def test_070_loginRedirectUsingHostname(self): global app, appData # Create Internal NIC capture rule with basic login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "LOCAL_DIRECTORY" appData['pageType'] = "BASIC_LOGIN" appData['userTimeout'] = 3600 # default appData['redirectUsingHostname'] = True app.setSettings(appData) # check that basic captive page is shown using HTTP result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_070a.out http://test.untangle.com/" ) assert (result == 0) search = remote_control.run_command( "grep -q 'username and password' /tmp/capture_test_070a.out") assert (search == 0) # check that basic captive page is shown using HTTPS result = remote_control.run_command( "curl -s --connect-timeout 10 -L -o /tmp/capture_test_070b.out --insecure https://test.untangle.com/" ) assert (result == 0) search = remote_control.run_command( "grep -q 'username and password' /tmp/capture_test_070b.out") assert (search == 0) # check if local directory login and password appid = str(app.getAppSettings()["id"]) # print 'appid is %s' % appid # debug line result = remote_control.run_command( "wget -O /tmp/capture_test_070c.out \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username="******"&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_070c.out") assert (search == 0) foundUsername = findNameInHostTable(localUserName) assert (foundUsername) # logout user to clean up test. # wget http://<internal IP>/capture/logout result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_070d.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_070d.out") assert (search == 0) foundUsername = findNameInHostTable(localUserName) assert (not foundUsername)
def test_030_checkUserRegistrationScript(self): """ checkUserRegistration """ # remove leading and trailing spaces. http_admin = global_functions.get_http_url() assert (http_admin) test_name = "randomName-" + "".join( [random.choice(string.letters) for i in xrange(15)]) test_name_lower = test_name.lower() result = register_username(http_admin, test_name) user_list = get_list_of_username_mapped() # print 'test_name %s' % test_name # print 'result %s' % result # print 'user_list %s' % user_list found_username = find_name_in_host_table(test_name_lower) assert (found_username) assert (result == 0) assert (test_name_lower in user_list) events = global_functions.get_events('Directory Connector', 'API Events', None, 1) assert (events != None) found_in_reports = global_functions.check_events( events.get('list'), 5, "login_name", test_name_lower, "client_addr", remote_control.clientIP) assert (found_in_reports)
def test_025_loginAnonymousHttps(self): global app, appData # Create Internal NIC capture rule with basic login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "NONE" appData['pageType'] = "BASIC_MESSAGE" appData['userTimeout'] = 3600 # default app.setSettings(appData) # check that basic captive page is shown result = remote_control.run_command( "curl -s --connect-timeout 10 -L -o /tmp/capture_test_025.out --insecure https://test.untangle.com/" ) assert (result == 0) search = remote_control.run_command( "grep -q 'Captive Portal' /tmp/capture_test_025.out") assert (search == 0) # Verify anonymous works appid = str(app.getAppSettings()["id"]) print 'appid is %s' % appid # debug line result = remote_control.run_command( "curl -s --connect-timeout 10 -L -o /tmp/capture_test_025a.out --insecure \'" + global_functions.get_http_url() + "/capture/handler.py/infopost?method=GET&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&agree=agree&submit=Continue&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_025a.out") assert (search == 0) # logout user to clean up test. # wget http://<internal IP>/capture/logout result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_025b.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_025b.out") assert (search == 0)
def test_020_changeBranding(self): global app, appWeb, appData appData['companyName'] = newCompanyName; appData['companyUrl'] = newURL; appData['contactName'] = newContactName; appData['contactEmail'] = newContactEmail; app.setSettings(appData) # test blockpage has all the changes result = remote_control.run_command("wget -q -O - \"$@\" www.playboy.com",stdout=True) # Verify Title of blockpage as company name myRegex = re.compile('<title>(.*?)</title>', re.IGNORECASE|re.DOTALL) matchText = myRegex.search(result).group(1) matchText = matchText.split("|")[0] matchText = matchText.strip() print("looking for: \"%s\""%newCompanyName) print("in :\"%s\""%matchText) assert(newCompanyName in matchText) # Verify email address is in the contact link myRegex = re.compile('mailto:(.*?)\?', re.IGNORECASE|re.DOTALL) matchText = myRegex.search(result).group(1) matchText = matchText.strip() print("looking for: \"%s\""%newContactEmail) print("in :\"%s\""%matchText) assert(newContactEmail in matchText) # Verify contact name is in the mailto myRegex = re.compile('mailto:.*?>(.*?)<\/a>', re.IGNORECASE|re.DOTALL) matchText = myRegex.search(result).group(1) matchText = matchText.strip() print("looking for: \"%s\""%newContactName) print("in :\"%s\""%matchText) assert(newContactName in matchText) # Verify URL is in the Logo box myRegex = re.compile('<a href\=\"(.*?)\"><img .* src\=\"\/images\/BrandingLogo', re.IGNORECASE|re.DOTALL) matchText = myRegex.search(result).group(1) print("looking for: \"%s\""%newURL) print("in :\"%s\""%matchText) assert(newURL in matchText) # Check login page for branding internalAdmin = None # print("IP address <%s>" % internalAdmin) result = remote_control.run_command("wget -q -O - \"$@\" " + global_functions.get_http_url() ,stdout=True) # print("page is <%s>" % result) # Verify Title of blockpage as company name myRegex = re.compile('<title>(.*?)</title>', re.IGNORECASE|re.DOTALL) matchText = myRegex.search(result).group(1) matchText = matchText.split("|")[0] matchText = matchText.strip() print("looking for: \"%s\""%newCompanyName) print("in :\"%s\""%matchText) assert(newCompanyName in matchText)
def test_110_verify_report_users(self): # Test report only user can login and report serlvet displays # add report user with test_email_address settings = app.getSettings() settings["reportsUsers"]["list"] = settings["reportsUsers"]["list"][:1] settings["reportsUsers"]["list"].append(create_reports_user(profile_email='test', access=True)) # password = passwd app.setSettings(settings) adminURL = global_functions.get_http_url() print("URL %s" % adminURL) resultLoginPage = subprocess.call("wget -q -O - " + adminURL + "reports 2>&1 | grep -q Login", shell=True) assert (resultLoginPage == 0) resultLoginPage = subprocess.call("wget -q -O - " + adminURL + '"auth/login?url=/reports&realm=Reports&username=test&password=passwd" 2>&1 | grep -q Report', shell=True) assert (resultLoginPage == 0)
def test_022_changeBranding_bannerMessage_removed(self): global app, appWeb, appData appData['companyName'] = newCompanyName; appData['companyUrl'] = newURL; appData['contactName'] = newContactName; appData['contactEmail'] = newContactEmail; appData['bannerMessage'] = "" app.setSettings(appData) internalAdmin = None result = remote_control.run_command("wget -q -O - \"$@\" " + global_functions.get_http_url() ,stdout=True) myRegex = re.compile('.*A regulation banner requirement containing a mix of text including <b>html<\/b> and<br\/>multiple<br\/>lines.*', re.DOTALL|re.MULTILINE) if re.match(myRegex,result): assert(False) else: assert(True)
def test_024_loginAnonymousTimeout(self): global app, appData if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') # Create Internal NIC capture rule with basic login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "NONE" appData['pageType'] = "BASIC_MESSAGE" appData['userTimeout'] = 10 app.setSettings(appData) # check that basic captive page is shown result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_024.out http://test.untangle.com/" ) assert (result == 0) # Verify anonymous works appid = str(app.getAppSettings()["id"]) print 'appid is %s' % appid # debug line result = remote_control.run_command( "wget -O /tmp/capture_test_024a.out \'" + global_functions.get_http_url() + "/capture/handler.py/infopost?method=GET&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&agree=agree&submit=Continue&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_024a.out") assert (search == 0) # Wait for captive timeout time.sleep(20) app.runCleanup( ) # run the periodic cleanup task to remove expired users result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_024b.out http://test.untangle.com/" ) assert (result == 0) search = remote_control.run_command( "grep -q 'Captive Portal' /tmp/capture_test_024b.out") assert (search == 0)
def test_032_checkUserRegistrationScriptOld(self): """ Check old user registration """ # remove leading and trailing spaces. http_admin = global_functions.get_http_url() assert(http_admin) test_name = "randomName-" + "".join( [random.choice(string.letters) for i in xrange(15)] ) test_name = test_name.lower() result = register_username_old(http_admin, test_name) user_list = get_list_of_username_mapped() # print('result %s' % result) # print('num %s' % numUsers) found_username = find_name_in_host_table(test_name) assert(found_username) assert (result == 0) assert (test_name in user_list)
def test_052_cookieDisabled(self): """ User has a cookie but cookies have been disabled """ global app, appData # variable for local test capture_file_name = "/tmp/capture_test_052.out" cookieExistsResults = remote_control.run_command("test -e " + savedCookieFileName) if (cookieExistsResults == 1): raise unittest2.SkipTest( 'Cookie file %s was was not create in test_051_captivePortalCookie_timeout' % savedCookieFileName) # Create Internal NIC capture rule with basic login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "LOCAL_DIRECTORY" appData['pageType'] = "BASIC_LOGIN" appData['sessionCookiesEnabled'] = False appData['sessionCookiesTimeout'] = 10 appData['userTimeout'] = 3600 app.setSettings(appData) # # check if local directory login and password appid = str(app.getAppSettings()["id"]) result = remote_control.run_command( "wget -O " + capture_file_name + " \'" + global_functions.get_http_url() + "/capture/handler.py/index?nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\' --load-cookies " + savedCookieFileName) assert (result == 0) remote_control.run_command("rm " + savedCookieFileName) search = remote_control.run_command("grep -q 'Hi!' " + capture_file_name) assert (search == 1) foundUsername = findNameInHostTable(localUserName) assert (foundUsername == False)
def test_031_checkUserRegistrationScriptMixedCase(self): """ checkUserRegistration, mixed character case in username """ # remove leading and trailing spaces. http_admin = global_functions.get_http_url().title() assert(http_admin) test_name = "randomName-" + "".join( [random.choice(string.letters) for i in xrange(15)] ) # Force at least one upper-case character result = register_username(http_admin, test_name.title()) user_list = get_list_of_username_mapped() # print('result %s' % result) # print('num %s' % numUsers) test_name = test_name.lower() found_username = find_name_in_host_table(test_name) assert(found_username) assert (result == 0) assert (test_name in user_list)
def test_051_cookieTimeout(self): """ Cookie expiration """ global app, appData if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') if timeOfClientOff(): raise unittest2.SkipTest( 'Client time different than Untangle server') # variable for local test capture_file_name = "/tmp/capture_test_051.out" cookie_file_name = "/tmp/capture_test_051_cookie.txt" cookie_timeout = 5 # Create Internal NIC capture rule with basic login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "LOCAL_DIRECTORY" appData['pageType'] = "BASIC_LOGIN" appData['sessionCookiesEnabled'] = True appData['sessionCookiesTimeout'] = cookie_timeout appData['userTimeout'] = 10 app.setSettings(appData) # check that basic captive page is shown result = remote_control.run_command("wget -4 -t 2 --timeout=5 -O " + capture_file_name + " http://test.untangle.com/") assert (result == 0) search = remote_control.run_command( "grep -q 'username and password' " + capture_file_name) assert (search == 0) # check if local directory login and password appid = str(app.getAppSettings()["id"]) # connect and auth to get cookie result = remote_control.run_command( "wget -O " + capture_file_name + " \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\' --save-cookies " + cookie_file_name) assert (result == 0) search = remote_control.run_command("grep -q 'Hi!' " + capture_file_name) assert (search == 0) # Wait for captive timeout time.sleep(20) app.runCleanup( ) # run the periodic cleanup task to remove expired users # Cookie expiration is handled by browser so check that after the cookie timeout, # the client side's expiration difference from current is greater than timeout. cookie_expires = remote_control.run_command( "tail -1 " + cookie_file_name + " | cut -f5", stdout=True) assert (cookie_expires) # verify there is a cookie time # Save the cookie file since it is used in the next test. remote_control.run_command("cp " + cookie_file_name + " " + savedCookieFileName) second_difference = int( remote_control.run_command("expr $(date +%s) - " + cookie_expires, stdout=True)) print "second_difference: %i cookie_timeout: %i" % (second_difference, cookie_timeout) assert (second_difference > cookie_timeout)
def test_050_cookie(self): """ Cookie test """ global app, appData if remote_control.quickTestsOnly: raise unittest2.SkipTest('Skipping a time consuming test') # variable for local test capture_file_name = "/tmp/capture_test_050.out" cookie_file_name = "/tmp/capture_test_050_cookie.txt" # Create Internal NIC capture rule with basic login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "LOCAL_DIRECTORY" appData['pageType'] = "BASIC_LOGIN" appData['sessionCookiesEnabled'] = True appData['sessionCookiesTimeout'] = 86400 appData['userTimeout'] = 10 app.setSettings(appData) # check that basic captive page is shown result = remote_control.run_command("wget -4 -t 2 --timeout=5 -O " + capture_file_name + " http://test.untangle.com/") assert (result == 0) search = remote_control.run_command( "grep -q 'username and password' " + capture_file_name) assert (search == 0) # check if local directory login and password appid = str(app.getAppSettings()["id"]) # connect and auth to get cookie result = remote_control.run_command( "wget -O " + capture_file_name + " \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username=test20&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\' --save-cookies " + cookie_file_name) assert (result == 0) search = remote_control.run_command("grep -q 'Hi!' " + capture_file_name) assert (search == 0) # Wait for captive timeout time.sleep(20) app.runCleanup( ) # run the periodic cleanup task to remove expired users # try again without cookie (confirm session not active) result = remote_control.run_command( "wget -O " + capture_file_name + " \'" + global_functions.get_http_url() + "/capture/handler.py/?username=&password=&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command("grep -q 'Hi!' " + capture_file_name) assert (search == 1) # try again with cookie result = remote_control.run_command( "wget -O " + capture_file_name + " \'" + global_functions.get_http_url() + "/capture/handler.py/index?nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\' --load-cookies " + cookie_file_name) assert (result == 0) search = remote_control.run_command("grep -q 'Hi!' " + capture_file_name) assert (search == 0) foundUsername = findNameInHostTable(localUserName) assert (foundUsername) # Wait for captive timeout time.sleep(20) app.runCleanup( ) # run the periodic cleanup task to remove expired users
def test_040_loginRadius(self): global appData, app, appDataRD, appDataAD, appAD if (radiusResult != 0): raise unittest2.SkipTest("No RADIUS server available") # Configure RADIUS settings appAD.setSettings(createRadiusSettings()) attempts = 0 while attempts < 3: testResultString = appAD.getRadiusManager( ).getRadiusStatusForSettings(createRadiusSettings(), "normal", "passwd") if ("success" in testResultString): break else: attempts += 1 print 'testResultString %s attempts %s' % (testResultString, attempts ) # debug line assert ("success" in testResultString) # Create Internal NIC capture rule with basic AD login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "RADIUS" appData['pageType'] = "BASIC_LOGIN" appData['userTimeout'] = 3600 # default app.setSettings(appData) # check that basic captive page is shown result = remote_control.run_command( "wget -q -4 -t 2 --timeout=5 -O /tmp/capture_test_040.out http://test.untangle.com/" ) assert (result == 0) search = remote_control.run_command( "grep -q 'username' /tmp/capture_test_040.out") assert (search == 0) # check if RADIUS login and password appid = str(app.getAppSettings()["id"]) # print 'appid is %s' % appid # debug line result = remote_control.run_command( "wget -O /tmp/capture_test_040a.out \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username=normal&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'", stdout=True) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_040a.out") assert (search == 0) # logout user to clean up test. # wget http://<internal IP>/capture/logout result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_040b.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_040b.out") assert (search == 0) # check if RADIUS login and password a second time. appid = str(app.getAppSettings()["id"]) # print 'appid is %s' % appid # debug line result = remote_control.run_command( "wget -O /tmp/capture_test_040c.out \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username=normal&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'", stdout=True) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_040c.out") assert (search == 0) # logout user to clean up test a second time. # wget http://<internal IP>/capture/logout result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_040d.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_040d.out") assert (search == 0)
def test_035_loginActiveDirectory(self): global appData, app, appDataAD, appAD if (adResult != 0): raise unittest2.SkipTest("No AD server available") # Configure AD settings testResultString = appAD.getActiveDirectoryManager( ).getStatusForSettings( createDirectoryConnectorSettings(ldap_secure=False) ["activeDirectorySettings"]["servers"]["list"][0]) # print 'testResultString %s' % testResultString # debug line appAD.setSettings(createDirectoryConnectorSettings()) assert ("success" in testResultString) # Create Internal NIC capture rule with basic AD login page appData['captureRules']['list'] = [] appData['captureRules']['list'].append(createCaptureNonWanNicRule(1)) appData['authenticationType'] = "ACTIVE_DIRECTORY" appData['pageType'] = "BASIC_LOGIN" appData['userTimeout'] = 3600 # default app.setSettings(appData) # check that basic captive page is shown result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_035.out http://test.untangle.com/" ) assert (result == 0) search = remote_control.run_command( "grep -q 'username and password' /tmp/capture_test_035.out") assert (search == 0) # check if AD login and password appid = str(app.getAppSettings()["id"]) # print 'appid is %s' % appid # debug line result = remote_control.run_command( "wget -O /tmp/capture_test_035a.out \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username="******"&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_035a.out") assert (search == 0) foundUsername = findNameInHostTable(adUserName) assert (foundUsername) # logout result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_035b.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_035b.out") assert (search == 0) # try second time to login, result = remote_control.run_command( "wget -O /tmp/capture_test_035c.out \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username="******"&password=passwd&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_035c.out") assert (search == 0) # logout user to clean up test. # wget http://<internal IP>/capture/logout result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_035d.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_035d.out") assert (search == 0) foundUsername = findNameInHostTable(adUserName) assert (not foundUsername) # check extend ascii in login and password bug 10860 result = remote_control.run_command( "wget -O /tmp/capture_test_035e.out \'" + global_functions.get_http_url() + "/capture/handler.py/authpost?username=britishguy&password=passwd%C2%A3&nonce=9abd7f2eb5ecd82b&method=GET&appid=" + appid + "&host=test.untangle.com&uri=/\'") assert (result == 0) search = remote_control.run_command( "grep -q 'Hi!' /tmp/capture_test_035e.out") assert (search == 0) # logout user to clean up test. result = remote_control.run_command( "wget -4 -t 2 --timeout=5 -O /tmp/capture_test_035f.out " + global_functions.get_http_url() + "/capture/logout") assert (result == 0) search = remote_control.run_command( "grep -q 'logged out' /tmp/capture_test_035f.out") assert (search == 0)