def test_scenario01(self): """ Scenario01 (https://wally/projects/linotp/wiki/TestingTest_Szenario_01) """ driver = self.testcase.driver token_view = self.testcase.manage_ui.token_view user_view = self.testcase.manage_ui.user_view token_enroll = self.testcase.manage_ui.token_enroll selfservice = SelfService(self.testcase) # reset all views self.testcase.reset_resolvers_and_realms() self.testcase.manage_ui.policy_view.clear_policies() token_view.delete_all_tokens() self._announce_test("1. UserIdResolver anlegen") # Create LDAP UserIdResolver ldap_data = data.musicians_ldap_resolver ldap_resolver = self.testcase.useridresolver_manager.create_resolver( ldap_data) # Create SQL UserIdResolver sql_data = data.sql_resolver sql_resolver = self.testcase.useridresolver_manager.create_resolver( sql_data) self.testcase.useridresolver_manager.close() # Create realm for all resolvers realm_name1 = "SE_scenario01_realm1" realm_name2 = "SE_scenario01_realm2" self.testcase.realm_manager.create(realm_name1, [ldap_resolver]) self.testcase.realm_manager.create(realm_name2, [sql_resolver]) self.testcase.realm_manager.close() self._announce_test( "2. In Management Webinterface, check that all users are visible") self.check_users(realm_name1, ldap_data) self.check_users(realm_name2, sql_data) self._announce_test("3. eToken.xml ueber das Webinterface importieren") token_import_aladdin = TokenImportAladdin(self.testcase.manage_ui) aladdin_xml_path = os.path.join(self.testcase.manage_ui.test_data_dir, "aladdin.xml") token_import_aladdin.do_import(file_path=aladdin_xml_path) serial_token_bach = "oath137332" test1_realm = realm_name1.lower() self._announce_test( "4. Im Management Webinterface nun eine Policy anlegen") Policy( self.testcase.manage_ui, "SE_scenario01", "selfservice", "enrollMOTP, setOTPPIN, setMOTPPIN, resync, disable ", test1_realm, ) self._announce_test("5. eToken zuweisen") user_view.select_realm(test1_realm) user_view.select_user("bach") token_view.assign_token(serial_token_bach, "1234") self._announce_test("6. Remote Token zuweisen") user_view.select_user("debussy") serial_token_debussy = token_enroll.create_remote_token( url="https://billybones", remote_serial="LSSP0002F653", pin="1234", remote_otp_length=6, ) self._announce_test("7. Spass-Token zuweisen") user_view.select_user("beethoven") beethoven_token_password = "******" serial_token_beethoven = token_enroll.create_static_password_token( password=beethoven_token_password, description="Password Token enrolled with Selenium", ) self._announce_test("8. Selfservice mOTP") motp_key = "1234123412341234" motp_pin = "1234" selfservice.open() selfservice.login("mozart", "Test123!", test1_realm) driver.find_element(By.ID, "motp_secret").clear() driver.find_element(By.ID, "motp_secret").send_keys(motp_key) driver.find_element(By.ID, "motp_s_pin1").clear() driver.find_element(By.ID, "motp_s_pin1").send_keys(motp_pin) driver.find_element(By.ID, "motp_s_pin2").clear() driver.find_element(By.ID, "motp_s_pin2").send_keys(motp_pin) driver.find_element(By.ID, "motp_self_desc").clear() driver.find_element( By.ID, "motp_self_desc").send_keys("Selenium self enrolled") driver.find_element(By.ID, "button_register_motp").click() alert_box_text = driver.find_element(By.ID, "alert_box_text").text m = re.match( r""" .*? Token\ enrolled\ successfully .*? [sS]erial(\ number)?: # 'serial:' or 'Serial number:' \s* (?P<serial>\w+) # For example: LSMO0001222C """, alert_box_text, re.DOTALL | re.VERBOSE, ) assert m is not None, ( "alert_box_text does not match regex. Possibly the token was not enrolled properly. %r" % alert_box_text) serial_token_mozart = m.group("serial") self.testcase.driver.find_element( By.XPATH, "//button[@type='button' and ancestor::div[@aria-describedby='alert_box']]", ).click() selfservice.logout() self._announce_test( "9. Alle 4 Benutzer melden sich im selfservice Portal an und setzen die PIN" ) user_token_dict = { "bach": serial_token_bach, "debussy": serial_token_debussy, "mozart": serial_token_mozart, "beethoven": serial_token_beethoven, } for user, token in user_token_dict.items(): selfservice.login(user, "Test123!", test1_realm) selfservice.set_pin(token, user + "newpin") selfservice.logout() self._announce_test("10. Authentisierung der 4 Benutzer ###") validate = Validate( self.testcase.http_protocol, self.testcase.http_host, self.testcase.http_port, self.testcase.http_username, self.testcase.http_password, ) # seed is also set in testdata/aladdin.xml seed_oath137332 = "ff06df50017d3b981cfbc4ec4d374040164d8d19" seed_oath137332_bin = binascii.unhexlify(seed_oath137332) # Validate HOTP Token - bach hotp = HmacOtp() for counter in range(0, 4): otp = "bachnewpin" + hotp.generate(counter=counter, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) assert access_granted, ("OTP: " + otp + " for user " + "bach@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") assert (not access_granted ), "OTP: 1234111111 should be False for user bach" # Validate Remote token - debussy # deactivated remote token test while no remote linotp integration # server is available ''' remote_token_otp = "666666" access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + remote_token_otp) assert access_granted is True, "OTP: " + remote_token_otp + " for user " + "debussy@" + test1_realm + " returned False" access_granted, _ = validate.validate(user="******" + test1_realm, password="******") assert access_granted is False, "OTP: 1234111111 should be False for user debussy"''' # Validate Spass token - beethoven # Correct PIN + password = success access_granted, _ = validate.validate( user="******" + test1_realm, password="******" + beethoven_token_password, ) assert access_granted, ("OTP: " + "beethovennewpin" + " for user " + "beethoven@" + test1_realm + " returned False") # wrong PIN + empty password = fail access_granted, _ = validate.validate(user="******" + test1_realm, password="******") assert (not access_granted ), "OTP: randominvalidpin should be False for user beethoven" # correct PIN + wrong password = fail access_granted, _ = validate.validate( user="******" + test1_realm, password="******" + "wrongpassword", ) assert (not access_granted ), "beethoven should not auth with wrong token password" # Password without pin = fail access_granted, _ = validate.validate( user="******" + test1_realm, password=beethoven_token_password) assert (not access_granted ), "beethoven should not auth with password and old pin" # Correct PIN + password = success (again) access_granted, _ = validate.validate( user="******" + test1_realm, password="******" + beethoven_token_password, ) assert access_granted, ("OTP: " + "beethovennewpin" + " for user " + "beethoven@" + test1_realm + " returned False") time.sleep(2) # Validate mOTP token - mozart current_epoch = time.time() motp_otp = calculate_motp(epoch=current_epoch, key=motp_key, pin=motp_pin) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) time.sleep(1) assert access_granted, ("OTP: " + motp_otp + " for user " + "mozart@" + test1_realm + " returned False") motp_otp = calculate_motp(epoch=current_epoch - 4000, key=motp_key, pin=motp_pin) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) assert not access_granted, ( "OTP: mozartnewpin%s should be False for user mozart" % motp_otp) self._announce_test("11. mOTP Pin im selfservice ändern") new_motp_pin = "5588" selfservice.open() selfservice.login("mozart", "Test123!", test1_realm) selfservice.set_motp_pin(serial_token_mozart, new_motp_pin) selfservice.logout() time.sleep(10) # otherwise next mOTP value might not be valid current_epoch = time.time() motp_otp = calculate_motp(epoch=current_epoch, key=motp_key, pin=new_motp_pin) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) assert access_granted, ("OTP: mozartnewpin" + motp_otp + " for user " + "mozart@" + test1_realm + " returned False") self._announce_test("12. Token Resynchronisierung") # Bach 'presses' his token more than 10 times and fails to authenticate counter = 50 # was 19 hotp = HmacOtp() otp = "bachnewpin" + hotp.generate(counter=counter, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) assert not access_granted, ("OTP: %s should be False for user bach" % otp) selfservice.login("bach", "Test123!", test1_realm) otp1 = hotp.generate(counter=counter + 1, key=seed_oath137332_bin) otp2 = hotp.generate(counter=counter + 2, key=seed_oath137332_bin) selfservice.resync_token(serial_token_bach, otp1, otp2) selfservice.logout() # Should be able to authenticate again otp = "bachnewpin" + hotp.generate(counter=counter + 3, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) assert access_granted, "OTP: %s should be True for user bach" % otp self._announce_test( "13. Benutzer beethoven deaktiviert seinen Token im Selfservice portal und versucht sich anzumelden." ) selfservice.login("beethoven", "Test123!", test1_realm) selfservice.disable_token(serial_token_beethoven) selfservice.logout() # beethoven should be unable to authenticate access_granted, _ = validate.validate( user="******" + test1_realm, password="******" + beethoven_token_password, ) assert (not access_granted ), "OTP: beethovennewpin should be False for user beethoven" self._announce_test( "14. Der Admin entsperrt diesen Token, der Benutzer beethoven kann sich wieder anmelden." ) token_view.open() token_view.enable_token(serial_token_beethoven) # beethoven should be able to authenticate access_granted, _ = validate.validate( user="******" + test1_realm, password="******" + beethoven_token_password, ) assert ( access_granted ), "OTP: beethovennewpin should be able to authenticate after re-enabled token."
def test_scenario01(self): """Tests Scenario 01 (https://wally/projects/linotp/wiki/TestingTest_Szenario_01)""" driver = self.driver token_view = self.manage_ui.token_view user_view = self.manage_ui.user_view selfservice = SelfService(self.driver, self.base_url) # reset all views self.reset_resolvers_and_realms() self.manage_ui.policy_view.clear_policies() token_view.delete_all_tokens() self._announce_test("1. UserIdResolver anlegen") # Create LDAP UserIdResolver ldap_data = data.musicians_ldap_resolver ldap_resolver = self.useridresolver_manager.create_resolver(ldap_data) # Create SQL UserIdResolver sql_data = data.sql_resolver sql_resolver = self.useridresolver_manager.create_resolver(sql_data) self.useridresolver_manager.close() # Create realm for all resolvers realm_name1 = "SE_scenario01_realm1" realm_name2 = "SE_scenario01_realm2" self.realm_manager.create(realm_name1, [ldap_resolver]) self.realm_manager.create(realm_name2, [sql_resolver]) self.realm_manager.close() self._announce_test( "2. In Management Webinterface, check that all users are visible") self.check_users(realm_name1, ldap_data) self.check_users(realm_name2, sql_data) self._announce_test("3. eToken.xml ueber das Webinterface importieren") seed_oath137332 = "ff06df50017d3b981cfbc4ec4d374040164d8d19" seed_oath137332_bin = binascii.unhexlify(seed_oath137332) file_content = """<Tokens> <Token serial="00040008CFA5"> <CaseModel>5</CaseModel> <Model>101</Model> <ProductionDate>02/19/2009</ProductionDate> <ProductName>Safeword Alpine</ProductName> <Applications> <Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb9}"> <Seed>123412354</Seed> <MovingFactor>1</MovingFactor> </Application> </Applications> </Token> <Token serial="00040008CFA52"> <CaseModel>5</CaseModel> <Model>101</Model> <ProductionDate>02/19/2009</ProductionDate> <ProductName>Safeword Alpine</ProductName> <Applications> <Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb9}"> <Seed>123456</Seed> <MovingFactor>1</MovingFactor> </Application> </Applications> </Token> <Token serial="oath137332"> <CaseModel>5</CaseModel> <Model>101</Model> <ProductionDate>02/19/2009</ProductionDate> <ProductName>Safeword Alpine</ProductName> <Applications> <Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb1}"> <Seed>""" + seed_oath137332 + """</Seed> <MovingFactor>1</MovingFactor> </Application> </Applications> </Token> <Token serial="oath12482B"> <CaseModel>5</CaseModel> <Model>101</Model> <ProductionDate>02/19/2009</ProductionDate> <ProductName>Safeword Alpine</ProductName> <Applications> <Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb2}"> <Seed>6ec1d0e9915a2bebf84745b318e39e481249c1eb</Seed> <MovingFactor>1</MovingFactor> </Application> </Applications> </Token> </Tokens>""" TokenImport(driver, self.base_url, "safenet", file_content, None) serial_token_bach = "oath137332" test1_realm = realm_name1.lower() self._announce_test( "4. Im Management Webinterface nun eine Policy anlegen") Policy(self.manage_ui, "SE_scenario01", "selfservice", "enrollMOTP, setOTPPIN, setMOTPPIN, resync, disable ", test1_realm) self._announce_test("5. eToken zuweisen") user_view.select_realm(test1_realm) user_view.select_user("bach") token_view.assign_token(serial_token_bach, "1234") self._announce_test("6. Remote Token zuweisen") user_view.select_user("debussy") remote_token = RemoteToken( driver=self.driver, base_url=self.base_url, url="https://billybones", remote_serial="LSSP0002F653", pin="1234", remote_otp_length=6, ) serial_token_debussy = remote_token.serial self._announce_test("7. Spass-Token zuweisen") user_view.select_user("beethoven") spass_token = SpassToken( driver=self.driver, base_url=self.base_url, pin=u"beethovenspass#ñô", description="SPass Token enrolled with Selenium") serial_token_beethoven = spass_token.serial self._announce_test("8. Selfservice mOTP") motp_key = "1234123412341234" motp_pin = "1234" selfservice.login("mozart", "Test123!", test1_realm) driver.find_element_by_id("motp_secret").clear() driver.find_element_by_id("motp_secret").send_keys(motp_key) driver.find_element_by_id("motp_s_pin1").clear() driver.find_element_by_id("motp_s_pin1").send_keys(motp_pin) driver.find_element_by_id("motp_s_pin2").clear() driver.find_element_by_id("motp_s_pin2").send_keys(motp_pin) driver.find_element_by_id("motp_self_desc").clear() driver.find_element_by_id("motp_self_desc").send_keys( "Selenium self enrolled") driver.find_element_by_id("button_register_motp").click() alert_box_text = driver.find_element_by_id("alert_box_text").text m = re.match( r""" .*? Token\ enrolled\ successfully .*? [sS]erial(\ number)?: # 'serial:' or 'Serial number:' \s* (?P<serial>\w+) # For example: LSMO0001222C """, alert_box_text, re.DOTALL | re.VERBOSE) self.assertTrue( m is not None, "alert_box_text does not match regex. Possibly the token was not enrolled properly. %r" % alert_box_text) serial_token_mozart = m.group('serial') self.driver.find_element_by_xpath( "//button[@type='button' and ancestor::div[@aria-describedby='alert_box']]" ).click() driver.find_element_by_link_text("Logout").click() self._announce_test( "9. Alle 4 Benutzer melden sich im selfservice Portal an und setzen die PIN" ) user_token_dict = { "bach": serial_token_bach, "debussy": serial_token_debussy, "mozart": serial_token_mozart, "beethoven": serial_token_beethoven } for user, token in user_token_dict.iteritems(): selfservice.login(user, "Test123!", test1_realm) selfservice.set_pin(token, user + "newpin") selfservice.logout() self._announce_test("10. Authentisierung der 4 Benutzer ###") validate = Validate(self.http_protocol, self.http_host, self.http_port, self.http_username, self.http_password) # Validate HOTP Token - bach hotp = HmacOtp() for counter in range(0, 20): otp = "bachnewpin" + \ hotp.generate(counter=counter, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) self.assertTrue( access_granted, "OTP: " + otp + " for user " + "bach@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse(access_granted, "OTP: 1234111111 should be False for user bach") # Validate Remote token - debussy # deactivated remote token test while no remote linotp integration # server is available ''' remote_token_otp = "666666" access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + remote_token_otp) self.assertTrue(access_granted, "OTP: " + remote_token_otp + " for user " + "debussy@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse(access_granted, "OTP: 1234111111 should be False for user debussy")''' # Validate Spass token - beethoven access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertTrue( access_granted, "OTP: " + "beethovennewpin" + " for user " + "beethoven@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse( access_granted, "OTP: randominvalidpin should be False for user beethoven") # Validate mOTP token - mozart current_epoch = time.time() motp_otp = calculate_motp(epoch=current_epoch, key=motp_key, pin=motp_pin) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) time.sleep(1) self.assertTrue( access_granted, "OTP: " + motp_otp + " for user " + "mozart@" + test1_realm + " returned False") motp_otp = calculate_motp(epoch=current_epoch - 4000, key=motp_key, pin=motp_pin) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) self.assertFalse( access_granted, "OTP: mozartnewpin%s should be False for user mozart" % motp_otp) self._announce_test("11. mOTP Pin im selfservice ändern") new_motp_pin = "5588" selfservice.login("mozart", "Test123!", test1_realm) selfservice.set_motp_pin(token, new_motp_pin) selfservice.logout() time.sleep(10) # otherwise next mOTP value might not be valid current_epoch = time.time() motp_otp = calculate_motp(epoch=current_epoch, key=motp_key, pin=new_motp_pin) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) self.assertTrue( access_granted, "OTP: mozartnewpin" + motp_otp + " for user " + "mozart@" + test1_realm + " returned False") self._announce_test("12. Token Resynchronisierung") # Bach 'presses' his token more than 10 times and fails to authenticate counter = 50 # was 19 hotp = HmacOtp() otp = "bachnewpin" + \ hotp.generate(counter=counter, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) self.assertFalse(access_granted, "OTP: %s should be False for user bach" % otp) selfservice.login("bach", "Test123!", test1_realm) otp1 = hotp.generate(counter=counter + 1, key=seed_oath137332_bin) otp2 = hotp.generate(counter=counter + 2, key=seed_oath137332_bin) selfservice.resync_token(serial_token_bach, otp1, otp2) selfservice.logout() # Should be able to authenticate again otp = "bachnewpin" + \ hotp.generate(counter=counter + 3, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) self.assertTrue(access_granted, "OTP: %s should be True for user bach" % otp) self._announce_test( "13. Benutzer beethoven deaktiviert seinen Token im Selfservice portal und versucht sich anzumelden." ) selfservice.login("beethoven", "Test123!", test1_realm) selfservice.disable_token(serial_token_beethoven) selfservice.logout() # beethoven should be unable to authenticate access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse( access_granted, "OTP: beethovennewpin should be False for user beethoven") self._announce_test( "14. Der Admin entsperrt diesen Token, der Benutzer beethoven kann sich wieder anmelden." ) token_view.open() token_view.select_token(serial_token_beethoven) driver.find_element_by_id("button_enable").click() time.sleep(1) # beethoven should be able to authenticate access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertTrue( access_granted, "OTP: beethovennewpin should be able to authenticate after re-enabled token." )
def test_scenario01(self): """ Scenario01 (https://wally/projects/linotp/wiki/TestingTest_Szenario_01) """ driver = self.driver token_view = self.manage_ui.token_view user_view = self.manage_ui.user_view selfservice = SelfService(self.driver, self.base_url) # reset all views self.reset_resolvers_and_realms() self.manage_ui.policy_view.clear_policies() token_view.delete_all_tokens() self._announce_test("1. UserIdResolver anlegen") # Create LDAP UserIdResolver ldap_data = data.musicians_ldap_resolver ldap_resolver = self.useridresolver_manager.create_resolver(ldap_data) # Create SQL UserIdResolver sql_data = data.sql_resolver sql_resolver = self.useridresolver_manager.create_resolver(sql_data) self.useridresolver_manager.close() # Create realm for all resolvers realm_name1 = "SE_scenario01_realm1" realm_name2 = "SE_scenario01_realm2" self.realm_manager.create(realm_name1, [ldap_resolver]) self.realm_manager.create(realm_name2, [sql_resolver]) self.realm_manager.close() self._announce_test( "2. In Management Webinterface, check that all users are visible") self.check_users(realm_name1, ldap_data) self.check_users(realm_name2, sql_data) self._announce_test("3. eToken.xml ueber das Webinterface importieren") token_import_aladdin = TokenImportAladdin(self.manage_ui) aladdin_xml_path = os.path.join(self.manage_ui.test_data_dir, 'aladdin.xml') err_import = token_import_aladdin.do_import(file_content=None, file_path=aladdin_xml_path) # There shouldn't raise an error self.assertFalse(err_import, "Error during Aladdin token import!") token_import_aladdin = TokenImportAladdin(self.manage_ui) err_import = token_import_aladdin.do_import( file_path=os.path.join(self.manage_ui.test_data_dir, 'wrong_token.xml')) # There shouldn't raise an error self.assertTrue(err_import, "Successful import of wrong Aladdin token file!") serial_token_bach = "oath137332" test1_realm = realm_name1.lower() self._announce_test( "4. Im Management Webinterface nun eine Policy anlegen") Policy(self.manage_ui, "SE_scenario01", "selfservice", "enrollMOTP, setOTPPIN, setMOTPPIN, resync, disable ", test1_realm) self._announce_test("5. eToken zuweisen") user_view.select_realm(test1_realm) user_view.select_user("bach") token_view.assign_token(serial_token_bach, "1234") self._announce_test("6. Remote Token zuweisen") user_view.select_user("debussy") remote_token = RemoteToken(driver=self.driver, base_url=self.base_url, url="https://billybones", remote_serial="LSSP0002F653", pin="1234", remote_otp_length=6, ) serial_token_debussy = remote_token.serial self._announce_test("7. Spass-Token zuweisen") user_view.select_user("beethoven") spass_token = SpassToken( driver=self.driver, base_url=self.base_url, pin=u"beethovenspass#ñô", description="SPass Token enrolled with Selenium" ) serial_token_beethoven = spass_token.serial self._announce_test("8. Selfservice mOTP") motp_key = "1234123412341234" motp_pin = "1234" selfservice.login("mozart", "Test123!", test1_realm) driver.find_element_by_id("motp_secret").clear() driver.find_element_by_id("motp_secret").send_keys(motp_key) driver.find_element_by_id("motp_s_pin1").clear() driver.find_element_by_id("motp_s_pin1").send_keys(motp_pin) driver.find_element_by_id("motp_s_pin2").clear() driver.find_element_by_id("motp_s_pin2").send_keys(motp_pin) driver.find_element_by_id("motp_self_desc").clear() driver.find_element_by_id("motp_self_desc").send_keys( "Selenium self enrolled") driver.find_element_by_id("button_register_motp").click() alert_box_text = driver.find_element_by_id("alert_box_text").text m = re.match( r""" .*? Token\ enrolled\ successfully .*? [sS]erial(\ number)?: # 'serial:' or 'Serial number:' \s* (?P<serial>\w+) # For example: LSMO0001222C """, alert_box_text, re.DOTALL | re.VERBOSE ) self.assertTrue( m is not None, "alert_box_text does not match regex. Possibly the token was not enrolled properly. %r" % alert_box_text ) serial_token_mozart = m.group('serial') self.driver.find_element_by_xpath( "//button[@type='button' and ancestor::div[@aria-describedby='alert_box']]").click() driver.find_element_by_link_text("Logout").click() self._announce_test( "9. Alle 4 Benutzer melden sich im selfservice Portal an und setzen die PIN") user_token_dict = { "bach": serial_token_bach, "debussy": serial_token_debussy, "mozart": serial_token_mozart, "beethoven": serial_token_beethoven } for user, token in user_token_dict.iteritems(): selfservice.login(user, "Test123!", test1_realm) selfservice.set_pin(token, user + "newpin") selfservice.logout() self._announce_test("10. Authentisierung der 4 Benutzer ###") validate = Validate(self.http_protocol, self.http_host, self.http_port, self.http_username, self.http_password) # seed is also set in testdata/aladdin.xml seed_oath137332 = "ff06df50017d3b981cfbc4ec4d374040164d8d19" seed_oath137332_bin = binascii.unhexlify(seed_oath137332) # Validate HOTP Token - bach hotp = HmacOtp() for counter in range(0, 20): otp = "bachnewpin" + \ hotp.generate(counter=counter, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) self.assertTrue(access_granted, "OTP: " + otp + " for user " + "bach@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse( access_granted, "OTP: 1234111111 should be False for user bach") # Validate Remote token - debussy # deactivated remote token test while no remote linotp integration # server is available ''' remote_token_otp = "666666" access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + remote_token_otp) self.assertTrue(access_granted, "OTP: " + remote_token_otp + " for user " + "debussy@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse(access_granted, "OTP: 1234111111 should be False for user debussy")''' # Validate Spass token - beethoven access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertTrue(access_granted, "OTP: " + "beethovennewpin" + " for user " + "beethoven@" + test1_realm + " returned False") access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse( access_granted, "OTP: randominvalidpin should be False for user beethoven") # Validate mOTP token - mozart current_epoch = time.time() motp_otp = calculate_motp( epoch=current_epoch, key=motp_key, pin=motp_pin ) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) time.sleep(1) self.assertTrue(access_granted, "OTP: " + motp_otp + " for user " + "mozart@" + test1_realm + " returned False") motp_otp = calculate_motp( epoch=current_epoch - 4000, key=motp_key, pin=motp_pin ) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) self.assertFalse( access_granted, "OTP: mozartnewpin%s should be False for user mozart" % motp_otp) self._announce_test("11. mOTP Pin im selfservice ändern") new_motp_pin = "5588" selfservice.login("mozart", "Test123!", test1_realm) selfservice.set_motp_pin(token, new_motp_pin) selfservice.logout() time.sleep(10) # otherwise next mOTP value might not be valid current_epoch = time.time() motp_otp = calculate_motp( epoch=current_epoch, key=motp_key, pin=new_motp_pin ) access_granted, _ = validate.validate(user="******" + test1_realm, password="******" + motp_otp) self.assertTrue(access_granted, "OTP: mozartnewpin" + motp_otp + " for user " + "mozart@" + test1_realm + " returned False") self._announce_test("12. Token Resynchronisierung") # Bach 'presses' his token more than 10 times and fails to authenticate counter = 50 # was 19 hotp = HmacOtp() otp = "bachnewpin" + \ hotp.generate(counter=counter, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) self.assertFalse( access_granted, "OTP: %s should be False for user bach" % otp) selfservice.login("bach", "Test123!", test1_realm) otp1 = hotp.generate(counter=counter + 1, key=seed_oath137332_bin) otp2 = hotp.generate(counter=counter + 2, key=seed_oath137332_bin) selfservice.resync_token(serial_token_bach, otp1, otp2) selfservice.logout() # Should be able to authenticate again otp = "bachnewpin" + \ hotp.generate(counter=counter + 3, key=seed_oath137332_bin) access_granted, _ = validate.validate(user="******" + test1_realm, password=otp) self.assertTrue( access_granted, "OTP: %s should be True for user bach" % otp) self._announce_test( "13. Benutzer beethoven deaktiviert seinen Token im Selfservice portal und versucht sich anzumelden.") selfservice.login("beethoven", "Test123!", test1_realm) selfservice.disable_token(serial_token_beethoven) selfservice.logout() # beethoven should be unable to authenticate access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertFalse( access_granted, "OTP: beethovennewpin should be False for user beethoven") self._announce_test( "14. Der Admin entsperrt diesen Token, der Benutzer beethoven kann sich wieder anmelden.") token_view.open() token_view.select_token(serial_token_beethoven) driver.find_element_by_id("button_enable").click() time.sleep(1) # beethoven should be able to authenticate access_granted, _ = validate.validate(user="******" + test1_realm, password="******") self.assertTrue( access_granted, "OTP: beethovennewpin should be able to authenticate after re-enabled token.")