def test_12_multiple_resolvers(self):
# one realm, two SQL resolvers
parameters_a = self.sql_parameters.copy()
# first resolver only contains users with phone numbers
parameters_a['Where'] = 'phone LIKE %'
parameters_a['resolver'] = 'reso_a'
rid_a = save_resolver(parameters_a)
self.assertTrue(rid_a > 0, rid_a)
# second resolver contains all users
parameters_b = self.sql_parameters.copy()
parameters_b['resolver'] = 'reso_b'
rid_b = save_resolver(parameters_b)
self.assertTrue(rid_b > 0, rid_b)
# First ask reso_a, then reso_b
(added, failed) = set_realm(self.sql_realm, ['reso_a', 'reso_b'], {
'reso_a': 1,
'reso_b': 2
})
self.assertEqual(len(failed), 0)
self.assertEqual(len(added), 2)
# Now, query the user and populate the cache
self.assertEqual(UserCache.query.count(), 0)
user1 = User('wordpressuser', self.sql_realm)
self.assertEqual(user1.uid, '6')
# Assert it was found in reso_b (as it does not have a phone number)!
self.assertEqual(user1.resolver, 'reso_b')
self.assertEqual(
UserCache.query.filter(UserCache.username == 'wordpressuser',
UserCache.user_id == 6).one().resolver,
'reso_b')
# Add a phone number. We do not use the User API to do that to simulate that the change is performed
# out of privacyIDEA's control. Using `update_user_info` would invalidate the cache, which would be unrealistic.
info = user1.info
new_info = info.copy()
new_info['phone'] = '123456'
get_resolver_object('reso_a').update_user(user1.uid, new_info)
# Ensure that the user's association with reso_b is still cached.
self.assertEqual(
UserCache.query.filter(UserCache.username == 'wordpressuser',
UserCache.user_id == 6).one().resolver,
'reso_b')
# Now, it should be located in reso_a!
user2 = User('wordpressuser', self.sql_realm)
self.assertEqual(user2.uid, '6')
self.assertEqual(user2.resolver, 'reso_a')
# ... but the cache still contains entries for both!
resolver_query = UserCache.query.filter(
UserCache.username == 'wordpressuser',
UserCache.user_id == 6).order_by(UserCache.timestamp.desc())
cached_resolvers = [entry.resolver for entry in resolver_query.all()]
self.assertEqual(cached_resolvers, ['reso_a', 'reso_b'])
# Remove the phone number.
get_resolver_object('reso_a').update_user(user1.uid, {'phone': None})
delete_realm(self.sql_realm)
delete_resolver('reso_a')
delete_resolver('reso_b')
def test_05_create_resolver_object(self):
from privacyidea.lib.resolvers.PasswdIdResolver import IdResolver
reso_obj = get_resolver_object(self.resolvername1)
self.assertTrue(isinstance(reso_obj, IdResolver), type(reso_obj))
# resolver, that does not exist
reso_obj = get_resolver_object("unknown")
self.assertTrue(reso_obj is None, reso_obj)
def test_05_create_resolver_object(self):
from privacyidea.lib.resolvers.PasswdIdResolver import IdResolver
reso_obj = get_resolver_object(self.resolvername1)
self.assertTrue(isinstance(reso_obj, IdResolver), type(reso_obj))
# resolver, that does not exist
reso_obj = get_resolver_object("unknown")
self.assertTrue(reso_obj is None, reso_obj)
def test_12_multiple_resolvers(self):
# one realm, two SQL resolvers
parameters_a = self.sql_parameters.copy()
# first resolver only contains users with phone numbers
parameters_a['Where'] = 'phone LIKE %'
parameters_a['resolver'] = 'reso_a'
rid_a = save_resolver(parameters_a)
self.assertTrue(rid_a > 0, rid_a)
# second resolver contains all users
parameters_b = self.sql_parameters.copy()
parameters_b['resolver'] = 'reso_b'
rid_b = save_resolver(parameters_b)
self.assertTrue(rid_b > 0, rid_b)
# First ask reso_a, then reso_b
(added, failed) = set_realm(self.sql_realm, ['reso_a', 'reso_b'], {
'reso_a': 1,
'reso_b': 2
})
self.assertEqual(len(failed), 0)
self.assertEqual(len(added), 2)
# Now, query the user and populate the cache
self.assertEqual(UserCache.query.count(), 0)
user1 = User('wordpressuser', self.sql_realm)
self.assertEqual(user1.uid, 6)
# Assert it was found in reso_b (as it does not have a phone number)!
self.assertEqual(user1.resolver, 'reso_b')
self.assertEqual(UserCache.query.filter(UserCache.username == 'wordpressuser',
UserCache.user_id == 6).one().resolver,
'reso_b')
# Add a phone number. We do not use the User API to do that to simulate that the change is performed
# out of privacyIDEA's control. Using `update_user_info` would invalidate the cache, which would be unrealistic.
info = user1.info
new_info = info.copy()
new_info['phone'] = '123456'
get_resolver_object('reso_a').update_user(user1.uid, new_info)
# Ensure that the user's association with reso_b is still cached.
self.assertEqual(UserCache.query.filter(UserCache.username == 'wordpressuser',
UserCache.user_id == 6).one().resolver,
'reso_b')
# Now, it should be located in reso_a!
user2 = User('wordpressuser', self.sql_realm)
self.assertEqual(user2.uid, 6)
self.assertEqual(user2.resolver, 'reso_a')
# ... but the cache still contains entries for both!
resolver_query = UserCache.query.filter(UserCache.username == 'wordpressuser',
UserCache.user_id == 6).order_by(UserCache.timestamp.desc())
cached_resolvers = [entry.resolver for entry in resolver_query.all()]
self.assertEqual(cached_resolvers, ['reso_a', 'reso_b'])
# Remove the phone number.
get_resolver_object('reso_a').update_user(user1.uid, {'phone': None})
delete_realm(self.sql_realm)
delete_resolver('reso_a')
delete_resolver('reso_b')
def _get_attributes_from_param(param):
from privacyidea.lib.resolver import get_resolver_object
map = get_resolver_object(getParam(param, "resolver", optional=False)).map
username = getParam(param, "user", optional=False)
# Add attributes
attributes = {"username": username}
for attribute in map.keys():
value = getParam(param, attribute)
if value:
attributes[attribute] = getParam(param, attribute)
return attributes
def _get_attributes_from_param(param):
from privacyidea.lib.resolver import get_resolver_object
map = get_resolver_object(getParam(param, "resolver", optional=False)).map
username = getParam(param, "user", optional=False)
# Add attributes
attributes = {"username": username}
for attribute in map.keys():
value = getParam(param, attribute)
if value:
attributes[attribute] = getParam(param, attribute)
return attributes
def test_11_base_resolver_class(self):
save_resolver({"resolver": "baseresolver", "type": "UserIdResolver"})
y = get_resolver_object("baseresolver")
self.assertTrue(y, y)
rtype = y.getResolverType()
self.assertTrue(rtype == "UserIdResolver", rtype)
# close hook
desc = y.getResolverDescriptor()
self.assertTrue("clazz" in desc.get("UserIdResolver"), desc)
self.assertTrue("config" in desc.get("UserIdResolver"), desc)
id = y.getUserId("some user")
self.assertTrue(id == "dummy_user_id", id)
name = y.getUsername("some user")
self.assertTrue(name == "dummy_user_name", name)
self.assertTrue(y.getUserInfo("dummy") == {})
self.assertTrue(len(y.getUserList()) == 1)
self.assertTrue(len(y.getUserList()) == 1)
rid = y.getResolverId()
self.assertTrue(rid == "baseid", rid)
self.assertFalse(y.checkPass("dummy", "pw"))
y.close()
def test_11_base_resolver_class(self):
save_resolver({"resolver": "baseresolver", "type": "UserIdResolver"})
y = get_resolver_object("baseresolver")
self.assertTrue(y, y)
rtype = y.getResolverType()
self.assertTrue(rtype == "UserIdResolver", rtype)
# close hook
desc = y.getResolverDescriptor()
self.assertTrue("clazz" in desc.get("UserIdResolver"), desc)
self.assertTrue("config" in desc.get("UserIdResolver"), desc)
id = y.getUserId("some user")
self.assertTrue(id == "dummy_user_id", id)
name = y.getUsername("some user")
self.assertTrue(name == "dummy_user_name", name)
self.assertTrue(y.getUserInfo("dummy") == {})
self.assertTrue(len(y.getUserList()) == 1)
self.assertTrue(len(y.getUserList()) == 1)
rid = y.getResolverId()
self.assertTrue(rid == "baseid", rid)
self.assertFalse(y.checkPass("dummy", "pw"))
y.close()
def test_12_passwdresolver(self):
# Create a resolver with an empty filename
# will use the filename /etc/passwd
rid = save_resolver({
"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": "",
"type.fileName": "string",
"desc.fileName": "The name of the file"
})
self.assertTrue(rid > 0, rid)
y = get_resolver_object(self.resolvername1)
y.loadFile()
delete_resolver(self.resolvername1)
# Load a file with an empty line
rid = save_resolver({
"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": PWFILE,
"type.fileName": "string",
"desc.fileName": "The name of the file"
})
self.assertTrue(rid > 0, rid)
y = get_resolver_object(self.resolvername1)
y.loadFile()
ulist = y.getUserList({"username": "******"})
self.assertTrue(len(ulist) > 1, ulist)
self.assertTrue(y.checkPass("1000", "test"))
self.assertFalse(y.checkPass("1000", "wrong password"))
self.assertRaises(NotImplementedError, y.checkPass, "1001", "secret")
self.assertFalse(y.checkPass("1002", "no pw at all"))
self.assertTrue(
y.getUsername("1000") == "cornelius", y.getUsername("1000"))
self.assertTrue(
y.getUserId(u"cornelius") == "1000", y.getUserId("cornelius"))
self.assertTrue(y.getUserId("user does not exist") == "")
sF = y.getSearchFields({"username": "******"})
self.assertTrue(sF.get("username") == "text", sF)
# unknown search fields. We get an empty userlist
r = y.getUserList({"blabla": "something"})
self.assertTrue(r == [], r)
# list exactly one user
r = y.getUserList({"userid": "=1000"})
self.assertTrue(len(r) == 1, r)
r = y.getUserList({"userid": "<1001"})
self.assertTrue(len(r) == 1, r)
r = y.getUserList({"userid": ">1000"})
self.assertTrue(len(r) > 1, r)
r = y.getUserList({"userid": "between 1000, 1001"})
self.assertTrue(len(r) == 2, r)
r = y.getUserList({"userid": "between 1001, 1000"})
self.assertTrue(len(r) == 2, r)
r = y.getUserList({"userid": "<=1000"})
self.assertTrue(len(r) == 1, "%s" % r)
r = y.getUserList({"userid": ">=1000"})
self.assertTrue(len(r) > 1, r)
r = y.getUserList({"description": "field1"})
self.assertTrue(len(r) == 0, r)
r = y.getUserList({"email": "field1"})
self.assertTrue(len(r) == 0, r)
rid = y.getResolverId()
self.assertTrue(rid == PWFILE, rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "passwdresolver", rtype)
rdesc = y.getResolverDescriptor()
self.assertTrue("config" in rdesc.get("passwdresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("passwdresolver"), rdesc)
# internal stringMatch function
self.assertTrue(y._stringMatch(u"Hallo", "*lo"))
self.assertTrue(y._stringMatch("Hallo", u"Hal*"))
self.assertFalse(y._stringMatch("Duda", "Hal*"))
self.assertTrue(y._stringMatch("HalloDuda", "*Du*"))
self.assertTrue(y._stringMatch("Duda", "Duda"))
def test_12_passwdresolver(self):
# Create a resolver with an empty filename
# will use the filename /etc/passwd
rid = save_resolver(
{
"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": "",
"type.fileName": "string",
"desc.fileName": "The name of the file",
}
)
self.assertTrue(rid > 0, rid)
y = get_resolver_object(self.resolvername1)
y.loadFile()
delete_resolver(self.resolvername1)
# Load a file with an empty line
rid = save_resolver(
{
"resolver": self.resolvername1,
"type": "passwdresolver",
"fileName": PWFILE,
"type.fileName": "string",
"desc.fileName": "The name of the file",
}
)
self.assertTrue(rid > 0, rid)
y = get_resolver_object(self.resolvername1)
y.loadFile()
ulist = y.getUserList({"username": "******"})
self.assertTrue(len(ulist) > 1, ulist)
self.assertTrue(y.checkPass("1000", "test"))
self.assertFalse(y.checkPass("1000", "wrong password"))
self.assertRaises(NotImplementedError, y.checkPass, "1001", "secret")
self.assertFalse(y.checkPass("1002", "no pw at all"))
self.assertTrue(y.getUsername("1000") == "cornelius", y.getUsername("1000"))
self.assertTrue(y.getUserId(u"cornelius") == "1000", y.getUserId("cornelius"))
self.assertTrue(y.getUserId("user does not exist") == "")
sF = y.getSearchFields({"username": "******"})
self.assertTrue(sF.get("username") == "text", sF)
# unknown search fields. We get an empty userlist
r = y.getUserList({"blabla": "something"})
self.assertTrue(r == [], r)
# list exactly one user
r = y.getUserList({"userid": "=1000"})
self.assertTrue(len(r) == 1, r)
r = y.getUserList({"userid": "<1001"})
self.assertTrue(len(r) == 1, r)
r = y.getUserList({"userid": ">1000"})
self.assertTrue(len(r) > 1, r)
r = y.getUserList({"userid": "between 1000, 1001"})
self.assertTrue(len(r) == 2, r)
r = y.getUserList({"userid": "between 1001, 1000"})
self.assertTrue(len(r) == 2, r)
r = y.getUserList({"userid": "<=1000"})
self.assertTrue(len(r) == 1, "%s" % r)
r = y.getUserList({"userid": ">=1000"})
self.assertTrue(len(r) > 1, r)
r = y.getUserList({"description": "field1"})
self.assertTrue(len(r) == 0, r)
r = y.getUserList({"email": "field1"})
self.assertTrue(len(r) == 0, r)
rid = y.getResolverId()
self.assertTrue(rid == PWFILE, rid)
rtype = y.getResolverType()
self.assertTrue(rtype == "passwdresolver", rtype)
rdesc = y.getResolverDescriptor()
self.assertTrue("config" in rdesc.get("passwdresolver"), rdesc)
self.assertTrue("clazz" in rdesc.get("passwdresolver"), rdesc)
# internal stringMatch function
self.assertTrue(y._stringMatch(u"Hallo", "*lo"))
self.assertTrue(y._stringMatch("Hallo", u"Hal*"))
self.assertFalse(y._stringMatch("Duda", "Hal*"))
self.assertTrue(y._stringMatch("HalloDuda", "*Du*"))
self.assertTrue(y._stringMatch("Duda", "Duda"))
