def test_web_api_auth(self):
with EmailProviderServer(self, 20) as smtpsvc:
# Authenticate over Web API
validate = Validate(self.http_protocol, self.http_host,
self.http_port, self.http_username,
self.http_password)
access_granted, validate_resp = validate.validate(user=self.username + "@" + self.realm_name,
password=self.email_token_pin)
self.assertFalse(access_granted,
"Should return false because this request only triggers the challenge.")
try:
message = validate_resp['detail']['message']
except KeyError:
self.fail("detail.message should be present %r" %
validate_resp)
self.assertEqual(message,
"e-mail sent successfully",
"Wrong validate response %r" % validate_resp)
otp = smtpsvc.get_otp()
access_granted, validate_resp = validate.validate(user=self.username + "@" + self.realm_name,
password=self.email_token_pin + otp)
self.assertTrue(access_granted,
"Could not authenticate user %s %r" % (self.username, validate_resp))
class TestEmailTokenAuth(TestEmailToken):
def setUp(self):
TestEmailToken.setUp(self)
self.enroll_email_token()
@unittest.skipIf(is_radius_disabled(), True)
def test_radius_auth(self):
def radius_auth(username, realm_name,
pin, radius_secret,
radius_server, state=None):
call_array = "python ../../../tools/linotp-auth-radius -f ../../../test.ini".split()
call_array.extend(['-u', username + "@" + realm_name,
'-p', pin,
'-s', radius_secret,
'-r', radius_server])
if state:
call_array.extend('-t', state)
logger.debug("Executing %s" % ' '.join(call_array))
try:
return check_output(call_array)
except CalledProcessError, e:
assert e.returncode == 0, \
"radius auth process exit code %s. Command:%s Ouptut:%s" % \
(e.returncode, ' '.join(e.cmd), e.output)
radius_server = get_from_tconfig(
['radius', 'server'],
default=self.http_host.split(':')[0],
)
radius_secret = get_from_tconfig(['radius', 'secret'], required=True)
with EmailProviderServer(self, 20) as smtpsvc:
# Authenticate with RADIUS
rad1 = radius_auth(
self.username, self.realm_name,
self.email_token_pin,
radius_secret, radius_server)
m = re.search(r"State:\['(\d+)'\]", rad1)
self.assertTrue(m is not None,
"'State' not found in linotp-auth-radius output. %r" % rad1)
state = m.group(1)
logger.debug("State: %s" % state)
otp = smtpsvc.get_otp()
rad2 = radius_auth(
self.username, self.realm_name,
otp, radius_secret,
radius_server, state)
self.assertTrue("Access granted to user " + self.username in rad2,
"Access not granted to user. %r" % rad2)
def test_web_api_auth(self):
with EmailProviderServer(self.testcase, 20) as smtpsvc:
# Authenticate over Web API
validate = Validate(
self.testcase.http_protocol,
self.testcase.http_host,
self.testcase.http_port,
self.testcase.http_username,
self.testcase.http_password,
)
access_granted, validate_resp = validate.validate(
user=self.data["username"] + "@" + self.data["realm_name"],
password=self.data["email_token_pin"],
)
assert (
not access_granted
), "Should return false because this request only triggers the challenge."
try:
message = validate_resp["detail"]["message"]
except KeyError as e:
raise KeyError(e.message +
" | detail.message should be present %r" %
validate_resp)
assert message == "e-mail sent successfully", (
"Wrong validate response %r" % validate_resp)
otp = smtpsvc.get_otp()
access_granted, validate_resp = validate.validate(
user=self.data["username"] + "@" + self.data["realm_name"],
password=self.data["email_token_pin"] + otp,
)
assert access_granted, "Could not authenticate user %s %r" % (
self.data["username"],
validate_resp,
)
def test_radius_auth(self):
def radius_auth(username,
realm_name,
pin,
radius_secret,
radius_server,
state=None):
call_array = "python ../../../tools/linotp-auth-radius -f ../../../test.ini".split(
)
call_array.extend([
"-u",
username + "@" + realm_name,
"-p",
pin,
"-s",
radius_secret,
"-r",
radius_server,
])
if state:
call_array.extend("-t", state)
logger.debug("Executing %s", " ".join(call_array))
try:
return check_output(call_array)
except CalledProcessError as e:
assert e.returncode == 0, (
"radius auth process exit code %s. Command:%s Ouptut:%s" %
(e.returncode, " ".join(e.cmd), e.output))
radius_server = get_from_tconfig(
["radius", "server"],
default=self.testcase.http_host.split(":")[0],
)
radius_secret = get_from_tconfig(["radius", "secret"], required=True)
with EmailProviderServer(self.testcase, 20) as smtpsvc:
# Authenticate with RADIUS
rad1 = radius_auth(
self.data["username"],
self.data["realm_name"],
self.data["email_token_pin"],
radius_secret,
radius_server,
)
m = re.search(r"State:\['(\d+)'\]", rad1)
assert m is not None, (
"'State' not found in linotp-auth-radius output. %r" % rad1)
state = m.group(1)
logger.debug("State: %s", state)
otp = smtpsvc.get_otp()
rad2 = radius_auth(
self.data["username"],
self.data["realm_name"],
otp,
radius_secret,
radius_server,
state,
)
assert "Access granted to user " + self.data["username"] in rad2, (
"Access not granted to user. %r" % rad2)