def test_04_do_request_success(self):
radiusmock.setdata(success=True)
set_privacyidea_config("radius.dictfile", DICT_FILE)
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = RadiusTokenClass(db_token)
otpcount = token.check_otp("123456")
self.assertTrue(otpcount >= 0, otpcount)
def test_05_RADIUS_request(self):
radiusmock.setdata(success=True, timeout=True)
r = add_radius(identifier="myserver", server="1.2.3.4",
secret="testing123", dictionary=DICT_FILE)
self.assertTrue(r > 0)
radius = get_radius("myserver")
# A timeout will return false
r = RADIUSServer.request(radius.config, "user", "password")
self.assertEqual(r, False)
def test_09_authenticate_radius_pin(self):
radiusmock.setdata(success=True)
db_token = Token.query.filter(Token.serial == self.serial2).first()
token = RadiusTokenClass(db_token)
token.set_pin("")
r = token.authenticate("radiusPIN123456")
self.assertTrue(r[0], r)
self.assertTrue(r[1] >= 0, r)
self.assertTrue(r[2].get("message") == "matching 1 tokens", r)
def test_05_RADIUS_request(self):
radiusmock.setdata(success=True, timeout=True)
r = add_radius(identifier="myserver", server="1.2.3.4",
secret="testing123", dictionary=DICT_FILE)
self.assertTrue(r > 0)
radius = get_radius("myserver")
# A timeout will return false
r = RADIUSServer.request(radius.config, "user", "password")
self.assertEqual(r, False)
def test_11_RADIUS_request(self):
set_privacyidea_config("radius.dictfile", DICT_FILE)
radiusmock.setdata(success=True)
r = add_radius(identifier="myserver", server="1.2.3.4",
secret="testing123", dictionary=DICT_FILE)
self.assertTrue(r > 0)
token = init_token({"type": "radius",
"radius.identifier": "myserver",
"radius.user": "******"})
r = token.authenticate("radiuspassword")
self.assertEqual(r[0], True)
self.assertEqual(r[1], 0)
self.assertEqual(r[2].get("message"), "matching 1 tokens")
def test_10_authenticate_system_radius_settings(self):
set_privacyidea_config("radius.server", "my.other.radiusserver:1812")
set_privacyidea_config("radius.secret", "testing123")
radiusmock.setdata(success=True)
token = init_token({"type": "radius",
"radius.system_settings": True,
"radius.user": "******",
"radius.server": "",
"radius.secret": ""})
r = token.authenticate("radiuspassword")
self.assertEqual(r[0], True)
self.assertEqual(r[1], 0)
self.assertEqual(r[2].get("message"), "matching 1 tokens")
def test_08_authenticate_local_pin(self):
radiusmock.setdata(success=True)
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = RadiusTokenClass(db_token)
# wrong PIN
r = token.authenticate("wrong"+"123456")
self.assertFalse(r[0], r)
self.assertTrue(r[1] == -1, r)
self.assertTrue(r[2].get("message") == "Wrong PIN", r)
# right PIN
r = token.authenticate(self.otppin+"123456")
self.assertTrue(r[0], r)
self.assertTrue(r[1] >= 0, r)
self.assertTrue(r[2].get("message") == "matching 1 tokens", r)
def test_02_send_test_email(self):
set_privacyidea_config("radius.dictfile", DICT_FILE)
radiusmock.setdata(success=True)
with self.app.test_request_context('/radiusserver/test_request',
method='POST',
data={"identifier": "someServer",
"secret": "secret",
"port": "1812",
"server": "1.2.3.4",
"dictionary": DICT_FILE,
"username": "******",
"password": "******"},
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_02_send_test_email(self):
set_privacyidea_config("radius.dictfile", DICT_FILE)
radiusmock.setdata(success=True)
with self.app.test_request_context('/radiusserver/test_request',
method='POST',
data={"identifier": "someServer",
"secret": "secret",
"port": "1812",
"server": "1.2.3.4",
"dictionary": DICT_FILE,
"username": "******",
"password": "******"},
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
data = json.loads(res.data)
self.assertEqual(data.get("result").get("value"), True)
def test_06_test_radius(self):
radiusmock.setdata(success=False)
r = test_radius(identifier="myserver", server="1.2.3.4",
user="******", password="******",
secret="testing123", dictionary=DICT_FILE)
self.assertFalse(r)
radiusmock.setdata(success=True)
r = test_radius(identifier="myserver", server="1.2.3.4",
user="******", password="******",
secret="testing123", dictionary=DICT_FILE)
self.assertTrue(r)
# raises error on long secrets
self.assertRaises(privacyIDEAError,
test_radius,
identifier="myserver", server="1.2.3.4",
user="******", password="******",
secret="x" * 96, dictionary=DICT_FILE)
def test_06_passthru(self):
user = User("cornelius", realm="r1")
passw = "test"
options = {}
# A user with no tokens will fail to authenticate
self.assertEqual(get_tokens(user=user, count=True), 0)
rv = auth_user_passthru(check_user_pass, user, passw, options)
self.assertFalse(rv[0])
self.assertEqual(rv[1].get("message"),
"The user has no tokens assigned")
# Now we set a PASSTHRU policy, so that the user may authenticate
# against his userstore (old style)
set_policy(name="pol1", scope=SCOPE.AUTH, action=ACTION.PASSTHRU)
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(
rv[1].get("message"),
u"The user authenticated against his userstore "
u"according to policy 'pol1'.")
# Now set a PASSTHRU policy to the userstore (new style)
set_policy(name="pol1",
scope=SCOPE.AUTH,
action="{0!s}=userstore".format(ACTION.PASSTHRU))
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(
rv[1].get("message"),
u"The user authenticated against his userstore "
u"according to policy 'pol1'.")
# Now set a PASSTHRU policy to a RADIUS config (new style)
radiusmock.setdata(success=True)
set_policy(name="pol1",
scope=SCOPE.AUTH,
action="{0!s}=radiusconfig1".format(ACTION.PASSTHRU))
r = add_radius("radiusconfig1",
"1.2.3.4",
"testing123",
dictionary=DICT_FILE)
self.assertTrue(r > 0)
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(
rv[1].get("message"),
u"The user authenticated against the RADIUS server "
u"radiusconfig1 according to policy 'pol1'.")
# Now assign a token to the user. If the user has a token and the
# passthru policy is set, the user must not be able to authenticate
# with his userstore password.
init_token({
"serial": "PTHRU",
"type": "spass",
"pin": "Hallo"
},
user=user)
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertFalse(rv[0])
self.assertEqual(rv[1].get("message"), "wrong otp pin")
remove_token("PTHRU")
delete_policy("pol1")
def test_05_do_request_fail(self):
radiusmock.setdata(success=False)
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = RadiusTokenClass(db_token)
otpcount = token.check_otp("123456")
self.assertTrue(otpcount == -1, otpcount)
def test_06_passthru(self):
user = User("cornelius", realm="r1")
passw = "test"
options = {}
# A user with no tokens will fail to authenticate
self.assertEqual(get_tokens(user=user, count=True), 0)
rv = auth_user_passthru(check_user_pass, user, passw, options)
self.assertFalse(rv[0])
self.assertEqual(rv[1].get("message"),
"The user has no tokens assigned")
# Now we set a PASSTHRU policy, so that the user may authenticate
# against his userstore (old style)
set_policy(name="pol1",
scope=SCOPE.AUTH,
action=ACTION.PASSTHRU)
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw,
options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"The user authenticated against his userstore "
u"according to policy 'pol1'.")
# Now set a PASSTHRU policy to the userstore (new style)
set_policy(name="pol1",
scope=SCOPE.AUTH,
action="%s=userstore" % ACTION.PASSTHRU)
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw,
options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"The user authenticated against his userstore "
u"according to policy 'pol1'.")
# Now set a PASSTHRU policy to a RADIUS config (new style)
radiusmock.setdata(success=True)
set_policy(name="pol1",
scope=SCOPE.AUTH,
action="%s=radiusconfig1" % ACTION.PASSTHRU)
r = add_radius("radiusconfig1", "1.2.3.4", "testing123",
dictionary=DICT_FILE)
self.assertTrue(r > 0)
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw,
options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"The user authenticated against the RADIUS server "
u"radiusconfig1 according to policy 'pol1'.")
# Now assign a token to the user. If the user has a token and the
# passthru policy is set, the user must not be able to authenticate
# with his userstore password.
init_token({"serial": "PTHRU",
"type": "spass", "pin": "Hallo"},
user=user)
rv = auth_user_passthru(check_user_pass, user, passw,
options=options)
self.assertFalse(rv[0])
self.assertEqual(rv[1].get("message"), "wrong otp pin")
remove_token("PTHRU")
delete_policy("pol1")
def test_13_passthru_priorities(self):
user = User("cornelius", realm="r1")
passw = "test"
options = {}
# remove all tokens of cornelius
remove_token(user=user)
# A user with no tokens will fail to authenticate
self.assertEqual(get_tokens(user=user, count=True), 0)
rv = auth_user_passthru(check_user_pass, user, passw, options)
self.assertFalse(rv[0])
self.assertEqual(rv[1].get("message"),
"The user has no tokens assigned")
# Now set a PASSTHRU policy to the userstore
set_policy(name="pol1",
scope=SCOPE.AUTH,
action="{0!s}=userstore".format(ACTION.PASSTHRU))
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"against userstore due to 'pol1'")
# Now add a PASSTHRU policy to a RADIUS config
radiusmock.setdata(success=True)
set_policy(name="pol2",
scope=SCOPE.AUTH,
action="{0!s}=radiusconfig1".format(ACTION.PASSTHRU))
r = add_radius("radiusconfig1",
"1.2.3.4",
"testing123",
dictionary=DICT_FILE)
self.assertTrue(r > 0)
g = FakeFlaskG()
g.policy_object = PolicyClass()
options = {"g": g}
# They will conflict, because they use the same priority
with self.assertRaises(PolicyError):
auth_user_passthru(check_user_pass, user, passw, options=options)
# Lower pol1 priority
set_policy(name="pol1", priority=2)
g.policy_object.reload_from_db()
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"against RADIUS server radiusconfig1 due to 'pol2'")
# Lower pol2 priority
set_policy(name="pol2", priority=3)
g.policy_object.reload_from_db()
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"against userstore due to 'pol1'")
# Add old style priority
set_policy(name="pol3", scope=SCOPE.AUTH, action=ACTION.PASSTHRU)
g.policy_object.reload_from_db()
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertTrue(rv[0])
self.assertEqual(rv[1].get("message"),
u"against userstore due to 'pol3'")
set_policy(name="pol3", priority=2)
g.policy_object.reload_from_db()
# They will conflict, because they use the same priority
with self.assertRaises(PolicyError):
auth_user_passthru(check_user_pass, user, passw, options=options)
delete_policy("pol3")
g.policy_object.reload_from_db()
# Now assign a token to the user. If the user has a token and the
# passthru policy is set, the user must not be able to authenticate
# with his userstore password.
init_token({
"serial": "PTHRU",
"type": "spass",
"pin": "Hallo"
},
user=user)
rv = auth_user_passthru(check_user_pass, user, passw, options=options)
self.assertFalse(rv[0])
self.assertEqual(rv[1].get("message"), "wrong otp pin")
remove_token("PTHRU")
delete_policy("pol1")
delete_policy("pol2")
