def test_bogus_user(self):
""" A bogus user is denied """
os.environ['common_name'] = 'user-who-does-not-exist'
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, 'invalid users must be denied')
def test_bogus_user(self):
""" A bogus user is denied """
os.environ['common_name'] = 'user-who-does-not-exist'
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, 'invalid users must be denied')
def test_2fa_user_good(self):
""" A 2FA user with a bad push fails PLEASE ALLOW """
if not self.deep_test_main: # pragma: no cover
return self.skipTest('because of .deep_testing preference')
os.environ['common_name'] = self.normal_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertTrue(res, '2fa user with an allow must be True')
def test_2fa_user_good(self):
""" A 2FA user with a bad push fails PLEASE ALLOW """
if not self.deep_test_main: # pragma: no cover
return self.skipTest('because of .deep_testing preference')
os.environ['common_name'] = self.normal_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertTrue(res, '2fa user with an allow must be True')
def test_2fa_user_bad(self):
""" A 2FA user with a bad push fails PLEASE DENY """
if not self.deep_test_main:
return self.skipTest('because of .deep_testing preference')
os.environ['common_name'] = self.normal_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, '2fa user with a deny must be False')
def test_1fa_user_bad_pw(self):
""" A 1FA user with a bad password fails """
try:
one_fa_user = self.main_object.configfile.get(
'testing', 'one_fa_user')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_user defined')
os.environ['common_name'] = one_fa_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, '1fa user with bad password must be denied')
def test_1fa_user_bad_pw(self):
""" A 1FA user with a bad password fails """
try:
one_fa_user = self.main_object.configfile.get('testing',
'one_fa_user')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_user defined')
os.environ['common_name'] = one_fa_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, '1fa user with bad password must be denied')
def test_1fa_user_bad_pw(self):
""" A 1FA user with a bad password fails """
if not self.main_object.configfile.has_section('testing'):
return self.skipTest('No testing section defined')
if not self.main_object.configfile.has_option('testing',
'one_fa_user'):
return self.skipTest('No testing/one_fa_user defined')
one_fa_user = self.main_object.configfile.get('testing', 'one_fa_user')
os.environ['common_name'] = one_fa_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, '1fa user with bad password must be denied')
def test_1fa_user_attempts_2fa(self):
""" A 1FA user trying to 2FA fails """
# This is a weird test that stems from a 1FA user pretending to
# have a Duo.
try:
one_fa_user = self.main_object.configfile.get(
'testing', 'one_fa_user')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_user defined')
os.environ['common_name'] = one_fa_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, '1fa user attempting to 2fa must be denied')
def test_1fa_user_attempts_2fa(self):
""" A 1FA user trying to 2FA fails """
# This is a weird test that stems from a 1FA user pretending to
# have a Duo.
try:
one_fa_user = self.main_object.configfile.get('testing',
'one_fa_user')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_user defined')
os.environ['common_name'] = one_fa_user
os.environ['password'] = '******'
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertFalse(res, '1fa user attempting to 2fa must be denied')
def test_1fa_user_good_pw(self):
""" A 1FA user with a good password works """
try:
one_fa_user = self.main_object.configfile.get(
'testing', 'one_fa_user')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_user defined')
try:
one_fa_pass = self.main_object.configfile.get(
'testing', 'one_fa_pass')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_pass defined')
os.environ['common_name'] = one_fa_user
os.environ['password'] = one_fa_pass
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertTrue(res, '1fa user with good password gets accepted')
def test_1fa_user_good_pw(self):
""" A 1FA user with a good password works """
try:
one_fa_user = self.main_object.configfile.get('testing',
'one_fa_user')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_user defined')
try:
one_fa_pass = self.main_object.configfile.get('testing',
'one_fa_pass')
except (NoOptionError, NoSectionError): # pragma: no cover
return self.skipTest('No testing/one_fa_pass defined')
os.environ['common_name'] = one_fa_user
os.environ['password'] = one_fa_pass
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertTrue(res, '1fa user with good password gets accepted')
def test_1fa_user_good_pw(self):
""" A 1FA user with a good password works """
if not self.main_object.configfile.has_section('testing'):
return self.skipTest('No testing section defined')
if not self.main_object.configfile.has_option('testing',
'one_fa_user'):
return self.skipTest('No testing/one_fa_user defined')
one_fa_user = self.main_object.configfile.get('testing', 'one_fa_user')
if not self.main_object.configfile.has_option('testing',
'one_fa_pass'):
return self.skipTest('No testing/one_fa_pass defined')
one_fa_pass = self.main_object.configfile.get('testing', 'one_fa_pass')
os.environ['common_name'] = one_fa_user
os.environ['password'] = one_fa_pass
library = DuoOpenVPN()
library.log_to_stdout = False
res = library.main_authentication()
self.assertTrue(res, '1fa user with good password gets accepted')