def test_03_set_new_password(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
# Get the recovery code
recoverycode = "reccode"
new_password = "******"
user = User("corneliusReg", "register")
r = create_recoverycode(user, recoverycode=recoverycode)
self.assertEqual(r, True)
# Use the recoverycode to set a new password
with self.app.test_request_context('/recover/reset',
method='POST',
data={
"user": "******",
"realm": "register",
"recoverycode": recoverycode,
"password": new_password
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res.data)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
# send an invalid recoverycode
with self.app.test_request_context('/recover/reset',
method='POST',
data={
"user": "******",
"realm": "register",
"recoverycode": "asdf",
"password": new_password
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res.data)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), False)
def test_03_set_new_password(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
# Get the recovery code
recoverycode = "reccode"
new_password = "******"
user = User("corneliusReg", "register")
r = create_recoverycode(user, recoverycode=recoverycode)
self.assertEqual(r, True)
# Use the recoverycode to set a new password
with self.app.test_request_context(
"/recover/reset",
method="POST",
data={"user": "******", "realm": "register", "recoverycode": recoverycode, "password": new_password},
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res.data)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
# send an invalid recoverycode
with self.app.test_request_context(
"/recover/reset",
method="POST",
data={"user": "******", "realm": "register", "recoverycode": "asdf", "password": new_password},
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res.data)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), False)
def test_19_emailtext(self):
# create a EMAILTEXT policy:
p = set_policy(name="emailtext",
action="%s=%s" % (EMAILACTION.EMAILTEXT, "'Your <otp>'"),
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
transactionid = "123456098713"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
c = token.create_challenge(transactionid, options=options)
self.assertTrue(c[0], c)
display_message = c[1]
self.assertTrue(c[3].get("state"), transactionid)
self.assertEqual(display_message, "Enter the OTP from the Email:")
# Test AUTOEMAIL
p = set_policy(name="autoemail",
action=EMAILACTION.EMAILAUTO,
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
r = token.check_otp("287922", options=options)
self.assertTrue(r > 0, r)
def test_19_emailtext(self):
# create a EMAILTEXT policy:
p = set_policy(name="emailtext",
action="%s=%s" %
(EMAILACTION.EMAILTEXT, "'Your <otp>'"),
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
transactionid = "123456098713"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
c = token.create_challenge(transactionid, options=options)
self.assertTrue(c[0], c)
display_message = c[1]
self.assertTrue(c[3].get("state"), transactionid)
self.assertEqual(display_message, "Enter the OTP from the Email:")
# Test AUTOEMAIL
p = set_policy(name="autoemail",
action=EMAILACTION.EMAILAUTO,
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
r = token.check_otp("287922", options=options)
self.assertTrue(r > 0, r)
def test_19_emailtext(self):
# create a EMAILTEXT policy:
p = set_policy(name="emailtext",
action="{0!s}={1!s}".format(EMAILACTION.EMAILTEXT, "'Your <otp>'"),
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
transactionid = "123456098713"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
c = token.create_challenge(transactionid, options=options)
self.assertTrue(c[0], c)
display_message = c[1]
self.assertTrue(c[3].get("state"), transactionid)
self.assertEqual(display_message, "Enter the OTP from the Email:")
_, mimetype = token._get_email_text_or_subject(options, EMAILACTION.EMAILTEXT)
self.assertEqual(mimetype, "plain")
# Test AUTOEMAIL
p = set_policy(name="autoemail",
action=EMAILACTION.EMAILAUTO,
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
r = token.check_otp("287922", options=options)
self.assertTrue(r > 0, r)
# create a EMAILTEXT policy with template
p = set_policy(name="emailtext",
action="{0!s}=file:{1!s}".format(EMAILACTION.EMAILTEXT, TEMPLATE_FILE),
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
transactionid = "123456098714"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
email_text, mimetype = token._get_email_text_or_subject(options, EMAILACTION.EMAILTEXT)
self.assertTrue("<p>Hello,</p>" in email_text)
self.assertEqual(mimetype, "html")
c = token.create_challenge(transactionid, options=options)
self.assertTrue(c[0], c)
display_message = c[1]
self.assertTrue(c[3].get("state"), transactionid)
self.assertEqual(display_message, "Enter the OTP from the Email:")
def test_19_emailtext(self):
# create a EMAILTEXT policy:
p = set_policy(name="emailtext",
action="{0!s}={1!s}".format(EMAILACTION.EMAILTEXT, "'Your <otp>'"),
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
transactionid = "123456098713"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
c = token.create_challenge(transactionid, options=options)
self.assertTrue(c[0], c)
display_message = c[1]
self.assertTrue(c[3].get("state"), transactionid)
self.assertEqual(display_message, _("Enter the OTP from the Email:"))
_n, mimetype = token._get_email_text_or_subject(options, EMAILACTION.EMAILTEXT)
self.assertEqual(mimetype, "plain")
# Test AUTOEMAIL
p = set_policy(name="autoemail",
action=EMAILACTION.EMAILAUTO,
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
r = token.check_otp("287922", options=options)
self.assertTrue(r > 0, r)
# create a EMAILTEXT policy with template
p = set_policy(name="emailtext",
action="{0!s}=file:{1!s}".format(EMAILACTION.EMAILTEXT, TEMPLATE_FILE),
scope=SCOPE.AUTH)
self.assertTrue(p > 0)
g = FakeFlaskG()
P = PolicyClass()
g.policy_object = P
options = {"g": g}
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
transactionid = "123456098714"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
email_text, mimetype = token._get_email_text_or_subject(options, EMAILACTION.EMAILTEXT)
self.assertTrue("<p>Hello,</p>" in email_text)
self.assertEqual(mimetype, "html")
c = token.create_challenge(transactionid, options=options)
self.assertTrue(c[0], c)
display_message = c[1]
self.assertTrue(c[3].get("state"), transactionid)
self.assertEqual(display_message, _("Enter the OTP from the Email:"))
def test_21_test_email_config(self):
from privacyidea.lib.tokens.emailtoken import TEST_SUCCESSFUL
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = EmailTokenClass.test_config({"email.mailserver": "mail.example.com",
"email.mailfrom": "*****@*****.**",
"email.recipient": "*****@*****.**"})
self.assertEqual(r[0], True)
self.assertEqual(r[1], TEST_SUCCESSFUL)
def test_21_test_email_config(self):
from privacyidea.lib.tokens.emailtoken import TEST_SUCCESSFUL
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = EmailTokenClass.test_config({"email.mailserver": "mail.example.com",
"email.mailfrom": "*****@*****.**",
"email.recipient": "*****@*****.**"})
self.assertEqual(r[0], True)
self.assertEqual(r[1], TEST_SUCCESSFUL)
def test_20_sending_email_exception(self):
smtpmock.setdata(exception=True)
transactionid = "123456098714"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
c = token.create_challenge(transactionid)
self.assertFalse(c[0])
self.assertTrue("The PIN was correct, but the EMail could not "
"be sent" in c[1])
def test_20_sending_email_exception(self):
smtpmock.setdata(exception=True)
transactionid = "123456098712"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
c = token.create_challenge(transactionid)
self.assertFalse(c[0])
self.assertEqual(c[1], "The PIN was correct, but the EMail could not "
"be sent: SMTPException(u'MOCK TLS ERROR',)")
def test_13_challenge_response_email(self):
smtpmock.setdata(response={})
# set a chalresp policy for Email
with self.app.test_request_context('/policy/pol_chal_resp',
data={'action':
"challenge_response=email",
'scope': "authentication",
'realm': '',
'active': True},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data,
res.data)
serial = "CHALRESP3"
pin = "chalresp3"
# create a token and assign to the user
init_token({"serial": serial,
"type": "email",
"otpkey": self.otpkey,
"email": "*****@*****.**",
"pin": pin}, user=User("cornelius", self.realm1))
# create the challenge by authenticating with the OTP PIN
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"pass": pin}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertFalse(result.get("value"))
self.assertEqual(detail.get("message"), "Enter the OTP from the "
"Email:")
transaction_id = detail.get("transaction_id")
# send the OTP value
# Test with parameter state.
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"state":
transaction_id,
"pass": "******"}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertTrue(result.get("value"))
# delete the token
remove_token(serial=serial)
def test_14_send_to_adminrealm(self):
# setup realms
self.setUp_user_realms()
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******", "role": "admin", "realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial", "user": "******"}
req.User = User("cornelius", self.realm1)
resp = Response()
resp.data = """{"result": {"value": true},
"detail": {"registrationcode": "12345678910"}
}
"""
# send email to user in adminrealm "realm1"
# Although this is no admin realm, but this realm contains some email
# addresses.
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
"conditions": {
"serial": "123.*"
},
"options": {
"body": "your {registrationcode}",
"emailconfig": "myserver",
"To": NOTIFY_TYPE.ADMIN_REALM,
"To " + NOTIFY_TYPE.ADMIN_REALM: "realm1"
}
}
}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendmail", options=options)
self.assertTrue(res)
def test_02_reset_password(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
set_privacyidea_config("recovery.identifier", "myserver")
with self.app.test_request_context(
"/recover",
method="POST",
data={"user": "******", "realm": "register", "email": "*****@*****.**"},
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res.data)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_02_check_recoverycode(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
recoverycode = "reccode"
user = User("cornelius", self.realm1)
r = create_recoverycode(user, recoverycode=recoverycode)
self.assertEqual(r, True)
r = check_recoverycode(user, recoverycode)
self.assertEqual(r, True)
# The recovery code is not valid a second time
r = check_recoverycode(user, recoverycode)
self.assertEqual(r, False)
def test_02_reset_password(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
set_privacyidea_config("recovery.identifier", "myserver")
with self.app.test_request_context('/recover',
method='POST',
data={"user": "******",
"realm": "register",
"email":
"*****@*****.**"}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res.data)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_01_create_recovery(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
# missing configuration
self.assertRaises(privacyIDEAError, create_recoverycode,
user=User("cornelius", self.realm1))
# recover password with "recovery.identifier"
r = add_smtpserver(identifier="myserver", server="1.2.3.4")
self.assertTrue(r > 0)
set_privacyidea_config("recovery.identifier", "myserver")
r = create_recoverycode(User("cornelius", self.realm1))
self.assertEqual(r, True)
def test_02_send_email(self):
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
server = get_smtpserver("myserver")
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, True)
smtpmock.setdata(
response={"*****@*****.**": (550, "Message rejected")},
support_tls=False)
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, False)
# Use TLS
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=True)
self.assertTrue(r > 0)
server = get_smtpserver("myserver")
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=True)
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, True)
# If we configure TLS but the server does not support this, we raise
# an error
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
self.assertRaises(SMTPException, server.send_email,
["*****@*****.**"], "Hallo", "Body")
delete_smtpserver("myserver")
def test_02_send_email(self):
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
server = get_smtpserver("myserver")
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, True)
smtpmock.setdata(response={"*****@*****.**": (550,
"Message rejected")},
support_tls=False)
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, False)
# Use TLS
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=True)
self.assertTrue(r > 0)
server = get_smtpserver("myserver")
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=True)
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, True)
# If we configure TLS but the server does not support this, we raise
# an error
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
self.assertRaises(SMTPException, server.send_email,
["*****@*****.**"], "Hallo", "Body")
delete_smtpserver("myserver")
def test_03_sendsms(self):
# setup realms
self.setUp_user_realms()
r = set_smsgateway(identifier="myGW",
providermodule="privacyidea.lib.smsprovider."
"SmtpSMSProvider.SmtpSMSProvider",
options={
"SMTPIDENTIFIER": "myserver",
"MAILTO": "*****@*****.**"
})
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******", "role": "admin", "realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial", "user": "******"}
req.User = User("cornelius", self.realm1)
resp = Response()
resp.data = """{"result": {"value": true}}"""
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
"options": {
"smsconfig": "myGW"
}
}
}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendsms", options=options)
self.assertTrue(res)
def test_02_send_email(self):
r = add_smtpserver(identifier="myserver", server="1.2.3.4")
self.assertTrue(r > 0)
server = get_smtpserver("myserver")
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, True)
smtpmock.setdata(
response={"*****@*****.**": (550, "Message rejected")})
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, False)
delete_smtpserver("myserver")
def test_02_send_email(self):
r = add_smtpserver(identifier="myserver", server="1.2.3.4")
self.assertTrue(r > 0)
server = get_smtpserver("myserver")
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, True)
smtpmock.setdata(response={"*****@*****.**": (550,
"Message rejected")})
r = server.send_email(["*****@*****.**"], "Hallo", "Body")
self.assertEqual(r, False)
delete_smtpserver("myserver")
def test_08_smsgateway_success(self):
r = add_smtpserver("myServer", "1.2.3.4", sender="*****@*****.**")
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
identifier = "myMail"
provider_module = "privacyidea.lib.smsprovider.SmtpSMSProvider" \
".SmtpSMSProvider"
id = set_smsgateway(identifier, provider_module, description="test",
options={"SMTPIDENTIFIER": "myServer",
"MAILTO": "*****@*****.**",
"SUBJECT": "{phone}",
"BODY": "{otp}"})
self.assertTrue(id > 0)
sms = create_sms_instance(identifier)
r = sms.submit_message("123456", "Halo")
self.assertTrue(r)
def test_08_smsgateway_success(self):
r = add_smtpserver("myServer", "1.2.3.4", sender="*****@*****.**")
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
identifier = "myMail"
provider_module = "privacyidea.lib.smsprovider.SmtpSMSProvider" \
".SmtpSMSProvider"
id = set_smsgateway(identifier, provider_module, description="test",
options={"SMTPIDENTIFIER": "myServer",
"MAILTO": "*****@*****.**",
"SUBJECT": "{phone}",
"BODY": "{otp}"})
self.assertTrue(id > 0)
sms = create_sms_instance(identifier)
r = sms.submit_message("123456", "Halo")
self.assertTrue(r)
def test_07_locked_token_wrong_pin(self):
tok = init_token({
"serial": "lock2",
"type": "spass",
"pin": "pin"
},
user=User("cornelius", "realm1"))
# lock it
tok.set_failcount(10)
uhandler = UserNotificationEventHandler()
resp = Response()
resp.data = """{"result": {"value": false}}"""
builder = EnvironBuilder(method='POST')
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******", "pass": "******"}
req.User = User("cornelius", self.realm1)
# check the do action.
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = None
g.audit_object = audit_object
options = {
"g": g,
"handler_def": {
"conditions": {
"token_locked": "True"
}
},
"response": resp,
"request": req
}
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
r = uhandler.check_condition(options)
self.assertEqual(r, True)
r = uhandler.do("sendmail", options=options)
self.assertEqual(r, True)
def test_18_challenge_request(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
transactionid = "123456098712"
set_privacyidea_config("email.mailserver", "localhost")
set_privacyidea_config("email.username", "user")
set_privacyidea_config("email.username", "password")
set_privacyidea_config("email.tls", True)
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge(transactionid)
self.assertTrue(c[0], c)
otp = c[1]
self.assertTrue(c[3].get("state"), transactionid)
# check for the challenges response
r = token.check_challenge_response(passw=otp)
self.assertTrue(r, r)
def test_18_challenge_request(self):
smtpmock.setdata(response={})
transactionid = "123456098712"
set_privacyidea_config("email.mailserver", "localhost")
set_privacyidea_config("email.username", "user")
set_privacyidea_config("email.username", "password")
set_privacyidea_config("email.tls", True)
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge(transactionid)
self.assertTrue(c[0], c)
otp = c[1]
self.assertTrue(c[3].get("state"), transactionid)
# check for the challenges response
r = token.check_challenge_response(passw=otp)
self.assertTrue(r, r)
def test_02_sendmail(self):
# setup realms
self.setUp_user_realms()
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******", "role": "admin", "realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial", "user": "******"}
req.User = User("cornelius", self.realm1)
resp = Response()
resp.data = """{"result": {"value": true}}"""
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
"options": {
"emailconfig": "myserver"
}
}
}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendmail", options=options)
self.assertTrue(res)
def test_22_new_email_config(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
transactionid = "123456098717"
# send the email with the new configuration
r = add_smtpserver(identifier="myServer", server="1.2.3.4")
set_privacyidea_config("email.identifier", "myServer")
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge(transactionid)
self.assertTrue(c[0], c)
otp = c[1]
self.assertTrue(c[3].get("state"), transactionid)
# check for the challenges response
r = token.check_challenge_response(passw=otp)
self.assertTrue(r, r)
delete_smtpserver("myServer")
delete_privacyidea_config("email.identifier")
def test_02_send_test_email(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
with self.app.test_request_context('/smtpserver/send_test_email',
method='POST',
data={"identifier": "someServer",
"username": "******",
"password": "******",
"port": "123",
"server": "1.2.3.4",
"sender": "privacyidea@local",
"recipient":
"*****@*****.**",
"description": "myServer"},
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_22_new_email_config(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
transactionid = "123456098717"
# send the email with the new configuration
r = add_smtpserver(identifier="myServer", server="1.2.3.4")
set_privacyidea_config("email.identifier", "myServer")
db_token = Token.query.filter_by(serial=self.serial1).first()
token = EmailTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge(transactionid)
self.assertTrue(c[0], c)
otp = c[1]
self.assertTrue(c[3].get("state"), transactionid)
# check for the challenges response
r = token.check_challenge_response(passw=otp)
self.assertTrue(r, r)
delete_smtpserver("myServer")
delete_privacyidea_config("email.identifier")
def test_05_test_email(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=True)
identifier = "newConfig"
server = "mailsever"
port = 25
username = "******"
password = "******"
sender = "*****@*****.**"
tls = True
recipient = "*****@*****.**"
s = SMTPServerDB(identifier=identifier, server=server, port=port,
username=username, password=password, sender=sender,
tls=tls)
r = SMTPServer.test_email(s, recipient,
"Test Email from privacyIDEA",
"This is a test email from privacyIDEA. "
"The configuration %s is working." % identifier)
def test_03_sendsms(self):
# setup realms
self.setUp_user_realms()
r = set_smsgateway(identifier="myGW",
providermodule="privacyidea.lib.smsprovider."
"SmtpSMSProvider.SmtpSMSProvider",
options={"SMTPIDENTIFIER": "myserver",
"MAILTO": "*****@*****.**"})
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******",
"role": "admin",
"realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial",
"user": "******"}
options = {"g": g,
"request": req,
"smsconfig": "myGW"}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendsms", options=options)
self.assertTrue(res)
def test_02_send_test_email(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
with self.app.test_request_context('/smtpserver/send_test_email',
method='POST',
data={
"identifier": "someServer",
"username": "******",
"password": "******",
"port": "123",
"server": "1.2.3.4",
"sender": "privacyidea@local",
"recipient": "*****@*****.**",
"description": "myServer"
},
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_02_sendmail(self):
# setup realms
self.setUp_user_realms()
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******",
"role": "admin",
"realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial",
"user": "******"}
options = {"g": g,
"request": req,
"emailconfig": "myserver"}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendmail", options=options)
self.assertTrue(res)
def test_05_test_email(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=True)
identifier = "newConfig"
server = "mailsever"
port = 25
username = "******"
password = "******"
sender = "*****@*****.**"
tls = True
recipient = "*****@*****.**"
s = SMTPServerDB(identifier=identifier,
server=server,
port=port,
username=username,
password=password,
sender=sender,
tls=tls)
r = SMTPServer.test_email(
s, recipient, "Test Email from privacyIDEA",
"This is a test email from privacyIDEA. "
"The configuration %s is working." % identifier)
def test_04_create_recovery_nonascii(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
recoverycode = "reccode"
# create resolver and realm
param = self.parameters
param["resolver"] = "register"
param["type"] = "sqlresolver"
r = save_resolver(param)
self. assertTrue(r > 0)
# recover password with "recovery.identifier"
r = add_smtpserver(identifier="myserver", server="1.2.3.4")
self.assertTrue(r > 0)
set_privacyidea_config("recovery.identifier", "myserver")
r = create_recoverycode(User(u"nönäscii", "register"), recoverycode=recoverycode)
self.assertEqual(r, True)
user = User(u"nönäscii", "register")
r = check_recoverycode(user, recoverycode)
self.assertEqual(r, True)
# The recovery code is not valid a second time
r = check_recoverycode(user, recoverycode)
self.assertEqual(r, False)
def test_02_simple_config_success(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = self.simple_provider.submit_message("123456", "Hello")
self.assertRaises(r)
def test_08_create_token_for_user(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
transactionid = "123456098712"
# send the email with the old configuration
set_privacyidea_config("email.mailserver", "localhost")
set_privacyidea_config("email.username", "user")
set_privacyidea_config("email.username", "password")
set_privacyidea_config("email.tls", True)
# We create a token for a user, who has currently no token!
# create an event configuration
param = {
"name": "Create Email Token for untokened user",
"event": "validate_check",
"action": "enroll",
"handlermodule": "Token",
"position": "pre",
"conditions": '{"user_token_number": "0"}',
"option.user": "******",
"option.tokentype": "email",
"option.dynamic_email": "1",
"option.additional_params": "{'pin':'1234'}"
}
with self.app.test_request_context('/event',
data=param,
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("value"), 1)
self.setUp_user_realm2()
# usernotoken, self.realm2
# check that the user has no tokens
with self.app.test_request_context('/token/',
data={"user": "******",
"realm": self.realm2},
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("value").get("tokens"), [])
# user tries to authenticate. with the pin 1234.
# He gets an email token enrolled and gets the transaction code in the response
with self.app.test_request_context('/validate/check',
data={"user": "******",
"realm": self.realm2,
"pass": "******"},
method="POST",
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertFalse(result.get("value"))
self.assertTrue(detail.get("serial").startswith("PIEM"))
# This is a challenge response!
self.assertTrue("transaction_id" in detail, detail)
self.assertTrue("multi_challenge" in detail, detail)
self.assertEqual(detail.get("message"), u"Enter the OTP from the Email:")
# check user has a token
with self.app.test_request_context('/token/',
data={"user": "******",
"realm": self.realm2},
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("value").get("count"), 1)
self.assertEqual(result.get("value").get("tokens")[0].get("tokentype"), u"email")
def test_05_check_conditions(self):
uhandler = UserNotificationEventHandler()
resp = Response()
resp.data = """{"result": {"value": false}}"""
builder = EnvironBuilder(method='POST')
env = builder.get_environ()
req = Request(env)
req.all_data = {}
req.User = User()
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"logged_in_user": "******"}},
"response": resp,
"request": req})
self.assertEqual(r, False)
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"result_value": True}},
"response": resp,
"request": req})
self.assertEqual(r, False)
# check a locked token with maxfail = failcount
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
req.all_data = {"user": "******"}
resp.data = """{"result": {"value": false},
"detail": {"serial": "lockedtoken"}
}
"""
tok = init_token({"serial": "lockedtoken", "type": "spass"})
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"token_locked": "True"}},
"response": resp,
"request": req
}
)
# not yet locked
self.assertEqual(r, False)
# lock it
tok.set_failcount(10)
options = {"g": {},
"handler_def": {"conditions": {"token_locked": "True"}},
"response": resp,
"request": req
}
r = uhandler.check_condition(options)
# now locked
self.assertEqual(r, True)
# check the do action.
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.audit_object = audit_object
options = {"g": g,
"handler_def": {"conditions": {"token_locked": "True"}},
"response": resp,
"request": req
}
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
r = uhandler.do("sendmail", options=options)
self.assertEqual(r, True)
def test_03_simple_config_fail(self):
smtpmock.setdata(response={"*****@*****.**": (550,
"mailbox unavailable")})
self.assertRaises(SMSError, self.simple_provider.submit_message,
"123456", "Hello")
def test_06_auth_config_fail(self):
smtpmock.setdata(response={},
authenticated=False,
config=self.auth_config)
self.assertRaises(SMSError, self.auth_provider.submit_message,
"123456", "Hello")
def test_01_register_user(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
# create resolver and realm
param = self.parameters
param["resolver"] = "register"
param["type"] = "sqlresolver"
r = save_resolver(param)
self.assertTrue(r > 0)
added, failed = set_realm("register", resolvers=["register"])
self.assertTrue(added > 0)
self.assertEqual(len(failed), 0)
# create policy
r = set_policy(
name="pol2",
scope=SCOPE.REGISTER,
action="%s=%s, %s=%s" % (ACTION.REALM, "register", ACTION.RESOLVER, "register"),
)
# Try to register, but missing parameter
with self.app.test_request_context(
"/register", method="POST", data={"username": "******", "surname": "Kölbel"}
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
# Register fails, missing SMTP config
with self.app.test_request_context(
"/register",
method="POST",
data={
"username": "******",
"surname": "Kölbel",
"givenname": "Cornelius",
"password": "******",
"email": "*****@*****.**",
},
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
data = json.loads(res.data)
self.assertEqual(
data.get("result").get("error").get("message"), u"ERR10: No SMTP server configuration specified!"
)
# Set SMTP config and policy
add_smtpserver("myserver", "1.2.3.4", sender="pi@localhost")
set_policy("pol3", scope=SCOPE.REGISTER, action="%s=myserver" % ACTION.EMAILCONFIG)
with self.app.test_request_context(
"/register",
method="POST",
data={
"username": "******",
"surname": "Kölbel",
"givenname": "Cornelius",
"password": "******",
"email": "*****@*****.**",
},
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
# Registering the user a second time will fail
with self.app.test_request_context(
"/register",
method="POST",
data={
"username": "******",
"surname": "Kölbel",
"givenname": "Cornelius",
"password": "******",
"email": "*****@*****.**",
},
):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
# get the register status
with self.app.test_request_context("/register", method="GET"):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_05_auth_config_success(self):
smtpmock.setdata(response={})
r = self.auth_provider.submit_message("123456", "Hello")
def test_07_identifier_config_success(self):
r = add_smtpserver("myServer", "1.2.3.4", sender="*****@*****.**")
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = self.identifier_provider.submit_message("123456", "Halo")
self.assertTrue(r)
def test_06_auth_config_fail(self):
smtpmock.setdata(response={},
authenticated=False,
config=self.auth_config)
self.assertRaises(SMSError, self.auth_provider.submit_message,
"123456", "Hello")
def test_05_auth_config_success(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = self.auth_provider.submit_message("123456", "Hello")
self.assertTrue(r)
def test_03_simple_config_fail(self):
smtpmock.setdata(
response={"*****@*****.**": (550, "mailbox unavailable")})
self.assertRaises(SMSError, self.simple_provider.submit_message,
"123456", "Hello")
def test_01_register_user(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
# create resolver and realm
param = self.parameters
param["resolver"] = "register"
param["type"] = "sqlresolver"
r = save_resolver(param)
self.assertTrue(r > 0)
added, failed = set_realm("register", resolvers=["register"])
self.assertTrue(added > 0)
self.assertEqual(len(failed), 0)
# create policy
r = set_policy(name="pol2",
scope=SCOPE.REGISTER,
action="{0!s}={1!s}, {2!s}={3!s}".format(
ACTION.REALM, "register", ACTION.RESOLVER,
"register"))
# Try to register, but missing parameter
with self.app.test_request_context('/register',
method='POST',
data={
"username": "******",
"surname": "Kölbel"
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
# Register fails, missing SMTP config
with self.app.test_request_context('/register',
method='POST',
data={
"username": "******",
"surname": "Kölbel",
"givenname": "Cornelius",
"password": "******",
"email":
"*****@*****.**"
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
data = json.loads(res.data)
self.assertEqual(
data.get("result").get("error").get("message"),
u'ERR10: No SMTP server configuration specified!')
# Set SMTP config and policy
add_smtpserver("myserver", "1.2.3.4", sender="pi@localhost")
set_policy("pol3",
scope=SCOPE.REGISTER,
action="{0!s}=myserver".format(ACTION.EMAILCONFIG))
with self.app.test_request_context('/register',
method='POST',
data={
"username": "******",
"surname": "Kölbel",
"givenname": "Cornelius",
"password": "******",
"email":
"*****@*****.**"
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
# Registering the user a second time will fail
with self.app.test_request_context('/register',
method='POST',
data={
"username": "******",
"surname": "Kölbel",
"givenname": "Cornelius",
"password": "******",
"email":
"*****@*****.**"
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 400, res)
# get the register status
with self.app.test_request_context('/register', method='GET'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_05_auth_config_success(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = self.auth_provider.submit_message("123456", "Hello")
self.assertTrue(r)
def test_13_challenge_response_email(self):
smtpmock.setdata(response={"*****@*****.**": (200, 'OK')})
# set a chalresp policy for Email
with self.app.test_request_context('/policy/pol_chal_resp',
data={
'action':
"challenge_response=email",
'scope': "authentication",
'realm': '',
'active': True
},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data,
res.data)
serial = "CHALRESP3"
pin = "chalresp3"
# create a token and assign to the user
init_token(
{
"serial": serial,
"type": "email",
"otpkey": self.otpkey,
"email": "*****@*****.**",
"pin": pin
},
user=User("cornelius", self.realm1))
# create the challenge by authenticating with the OTP PIN
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user": "******",
"pass": pin
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertFalse(result.get("value"))
self.assertEqual(detail.get("message"), "Enter the OTP from the "
"Email:")
transaction_id = detail.get("transaction_id")
# send the OTP value
# Test with parameter state.
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user": "******",
"state": transaction_id,
"pass": "******"
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertTrue(result.get("value"))
# delete the token
remove_token(serial=serial)
def test_07_identifier_config_success(self):
r = add_smtpserver("myServer", "1.2.3.4", sender="*****@*****.**")
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = self.identifier_provider.submit_message("123456", "Halo")
self.assertTrue(r)
def test_02_simple_config_success(self):
smtpmock.setdata(response={"*****@*****.**": (200, "OK")})
r = self.simple_provider.submit_message("123456", "Hello")
self.assertRaises(r)
