Esempi in Python per RadiusAuth

Esempio n. 1

 def test_auth_backup_no_backup_password(self):
     # The script should use the secret from the primary server if the password for the backup server is blank
     ra = RadiusAuth("127.0.0.1", self.secret, self.identifier, backup_server=self.server, backup_server_secret=None)
     
     result = ra.authenticate(self.username, self.password, update_user_info=False)
     
     self.assertTrue(result)

Esempio n. 2

 def test_get_roles_lookup_non_existent(self):
     
     ra = RadiusAuth()
     
     self.assertEqual(ra.user_roles_map, None)
     self.assertEqual(ra.getRolesFromLookup(username="******", file_path=os.path.join("non_existent_path", "roles_map.csv")), None)
     self.assertEqual(ra.user_roles_map, None)

Esempio n. 3

 def test_auth_invalid_password(self):
     
     ra = RadiusAuth(self.server, self.secret, self.identifier)
     
     result = ra.authenticate(self.username, "changeme", update_user_info=False)
     
     self.assertFalse(result)

Esempio n. 4

 def test_auth_backup(self):
     
     ra = RadiusAuth("127.0.0.1", b"invalid_password", self.identifier, backup_server=self.server, backup_server_secret=self.secret)
     
     result = ra.authenticate(self.username, self.password, update_user_info=False)
     
     self.assertTrue(result)

Esempio n. 5

 def test_split_roles_comma_delimited(self):
     
     ra = RadiusAuth()
     
     roles = ra.splitRoles("admin,power,user")
     
     self.assertEqual(sorted(roles), sorted(["admin", "power", "user"]))

Esempio n. 6

 def test_auth_auth_info_roles_override_caps_insensitive(self):
     
     roles = ["admin", "power", "can_delete"]
     
     roles_map_file_path = self.write_auth_csv(self.username.upper(), roles)
     
     try:
         ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
         
         result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path)
         
         self.assertTrue(result)
         users = UserInfo.getAllUsers(self.tmp_dir)
         
         self.assertEqual(len(users), 1)
         
         # Get the user
         user = users[0]
         self.assertTrue(user.username, self.username)
         
         # Make sure the roles exist:
         if 'can_delete' not in user.roles:
             self.fail("can_delete not in the roles (%s)" % (user.roles))
             
         if 'admin' not in user.roles:
             self.fail("admin not in the roles (%s)" % (user.roles))
             
         if 'power' not in user.roles:
             self.fail("power not in the roles (%s)" % (user.roles))
             
             self.assertEqual(len(user.roles), 3)
             
     finally:
         os.remove(roles_map_file_path)

Esempio n. 7

    def test_auth_nologin(self):
        
        # Write out a roles map with 'nologin' for the user
        roles = ["admin", "power", "nologin"]
        
        roles_map_file_path = self.write_auth_csv(self.username, roles)
        try:
            # Try authentication
            ra = RadiusAuth(self.server, self.secret, self.identifier, self.roles_key, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
            
            result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path)

            self.assertFalse(result)
            users = UserInfo.getAllUsers(self.tmp_dir)
            
            self.assertEqual(len(users), 1)
            
            # Get the user
            user = users[0]
            self.assertEqual(user.username, bytesToString(self.username))
            
            # Make sure the nologin role exists:
            if 'nologin' not in user.roles:
                self.fail("nologin not in the roles (%s)" % (user.roles))
        finally:
            os.remove(roles_map_file_path)

Esempio n. 8

 def test_split_roles_single(self):
     
     ra = RadiusAuth()
     
     roles = ra.splitRoles("admin")
     
     self.assertEqual(sorted(roles), sorted(["admin"]))

Esempio n. 9

 def test_auth_auth_info_junk_in_dir(self):
     
     with open(os.path.join(self.tmp_dir, "some_junk.csv"), "w") as junk_file:
         
         # Write out some junk in the directory and see if it handled well (we will write a CSV since it isn't valid JSON)
         junk_file.write("This is just some stuff that isn't valid JSON")
         
         # Now, proceed with the authentication attempt and make sure the correct result occurs
         ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
         
         result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
         
         self.assertTrue(result)
         users = UserInfo.getAllUsers(self.tmp_dir)
         
         self.assertEqual(len(users), 1)
         
         # Get the user
         user = users[0]
         self.assertEqual(stringToBytes(user.username), self.username)
         
         # Make sure the roles exist:
         if 'can_delete' not in user.roles:
             self.fail("can_delete not in the roles (%s)" % (user.roles))
             
         if 'admin' not in user.roles:
             self.fail("admin not in the roles (%s)" % (user.roles))

Esempio n. 10

 def test_auth_unavailable_server_name(self):
     
     ra = RadiusAuth("thisdoesnotexistandshouldnotresolve.net", self.secret, self.identifier)
     
     result = ra.authenticate(self.username, self.password, update_user_info=False)
     
     self.assertFalse(result)

Esempio n. 11

 def test_auth_invalid_username(self):
     
     ra = RadiusAuth(self.server, self.secret, self.identifier)
     
     result = ra.authenticate("not_real", self.password, update_user_info=False)
     
     self.assertFalse(result)

Esempio n. 12

 def test_auth_valid(self):
     
     ra = RadiusAuth(self.server, self.secret, self.identifier)
     
     result = ra.authenticate(self.username, self.password, update_user_info=False)
     
     self.assertTrue(result)

Esempio n. 13

 def test_auth_bad_server_name(self):
     
     ra = RadiusAuth("thisisnotavalid/hostname.net", self.secret, self.identifier)
     
     result = ra.authenticate(self.username, self.password, update_user_info=False)
     
     self.assertFalse(result)

Esempio n. 14

 def test_load_roles_lookup_filtered(self):
     ra = RadiusAuth()
     
     role_map = ra.loadRolesMap(file_path=os.path.join("test_role_map", "roles_map.csv"), username="******")
     
     self.assertEqual(len(role_map), 1)
     self.assertEqual(len(role_map['jdoe']), 3)
     self.assertEqual(role_map['jdoe'], ['admin', 'power', 'user'])

Esempio n. 15

 def test_load_roles_lookup_incomplete_row(self):
     
     ra = RadiusAuth()
     
     role_map = ra.loadRolesMap(file_path=os.path.join("test_role_map", "roles_map_incomplete_row.csv"))
     
     self.assertEqual(len(role_map), 1)
     self.assertTrue('bobama' in role_map)

Esempio n. 16

 def test_get_roles_lookup(self):
     
     ra = RadiusAuth()
     
     self.assertEqual(ra.user_roles_map, None)
     self.assertEqual(ra.getRolesFromLookup(username="******", file_path=os.path.join("test_role_map", "roles_map.csv")), ['admin', 'power', 'user'])
     
     # Make sure the roles map did not get cached since we did a user name specific lookup
     self.assertEqual(ra.user_roles_map, None)

Esempio n. 17

 def test_load_roles_lookup_caps_insensitive(self):
     
     ra = RadiusAuth()
     
     role_map = ra.loadRolesMap(file_path=os.path.join("test_role_map", "roles_map_caps.csv"))
     
     self.assertEqual(len(role_map), 2)
     self.assertEqual(len(role_map['jdoe']), 3)
     self.assertEqual(role_map['jdoe'], ['admin', 'power', 'user'])

Esempio n. 18

 def test_load_conf_bom(self):
     
     ra = RadiusAuth()
     
     ra.loadConf("test_load_conf_bom")
     
     self.assertEqual(ra.server, "auth.server1.acme.com")
     self.assertEqual(ra.secret, "changeme")
     
     self.assertEqual(ra.roles_attribute_id, 1)
     self.assertEqual(ra.vendor_code, 0)

Esempio n. 19

 def test_load_conf(self):
     
     ra = RadiusAuth()
     
     ra.loadConf("test_load_conf")
     
     self.assertEqual(ra.server, "auth.server1.acme.com")
     self.assertEqual(ra.secret, "changeme")
     self.assertEqual(ra.backup_server, "auth.server2.acme.com")
     self.assertEqual(ra.backup_server_secret, "changeme2")
     self.assertEqual(ra.identifier, "server1")

Esempio n. 20

 def test_load_conf_non_defaults(self):
     
     ra = RadiusAuth()
     
     ra.loadConf("test_load_conf_customizations")
     
     self.assertEqual(ra.server, "auth.server1.acme.com")
     self.assertEqual(ra.secret, "changeme")
     self.assertEqual(ra.identifier, "server1")
     
     self.assertEqual(ra.roles_key, "25,")
     
     self.assertEqual(sorted(ra.default_roles), sorted(["analyst", "manager"]))

Esempio n. 21

 def test_load_conf_vendor_attribute_invalid(self):
     
     ra = RadiusAuth()
     
     ra.loadConf("test_load_conf_vendor_attribute_invalid")
     
     self.assertEqual(ra.server, "auth.server1.acme.com")
     self.assertEqual(ra.secret, "changeme")
     self.assertEqual(ra.identifier, "server1")
     
     self.assertEqual(ra.roles_key, None)
     self.assertEqual(ra.roles_attribute_id, 1)
     self.assertEqual(ra.vendor_code, 0)
     
     self.assertEqual(sorted(ra.default_roles), sorted(["analyst", "manager"]))

Esempio n. 22

 def test_auth_auth_info_custom_roles_key(self):
     
     ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)")
     
     result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
     
     self.assertTrue(result)
     users = UserInfo.getAllUsers(self.tmp_dir)
     
     self.assertEqual(len(users), 1)
     
     # Get the user
     user = users[0]
     self.assertTrue(user.username, self.username)
     
     # Make sure the roles list is empty (since we entered a roles key that doesn't match the one used by the server and is therefore invalid)
     self.assertEqual(user.roles, [])

Esempio n. 23

File: radius_auth_rest_handler.py Progetto: LukeMurphey/splunk-radius-auth

    def testSettings(self, server, secret, identifier, username, password):
        """
        Try to perform an authentication attempt and return a boolean indicating if the user account could be authenticated.
        
        Arguments:
        server -- The RADIUS server to authenticate to
        secret -- The secret to use when logging into the Radius server
        identifier -- The identifier of the source doing the authentication (can be none)
        username -- The user account to test
        password -- The password for the user account to use
        """

        ra = RadiusAuth(server, secret, identifier)

        try:
            return ra.authenticate(username, password, False)
        except pyrad.client.Timeout:
            return False

Esempio n. 24

 def test_auth_auth_info_default_roles(self):
     
     expected_roles=["manager", "analyst"]
     
     # Authenticate using an invalid roles key so that we use the default roles, not the one provided by the server
     ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)", default_roles=expected_roles)
     
     result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
     
     self.assertTrue(result)
     users = UserInfo.getAllUsers(self.tmp_dir)
     
     self.assertEqual(len(users), 1)
     
     # Get the user
     user = users[0]
     self.assertTrue(user.username, self.username)
     
     self.assertEqual(sorted(user.roles), sorted(expected_roles))

Esempio n. 25

 def test_auth_auth_info(self):
     
     ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code = self.vendor_code, roles_attribute_id=self.roles_attribute_id)
     
     result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir)
     
     self.assertTrue(result)
     users = UserInfo.getAllUsers(self.tmp_dir)
     
     self.assertEqual(len(users), 1)
     
     # Get the user
     user = users[0]
     self.assertTrue(user.username, self.username)
     
     # Make sure the roles exist:
     if 'can_delete' not in user.roles:
         self.fail("can_delete not in the roles (%s)" % (user.roles))
         
     if 'admin' not in user.roles:
         self.fail("admin not in the roles (%s)" % (user.roles))

Esempio n. 26

    def test_auth_auth_info_roles_override(self):
        """
        This ensures that the CSV file containing the overrides for the roles is correctly loaded and used.

        This tests the underlying functions getRolesFromLookup() and loadRolesMap() 
        """
        
        roles = ["admin", "power", "can_delete"]
        
        roles_map_file_path = self.write_auth_csv(self.username, roles)
        
        try:
            ra = RadiusAuth(self.server, self.secret, self.identifier, vendor_code=self.vendor_code, roles_attribute_id=self.roles_attribute_id)
            
            result = ra.authenticate(self.username, self.password, update_user_info=True, directory=self.tmp_dir, roles_map_file_path=roles_map_file_path)
            
            self.assertTrue(result)
            users = UserInfo.getAllUsers(self.tmp_dir)
            
            self.assertEqual(len(users), 1)
            
            # Get the user
            user = users[0]
            self.assertTrue(user.username, self.username)
            
            # Make sure the roles exist:
            if 'can_delete' not in user.roles:
                self.fail("can_delete not in the roles (%s)" % (user.roles))
                
            if 'admin' not in user.roles:
                self.fail("admin not in the roles (%s)" % (user.roles))
                
            if 'power' not in user.roles:
                self.fail("power not in the roles (%s)" % (user.roles))
                
                self.assertEqual(len(user.roles), 3)
                
        finally:
            os.remove(roles_map_file_path)

Esempio n. 27

 def test_load_roles_invalid_lookup(self):
     
     bad_file = None
     
     try:
         # Create the junk file
         bad_file = tempfile.NamedTemporaryFile(delete=False, suffix="_roles_map.csv")
         
         # Write out some junk in the directory and see if it handled well (we will write a CSV since it isn't valid JSON)
         bad_file.write(b"This is just some stuff that isn't a valid CSV file")
         bad_file.close()
         
         # Try to load the file
         ra = RadiusAuth()
             
         role_map = ra.loadRolesMap(file_path=bad_file.name)
         
         self.assertEqual(role_map, {})
     finally:
         
         if bad_file is not None:
             os.remove(bad_file.name) 

Esempio n. 28

 def test_get_roles_lookup_use_cached(self):
     
     file_path = os.path.join("test_role_map", "roles_map.csv")
     
     ra = RadiusAuth()
     ra.user_roles_map = { "acme" : ['power', 'test'] }
     
     # This should work since the user is in the list
     self.assertEqual(ra.getRolesFromLookup(username="******", file_path=file_path), ['power', 'test'])
     
     # This should return none since jdoe isn't in the cached list
     self.assertEqual(ra.getRolesFromLookup(username="******", file_path=file_path), None)
     
     # Forcing a reload should allow jdoe to be looked up since he is in the list on disk
     self.assertEqual(ra.getRolesFromLookup(username="******", file_path=file_path, force_reload=True), ['admin', 'power', 'user'])

Esempio n. 29

 def test_auth_auth_info_parse_roles_key(self):
     
     ra = RadiusAuth(self.server, self.secret, self.identifier, roles_key="(28, 15)")
     
     self.assertEqual(ra.vendor_code, 28)
     self.assertEqual(ra.roles_attribute_id, 15)

Esempio n. 30

 def test_load_roles_lookup_no_file(self):
     ra = RadiusAuth()
     
     role_map = ra.loadRolesMap(file_path=os.path.join("non_existent_path", "roles_map.csv"))
     
     self.assertEqual(role_map, None)