def test_default_provision_user():
user_id = '10'
auth.provision_user(user_id)
auth_user = auth.load_user(user_id)
assert auth_user.user_id == '10'
assert len(auth_user.secret) == auth.SECRET_KEY_BYTES
assert auth_user.key_length == 6
assert auth_user.hash_algorithm == 'SHA256'
def test_default_provision_user():
user_id = "10"
auth.provision_user(user_id)
auth_user = auth.load_user(user_id)
assert auth_user.user_id == "10"
assert len(auth_user.secret) == auth.SECRET_KEY_BYTES
assert auth_user.key_length == 6
assert auth_user.hash_algorithm == "SHA256"
def test_consume_recovery_code_success():
user_id = '18'
auth_user = auth.provision_user(user_id)
recovery_code = auth_user.recovery_codes[0]
auth.consume_recovery_code(user_id, recovery_code.code)
assert recovery_code.used is True
def test_consume_recovery_code_success():
user_id = "18"
auth_user = auth.provision_user(user_id)
recovery_code = auth_user.recovery_codes[0]
auth.consume_recovery_code(user_id, recovery_code.code)
assert recovery_code.used is True
def test_consume_recovery_code_already_consumed():
user_id = "20"
auth_user = auth.provision_user(user_id)
recovery_code = auth_user.recovery_codes[0]
auth.consume_recovery_code(user_id, recovery_code.code)
with pytest.raises(auth.RecoveryCodeConsumptionError):
auth.consume_recovery_code(user_id, recovery_code.code)
def test_consume_recovery_code_already_consumed():
user_id = '20'
auth_user = auth.provision_user(user_id)
recovery_code = auth_user.recovery_codes[0]
auth.consume_recovery_code(user_id, recovery_code.code)
with pytest.raises(auth.RecoveryCodeConsumptionError):
auth.consume_recovery_code(user_id, recovery_code.code)
def test_authorize_user():
user_id = "14"
user = auth.provision_user(user_id)
totp = auth.get_totp(user.secret, user.key_length, user.hash_algorithm, 30)
code_to_validate = totp.generate(time.time())
assert auth.authorize_user(user_id, code_to_validate)
def test_authorize_user():
user_id = '14'
user = auth.provision_user(user_id)
totp = auth.get_totp(user.secret, user.key_length, user.hash_algorithm, 30)
code_to_validate = totp.generate(time.time())
assert auth.authorize_user(user_id, code_to_validate)
def test_consume_recovery_code_wrong_user():
user_id = "19"
auth_user = auth.provision_user(user_id)
recovery_code = auth_user.recovery_codes[0]
with pytest.raises(auth.RecoveryCodeConsumptionError):
auth.consume_recovery_code(18, recovery_code.code)
assert recovery_code.used is False
def test_consume_recovery_code_wrong_user():
user_id = '19'
auth_user = auth.provision_user(user_id)
recovery_code = auth_user.recovery_codes[0]
with pytest.raises(auth.RecoveryCodeConsumptionError):
auth.consume_recovery_code(18, recovery_code.code)
assert recovery_code.used is False
def test_regenerate_user_recovery_codes():
user_id = "17"
auth_user = auth.provision_user(user_id)
current_recovery_codes = set(recovery_code.code for recovery_code in auth_user.recovery_codes)
auth.regenerate_user_recovery_codes(user_id)
new_recovery_codes = set(recovery_code.code for recovery_code in auth_user.recovery_codes)
assert current_recovery_codes != new_recovery_codes
assert len(new_recovery_codes) == auth.RECOVERY_CODE_COUNT
def test_regenerate_user_recovery_codes():
user_id = '17'
auth_user = auth.provision_user(user_id)
current_recovery_codes = set(recovery_code.code
for recovery_code in auth_user.recovery_codes)
auth.regenerate_user_recovery_codes(user_id)
new_recovery_codes = set(recovery_code.code
for recovery_code in auth_user.recovery_codes)
assert current_recovery_codes != new_recovery_codes
assert len(new_recovery_codes) == auth.RECOVERY_CODE_COUNT
def user_provision():
data = request.get_json(force=True)
try:
validate(data, USER_PROVISION_SCHEMA)
except ValidationError as e:
return jsonify(error_message=str(e), error_code='INVALID_PARAMS'), 400
try:
auth_user = auth.provision_user(**data)
except auth.UserCreationException as e:
return jsonify(error_message=str(e),
error_code='USER_PROVISION_FAILURE'), 400
return format_auth_user_response(auth_user)
def test_auth_uri():
user_id = "15"
user = auth.provision_user(user_id)
auth_uri = urlparse(auth.user_auth_uri(user_id, "*****@*****.**", "someissuer"))
assert auth_uri.scheme == "otpauth"
assert auth_uri.netloc == "totp"
assert auth_uri.path == "/someissuer:ausername%40example.org"
query = parse_qs(auth_uri.query)
assert query["algorithm"] == ["SHA256"]
assert query["period"] == [str(user.key_valid_duration)]
assert query["issuer"] == ["someissuer"]
assert query["secret"] == [b32encode(user.secret).decode("ASCII")]
assert query["digits"] == [str(user.key_length)]
def user_provision():
data = request.get_json(force=True)
try:
validate(data, USER_PROVISION_SCHEMA)
except ValidationError as e:
return jsonify(error_message=str(e), error_code='INVALID_PARAMS'), 400
try:
auth_user = auth.provision_user(**data)
except auth.UserCreationException as e:
return jsonify(
error_message=str(e),
error_code='USER_PROVISION_FAILURE'
), 400
return format_auth_user_response(auth_user)
def test_auth_uri():
user_id = '15'
user = auth.provision_user(user_id)
auth_uri = urlparse(
auth.user_auth_uri(user_id, '*****@*****.**', 'someissuer'), )
assert auth_uri.scheme == 'otpauth'
assert auth_uri.netloc == 'totp'
assert auth_uri.path == '/someissuer:ausername%40example.org'
query = parse_qs(auth_uri.query)
assert query['algorithm'] == ['SHA256']
assert query['period'] == [str(user.key_valid_duration)]
assert query['issuer'] == ['someissuer']
assert query['secret'] == [b32encode(user.secret).decode('ASCII')]
assert query['digits'] == [str(user.key_length)]
def test_user_exists():
user_id = '13'
auth.provision_user(user_id)
with pytest.raises(auth.UserCreationException):
auth.provision_user(user_id)
def test_provision_user_unsupported_hash_algorithm():
with pytest.raises(auth.UserCreationException):
auth.provision_user(1, hash_algorithm='MD5')
def test_provision_user_alternate_algorithm():
user_id = '12'
auth.provision_user(user_id, hash_algorithm='SHA1')
auth_user = auth.load_user(user_id)
assert auth_user.hash_algorithm == 'SHA1'
def test_unsupported_key_length():
with pytest.raises(auth.UserCreationException):
auth.provision_user(1, key_length=10)
def test_consume_recovery_code_wrong_code():
auth.provision_user(21)
with pytest.raises(auth.RecoveryCodeConsumptionError):
auth.consume_recovery_code(21, 'foobar')
def test_provision_user_alternate_key_length():
user_id = "11"
auth.provision_user(user_id, key_length=8)
auth_user = auth.load_user(user_id)
assert auth_user.key_length == 8
def test_provision_user_generates_recovery_codes():
user_id = "16"
auth_user = auth.provision_user(user_id)
assert len(auth_user.recovery_codes) == 10
def test_consume_recovery_code_wrong_code():
auth.provision_user(21)
with pytest.raises(auth.RecoveryCodeConsumptionError):
auth.consume_recovery_code(21, "foobar")
def test_unsupported_key_length():
with pytest.raises(auth.UserCreationException):
auth.provision_user(1, key_length=10)
def test_provision_user_generates_recovery_codes():
user_id = '16'
auth_user = auth.provision_user(user_id)
assert len(auth_user.recovery_codes) == 10
def test_provision_user_alternate_key_length():
user_id = '11'
auth.provision_user(user_id, key_length=8)
auth_user = auth.load_user(user_id)
assert auth_user.key_length == 8
def test_provision_user_alternate_algorithm():
user_id = "12"
auth.provision_user(user_id, hash_algorithm="SHA1")
auth_user = auth.load_user(user_id)
assert auth_user.hash_algorithm == "SHA1"
def test_provision_user_unsupported_hash_algorithm():
with pytest.raises(auth.UserCreationException):
auth.provision_user(1, hash_algorithm="MD5")
def test_user_exists():
user_id = "13"
auth.provision_user(user_id)
with pytest.raises(auth.UserCreationException):
auth.provision_user(user_id)
