def test_login_webauthn(live_server, selenium, test_user): # pylint: disable=unused-argument """test login by webauthn""" device = SoftWebauthnDevice() device.cred_init(webauthn.rp.id, b'randomhandle') persist_and_detach( WebauthnCredential(user=test_user, user_handle=device.user_handle, credential_data=cbor.encode( device.cred_as_attested().__dict__))) selenium.get(url_for('auth.login_route', _external=True)) selenium.find_element_by_xpath( '//form//input[@name="username"]').send_keys(test_user.username) selenium.find_element_by_xpath('//form//input[@type="submit"]').click() # some javascript code must be emulated webdriver_waituntil(selenium, js_variable_ready('window.pkcro_raw')) pkcro = cbor.decode( b64decode( selenium.execute_script('return window.pkcro_raw;').encode( 'utf-8'))) assertion = device.get(pkcro, 'https://%s' % webauthn.rp.id) selenium.execute_script( 'authenticate_assertion(CBOR.decode(Sner.base64_to_array_buffer("%s")));' % b64encode(cbor.encode(assertion)).decode('utf-8')) # and back to standard test codeflow webdriver_waituntil( selenium, EC.presence_of_element_located((By.XPATH, '//a[text()="Logout"]')))
def test_profile_webauthn_register_route(live_server, sl_user): # pylint: disable=unused-argument """register new credential for user""" device = SoftWebauthnDevice() sl_user.get(url_for('auth.profile_webauthn_register_route', _external=True)) # some javascript code must be emulated webdriver_waituntil(sl_user, js_variable_ready('window.pkcco_raw')) pkcco = cbor.decode( b64decode( sl_user.execute_script('return window.pkcco_raw;').encode( 'utf-8'))) attestation = device.create(pkcco, 'https://%s' % webauthn.rp.id) sl_user.execute_script( 'pack_attestation(CBOR.decode(Sner.base64_to_array_buffer("%s")));' % b64encode(cbor.encode(attestation)).decode('utf-8')) # and back to standard test codeflow sl_user.find_element_by_xpath( '//form[@id="webauthn_register_form"]//input[@name="name"]').send_keys( 'pytest token') sl_user.find_element_by_xpath( '//form[@id="webauthn_register_form"]//input[@type="submit"]').click() user = User.query.filter(User.username == 'pytest_user').one() assert user.webauthn_credentials
def test_login_webauthn(live_server, selenium, webauthn_credential_factory): # pylint: disable=unused-argument """test login by webauthn""" device = SoftWebauthnDevice() device.cred_init(webauthn.rp.id, b'randomhandle') wncred = webauthn_credential_factory.create(initialized_device=device) # factory post_generate does not call commit to propagate self.attr changes, that messes the actual db state when # accessing from different process such as real browser db.session.commit() selenium.get(url_for('auth.login_route', _external=True)) selenium.find_element_by_xpath( '//form//input[@name="username"]').send_keys(wncred.user.username) selenium.find_element_by_xpath('//form//input[@type="submit"]').click() # some javascript code must be emulated webdriver_waituntil(selenium, js_variable_ready('window.pkcro_raw')) pkcro = cbor.decode( b64decode( selenium.execute_script('return window.pkcro_raw;').encode( 'utf-8'))) assertion = device.get(pkcro, 'https://%s' % webauthn.rp.id) selenium.execute_script( 'authenticate_assertion(CBOR.decode(Sner.base64_to_array_buffer("%s")));' % b64encode(cbor.encode(assertion)).decode('utf-8')) # and back to standard test codeflow webdriver_waituntil( selenium, EC.presence_of_element_located((By.XPATH, '//a[text()="Logout"]')))
def check_vulns_multiactions(sclnt, dt_id): """check vuln toolbar actions; there must be 2 rows to perform the test""" # there should be two rows in total dt_elem = dt_wait_processing(sclnt, dt_id) toolbar_elem = sclnt.find_element_by_id('%s_toolbar' % dt_id) assert len(dt_elem.find_elements_by_xpath('//tbody/tr[@role="row"]')) == 2 # one cloud be be tagged dt_elem.find_element_by_xpath('(//tr[@role="row"]/td[contains(@class, "select-checkbox")])[1]').click() toolbar_elem.find_element_by_xpath('//a[contains(@class, "abutton_tag_multiid") and text()="Info"]').click() dt_elem = dt_wait_processing(sclnt, dt_id) assert Vuln.query.filter(Vuln.name == 'vuln 1', Vuln.tags.any('info')).one() # or the other one dt_elem.find_element_by_xpath('(//tr[@role="row"]/td[contains(@class, "select-checkbox")])[2]').click() toolbar_elem.find_element_by_xpath('//a[contains(@class, "abutton_tag_multiid") and text()="Report"]').click() dt_elem = dt_wait_processing(sclnt, dt_id) assert Vuln.query.filter(Vuln.name == 'vuln 2', Vuln.tags.any('report')).one() # both might be tagged at the same time toolbar_elem.find_element_by_xpath('//a[text()="All"]').click() toolbar_elem.find_element_by_xpath('//a[contains(@class, "abutton_tag_multiid") and text()="Todo"]').click() dt_elem = dt_wait_processing(sclnt, dt_id) assert Vuln.query.filter(Vuln.tags.any('todo')).count() == 2 # or deleted toolbar_elem.find_element_by_xpath('//a[text()="All"]').click() toolbar_elem.find_element_by_xpath('//a[contains(@class, "abutton_delete_multiid")]').click() webdriver_waituntil(sclnt, EC.alert_is_present()) sclnt.switch_to.alert.accept() dt_wait_processing(sclnt, dt_id) assert not Vuln.query.all()
def switch_tab(sclnt, tab_name, dt_name, control_data): """switches host view tab and waits until dt is rendered""" sclnt.find_element_by_xpath( '//ul[@id="host_view_tabs"]//a[contains(@class, "nav-link") and @href="#%s"]' % tab_name).click() webdriver_waituntil(sclnt, EC.visibility_of_element_located((By.ID, dt_name))) dt_rendered(sclnt, dt_name, control_data)
def test_vuln_view_route_tagging(live_server, sl_operator, test_vuln): # pylint: disable=unused-argument """test vuln view tagging features""" sl_operator.get(url_for('storage.vuln_view_route', vuln_id=test_vuln.id, _external=True)) sl_operator.find_element_by_xpath('//a[contains(@class, "abutton_tag_view") and text()="Info"]').click() webdriver_waituntil( sl_operator, EC.visibility_of_element_located((By.XPATH, '//span[contains(@class, "tag-badge") and contains(text(), "info")]'))) vuln = Vuln.query.get(test_vuln.id) assert 'info' in vuln.tags
def test_job_list_route_inrow_repeat(live_server, sl_operator, job): # pylint: disable=unused-argument """job list inrow requeue button""" dt_id = 'job_list_table' sl_operator.get(url_for('scheduler.job_list_route', _external=True)) dt_wait_processing(sl_operator, dt_id) sl_operator.find_element_by_id(dt_id).find_element_by_class_name('abutton_submit_dataurl_jobrepeat').click() webdriver_waituntil(sl_operator, EC.alert_is_present()) sl_operator.switch_to.alert.accept() dt_wait_processing(sl_operator, dt_id) assert len(json.loads(job.assignment)['targets']) == Target.query.count()
def test_queue_list_route_inrow_flush(live_server, sl_operator, test_target): # pylint: disable=unused-argument """flush queue inrow button""" dt_id = 'queue_list_table' sl_operator.get(url_for('scheduler.queue_list_route', _external=True)) dt_wait_processing(sl_operator, dt_id) sl_operator.find_element_by_id(dt_id).find_element_by_class_name( 'abutton_submit_dataurl_queueflush').click() webdriver_waituntil(sl_operator, EC.alert_is_present()) sl_operator.switch_to.alert.accept() dt_wait_processing(sl_operator, dt_id) assert not Queue.query.get(test_target.queue_id).targets
def selenium_in_roles(sclnt, roles): """create user role and login selenium to role(s)""" tmp_password = PWS.generate() tmp_user = User(username='******', password=PWS.hash(tmp_password), active=True, roles=roles) db.session.add(tmp_user) db.session.commit() sclnt.get(url_for('auth.login_route', _external=True)) sclnt.find_element_by_xpath('//form//input[@name="username"]').send_keys(tmp_user.username) sclnt.find_element_by_xpath('//form//input[@name="password"]').send_keys(tmp_password) sclnt.find_element_by_xpath('//form//input[@type="submit"]').click() webdriver_waituntil(sclnt, EC.presence_of_element_located((By.XPATH, '//a[text()="Logout"]'))) return sclnt
def check_annotate(sclnt, annotate_elem_class, test_model): """check annotate functionality""" # disable fade, the timing interferes with the test sclnt.execute_script('$("div#modal-global").toggleClass("fade")') ActionChains(sclnt).double_click( sclnt.find_element_by_xpath('//td[contains(@class, "%s")]' % annotate_elem_class)).perform() webdriver_waituntil( sclnt, EC.visibility_of_element_located( (By.XPATH, '//h4[@class="modal-title" and text()="Annotate"]'))) sclnt.find_element_by_css_selector( '#modal-global form textarea[name="comment"]').send_keys( 'annotated comment') sclnt.find_element_by_css_selector('#modal-global form').submit() webdriver_waituntil( sclnt, EC.invisibility_of_element_located( (By.XPATH, '//div[@class="modal-global"'))) webdriver_waituntil(sclnt, no_ajax_pending()) assert 'annotated comment' in test_model.__class__.query.get( test_model.id).comment
def test_vuln_list_route_viatarget_visibility_toggle(live_server, sl_operator, vuln): # pylint: disable=unused-argument """viatarget visibility toggle""" class JsDocumentReloaded(): # pylint: disable=too-few-public-methods """custom expected_condition, wait for document to be realoaded""" def __call__(self, driver): return driver.execute_script( 'return(document.readyState==="complete" && document.title!=="reload helper")' ) sl_operator.get(url_for('storage.vuln_list_route', _external=True)) dt_rendered(sl_operator, 'vuln_list_table', vuln.comment) webdriver_waituntil( sl_operator, EC.invisibility_of_element_located( (By.XPATH, '//th[contains(text(), "via_target")]'))) sl_operator.execute_script('document.title="reload helper"') sl_operator.find_element_by_xpath( '//li[contains(@class, "dropdown")]/a[@id="dropdownUser"]').click() webdriver_waituntil( sl_operator, EC.visibility_of_element_located( (By.XPATH, '//a[contains(text(), "Toggle via_target")]'))) sl_operator.find_element_by_xpath( '//a[contains(text(), "Toggle via_target")]').click() webdriver_waituntil(sl_operator, EC.alert_is_present()) sl_operator.switch_to.alert.accept() webdriver_waituntil(sl_operator, JsDocumentReloaded()) dt_rendered(sl_operator, 'vuln_list_table', vuln.comment) webdriver_waituntil( sl_operator, EC.visibility_of_element_located( (By.XPATH, '//th[contains(text(), "via_target")]')))
def test_user_apikey_route(live_server, sl_admin, test_user): # pylint: disable=unused-argument """apikey generation/revoking feature tests""" sl_admin.get(url_for('auth.user_list_route', _external=True)) dt_rendered(sl_admin, 'user_list_table', test_user.username) # disable fade, the timing interferes with the test sl_admin.execute_script('$("div#modal-global").toggleClass("fade")') sl_admin.find_element_by_xpath('//a[@data-url="%s"]' % url_for( 'auth.user_apikey_route', user_id=test_user.id, action='generate')).click() webdriver_waituntil( sl_admin, EC.visibility_of_element_located( (By.XPATH, '//h4[@class="modal-title" and text()="Apikey operation"]'))) sl_admin.find_element_by_xpath( '//div[@id="modal-global"]//button[@class="close"]').click() webdriver_waituntil( sl_admin, EC.invisibility_of_element_located( (By.XPATH, '//div[@class="modal-global"'))) dt_rendered(sl_admin, 'user_list_table', test_user.username) user = User.query.get(test_user.id) assert user.apikey db.session.expunge(user) sl_admin.find_element_by_xpath('//a[@data-url="%s"]' % url_for( 'auth.user_apikey_route', user_id=test_user.id, action='revoke')).click() webdriver_waituntil( sl_admin, EC.visibility_of_element_located( (By.XPATH, '//h4[@class="modal-title" and text()="Apikey operation"]'))) sl_admin.find_element_by_xpath( '//div[@id="modal-global"]//button[@class="close"]').click() webdriver_waituntil( sl_admin, EC.invisibility_of_element_located( (By.XPATH, '//div[@class="modal-global"'))) dt_rendered(sl_admin, 'user_list_table', test_user.username) assert not User.query.get(test_user.id).apikey
def check_service_endpoint_dropdown(sclnt, parent_elem, dropdown_value): """check service endpoint_dropdown""" parent_elem.find_element_by_xpath(f'//div[contains(@class, "dropdown")]/a[text()="{dropdown_value}"]').click() webdriver_waituntil(sclnt, EC.visibility_of_element_located((By.XPATH, '//h6[text()="Service endpoint URIs"]')))