Example #1
0
    def test_block_state(self):
        user1 = UserIdentifier('someone', '123')
        user1.user_data = UserData()
        user1.user_data.join_state = UserData.JOIN_STATE_ALLOWED
        user2 = UserIdentifier('someoneElse', 'deviceId1')
        user2.user_data = UserData()
        user2.user_data.join_state = UserData.JOIN_STATE_BLOCKED
        self.mock_um.list_users.return_value = [user1, user2]

        result = self._exec_list()
        self.assertEqual(result.count('[blocked]'), 1)
    def test_check_expired_time_and_num_one_exceeded(self):
        # num exceeded
        data = UserData()
        data.max_num_joins = 1
        data.num_joins = 2
        data.valid_until = time.time() + 10000

        self._run_check_expired(data, True)

        # time exceeded
        data = UserData()
        data.max_num_joins = 1
        data.num_joins = 0
        data.valid_until = time.time() - 10000

        self._run_check_expired(data, True)
    def test_check_expired_time_and_num_both_exceeded(self):
        data = UserData()
        data.max_num_joins = 1
        data.num_joins = 2
        data.valid_until = time.time() - 10000

        self._run_check_expired(data, True)
    def test_str_representation(self):
        # incrementally adds attributes and checks if they appear in str(item).
        # The str representation is important for several chat commands.
        identifier = UserIdentifier('foo', 'bar')
        # str needs to work without password and data
        self.assertIn('foo', str(identifier))
        self.assertIn('bar', str(identifier))

        identifier.password = '******'
        self.assertIn('passw0rd!', str(identifier))

        data = UserData()
        state_str = data.state_string()
        self.assertIn(state_str, str(data))

        # this is 1970-01-01 00:01:40
        data.valid_until = 100
        data.num_joins = 42
        data.max_num_joins = 1234
        # keep some freedoms on the actual output
        self.assertIn('1970', str(data))
        self.assertIn('00:01:40', str(data))
        self.assertIn('42', str(data))
        self.assertIn('1234', str(data))

        data_str = str(data)
        identifier.user_data = data
        self.assertIn(data_str, str(identifier))
    def test_disassociate_blocked_on_deny(self, mock_fmt_mac, mock_utils):
        # test with and without return value of the sudo_cmd call
        for message in ['message', None]:
            mock_fmt_mac.reset_mock()
            mock_utils.reset_mock()
            self._prepare_on_host_mocks(mock_fmt_mac,
                                        mock_utils,
                                        expected_msg=message)
            mock_utils.disassociate_user.return_value = 'OK'
            testuser = UserIdentifier('user', 'aabb')
            testuser.user_data = UserData()
            testuser.user_data.join_state = UserData.JOIN_STATE_BLOCKED

            handler = FirewallAuthHandler()
            result = handler.on_host_deny(testuser)

            # ensure the script also gets called when UserData is given
            self._assert_on_host_call(mock_fmt_mac,
                                      mock_utils,
                                      '/etc/radguestauth/fw_user_drop.sh',
                                      result,
                                      expected_msg=message)
            # blocked user needs to be disassociated as well
            mock_utils.disassociate_user.assert_called_once_with('aabb')
            self.assertIn('OK', result)
    def test_post_auth_timeout_no_valid_until(self, mock_usermgr, mock_chat,
                                              mock_loader):
        testuser = UserIdentifier('user', 'aabb')
        testuser.user_data = UserData()
        testuser.user_data.valid_until = None
        testuser.user_data.max_num_joins = 10
        mock_usermgr_obj = Mock()
        mock_usermgr_obj.find.return_value = testuser
        mock_usermgr.return_value = mock_usermgr_obj

        mock_auth = self._get_auth_handler_mock(mock_loader)
        expected_result = {'control:Test': 'val'}
        mock_auth.on_post_auth.return_value = expected_result.copy()
        gacore = self._init_and_start()

        result = gacore.post_auth({
            'User-Name': 'user',
            'Calling-Station-Id': 'aabb'
        })

        mock_auth.on_post_auth.assert_called_once_with(
            UserIdentifier('user', 'aabb'), ANY)
        mock_usermgr_obj.find.assert_called_once_with('user')
        # no timeout should be added without valid_until.
        self.assertEqual(expected_result, result)
        self.assertIsNone(result.get('reply:Session-Timeout'))
Example #7
0
 def setUp(self):
     self.mock_um = Mock()
     self.mock_auth = Mock()
     self.cmd = ManageUserCommand(self.mock_um, self.mock_auth)
     self.testuser = UserIdentifier('user', 'device', 'pw')
     self.testdata = UserData()
     self.testuser.user_data = self.testdata
     self.mock_um.find.return_value = self.testuser
    def test_may_join_other_object(self):
        # should work with an independent object having the same attributes
        data = UserData()
        data.max_num_joins = 1
        data.valid_until = time.time() + 10000
        mgr, testuser = self._get_mgr_with_one_user_and_data(data)

        result = mgr.may_join(UserIdentifier('foo', 'bar'))

        self.assert_state_allowed(result)
    def _increment_num_join_helper(self, max_num_joins, num_joins, valid_until,
                                   expected_num_joins):
        data = UserData()
        data.max_num_joins = max_num_joins
        data.num_joins = num_joins
        data.valid_until = valid_until

        data.check_expired(True)

        self.assertEqual(data.num_joins, expected_num_joins)
    def _prepare_timeout_user(self, mock_usermgr):
        testuser = UserIdentifier('user', 'aabb')
        testuser.user_data = UserData()
        test_validity = 600
        testuser.user_data.valid_until = time.time() + test_validity
        mock_usermgr_obj = Mock()
        mock_usermgr_obj.find.return_value = testuser
        mock_usermgr.return_value = mock_usermgr_obj

        return mock_usermgr_obj, test_validity
    def test_data_state_string(self):
        check_map = {
            UserData.JOIN_STATE_WAITING: 'waiting',
            UserData.JOIN_STATE_ALLOWED: 'allowed',
            UserData.JOIN_STATE_BLOCKED: 'blocked'
        }

        for state, representation in check_map.items():
            data = UserData()
            data.join_state = state
            self.assertIn(representation, data.state_string().lower())
    def test_may_join_other_name_different_id_format(self):
        # also reject when the device IDs are formatted differently
        data = UserData()
        data.max_num_joins = 1
        data.valid_until = time.time() + 10000
        user = UserIdentifier('foo', 'AB-C0')
        mgr = self._get_mgr_with(user, data)

        result = mgr.may_join(UserIdentifier('other', 'ab:c0'))

        self.assert_state_blocked(result)
Example #13
0
    def _block_user(self, user_id):
        userdata = user_id.user_data

        if userdata is None:
            userdata = UserData()
            user_id.user_data = userdata

        userdata.join_state = UserData.JOIN_STATE_BLOCKED
        self._user_manager.update(user_id)
        message = self._auth_handler.on_host_deny(user_id)

        return build_answer('User denied.', message)
    def test_get_expired_users(self):
        mgr, testuser1, testuser2 = self._get_mgr_with_two_users()
        testuser2.user_data = UserData()
        # set to very low timestamp to ensure expiration
        testuser2.user_data.valid_until = 123
        mgr.update(testuser2)

        # both users should be in the list, but only testuser2 should
        # be expired.
        users = mgr.list_users()
        expired_users = mgr.get_expired_users()
        self.assertIn(testuser1, users)
        self.assertIn(testuser2, users)
        self.assertListEqual(expired_users, [testuser2])

        # now update first user, should be expired as well then
        testuser1.user_data = UserData()
        testuser1.user_data.valid_until = 123
        mgr.update(testuser1)
        expired_users_updated = mgr.get_expired_users()
        self.assertIn(testuser1, expired_users_updated)
        self.assertIn(testuser2, expired_users_updated)
Example #15
0
    def execute(self, argv):
        if not self._user_manager.is_request_pending():
            return 'No request pending.'

        req = self._user_manager.get_request()
        if not isinstance(req, UserIdentifier):
            return 'Invalid request in UserManager'

        req.user_data = UserData()
        req.user_data.join_state = UserData.JOIN_STATE_BLOCKED
        self._user_manager.update(req)
        self._user_manager.finish_request()

        message = self._auth_handler.on_host_deny(req)
        return build_answer('User denied.', message)
    def test_may_join_blocked_user(self):
        data = UserData()
        data.max_num_joins = 1
        data.num_joins = 2
        valid_time = time.time() - 10000
        data.valid_until = valid_time
        data.join_state = UserData.JOIN_STATE_BLOCKED
        mgr, testuser = self._get_mgr_with_one_user_and_data(data)

        result = mgr.may_join(testuser)

        self.assert_state_blocked(result)
        # attributes should be unchanged
        self.assertEqual(data.max_num_joins, 1)
        self.assertEqual(data.num_joins, 2)
        self.assertEqual(data.valid_until, valid_time)
    def test_may_join_other_name(self):
        # reject other users having the same device ID
        data = UserData()
        data.max_num_joins = 1
        data.valid_until = time.time() + 10000
        mgr, testuser = self._get_mgr_with_one_user_and_data(data)

        result = mgr.may_join(UserIdentifier('other', 'bar'))

        self.assert_state_blocked(result)

        # this should also apply if the stored user has no assigned data
        # (i.e. no state)
        mgr, testuser = self._get_mgr_with_one_user()

        result = mgr.may_join(UserIdentifier('other', 'bar'))

        self.assert_state_blocked(result)
    def test_update_request(self):
        mgr = UserManager()
        testuser = UserIdentifier('foo', 'bar')

        pw = mgr.generate_password()
        mgr.add_request(testuser)
        testdata = UserData()
        testuser.user_data = testdata
        testuser.password = pw
        mgr.update(testuser)
        mgr.finish_request()

        # generate another password, which should not affect the stored one
        mgr.generate_password()

        found = mgr.find('foo')
        self.assertEqual(found.name, testuser.name)
        self.assertEqual(found.device_id, testuser.device_id)
        self.assertEqual(found.password, pw)
        self.assertEqual(found.user_data, testdata)
    def test_user_id_equality(self):
        """
        Checks if the equality of two UserIdentifier objects ignores the
        password and data attributes. This is needed as UserIdentifier objects
        without all attributes set are used e.g. for querying.
        """
        identifier1 = UserIdentifier('foo', 'bar', 'pass')
        identifier2 = UserIdentifier('foo', 'bar', 'word')

        self.assertEqual(identifier1, identifier2)

        identifier3 = UserIdentifier('foo', 'bar', 'word')
        testdata = UserData()
        testdata.max_num_joins = 12
        identifier3.user_data = testdata

        self.assertEqual(identifier1, identifier3)
        self.assertEqual(identifier2, identifier3)

        self.assertNotEqual(identifier1, UserIdentifier('foo', 'baz', 'pass'))
        self.assertNotEqual(identifier1, UserIdentifier('fo0', 'bar', 'pass'))
        self.assertNotEqual(identifier1, 'some other type')
Example #20
0
    def execute(self, argv):
        if len(argv) not in [2, 3]:
            return self.usage()

        parsed = self._parse_modify(argv)

        if not isinstance(parsed, tuple):
            return parsed

        if not self._user_manager.is_request_pending():
            return 'No request pending.'

        req = self._user_manager.get_request()
        if not isinstance(req, UserIdentifier):
            return 'Invalid request in UserManager'

        req.user_data = UserData()
        message = self._update_with_parse_tuple(req, parsed)

        self._user_manager.finish_request()

        return message
    def test_check_expired_time_and_num_valid(self):
        data = UserData()
        data.max_num_joins = 1
        data.valid_until = time.time() + 10000

        self._run_check_expired(data, False)
    def test_check_expired_time_exceeded(self):
        data = UserData()
        data.valid_until = time.time() - 10000

        self._run_check_expired(data, True)
    def test_check_expired_num_exceeded(self):
        data = UserData()
        data.max_num_joins = 10
        data.num_joins = 11

        self._run_check_expired(data, True)
    def test_check_expired_time(self):
        data = UserData()
        data.valid_until = time.time() + 10000

        self._run_check_expired(data, False)
    def test_check_expired_num(self):
        data = UserData()
        data.max_num_joins = 10

        self._run_check_expired(data, False)