1" # create a token and assign to the user db_token = Token(serial, tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) token.set_user(User("cornelius", self.realm1)) token.set_pin(pin) # Set the failcounter token.set_failcount(5) # create the challenge by authenticating with the OTP PIN with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******", "pass": pin }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertFalse(result.get("value")) self.assertEqual(detail.get("message"), "please enter otp: ") transaction_id = detail.get("transaction_id") self.assertEqual(token.get_failcount(), 5) # send the OTP value with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******", "transaction_id": transaction_id, "pass": "******" }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertTrue(result.get("value")) self.assertEqual(token.get_failcount(), 0) # delete the token remove_token(serial=serial)