def test_auth_okta_step3_negative():
"""Authentication by OKTA step3 negative test case."""
authenticator = 'https://testsso.snowflake.net/'
application = 'testapplication'
account = 'testaccount'
user = '******'
password = '******'
service_name = ''
ref_sso_url = 'https://testsso.snowflake.net/sso'
ref_token_url = 'https://testsso.snowflake.net/token'
rest = _init_rest(ref_sso_url, ref_token_url)
auth = AuthByOkta(rest, application)
# step 1
headers, sso_url, token_url = auth._step1(authenticator, service_name,
account, user)
# step 2
auth._step2(authenticator, sso_url, token_url)
assert not rest._connection.errorhandler.called # no error
# step 3: authentication by IdP failed.
def fake_fetch(method, full_url, headers, **kwargs):
return {
'failed': 'auth failed',
}
rest.fetch = fake_fetch
_ = auth._step3(headers, token_url, user, password)
assert rest._connection.errorhandler.called # auth failure error
def test_auth_okta_step5_negative():
"""
Authentication by OKTA step5 negative test case
"""
authenticator = 'https://testsso.snowflake.net/'
application = 'testapplication'
account = 'testaccount'
user = '******'
password = '******'
service_name = ''
ref_sso_url = 'https://testsso.snowflake.net/sso'
ref_token_url = 'https://testsso.snowflake.net/token'
rest = _init_rest(ref_sso_url, ref_token_url)
auth = AuthByOkta(rest, application)
# step 1
headers, sso_url, token_url = auth._step1(authenticator, service_name,
account, user)
assert not rest._connection.errorhandler.called # no error
# step 2
auth._step2(authenticator, sso_url, token_url)
assert not rest._connection.errorhandler.called # no error
# step 3
ref_one_time_token = '1token1'
def fake_fetch(method, full_url, headers, **kwargs):
return {
'cookieToken': ref_one_time_token,
}
rest.fetch = fake_fetch
one_time_token = auth._step3(headers, token_url, user, password)
assert not rest._connection.errorhandler.called # no error
# step 4
# HTML includes invalid account name
ref_response_html = '''
<html><body>
<form action="https://invalidtestaccount.snowflakecomputing.com/post_back
"></form>
</body></body></html>
'''
def fake_fetch(method, full_url, headers, **kwargs):
return ref_response_html
rest.fetch = fake_fetch
response_html = auth._step4(one_time_token, sso_url)
assert response_html == ref_response_html
# step 5
rest._protocol = 'https'
rest._host = '{account}.snowflakecomputing.com'.format(account=account)
rest._port = 443
auth._step5(ref_response_html)
assert rest._connection.errorhandler.called # error
def test_auth_okta():
"""Authentication by OKTA positive test case."""
authenticator = "https://testsso.snowflake.net/"
application = "testapplication"
account = "testaccount"
user = "******"
password = "******"
service_name = ""
ref_sso_url = "https://testsso.snowflake.net/sso"
ref_token_url = "https://testsso.snowflake.net/token"
rest = _init_rest(ref_sso_url, ref_token_url)
auth = AuthByOkta(rest, application)
# step 1
headers, sso_url, token_url = auth._step1(authenticator, service_name,
account, user)
assert not rest._connection.errorhandler.called # no error
assert headers.get("accept") is not None
assert headers.get("Content-Type") is not None
assert headers.get("User-Agent") is not None
assert sso_url == ref_sso_url
assert token_url == ref_token_url
# step 2
auth._step2(authenticator, sso_url, token_url)
assert not rest._connection.errorhandler.called # no error
# step 3
ref_one_time_token = "1token1"
def fake_fetch(method, full_url, headers, **kwargs):
return {
"cookieToken": ref_one_time_token,
}
rest.fetch = fake_fetch
one_time_token = auth._step3(headers, token_url, user, password)
assert not rest._connection.errorhandler.called # no error
assert one_time_token == ref_one_time_token
# step 4
ref_response_html = """
<html><body>
<form action="https://testaccount.snowflakecomputing.com/post_back"></form>
</body></body></html>
"""
def fake_fetch(method, full_url, headers, **kwargs):
return ref_response_html
rest.fetch = fake_fetch
response_html = auth._step4(one_time_token, sso_url)
assert response_html == response_html
# step 5
rest._protocol = "https"
rest._host = "{account}.snowflakecomputing.com".format(account=account)
rest._port = 443
auth._step5(ref_response_html)
assert not rest._connection.errorhandler.called # no error
assert ref_response_html == auth._saml_response
def test_auth_okta():
"""
Authentication by OKTA positive test case
"""
authenticator = 'https://testsso.snowflake.net/'
application = 'testapplication'
account = 'testaccount'
user = '******'
password = '******'
ref_sso_url = 'https://testsso.snowflake.net/sso'
ref_token_url = 'https://testsso.snowflake.net/token'
rest = _init_rest(ref_sso_url, ref_token_url)
auth = AuthByOkta(rest, application)
# step 1
headers, sso_url, token_url = auth._step1(authenticator, account, user)
assert not rest._connection.errorhandler.called # no error
assert headers.get('accept') is not None
assert headers.get('Content-Type') is not None
assert headers.get('User-Agent') is not None
assert sso_url == ref_sso_url
assert token_url == ref_token_url
# step 2
auth._step2(authenticator, sso_url, token_url)
assert not rest._connection.errorhandler.called # no error
# step 3
ref_one_time_token = '1token1'
def fake_fetch(method, full_url, headers, **kwargs):
return {
'cookieToken': ref_one_time_token,
}
rest.fetch = fake_fetch
one_time_token = auth._step3(headers, token_url, user, password)
assert not rest._connection.errorhandler.called # no error
assert one_time_token == ref_one_time_token
# step 4
ref_response_html = '''
<html><body>
<form action="https://testaccount.snowflakecomputing.com/post_back"></form>
</body></body></html>
'''
def fake_fetch(method, full_url, headers, **kwargs):
return ref_response_html
rest.fetch = fake_fetch
response_html = auth._step4(one_time_token, sso_url)
assert response_html == response_html
# step 5
rest._protocol = 'https'
rest._host = '{account}.snowflakecomputing.com'.format(account=account)
rest._port = 443
auth._step5(ref_response_html)
assert not rest._connection.errorhandler.called # no error
assert ref_response_html == auth._saml_response