def assign_ssh_token(serial, username):
app = create_app(config_name='production',
config_file=PI_CONFIG,
silent=True)
with app.app_context():
attach_token(serial,
'ssh',
hostname=SSH_HOST,
options={'user': username})
def test_10_auth_items_ssh(self):
# create an SSH token
token_obj = init_token({"serial": self.serial2, "type": "sshkey",
"sshkey": SSHKEY})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial2,
application="ssh", options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch the auth_items on machine gandalf for all applications
with self.app.test_request_context(
'/machine/authitem?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
def test_03_add_delete_option(self):
mt = attach_token(self.serial, "luks", hostname="gandalf")
self.assertEqual(mt.token.serial, self.serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
r = add_option(serial=self.serial, application="luks",
hostname="gandalf", options={"option1": "value1",
"option2": "valü2"})
self.assertEqual(r, 2)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 2)
for option in option_list:
if option.mt_key == "option1":
self.assertEqual(option.mt_value, "value1")
elif option.mt_key == "option2":
self.assertEqual(option.mt_value, u"valü2")
else:
self.fail("Unspecified Option! {0!s}".format(option.mt_key))
r = delete_option(serial=self.serial, application="luks",
hostname="gandalf", key="option1")
self.assertEqual(r, 1)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 1)
def test_12_auth_items_offline(self):
#create HOTP token for offline usage
token_obj = init_token({"serial": self.serial4, "type": "hotp",
"otpkey": OTPKEY})
self.assertEqual(token_obj.type, "hotp")
# Attach the token to the machine "gandalf" with the application offline
r = attach_token(hostname="gandalf", serial=self.serial4,
application="offline", options={"user": "******",
"count": 17})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items on machine gandalf for application "offline"
with self.app.test_request_context(
'/machine/authitem/offline?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
offline_auth_item = result["value"].get("offline")[0]
username = offline_auth_item.get("user")
self.assertEqual(username, "cornelius")
# check, if we got 17 otp values
self.assertEqual(len(offline_auth_item.get("response")), 17)
def test_12_auth_items_offline(self):
#create HOTP token for offline usage
self.setUp_user_realms()
token_obj = init_token({"serial": self.serial4, "type": "hotp",
"otpkey": OTPKEY,
"pin": "test"}, User("cornelius", self.realm1))
self.assertEqual(token_obj.type, "hotp")
self.assertEqual(token_obj.token.count, 0)
# Attach the token to the machine "gandalf" with the application offline
r = attach_token(hostname="gandalf", serial=self.serial4,
application="offline", options={"user": "******",
"count": 17})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items on machine gandalf for application "offline"
with self.app.test_request_context(
'/machine/authitem/offline?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
offline_auth_item = result["value"].get("offline")[0]
username = offline_auth_item.get("user")
self.assertEqual(username, "cornelius")
# check, if we got 17 otp values
response = offline_auth_item.get("response")
self.assertEqual(len(response), 17)
self.assertEqual(token_obj.token.count, 17)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("755224",
response.get('0')))
self.assertEqual(token_obj.check_otp('187581'), -1) # count = 16
with self.app.test_request_context(
'/validate/check?user=cornelius&pass=test447589', # count = 17
environ_base={'REMOTE_ADDR': '192.168.0.1'},
method='GET'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data)
self.assertTrue(result['result']['status'])
self.assertTrue(result['result']['value'])
offline_auth_item = result["auth_items"]["offline"][0]
username = offline_auth_item.get("user")
self.assertEqual(username, "cornelius")
# check, if we got 17 otp values
response = offline_auth_item.get("response")
self.assertEqual(len(response), 17)
self.assertEqual(token_obj.token.count, 35) # 17 + 17 + 1, because we consumed 447589
self.assertTrue(passlib.hash. \
pbkdf2_sha512.verify("test903435", # count = 18
response.get('18')))
self.assertTrue(passlib.hash. \
pbkdf2_sha512.verify("test749439", # count = 34
response.get('34')))
self.assertEqual(token_obj.check_otp('747439'), -1) # count = 34
self.assertEqual(token_obj.check_otp('037211'), 35) # count = 35
def test_12_auth_items_offline(self):
#create HOTP token for offline usage
self.setUp_user_realms()
token_obj = init_token({"serial": self.serial4, "type": "hotp",
"otpkey": OTPKEY,
"pin": "test"}, User("cornelius", self.realm1))
self.assertEqual(token_obj.type, "hotp")
self.assertEqual(token_obj.token.count, 0)
# Attach the token to the machine "gandalf" with the application offline
r = attach_token(hostname="gandalf", serial=self.serial4,
application="offline", options={"user": "******",
"count": 17})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items on machine gandalf for application "offline"
with self.app.test_request_context(
'/machine/authitem/offline?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
offline_auth_item = result["value"].get("offline")[0]
username = offline_auth_item.get("user")
self.assertEqual(username, "cornelius")
# check, if we got 17 otp values
response = offline_auth_item.get("response")
self.assertEqual(len(response), 17)
self.assertEqual(token_obj.token.count, 17)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("755224",
response.get('0')))
self.assertEqual(token_obj.check_otp('187581'), -1) # count = 16
with self.app.test_request_context(
'/validate/check?user=cornelius&pass=test447589', # count = 17
environ_base={'REMOTE_ADDR': '192.168.0.1'},
method='GET'):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json
self.assertTrue(result['result']['status'])
self.assertTrue(result['result']['value'])
offline_auth_item = result["auth_items"]["offline"][0]
username = offline_auth_item.get("user")
self.assertEqual(username, "cornelius")
# check, if we got 17 otp values
response = offline_auth_item.get("response")
self.assertEqual(len(response), 17)
self.assertEqual(token_obj.token.count, 35) # 17 + 17 + 1, because we consumed 447589
self.assertTrue(passlib.hash.
pbkdf2_sha512.verify("test903435", # count = 18
response.get('18')))
self.assertTrue(passlib.hash.
pbkdf2_sha512.verify("test749439", # count = 34
response.get('34')))
self.assertEqual(token_obj.check_otp('747439'), -1) # count = 34
self.assertEqual(token_obj.check_otp('037211'), 35) # count = 35
def test_10_auth_items(self):
# create an SSH token
token_obj = init_token({"serial": self.serial2, "type": "sshkey",
"sshkey": sshkey})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial2,
application="ssh", options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh")
sshkey_auth_items = ai.get("ssh")
self.assertEquals(len(sshkey_auth_items), 1)
self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith(
"ssh-rsa"))
# fetch the auth_items with user restriction for SSH
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh",
filter_param={"user": "******"})
sshkey_auth_items = ai.get("ssh")
self.assertEquals(len(sshkey_auth_items), 1)
self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith(
"ssh-rsa"))
# try to fetch SSH keys for user, who has no ssh keys
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh",
filter_param={"user": "******"})
sshkey_auth_items = ai.get("ssh")
# None or an empty list
self.assertFalse(sshkey_auth_items)
def test_12_auth_items_offline(self):
#create HOTP token for offline usage
token_obj = init_token({"serial": self.serial4, "type": "hotp",
"otpkey": OTPKEY})
self.assertEqual(token_obj.type, "hotp")
# Attach the token to the machine "gandalf" with the application offline
r = attach_token(hostname="gandalf", serial=self.serial4,
application="offline", options={"user": "******",
"count": 17})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items on machine gandalf for application "offline"
with self.app.test_request_context(
'/machine/authitem/offline?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
offline_auth_item = result["value"].get("offline")[0]
username = offline_auth_item.get("user")
self.assertEqual(username, "cornelius")
# check, if we got 17 otp values
self.assertEqual(len(offline_auth_item.get("response")), 17)
def test_06_offline_auth(self):
# Test that a machine definition will return offline hashes
self.setUp_user_realms()
serial = "offline01"
tokenobject = init_token({
"serial": serial,
"type": "hotp",
"otpkey": "3132333435363738393031"
"323334353637383930",
"pin": "offline",
"user": "******"
})
# Set the Machine and MachineToken
resolver1 = save_resolver({
"name": "reso1",
"type": "hosts",
"filename": HOSTSFILE
})
mt = attach_token(serial, "offline", hostname="gandalf")
self.assertEqual(mt.token.serial, serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
# The request with an OTP value and a PIN of a user, who has not
# token assigned
builder = EnvironBuilder(method='POST', data={}, headers={})
env = builder.get_environ()
env["REMOTE_ADDR"] = "192.168.0.1"
req = Request(env)
req.all_data = {"user": "******", "pass": "******"}
res = {
"jsonrpc": "2.0",
"result": {
"status": True,
"value": True
},
"version": "privacyIDEA test",
"detail": {
"serial": serial
},
"id": 1
}
resp = Response(json.dumps(res))
new_response = offline_info(req, resp)
jresult = json.loads(new_response.data)
self.assertTrue(jresult.get("result").get("value"), jresult)
self.assertEqual(jresult.get("detail").get("serial"), serial)
# Check the hashvalues in the offline tree
auth_items = jresult.get("auth_items")
self.assertEqual(len(auth_items), 1)
response = auth_items.get("offline")[0].get("response")
self.assertEqual(len(response), 100)
# check if the counter of the token was increased to 100
tokenobject = get_tokens(serial=serial)[0]
self.assertEqual(tokenobject.token.count, 101)
delete_policy("pol2")
def test_04_list_tokens_for_machine(self):
serial = "serial2"
init_token({"type": "spass", "serial": serial})
mt = attach_token(serial, "luks", hostname="gandalf")
tokenlist = list_machine_tokens(hostname="gandalf")
self.assertEqual(len(tokenlist), 2)
def test_04_list_tokens_for_machine(self):
serial = "serial2"
init_token({"type": "spass", "serial": serial})
mt = attach_token(serial, "luks", hostname="gandalf")
tokenlist = list_machine_tokens(hostname="gandalf")
self.assertEqual(len(tokenlist), 2)
def test_11_attach_token_without_machine(self):
mt = attach_token(self.serialHotp, "offline")
self.assertEqual(mt.token.serial, self.serialHotp)
# look at token, if we see the machine.
tok = get_tokens(serial=self.serialHotp)[0]
self.assertEqual(tok.token.machine_list[0].machine_id, None)
self.assertEqual(tok.token.machine_list[0].application, "offline")
def test_08_get_webui_settings(self):
# Test that a machine definition will return offline hashes
self.setUp_user_realms()
serial = "offline01"
tokenobject = init_token({"serial": serial, "type": "hotp",
"otpkey": "3132333435363738393031"
"323334353637383930",
"pin": "offline",
"user": "******"})
# Set the Machine and MachineToken
resolver1 = save_resolver({"name": "reso1",
"type": "hosts",
"filename": HOSTSFILE})
mt = attach_token(serial, "offline", hostname="gandalf")
self.assertEqual(mt.token.serial, serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
# The request with an OTP value and a PIN of a user, who has not
# token assigned
builder = EnvironBuilder(method='POST',
data={},
headers={})
env = builder.get_environ()
env["REMOTE_ADDR"] = "192.168.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"user": "******",
"pass": "******"}
res = {"jsonrpc": "2.0",
"result": {"status": True,
"value": {"role": "user",
"username": "******"}},
"version": "privacyIDEA test",
"detail": {"serial": serial},
"id": 1}
resp = Response(json.dumps(res))
new_response = get_webui_settings(req, resp)
jresult = json.loads(new_response.data)
self.assertEqual(jresult.get("result").get("value").get(
"token_wizard"), False)
# Set a policy. User has not token, so "token_wizard" will be True
set_policy(name="pol_wizard",
scope=SCOPE.WEBUI,
action=ACTION.TOKENWIZARD)
g.policy_object = PolicyClass()
new_response = get_webui_settings(req, resp)
jresult = json.loads(new_response.data)
self.assertEqual(jresult.get("result").get("value").get(
"token_wizard"), True)
delete_policy("pol_wizard")
def test_06_offline_auth(self):
# Test that a machine definition will return offline hashes
self.setUp_user_realms()
serial = "offline01"
tokenobject = init_token({"serial": serial, "type": "hotp",
"otpkey": "3132333435363738393031"
"323334353637383930",
"pin": "offline",
"user": "******"})
# Set the Machine and MachineToken
resolver1 = save_resolver({"name": "reso1",
"type": "hosts",
"filename": HOSTSFILE})
mt = attach_token(serial, "offline", hostname="gandalf")
self.assertEqual(mt.token.serial, serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
# The request with an OTP value and a PIN of a user, who has not
# token assigned
builder = EnvironBuilder(method='POST',
data={},
headers={})
env = builder.get_environ()
env["REMOTE_ADDR"] = "192.168.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"user": "******",
"pass": "******"}
res = {"jsonrpc": "2.0",
"result": {"status": True,
"value": True},
"version": "privacyIDEA test",
"detail": {"serial": serial},
"id": 1}
resp = Response(json.dumps(res))
new_response = offline_info(req, resp)
jresult = json.loads(new_response.data)
self.assertTrue(jresult.get("result").get("value"), jresult)
self.assertEqual(jresult.get("detail").get("serial"), serial)
# Check the hashvalues in the offline tree
auth_items = jresult.get("auth_items")
self.assertEqual(len(auth_items), 1)
response = auth_items.get("offline")[0].get("response")
self.assertEqual(len(response), 100)
# check if the counter of the token was increased to 100
tokenobject = get_tokens(serial=serial)[0]
self.assertEqual(tokenobject.token.count, 101)
delete_policy("pol2")
def test_01_attach_token(self):
mt = attach_token(self.serial, "luks", hostname="gandalf")
self.assertEqual(mt.token.serial, self.serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
# look at token, if we see the machine.
tok = get_tokens(serial=self.serial)[0]
self.assertEqual(tok.token.machine_list[0].machine_id, "192.168.0.1")
# problem attaching token with incomplete machine definition (missing
# resolver)
self.assertRaises(Exception, attach_token, self.serial, "luks",
machine_id="192.168.0.1")
def test_01_attach_token(self):
mt = attach_token(self.serial, "luks", hostname="gandalf")
self.assertEqual(mt.token.serial, self.serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
# look at token, if we see the machine.
tok = get_tokens(serial=self.serial)[0]
self.assertEqual(tok.token.machine_list[0].machine_id, "192.168.0.1")
# problem attaching token with incomplete machine definition (missing
# resolver)
self.assertRaises(Exception, attach_token, self.serial, "luks",
machine_id="192.168.0.1")
def test_10_auth_items(self):
# create an SSH token
token_obj = init_token({"serial": self.serial2, "type": "sshkey",
"sshkey": sshkey})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial2,
application="ssh", options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh")
sshkey_auth_items = ai.get("ssh")
self.assertEquals(len(sshkey_auth_items), 1)
self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith(
"ssh-rsa"))
def test_11_auth_items_luks(self):
# create TOTP/Yubikey token
token_obj = init_token({
"serial": self.serial3,
"type": "totp",
"otpkey": "12345678"
})
self.assertEqual(token_obj.type, "totp")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf",
serial=self.serial3,
application="luks",
options={
"slot": "1",
"partition": "/dev/sda1"
})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items on machine gandalf for application luks
with self.app.test_request_context(
'/machine/authitem/luks?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
slot = result["value"].get("luks")[0].get("slot")
self.assertEqual(slot, "1")
# fetch the auth_items on machine gandalf for application luks
with self.app.test_request_context(
'/machine/authitem/luks?hostname=gandalf&challenge=abcdef',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
slot = result["value"].get("luks")[0].get("slot")
self.assertEqual(slot, "1")
response = result["value"].get("luks")[0].get("response")
self.assertEqual(response,
"93235fc7d1d444d0ec014ea9eafcc44fc65b73eb")
def test_10_auth_items_ssh_ecdsa(self):
# create an SSH token
token_obj = init_token({
"serial": self.serial2,
"type": "sshkey",
"sshkey": SSHKEY_ecdsa
})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf",
serial=self.serial2,
application="ssh",
options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ecdsa-sha2-nistp256"), sshkey)
# fetch the auth_items for user testuser
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ecdsa-sha2-nistp256"), sshkey)
detach_token(self.serial2, application="ssh", hostname="gandalf")
remove_token(self.serial2)
def test_03_add_delete_option(self):
mt = attach_token(self.serial, "luks", hostname="gandalf")
self.assertEqual(mt.token.serial, self.serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
r = add_option(serial=self.serial, application="luks",
hostname="gandalf", options={"option1": "value1",
"option2": "value2"})
self.assertEqual(r, 2)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 2)
r = delete_option(serial=self.serial, application="luks",
hostname="gandalf", key="option1")
self.assertEqual(r, 1)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 1)
def test_03_add_delete_option(self):
mt = attach_token(self.serial, "luks", hostname="gandalf")
self.assertEqual(mt.token.serial, self.serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
r = add_option(serial=self.serial, application="luks",
hostname="gandalf", options={"option1": "value1",
"option2": "value2"})
self.assertEqual(r, 2)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 2)
r = delete_option(serial=self.serial, application="luks",
hostname="gandalf", key="option1")
self.assertEqual(r, 1)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 1)
def test_11_auth_items_luks(self):
# create TOTP/Yubikey token
token_obj = init_token({"serial": self.serial3, "type": "totp",
"otpkey": "12345678"})
self.assertEqual(token_obj.type, "totp")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial3,
application="luks", options={"slot": "1",
"partition": "/dev/sda1"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items on machine gandalf for application luks
with self.app.test_request_context(
'/machine/authitem/luks?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
slot = result["value"].get("luks")[0].get("slot")
self.assertEqual(slot, "1")
# fetch the auth_items on machine gandalf for application luks
with self.app.test_request_context(
'/machine/authitem/luks?hostname=gandalf&challenge=abcdef',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
slot = result["value"].get("luks")[0].get("slot")
self.assertEqual(slot, "1")
response = result["value"].get("luks")[0].get("response")
self.assertEqual(response,
"93235fc7d1d444d0ec014ea9eafcc44fc65b73eb")
def test_03_add_delete_option(self):
mt = attach_token(self.serial, "luks", hostname="gandalf")
self.assertEqual(mt.token.serial, self.serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
r = add_option(serial=self.serial,
application="luks",
hostname="gandalf",
options={
"option1": "value1",
"option2": "valü2"
})
self.assertEqual(r, 2)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 2)
for option in option_list:
if option.mt_key == "option1":
self.assertEqual(option.mt_value, "value1")
elif option.mt_key == "option2":
self.assertEqual(option.mt_value, u"valü2")
else:
self.fail("Unspecified Option! {0!s}".format(option.mt_key))
r = delete_option(serial=self.serial,
application="luks",
hostname="gandalf",
key="option1")
self.assertEqual(r, 1)
# The options are accessible via the Token!!!
tok = get_tokens(serial=self.serial)[0]
option_list = tok.token.machine_list[0].option_list
self.assertEqual(len(option_list), 1)
def test_10_auth_items_ssh(self):
# create an SSH token
token_obj = init_token({"serial": self.serial2, "type": "sshkey",
"sshkey": SSHKEY})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf", serial=self.serial2,
application="ssh", options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch the auth_items for user testuser
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch auth_items for testuser, but with mangle policy
# Remove everything that sounds like "SOMETHING\" in front of
# the username
set_policy(name="mangle1", scope=SCOPE.AUTH,
action="{0!s}=user/.*\\\\(.*)/\\1/".format(ACTION.MANGLE))
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=DOMAIN\\testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
delete_policy("mangle1")
# Now that the policy is deleted, we will not get the auth_items
# anymore, since the username is not mangled.
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=DOMAIN\\testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertEqual(result["status"], True)
sshkeys = result["value"].get("ssh")
# No user DOMAIN\\testuser and no SSH keys
self.assertFalse(sshkeys)
# fetch the auth_items on machine gandalf for all applications
with self.app.test_request_context(
'/machine/authitem?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
def test_10_auth_items_ssh_rsa(self):
# create an SSH token
token_obj = init_token({
"serial": self.serial2,
"type": "sshkey",
"sshkey": SSHKEY
})
self.assertEqual(token_obj.type, "sshkey")
# Attach the token to the machine "gandalf" with the application SSH
r = attach_token(hostname="gandalf",
serial=self.serial2,
application="ssh",
options={"user": "******"})
self.assertEqual(r.machine_id, "192.168.0.1")
# fetch the auth_items for application SSH on machine gandalf
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch the auth_items for user testuser
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
# fetch auth_items for testuser, but with mangle policy
# Remove everything that sounds like "SOMETHING\" in front of
# the username
set_policy(name="mangle1",
scope=SCOPE.AUTH,
action="{0!s}=user/.*\\\\(.*)/\\1/".format(ACTION.MANGLE))
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=DOMAIN\\testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
delete_policy("mangle1")
# Now that the policy is deleted, we will not get the auth_items
# anymore, since the username is not mangled.
with self.app.test_request_context(
'/machine/authitem/ssh?hostname=gandalf&user=DOMAIN\\testuser',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
self.assertEqual(result["status"], True)
sshkeys = result["value"].get("ssh")
# No user DOMAIN\\testuser and no SSH keys
self.assertFalse(sshkeys)
# fetch the auth_items on machine gandalf for all applications
with self.app.test_request_context(
'/machine/authitem?hostname=gandalf',
method='GET',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = res.json.get("result")
sshkey = result["value"].get("ssh")[0].get("sshkey")
self.assertTrue(sshkey.startswith("ssh-rsa"), sshkey)
detach_token(self.serial2, application="ssh", hostname="gandalf")
remove_token(self.serial2)
def test_08_get_webui_settings(self):
# Test that a machine definition will return offline hashes
self.setUp_user_realms()
serial = "offline01"
tokenobject = init_token({
"serial": serial,
"type": "hotp",
"otpkey": "3132333435363738393031"
"323334353637383930",
"pin": "offline",
"user": "******"
})
# Set the Machine and MachineToken
resolver1 = save_resolver({
"name": "reso1",
"type": "hosts",
"filename": HOSTSFILE
})
mt = attach_token(serial, "offline", hostname="gandalf")
self.assertEqual(mt.token.serial, serial)
self.assertEqual(mt.token.machine_list[0].machine_id, "192.168.0.1")
# The request with an OTP value and a PIN of a user, who has not
# token assigned
builder = EnvironBuilder(method='POST', data={}, headers={})
env = builder.get_environ()
env["REMOTE_ADDR"] = "192.168.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"user": "******", "pass": "******"}
res = {
"jsonrpc": "2.0",
"result": {
"status": True,
"value": {
"role": "user",
"username": "******"
}
},
"version": "privacyIDEA test",
"detail": {
"serial": serial
},
"id": 1
}
resp = Response(json.dumps(res))
new_response = get_webui_settings(req, resp)
jresult = json.loads(new_response.data)
self.assertEqual(
jresult.get("result").get("value").get("token_wizard"), False)
# Set a policy. User has not token, so "token_wizard" will be True
set_policy(name="pol_wizard",
scope=SCOPE.WEBUI,
action=ACTION.TOKENWIZARD)
g.policy_object = PolicyClass()
new_response = get_webui_settings(req, resp)
jresult = json.loads(new_response.data)
self.assertEqual(
jresult.get("result").get("value").get("token_wizard"), True)
delete_policy("pol_wizard")