def test_webauthn_wait(self):
webauthn = factor.WebauthnFactor("foobar")
# Mock out the webauthn device
mock_device = mock.MagicMock(name="mock_device")
webauthn._get_devices = mock.MagicMock(name="_get_devices")
webauthn._get_devices.return_value = [
None,
None,
None,
None,
mock_device,
].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name="mock_client")
webauthn._get_client = mock.MagicMock(name="_get_client")
webauthn._get_client.return_value = mock_client
assertions = [dotdict({"auth_data": b"foo", "signature": b"bar"})]
client_data = b"baz"
mock_client.get_assertion.return_value = (assertions, client_data)
# Mock call to Okta API
webauthn._request = mock.MagicMock(name="_request")
webauthn._request.side_effect = [
CHALLENGE_RESPONSE,
SUCCESS_RESPONSE,
]
# Run code
ret = webauthn.verify("123", "XXXTOKENXXX", 0.1)
# Check results
self.assertEqual(ret, SUCCESS_RESPONSE)
def test_unexpected_status(self):
webauthn = factor.WebauthnFactor("foobar")
# Mock out the webauthn device
mock_device = mock.MagicMock(name="mock_device")
webauthn._get_devices = mock.MagicMock(name="_get_devices")
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name="mock_client")
webauthn._get_client = mock.MagicMock(name="_get_client")
webauthn._get_client.return_value = mock_client
mock_client.sign.return_value = {
"clientData": "foo",
"signatureData": "bar"
}
# Mock call to Okta API
webauthn._request = mock.MagicMock(name="_request")
webauthn._request.side_effect = [
SUCCESS_RESPONSE,
]
# Run code
with self.assertRaises(factor.FactorVerificationFailed):
ret = webauthn.verify("123", "XXXTOKENXXX", 0.1)
self.assertEqual(ret, REJECTED_RESPONSE)
def test_webauthn_client_error(self):
webauthn = factor.WebauthnFactor("foobar")
# Mock out the webauthn device
mock_device = mock.MagicMock(name="mock_device")
webauthn._get_devices = mock.MagicMock(name="_get_devices")
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name="mock_client")
webauthn._get_client = mock.MagicMock(name="_get_client")
webauthn._get_client.return_value = mock_client
mock_client.get_assertion.side_effect = fido2.client.ClientError(4)
# Mock call to Okta API
webauthn._request = mock.MagicMock(name="_request")
webauthn._request.side_effect = [CHALLENGE_RESPONSE]
# Run code
with self.assertRaises(factor.FactorVerificationFailed):
webauthn.verify("123", "XXXTOKENXXX", 0.1)
# Check results
webauthn._get_client.assert_called_once_with(
mock_device, "https://foobar"
".okta.com")
calls = [
mock.call("/authn/factors/123/verify", {
"fid": "123",
"stateToken": "XXXTOKENXXX"
})
]
webauthn._request.assert_has_calls(calls)
def test_webauthn_client_error(self):
webauthn = factor.WebauthnFactor('foobar')
# Mock out the webauthn device
mock_device = mock.MagicMock(name='mock_device')
webauthn._get_devices = mock.MagicMock(name='_get_devices')
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name='mock_client')
webauthn._get_client = mock.MagicMock(name='_get_client')
webauthn._get_client.return_value = mock_client
mock_client.get_assertion.side_effect = fido2.client.ClientError(4)
# Mock call to Okta API
webauthn._request = mock.MagicMock(name='_request')
webauthn._request.side_effect = [CHALLENGE_RESPONSE]
# Run code
with self.assertRaises(factor.FactorVerificationFailed):
webauthn.verify('123', 'XXXTOKENXXX', 0.1)
# Check results
webauthn._get_client.assert_called_once_with(
mock_device, 'https://foobar'
'.okta.com')
calls = [
mock.call('/authn/factors/123/verify', {
'fid': '123',
'stateToken': 'XXXTOKENXXX'
})
]
webauthn._request.assert_has_calls(calls)
def test_webauthn_wait(self):
webauthn = factor.WebauthnFactor('foobar')
# Mock out the webauthn device
mock_device = mock.MagicMock(name='mock_device')
webauthn._get_devices = mock.MagicMock(name='_get_devices')
webauthn._get_devices.return_value = [
None, None, None, None, mock_device
].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name='mock_client')
webauthn._get_client = mock.MagicMock(name='_get_client')
webauthn._get_client.return_value = mock_client
assertions = [dotdict({'auth_data': b'foo', 'signature': b'bar'})]
client_data = b'baz'
mock_client.get_assertion.return_value = (assertions, client_data)
# Mock call to Okta API
webauthn._request = mock.MagicMock(name='_request')
webauthn._request.side_effect = [
CHALLENGE_RESPONSE,
SUCCESS_RESPONSE,
]
# Run code
ret = webauthn.verify('123', 'XXXTOKENXXX', 0.1)
# Check results
self.assertEqual(ret, SUCCESS_RESPONSE)
def test_webauthn_success(self):
webauthn = factor.WebauthnFactor("foobar")
# Mock out the webauthn device
mock_device = mock.MagicMock(name="mock_device")
webauthn._get_devices = mock.MagicMock(name="_get_devices")
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name="mock_client")
webauthn._get_client = mock.MagicMock(name="_get_client")
webauthn._get_client.return_value = mock_client
assertions = [dotdict({"auth_data": b"foo", "signature": b"bar"})]
client_data = b"baz"
mock_client.get_assertion.return_value = (assertions, client_data)
# Mock call to Okta API
webauthn._request = mock.MagicMock(name="_request")
webauthn._request.side_effect = [
CHALLENGE_RESPONSE,
SUCCESS_RESPONSE,
]
# Run code
ret = webauthn.verify("123", "XXXTOKENXXX", 0.1)
# Check results
self.assertEqual(ret, SUCCESS_RESPONSE)
webauthn._get_client.assert_called_once_with(
mock_device, "https://foobar"
".okta.com")
allow_list = [{"type": "public-key", "id": CREDENTIAL_ID_STR}]
options = PublicKeyCredentialRequestOptions(
challenge=NONCE_STR,
rp_id="foobar.okta.com",
allow_credentials=allow_list)
mock_client.get_assertion.assert_called_once_with(options)
calls = [
mock.call("/authn/factors/123/verify", {
"fid": "123",
"stateToken": "XXXTOKENXXX"
}),
mock.call(
"/authn/factors/123/verify",
{
"stateToken": "XXXTOKENXXX",
"clientData": "YmF6",
"signatureData": "YmFy",
"authenticatorData": "Zm9v",
},
),
]
webauthn._request.assert_has_calls(calls)
def test_webauthn_success(self):
webauthn = factor.WebauthnFactor('foobar')
# Mock out the webauthn device
mock_device = mock.MagicMock(name='mock_device')
webauthn._get_devices = mock.MagicMock(name='_get_devices')
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name='mock_client')
webauthn._get_client = mock.MagicMock(name='_get_client')
webauthn._get_client.return_value = mock_client
assertions = [dotdict({'auth_data': b'foo', 'signature': b'bar'})]
client_data = b'baz'
mock_client.get_assertion.return_value = (assertions, client_data)
# Mock call to Okta API
webauthn._request = mock.MagicMock(name='_request')
webauthn._request.side_effect = [
CHALLENGE_RESPONSE,
SUCCESS_RESPONSE,
]
# Run code
ret = webauthn.verify('123', 'XXXTOKENXXX', 0.1)
# Check results
self.assertEqual(ret, SUCCESS_RESPONSE)
webauthn._get_client.assert_called_once_with(
mock_device, 'https://foobar'
'.okta.com')
allow_list = [{'type': 'public-key', 'id': CREDENTIAL_ID_STR}]
options = PublicKeyCredentialRequestOptions(
challenge=NONCE_STR,
rp_id='foobar.okta.com',
allow_credentials=allow_list)
mock_client.get_assertion.assert_called_once_with(options)
calls = [
mock.call('/authn/factors/123/verify', {
'fid': '123',
'stateToken': 'XXXTOKENXXX'
}),
mock.call(
'/authn/factors/123/verify', {
'stateToken': 'XXXTOKENXXX',
'clientData': 'YmF6',
'signatureData': 'YmFy',
'authenticatorData': 'Zm9v'
})
]
webauthn._request.assert_has_calls(calls)
def test_webauthn_rejected(self):
webauthn = factor.WebauthnFactor("foobar")
# Mock out the webauthn device
mock_device = mock.MagicMock(name="mock_device")
webauthn._get_devices = mock.MagicMock(name="_get_devices")
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name="mock_client")
webauthn._get_client = mock.MagicMock(name="_get_client")
webauthn._get_client.return_value = mock_client
# Mock call to Okta API
webauthn._request = mock.MagicMock(name="_request")
webauthn._request.side_effect = [
CHALLENGE_RESPONSE,
REJECTED_RESPONSE,
]
assertions = [dotdict({"auth_data": b"foo", "signature": b"bar"})]
client_data = b"baz"
mock_client.get_assertion.return_value = (assertions, client_data)
# Run code
with self.assertRaises(factor.FactorVerificationFailed):
ret = webauthn.verify("123", "XXXTOKENXXX", 0.1)
self.assertEqual(ret, REJECTED_RESPONSE)
# Check results
webauthn._get_client.assert_called_once_with(
mock_device, "https://foobar."
"okta.com")
calls = [
mock.call("/authn/factors/123/verify", {
"fid": "123",
"stateToken": "XXXTOKENXXX"
}),
mock.call(
"/authn/factors/123/verify",
{
"stateToken": "XXXTOKENXXX",
"clientData": "YmF6",
"signatureData": "YmFy",
"authenticatorData": "Zm9v",
},
),
]
webauthn._request.assert_has_calls(calls)
def test_webauthn_rejected(self):
webauthn = factor.WebauthnFactor('foobar')
# Mock out the webauthn device
mock_device = mock.MagicMock(name='mock_device')
webauthn._get_devices = mock.MagicMock(name='_get_devices')
webauthn._get_devices.return_value = [mock_device].__iter__()
# Mock out webauthn client
mock_client = mock.MagicMock(name='mock_client')
webauthn._get_client = mock.MagicMock(name='_get_client')
webauthn._get_client.return_value = mock_client
# Mock call to Okta API
webauthn._request = mock.MagicMock(name='_request')
webauthn._request.side_effect = [
CHALLENGE_RESPONSE,
REJECTED_RESPONSE,
]
assertions = [dotdict({'auth_data': b'foo', 'signature': b'bar'})]
client_data = b'baz'
mock_client.get_assertion.return_value = (assertions, client_data)
# Run code
with self.assertRaises(factor.FactorVerificationFailed):
ret = webauthn.verify('123', 'XXXTOKENXXX', 0.1)
self.assertEqual(ret, REJECTED_RESPONSE)
# Check results
webauthn._get_client.assert_called_once_with(
mock_device, 'https://foobar.'
'okta.com')
calls = [
mock.call('/authn/factors/123/verify', {
'fid': '123',
'stateToken': 'XXXTOKENXXX'
}),
mock.call(
'/authn/factors/123/verify', {
'stateToken': 'XXXTOKENXXX',
'clientData': 'YmF6',
'signatureData': 'YmFy',
'authenticatorData': 'Zm9v'
})
]
webauthn._request.assert_has_calls(calls)
def test_push_name(self):
webauthn = factor.WebauthnFactor("foobar")
self.assertEqual("webauthn", webauthn.name())
def test_push_name(self):
webauthn = factor.WebauthnFactor('foobar')
self.assertEqual('webauthn', webauthn.name())
