def test_01_create_token(self): for serial in self.serials: db_token = Token(serial, tokentype="totp") db_token.update_otpkey(self.otpkey) db_token.save() token = TotpTokenClass(db_token) self.assertTrue(token.token.serial == serial, token) self.assertTrue(token.token.tokentype == "totp", token.token.tokentype) self.assertTrue(token.type == "totp", token) class_prefix = token.get_class_prefix() self.assertTrue(class_prefix == "TOTP", class_prefix) self.assertTrue(token.get_class_type() == "totp", token) # Now we create a tokenclass, without knowing, that it is TOTP token_object = create_tokenclass_object(db_token) # Do some tests, that we have a TotpTokenClass self.assertTrue(token_object.type == "totp", token_object.type) self.assertTrue(token_object.mode[0] == "authenticate", token_object.mode) self.assertTrue(token_object.mode[1] == "challenge", token_object.mode) # Test wrong type or old entry in database # a wrong token type will create None db_token = Token("asdf", tokentype="remnant") db_token.update_otpkey(self.otpkey) db_token.save() token_object = create_tokenclass_object(db_token) self.assertTrue(token_object is None, token_object) # delete the token, so that we do not get confused, later db_token.delete()
def test_11_challenge_response_hotp(self): # set a chalresp policy for HOTP with self.app.test_request_context('/policy/pol_chal_resp', data={'action': "challenge_response=hotp", 'scope': "authentication", 'realm': '', 'active': True}, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data, res.data) serial = "CHALRESP1" pin = "chalresp1" # create a token and assign to the user db_token = Token(serial, tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) token.set_user(User("cornelius", self.realm1)) token.set_pin(pin) # Set the failcounter token.set_failcount(5) # create the challenge by authenticating with the OTP PIN with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "pass": pin}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertFalse(result.get("value")) self.assertEqual(detail.get("message"), "please enter otp: ") transaction_id = detail.get("transaction_id") self.assertEqual(token.get_failcount(), 5) # send the OTP value with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "transaction_id": transaction_id, "pass": "******"}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertTrue(result.get("value")) self.assertEqual(token.get_failcount(), 0) # delete the token remove_token(serial=serial)
def test_00_create_realms(self): self.setUp_user_realms() # create a token and assign it to the user db_token = Token(self.serials[0], tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) self.assertTrue(token.token.serial == self.serials[0], token) token.set_user(User("cornelius", self.realm1)) token.set_pin("pin") self.assertTrue(token.token.user_id == "1000", token.token.user_id)
def test_02_get_tokens(self): # get All tokens tokenobject_list = get_tokens() # Check if these are valid tokentypes self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) for token_object in tokenobject_list: self.assertTrue(token_object.type in get_token_types(), token_object.type) # get assigned tokens tokenobject_list = get_tokens(assigned=True) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get unassigned tokens tokenobject_list = get_tokens(assigned=False) self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # pass the wrong parameter # This will ignore the filter! tokenobject_list = get_tokens(assigned="True") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # get tokens of type HOTP tokenobject_list = get_tokens(tokentype="hotp") self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get tokens of type TOTP tokenobject_list = get_tokens(tokentype="totp") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # Search for tokens in realm db_token = Token("hotptoken", tokentype="hotp", userid=1000, resolver=self.resolvername1, realm=self.realm1) db_token.update_otpkey(self.otpkey) db_token.save() tokenobject_list = get_tokens(realm=self.realm1) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) self.assertTrue(tokenobject_list[0].type == "hotp", tokenobject_list[0].type) # get tokens for a given serial number tokenobject_list = get_tokens(serial="hotptoken") self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) # ...but not in an unassigned state! tokenobject_list = get_tokens(serial="hotptoken", assigned=False) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get the tokens for the given user tokenobject_list = get_tokens( user=User(login="******", realm=self.realm1)) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
def test_02_get_tokens(self): # get All tokens tokenobject_list = get_tokens() # Check if these are valid tokentypes self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) for token_object in tokenobject_list: self.assertTrue(token_object.type in get_token_types(), token_object.type) # get assigned tokens tokenobject_list = get_tokens(assigned=True) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get unassigned tokens tokenobject_list = get_tokens(assigned=False) self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # pass the wrong parameter # This will ignore the filter! tokenobject_list = get_tokens(assigned="True") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # get tokens of type HOTP tokenobject_list = get_tokens(tokentype="hotp") self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get tokens of type TOTP tokenobject_list = get_tokens(tokentype="totp") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # Search for tokens in realm db_token = Token("hotptoken", tokentype="hotp", userid=1000, resolver=self.resolvername1, realm=self.realm1) db_token.update_otpkey(self.otpkey) db_token.save() tokenobject_list = get_tokens(realm=self.realm1) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) self.assertTrue(tokenobject_list[0].type == "hotp", tokenobject_list[0].type) # get tokens for a given serial number tokenobject_list = get_tokens(serial="hotptoken") self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) # ...but not in an unassigned state! tokenobject_list = get_tokens(serial="hotptoken", assigned=False) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get the tokens for the given user tokenobject_list = get_tokens(user=User(login="******", realm=self.realm1)) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
def test_12_get_token_by_otp(self): tokenobject = get_token_by_otp(get_tokens(), otp="755224") self.assertTrue(tokenobject.token.serial == "hotptoken", tokenobject) serial = get_serial_by_otp(get_tokens(), otp="287082") self.assertTrue(serial == "hotptoken", serial) # create a second HOTP token, so that we have two tokens, # that generate the same OTP value db_token = Token("token2", tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() self.assertRaises(TokenAdminError, get_serial_by_otp, get_tokens(), "287922") db_token.delete()
def test_10_get_all_token_users(self): tokens = get_all_token_users() self.assertTrue("hotptoken" in tokens, tokens) self.assertTrue(self.serials[1] not in tokens, tokens) # A token with a user, that does not exist in the userstore anymore # the uid 1000017 does not exist db_token = Token("missinguser", tokentype="hotp", userid=1000017, resolver=self.resolvername1, realm=self.realm1) db_token.update_otpkey(self.otpkey) db_token.save() tokens = get_all_token_users() self.assertTrue("missinguser" in tokens, tokens) self.assertTrue(tokens.get("missinguser").get("username") == '/:no ' 'user ' 'info:/', tokens) db_token.delete()
def test_10_get_all_token_users(self): tokens = get_all_token_users() self.assertTrue("hotptoken" in tokens, tokens) self.assertTrue(self.serials[1] not in tokens, tokens) # A token with a user, that does not exist in the userstore anymore # the uid 1000017 does not exist db_token = Token("missinguser", tokentype="hotp", userid=1000017, resolver=self.resolvername1, realm=self.realm1) db_token.update_otpkey(self.otpkey) db_token.save() tokens = get_all_token_users() self.assertTrue("missinguser" in tokens, tokens) self.assertTrue( tokens.get("missinguser").get("username") == '/:no ' 'user ' 'info:/', tokens) db_token.delete()
def test_13_challenge_response_email(self): serial = "CHALRESP3" pin = "chalresp3" # create a token and assign to the user db_token = Token(serial, tokentype="email") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) token.set_user(User("cornelius", self.realm1)) token.set_pin(pin) # create the challenge by authenticating with the OTP PIN with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "pass": pin}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertFalse(result.get("value")) self.assertEqual(detail.get("message"), "please enter otp: ") transaction_id = detail.get("transaction_id") # send the OTP value # Test with parameter state. with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "state": transaction_id, "pass": "******"}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertTrue(result.get("value")) # delete the token remove_token(serial=serial)
def test_02_get_tokens(self): # get All tokens tokenobject_list = get_tokens() # Check if these are valid tokentypes self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) for token_object in tokenobject_list: self.assertTrue(token_object.type in get_token_types(), token_object.type) # get assigned tokens tokenobject_list = get_tokens(assigned=True) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get unassigned tokens tokenobject_list = get_tokens(assigned=False) self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # pass the wrong parameter # This will ignore the filter! tokenobject_list = get_tokens(assigned="True") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # get tokens of type HOTP tokenobject_list = get_tokens(tokentype="hotp") self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get tokens of type TOTP tokenobject_list = get_tokens(tokentype="totp") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # Search for tokens in realm db_token = Token("hotptoken", tokentype="hotp", userid=1000, resolver=self.resolvername1, realm=self.realm1) db_token.update_otpkey(self.otpkey) db_token.save() tokenobject_list = get_tokens(realm=self.realm1) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) self.assertTrue(tokenobject_list[0].type == "hotp", tokenobject_list[0].type) # get tokens for a given serial number tokenobject_list = get_tokens(serial="hotptoken") self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) # ...but not in an unassigned state! tokenobject_list = get_tokens(serial="hotptoken", assigned=False) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get the tokens for the given user tokenobject_list = get_tokens(user=User(login="******", realm=self.realm1)) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) # get tokens for a given tokeninfo of the token!!! token = init_token({"type": "yubikey", "serial": "yk1", "yubikey.prefix": "vv123456", "otpkey": self.otpkey}) self.assertEqual(token.token.serial, "yk1") tokenobject_list = get_tokens(tokeninfo={"yubikey.prefix": "vv123456"}) self.assertEqual(len(tokenobject_list), 1) self.assertEqual(tokenobject_list[0].get_tokeninfo("yubikey.prefix"), "vv123456") remove_token("yk1") # Tokeninfo with more than one entry is not supported self.assertRaises(privacyIDEAError, get_tokens, tokeninfo={"key1": "value1", "key2": "value2"})
def test_11_challenge_response_hotp(self): # set a chalresp policy for HOTP with self.app.test_request_context('/policy/pol_chal_resp', data={ 'action': "challenge_response=hotp", 'scope': "authentication", 'realm': '', 'active': True }, method='POST', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result["status"] is True, result) self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data, res.data) serial = "CHALRESP1" pin = "chalresp1" # create a token and assign to the user db_token = Token(serial, tokentype="hotp") db_token.update_otpkey(self.otpkey) db_token.save() token = HotpTokenClass(db_token) token.set_user(User("cornelius", self.realm1)) token.set_pin(pin) # Set the failcounter token.set_failcount(5) # create the challenge by authenticating with the OTP PIN with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******", "pass": pin }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertFalse(result.get("value")) self.assertEqual(detail.get("message"), "please enter otp: ") transaction_id = detail.get("transaction_id") self.assertEqual(token.get_failcount(), 5) # send the OTP value with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******", "transaction_id": transaction_id, "pass": "******" }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertTrue(result.get("value")) self.assertEqual(token.get_failcount(), 0) # delete the token remove_token(serial=serial)
def test_02_get_tokens(self): # get All tokens tokenobject_list = get_tokens() # Check if these are valid tokentypes self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) for token_object in tokenobject_list: self.assertTrue(token_object.type in get_token_types(), token_object.type) # get assigned tokens tokenobject_list = get_tokens(assigned=True) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get unassigned tokens tokenobject_list = get_tokens(assigned=False) self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # pass the wrong parameter # This will ignore the filter! tokenobject_list = get_tokens(assigned="True") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # get tokens of type HOTP tokenobject_list = get_tokens(tokentype="hotp") self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get tokens of type TOTP tokenobject_list = get_tokens(tokentype="totp") self.assertTrue(len(tokenobject_list) > 0, tokenobject_list) # Search for tokens in realm db_token = Token("hotptoken", tokentype="hotp", userid=1000, resolver=self.resolvername1, realm=self.realm1) db_token.update_otpkey(self.otpkey) db_token.save() tokenobject_list = get_tokens(realm=self.realm1) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) self.assertTrue(tokenobject_list[0].type == "hotp", tokenobject_list[0].type) # get tokens for a given serial number tokenobject_list = get_tokens(serial="hotptoken") self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) # ...but not in an unassigned state! tokenobject_list = get_tokens(serial="hotptoken", assigned=False) self.assertTrue(len(tokenobject_list) == 0, tokenobject_list) # get the tokens for the given user tokenobject_list = get_tokens( user=User(login="******", realm=self.realm1)) self.assertTrue(len(tokenobject_list) == 1, tokenobject_list) # get tokens for a given tokeninfo of the token!!! token = init_token({ "type": "yubikey", "serial": "yk1", "yubikey.prefix": "vv123456", "otpkey": self.otpkey }) self.assertEqual(token.token.serial, "yk1") tokenobject_list = get_tokens(tokeninfo={"yubikey.prefix": "vv123456"}) self.assertEqual(len(tokenobject_list), 1) self.assertEqual(tokenobject_list[0].get_tokeninfo("yubikey.prefix"), "vv123456") remove_token("yk1") # Tokeninfo with more than one entry is not supported self.assertRaises(privacyIDEAError, get_tokens, tokeninfo={ "key1": "value1", "key2": "value2" })