def test_00_get_config(self): # set the config set_privacyidea_config(key="Hallo", value="What?", typ="string", desc="Some dumb value") # get the complete config conf = get_from_config() self.assertTrue("Hallo" in conf, conf) conf = get_from_config("Hallo") self.assertTrue(conf == "What?", conf) conf = get_from_config("Hello", "Does not exist") self.assertTrue(conf == "Does not exist", conf) conf = get_privacyidea_config() self.assertTrue("Hallo" in conf, conf) # delete privacyidea config delete_privacyidea_config("Hallo") conf = get_from_config("Hallo") self.assertFalse(conf == "What?", conf) # set more values to create a timestamp and overwrite set_privacyidea_config(key="k1", value="v1") set_privacyidea_config(key="k2", value="v2") set_privacyidea_config(key="k3", value="v3") conf = get_from_config("k3") self.assertTrue(conf == "v3", conf) set_privacyidea_config(key="k3", value="new", typ="string", desc="n") conf = get_from_config("k3") self.assertTrue(conf == "new", conf)
def test_16_autoresync_hotp(self): serial = "autosync1" token = init_token({"serial": serial, "otpkey": self.otpkey, "pin": "async"}, User("cornelius", self.realm2)) set_privacyidea_config("AutoResync", True) token.set_sync_window(10) token.set_count_window(5) # counter = 8, is out of sync with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": "******"}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), False) # counter = 9, will be autosynced. # Authentication is successful with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": "******"}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), True) delete_privacyidea_config("AutoResync")
def test_15_validate_at_sign(self): self.setUp_user_realm2() serial1 = "Split001" serial2 = "Split002" init_token({"serial": serial1, "type": "spass", "pin": serial1}, user=User("cornelius", self.realm1)) init_token({"serial": serial2, "type": "spass", "pin": serial2}, user=User("cornelius", self.realm2)) with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "pass": serial1}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value")) set_privacyidea_config("splitAtSign", "0") with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": serial2}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res) set_privacyidea_config("splitAtSign", "1") with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": serial2}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value")) # The default behaviour - if the config entry does not exist, # is to split the @Sign delete_privacyidea_config("splitAtSign") with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": serial2}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value"))
def test_22_new_email_config(self): smtpmock.setdata(response={"*****@*****.**": (200, 'OK')}) transactionid = "123456098717" # send the email with the new configuration r = add_smtpserver(identifier="myServer", server="1.2.3.4") set_privacyidea_config("email.identifier", "myServer") db_token = Token.query.filter_by(serial=self.serial1).first() token = EmailTokenClass(db_token) self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge(transactionid) self.assertTrue(c[0], c) otp = c[1] self.assertTrue(c[3].get("state"), transactionid) # check for the challenges response r = token.check_challenge_response(passw=otp) self.assertTrue(r, r) delete_smtpserver("myServer") delete_privacyidea_config("email.identifier")
def test_16_autoresync_hotp(self): serial = "autosync1" token = init_token( { "serial": serial, "otpkey": self.otpkey, "pin": "async" }, User("cornelius", self.realm2)) set_privacyidea_config("AutoResync", True) token.set_sync_window(10) token.set_count_window(5) # counter = 8, is out of sync with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": "******" }): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), False) # counter = 9, will be autosynced. # Authentication is successful with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": "******" }): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), True) delete_privacyidea_config("AutoResync")
def test_04_set_policy(self): with self.app.test_request_context('/policy/pol1', data={ 'action': "enroll", 'scope': "selfservice", 'realm': "r1", 'resolver': "test", 'user': ["admin"], 'time': "", 'client': "127.12.12.12", 'active': True }, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol1": 1' in res.data, res.data) # Set a policy with a more complicated client which might interfere # with override client set_privacyidea_config(SYSCONF.OVERRIDECLIENT, "10.0.0.1") with self.app.test_request_context('/policy/pol1', data={ 'action': "enroll", 'scope': "selfservice", 'realm': "r1", 'resolver': "test", 'user': ["admin"], 'time': "", 'client': "10.0.0.0/8, " "172.16.200.1", 'active': True }, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol1": 1' in res.data, res.data) delete_privacyidea_config(SYSCONF.OVERRIDECLIENT) # setting policy with invalid name fails with self.app.test_request_context('/policy/invalid policy name', data={ 'action': "enroll", 'scope': "selfservice", 'client': "127.12.12.12", 'active': True }, method='POST', headers={'Authorization': self.at}): # An invalid policy name raises an exception res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res) # setting policy with an empty name with self.app.test_request_context('/policy/enroll', data={ 'scope': "selfservice", 'client': "127.12.12.12", 'active': True }, method='POST', headers={'Authorization': self.at}): # An invalid policy name raises an exception res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res)
def test_04_set_policy(self): with self.app.test_request_context('/policy/pol1', data={'action': "enroll", 'scope': "selfservice", 'realm': "r1", 'resolver': "test", 'user': ["admin"], 'time': "", 'client': "127.12.12.12", 'active': True}, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol1": 1' in res.data, res.data) # Set a policy with a more complicated client which might interfere # with override client set_privacyidea_config(SYSCONF.OVERRIDECLIENT, "10.0.0.1") with self.app.test_request_context('/policy/pol1', data={'action': "enroll", 'scope': "selfservice", 'realm': "r1", 'resolver': "test", 'user': ["admin"], 'time': "", 'client': "10.0.0.0/8, " "172.16.200.1", 'active': True}, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol1": 1' in res.data, res.data) delete_privacyidea_config(SYSCONF.OVERRIDECLIENT) # setting policy with invalid name fails with self.app.test_request_context('/policy/invalid policy name', data={'action': "enroll", 'scope': "selfservice", 'client': "127.12.12.12", 'active': True}, method='POST', headers={'Authorization': self.at}): # An invalid policy name raises an exception res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res) # setting policy with an empty name with self.app.test_request_context('/policy/enroll', data={'scope': "selfservice", 'client': "127.12.12.12", 'active': True}, method='POST', headers={'Authorization': self.at}): # An invalid policy name raises an exception res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res)
def test_15_validate_at_sign(self): self.setUp_user_realm2() serial1 = "Split001" serial2 = "Split002" init_token({ "serial": serial1, "type": "spass", "pin": serial1 }, user=User("cornelius", self.realm1)) init_token({ "serial": serial2, "type": "spass", "pin": serial2 }, user=User("cornelius", self.realm2)) with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******", "pass": serial1 }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value")) set_privacyidea_config("splitAtSign", "0") with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": serial2 }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res) set_privacyidea_config("splitAtSign", "1") with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": serial2 }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value")) # The default behaviour - if the config entry does not exist, # is to split the @Sign delete_privacyidea_config("splitAtSign") with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": serial2 }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value"))