def test_verify_response(self): request_sig = duo_web.sign_request(IKEY, SKEY, AKEY, USER) duo_sig, valid_app_sig = request_sig.split(':') request_sig = duo_web.sign_request(IKEY, SKEY, 'invalid' * 6, USER) duo_sig, invalid_app_sig = request_sig.split(':') request_sig = duo_web.sign_enroll_request(IKEY, SKEY, AKEY, USER) duo_sig, valid_enroll_sig = request_sig.split(':') request_sig = duo_web.sign_enroll_request(IKEY, SKEY, 'invalid' * 6, USER) duo_sig, invalid_enroll_sig = request_sig.split(':') invalid_user = duo_web.verify_response( IKEY, SKEY, AKEY, INVALID_RESPONSE + ':' + valid_app_sig) self.assertEqual(invalid_user, None) expired_user = duo_web.verify_response( IKEY, SKEY, AKEY, EXPIRED_RESPONSE + ':' + valid_app_sig) self.assertEqual(expired_user, None) future_user = duo_web.verify_response( IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + invalid_app_sig) self.assertEqual(future_user, None) future_user = duo_web.verify_response( IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig) self.assertEqual(future_user, USER) future_user = duo_web.verify_response( IKEY, SKEY, AKEY, WRONG_PARAMS_RESPONSE + ':' + valid_app_sig) self.assertEqual(future_user, None) future_user = duo_web.verify_response( IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + WRONG_PARAMS_APP) self.assertEqual(future_user, None) future_user = duo_web.verify_response( WRONG_IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig) self.assertEqual(future_user, None) enroll_user = duo_web.verify_enroll_response( IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + valid_enroll_sig) self.assertEqual(enroll_user, USER) enroll_user = duo_web.verify_enroll_response( IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + invalid_enroll_sig) self.assertEqual(enroll_user, None)
def do_POST(self): try: sig_response = self.require_post('sig_response') except ValueError: self.error('sig_response post parameter is required') return user = duo_web.verify_response(self.server.ikey, self.server.skey, self.server.akey, sig_response) self.send_response(200) self.end_headers() if user is None: # See if it was a response to an ENROLL_REQUEST user = duo_web.verify_enroll_response(self.server.ikey, self.server.skey, self.server.akey, sig_response) if user is None: self.wfile.write( ('Did not authenticate with Duo.'.encode('utf-8'))) else: self.wfile.write( ('Enrolled with Duo as %s.' % user).encode('utf-8')) else: self.wfile.write( ('Authenticated with Duo as %s.' % user).encode('utf-8'))
def do_POST(self): try: sig_response = self.require_post('sig_response') except ValueError: self.error('sig_response post parameter is required') return user = duo_web.verify_response( self.server.ikey, self.server.skey, self.server.akey, sig_response) self.send_response(200) self.end_headers() if user is None: # See if it was a response to an ENROLL_REQUEST user = duo_web.verify_enroll_response( self.server.ikey, self.server.skey, self.server.akey, sig_response) if user is None: self.wfile.write( ('Did not authenticate with Duo.'.encode('utf-8'))) else: self.wfile.write( ('Enrolled with Duo as %s.' % user).encode('utf-8')) else: self.wfile.write( ('Authenticated with Duo as %s.' % user).encode('utf-8'))
def test_verify_response(self): request_sig = duo_web.sign_request(IKEY, SKEY, AKEY, USER) duo_sig, valid_app_sig = request_sig.split(':') request_sig = duo_web.sign_request(IKEY, SKEY, 'invalid' * 6, USER) duo_sig, invalid_app_sig = request_sig.split(':') request_sig = duo_web.sign_enroll_request(IKEY, SKEY, AKEY, USER) duo_sig, valid_enroll_sig = request_sig.split(':') request_sig = duo_web.sign_enroll_request(IKEY, SKEY, 'invalid' * 6, USER) duo_sig, invalid_enroll_sig = request_sig.split(':') invalid_user = duo_web.verify_response(IKEY, SKEY, AKEY, INVALID_RESPONSE + ':' + valid_app_sig) self.assertEqual(invalid_user, None) expired_user = duo_web.verify_response(IKEY, SKEY, AKEY, EXPIRED_RESPONSE + ':' + valid_app_sig) self.assertEqual(expired_user, None) future_user = duo_web.verify_response(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + invalid_app_sig) self.assertEqual(future_user, None) future_user = duo_web.verify_response(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig) self.assertEqual(future_user, USER) future_user = duo_web.verify_response(IKEY, SKEY, AKEY, WRONG_PARAMS_RESPONSE + ':' + valid_app_sig) self.assertEqual(future_user, None) future_user = duo_web.verify_response(IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + WRONG_PARAMS_APP) self.assertEqual(future_user, None) future_user = duo_web.verify_response(WRONG_IKEY, SKEY, AKEY, FUTURE_RESPONSE + ':' + valid_app_sig) self.assertEqual(future_user, None) enroll_user = duo_web.verify_enroll_response(IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + valid_enroll_sig) self.assertEqual(enroll_user, USER) enroll_user = duo_web.verify_enroll_response(IKEY, SKEY, AKEY, FUTURE_ENROLL_RESPONSE + ':' + invalid_enroll_sig) self.assertEqual(enroll_user, None)