def test_validate_check_with_serial( self, mocked_geUserId, mocked_get_auth_forward, mocked_checkTokenList, mocked_auth_forward_no_token, ): """ test calling checkUserPass with serial in the list of optional args """ # ------------------------------------------------------------------ -- # test setup user = User("root", "anywhere") passw = "Test123!" serial = "tok123" options = {"serial": serial} mocked_auth_forward_no_token.return_value = True mocked_geUserId.return_value = ("uid", "resolver", "resolverClass") mocked_get_auth_forward.return_value = None mocked_checkTokenList.return_value = True, None # ------------------------------------------------------------------ -- # if serial was given, there should be only one token in the tokenlist # when calling of checkTokenList vh = ValidationHandler() _result = vh.checkUserPass(user, passw, options=options) call_args = mocked_checkTokenList.call_args token_list = call_args[0][0] assert len(token_list) == 1 # ------------------------------------------------------------------ -- # if no serial was given, there should be 2 token in the tokenlist # when calling of checkTokenList vh = ValidationHandler() _result = vh.checkUserPass(user, passw, options=None) call_args = mocked_checkTokenList.call_args token_list = call_args[0][0] assert len(token_list) > 1 return
def test_validate_check_with_serial( self, mocked_geUserId, mocked_get_auth_forward, mocked_checkTokenList, mocked_auth_forward_no_token): """ test calling checkUserPass with serial in the list of optional args """ # ------------------------------------------------------------------ -- # test setup user = User('root', 'anywhere') passw = "Test123!" serial = 'tok123' options = {'serial': serial} mocked_auth_forward_no_token.return_value = True mocked_geUserId.return_value = ('uid', 'resolver', 'resolverClass') mocked_get_auth_forward.return_value = None mocked_checkTokenList.return_value = True, None # ------------------------------------------------------------------ -- # if serial was given, there should be only one token in the tokenlist # when calling of checkTokenList vh = ValidationHandler() _result = vh.checkUserPass(user, passw, options=options) call_args = mocked_checkTokenList.call_args token_list = call_args[0][0] assert len(token_list) == 1 # ------------------------------------------------------------------ -- # if no serial was given, there should be 2 token in the tokenlist # when calling of checkTokenList vh = ValidationHandler() _result = vh.checkUserPass(user, passw, options=None) call_args = mocked_checkTokenList.call_args token_list = call_args[0][0] assert len(token_list) > 1 return
def _check(self, param): ''' basic check function, that can be used by different controllers :param param: dict of all caller parameters :type param: dict :return: Tuple of True or False and opt :rtype: Tuple(boolean, opt) ''' opt = None options = {} # put everything in the options but the user, pass, init options.update(param) for para in ["pass", "user", "init"]: if options.has_key(para): del options[para] passw = param.get("pass") user = getUserFromParam(param) # support for ocra application challenge verification challenge = param.get("challenge") if challenge is not None: options = {} options['challenge'] = challenge c.audit['user'] = user.login realm = user.realm or getDefaultRealm() c.audit['realm'] = realm # AUTHORIZATION Pre Check # we need to overwrite the user.realm in case the # user does not exist in the original realm (setrealm-policy) user.realm = set_realm(user.login, realm, exception=True) check_user_authorization(user.login, user.realm, exception=True) if isSelfTest() is True: initTime = param.get("init") if initTime is not None: if options is None: options = {} options['initTime'] = initTime vh = ValidationHandler() (ok, opt) = vh.checkUserPass(user, passw, options=options) c.audit.update(request_context.get('audit')) c.audit['success'] = ok if ok: # AUTHORIZATION post check check_auth_tokentype(c.audit['serial'], exception=True, user=user) check_auth_serial(c.audit['serial'], exception=True, user=user) # add additional details if is_auth_return(ok, user=user): if opt is None: opt = {} if ok: opt['realm'] = c.audit.get('realm') opt['user'] = c.audit.get('user') opt['tokentype'] = c.audit.get('token_type') opt['serial'] = c.audit.get('serial') else: opt['error'] = c.audit.get('action_detail') return (ok, opt)
def check(self): ''' This function is used to login method: openid/check arguments: user - user to login realm - in which realm the user should login pass - password returns: JSON response ''' ok = False param = {} do_redirect = None message = None try: param.update(request.params) same_user = True passw = getParam(param, "pass", optional) ## getUserFromParam will return default realm if no realm is ## provided via @ append or extra parameter realm ## if the provided realm does not exist, the realm is left empty user = getUserFromParam(param, optional) ## if the requested user has a realm specified (via @realm append) ## and this is not the same as the user from getUserFromParam ## the requested user is not a valid one! p_user = param.get('user', '') if "@" in p_user: if p_user != "%s@%s" % (user.login, user.realm): same_user = False c.audit['user'] = user.login c.audit['realm'] = user.realm or getDefaultRealm() vh = ValidationHandler() if same_user is True: (ok, opt) = vh.checkUserPass(user, passw) c.audit['success'] = ok if ok: ## if the user authenticated successfully we need to set the cookie aka ## the ticket and we need to remember this ticket. user = "******" % (user.login, c.audit['realm']) log.debug("[check] user=%s" % user) token = self.storage.set_user_token(user, expire=self.COOKIE_EXPIRE) log.debug("[check] token=%s" % token) cookie = "%s:%s" % (user, token) log.debug("[check] cookie=%s" % cookie) response.set_cookie(COOKIE_NAME, cookie, max_age=self.COOKIE_EXPIRE) else: message = "Your login attempt was not successful!" Session.commit() # Only if we logged in successfully we redirect to the original # page (Servive Provider). Otherwise we will redirect to the # status page p = {} redirect_to = getParam(param, "redirect_to", optional) if redirect_to and ok: p = {} for k in [ 'openid.return_to', "openid.realm", "openid.ns", "openid.claimed_id", "openid.mode", "openid.identity" ]: p[k] = param[k] else: if message is not None: p["message"] = message redirect_to = "/openid/status" do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p)))) except Exception as exx: log.exception("[check] openid/check failed: %r" % exx) Session.rollback() return sendError(response, "openid/check failed: %r" % exx, 0) finally: Session.close() log.debug('[check] done') if do_redirect: log.debug("[check] now redirecting to %s" % do_redirect) redirect(do_redirect)
def _check(self, param): ''' basic check function, that can be used by different controllers :param param: dict of all caller parameters :type param: dict :return: Tuple of True or False and opt :rtype: Tuple(boolean, opt) ''' opt = None options = {} ## put everythin in the options but the user, pass, init options.update(param) for para in ["pass", "user", "init"]: if options.has_key(para): del options[para] passw = getParam(param, "pass", optional) user = getUserFromParam(param, optional) # support for ocra application challenge verification challenge = getParam(param, "challenge", optional) if challenge is not None: options = {} options['challenge'] = challenge c.audit['user'] = user.login realm = user.realm or getDefaultRealm() c.audit['realm'] = realm # AUTHORIZATION Pre Check # we need to overwrite the user.realm in case the user does not exist in the original realm (setrealm-policy) user.realm = set_realm(user.login, realm, exception=True) check_user_authorization(user.login, user.realm, exception=True) if isSelfTest() is True: initTime = getParam(param, "init", optional) if initTime is not None: if options is None: options = {} options['initTime'] = initTime vh = ValidationHandler() (ok, opt) = vh.checkUserPass(user, passw, options=options) c.audit.update(request_context.get('audit')) c.audit['success'] = ok if ok: # AUTHORIZATION post check check_auth_tokentype(c.audit['serial'], exception=True, user=user) check_auth_serial(c.audit['serial'], exception=True, user=user) # add additional details if is_auth_return(ok, user=user): if opt is None: opt = {} if ok: opt['realm'] = c.audit.get('realm') opt['user'] = c.audit.get('user') opt['tokentype'] = c.audit.get('token_type') opt['serial'] = c.audit.get('serial') else: opt['error'] = c.audit.get('action_detail') return (ok, opt)
def _check(self, param): """ basic check function, that can be used by different controllers :param param: dict of all caller parameters :type param: dict :return: Tuple of True or False and opt :rtype: Tuple(boolean, opt) """ opt = None options = {} # put everything in the options but the user, pass, init options.update(param) for para in ["pass", "user", "init"]: if para in options: del options[para] passw = param.get("pass") user = getUserFromParam(param) # support for challenge verification challenge = param.get("challenge") if challenge is not None: options = {} options["challenge"] = challenge g.audit["user"] = user.login realm = user.realm or getDefaultRealm() g.audit["realm"] = realm # AUTHORIZATION Pre Check # we need to overwrite the user.realm in case the # user does not exist in the original realm (setrealm-policy) user.realm = set_realm(user.login, realm, exception=True) check_user_authorization(user.login, user.realm, exception=True) vh = ValidationHandler() (ok, opt) = vh.checkUserPass(user, passw, options=options) g.audit.update(request_context.get("audit", {})) g.audit["success"] = ok if ok: # AUTHORIZATION post check check_auth_tokentype(g.audit["serial"], exception=True, user=user) check_auth_serial(g.audit["serial"], exception=True, user=user) # add additional details if is_auth_return(ok, user=user): if opt is None: opt = {} if ok: opt["realm"] = g.audit.get("realm") opt["user"] = g.audit.get("user") opt["tokentype"] = g.audit.get("token_type") opt["serial"] = g.audit.get("serial") else: opt["error"] = g.audit.get("action_detail") return (ok, opt)