def test_05_two_tokens(self):
# Save some values to the database
r = save_auth_item(
SQLFILE, "cornelius", "TOK001", "HOTP",
{"offline": [{
"username": "******",
"response": RESP
}]})
r = save_auth_item(
SQLFILE, "cornelius", "TOK002", "HOTP",
{"offline": [{
"username": "******",
"response": RESP2
}]})
pamh = PAMH("cornelius", "test100001", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# An older OTP value of the first token is deleted
pamh = PAMH("cornelius", "test100000", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertNotEqual(r, PAMH.PAM_SUCCESS)
# An older value with another token can authenticate!
pamh = PAMH("cornelius", "TEST100000", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_05_two_tokens(self):
# Save some values to the database
r = save_auth_item(SQLFILE,
"cornelius",
"TOK001",
"HOTP",
{"offline": [{"username": "******",
"response": RESP}
]
})
r = save_auth_item(SQLFILE,
"cornelius",
"TOK002",
"HOTP",
{"offline": [{"username": "******",
"response": RESP2}
]
})
pamh = PAMH("cornelius", "test100001")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# An older OTP value of the first token is deleted
pamh = PAMH("cornelius", "test100000")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertNotEqual(r, PAMH.PAM_SUCCESS)
# An older value with another token can authenticate!
pamh = PAMH("cornelius", "TEST100000")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_01_check_offline_otp(self):
# Check with no entries in the database
r = check_offline_otp("cornelius", "test123456", SQLFILE)
self.assertFalse(r)
# Save some values to the database
r = save_auth_item(SQLFILE,
"cornelius",
"TOK001",
"HOTP",
{"offline": [{"username": "******",
"response": RESP}
]
})
r = check_offline_otp("cornelius", "test100000", SQLFILE)
self.assertTrue(r)
# Authenticating with the same value a second time, fails
r = check_offline_otp("cornelius", "test100000", SQLFILE)
self.assertFalse(r)
def test_01_check_offline_otp(self):
# Check with no entries in the database
r, matching_serial = check_offline_otp(SQLFILE, "cornelius",
"test123456")
self.assertEqual(r, PAMH.PAM_AUTH_ERR)
self.assertIsNone(matching_serial)
# Save some values to the database
r = save_auth_item(
SQLFILE, "cornelius", "TOK001", "HOTP",
{"offline": [{
"username": "******",
"response": RESP
}]})
r, matching_serial = check_offline_otp(SQLFILE, "cornelius",
"test100000")
self.assertEqual(r, PAMH.PAM_SUCCESS)
self.assertEqual(matching_serial, "TOK001")
# Authenticating with the same value a second time, fails
r, matching_serial = check_offline_otp(SQLFILE, "cornelius",
"test100000")
self.assertEqual(r, PAMH.PAM_AUTH_ERR)
self.assertIsNone(matching_serial)
