def test_02_authenticate_offline(self):
responses.add(responses.POST,
"http://my.privacyidea.server/validate/check",
body=json.dumps(SUCCESS_BODY),
content_type="application/json")
pamh = PAMH("cornelius", "test100001", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# Authenticate the second time offline
pamh = PAMH("cornelius", "test100002", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_05_two_tokens(self):
# Save some values to the database
r = save_auth_item(
SQLFILE, "cornelius", "TOK001", "HOTP",
{"offline": [{
"username": "******",
"response": RESP
}]})
r = save_auth_item(
SQLFILE, "cornelius", "TOK002", "HOTP",
{"offline": [{
"username": "******",
"response": RESP2
}]})
pamh = PAMH("cornelius", "test100001", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# An older OTP value of the first token is deleted
pamh = PAMH("cornelius", "test100000", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertNotEqual(r, PAMH.PAM_SUCCESS)
# An older value with another token can authenticate!
pamh = PAMH("cornelius", "TEST100000", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_04_authenticate_offline(self):
# and authenticate offline again.
pamh = PAMH("cornelius", "test100000")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertTrue(r)
def test_05_two_tokens(self):
# Save some values to the database
r = save_auth_item(SQLFILE,
"cornelius",
"TOK001",
"HOTP",
{"offline": [{"username": "******",
"response": RESP}
]
})
r = save_auth_item(SQLFILE,
"cornelius",
"TOK002",
"HOTP",
{"offline": [{"username": "******",
"response": RESP2}
]
})
pamh = PAMH("cornelius", "test100001")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# An older OTP value of the first token is deleted
pamh = PAMH("cornelius", "test100000")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertNotEqual(r, PAMH.PAM_SUCCESS)
# An older value with another token can authenticate!
pamh = PAMH("cornelius", "TEST100000")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_08_user_filtering(self):
# Authenticator will return PAM_AUTHINFO_UNAVAIL as user not in list
pamh = PAMH("cornelius", "test100007", "192.168.0.1", False)
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"users=cornelius2,cornelius3", "debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_AUTHINFO_UNAVAIL)
def test_04_authenticate_offline(self):
# and authenticate offline again.
pamh = PAMH("cornelius", "test100000", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_03_authenticate_online(self):
# authenticate online and fetch offline values
responses.add(responses.POST,
"http://my.privacyidea.server/validate/check",
body=json.dumps(SUCCESS_BODY),
content_type="application/json")
pamh = PAMH("cornelius", "test999999")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertTrue(r)
def test_02_authenticate_offline(self):
responses.add(responses.POST,
"http://my.privacyidea.server/validate/check",
body=json.dumps(SUCCESS_BODY),
content_type="application/json")
pamh = PAMH("cornelius", "test100001")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# Authenticate the second time offline
pamh = PAMH("cornelius", "test100002")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_03_authenticate_online(self):
# authenticate online and fetch offline values
responses.add(responses.GET,
"http://my.privacyidea.server/token",
body=json.dumps(USER_TOKEN_BODY),
content_type="application/json")
responses.add(responses.POST,
"http://my.privacyidea.server/validate/check",
body=json.dumps(SUCCESS_BODY),
content_type="application/json")
pamh = PAMH("cornelius", "test999999", "192.168.0.1")
flags = None
argv = [
"/path/privacyidea_pam.py", "url=http://my.privacyidea.server",
"users=cornelius,cornelius3", "debug",
"sqlfile=%s" % SQLFILE, "try_first_pass"
]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
def test_06_refill(self):
with responses.RequestsMock() as rsps:
# Get offline OTPs + refill token
rsps.add(responses.POST,
"http://my.privacyidea.server/validate/check",
body=json.dumps(SUCCESS_BODY),
content_type="application/json")
pamh = PAMH("cornelius", "test100000")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# OTP value not known yet, online auth does not work
pamh = PAMH("cornelius", "test100004")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertNotEqual(r, PAMH.PAM_SUCCESS)
# now with refill
with responses.RequestsMock() as rsps:
rsps.add(responses.POST,
"http://my.privacyidea.server/validate/offlinerefill",
body=json.dumps(REFILL_BODY),
content_type="application/json")
pamh = PAMH("cornelius", "test100001")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
self.assertIn('refilltoken=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
rsps.calls[0].request.body)
# authenticate with refilled
with responses.RequestsMock() as rsps:
pamh = PAMH("cornelius", "test100004")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertEqual(r, PAMH.PAM_SUCCESS)
# using new refill token
self.assertIn('refilltoken=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb',
rsps.calls[0].request.body)
# ... but not twice
pamh = PAMH("cornelius", "test100004")
flags = None
argv = ["url=http://my.privacyidea.server",
"sqlfile=%s" % SQLFILE,
"try_first_pass"]
r = pam_sm_authenticate(pamh, flags, argv)
self.assertNotEqual(r, PAMH.PAM_SUCCESS)