예제 #1
0
    def test_web_api_auth(self):

        with EmailProviderServer(self, 20) as smtpsvc:

            # Authenticate over Web API
            validate = Validate(self.http_protocol, self.http_host,
                                self.http_port, self.http_username,
                                self.http_password)
            access_granted, validate_resp = validate.validate(user=self.username + "@" + self.realm_name,
                                                              password=self.email_token_pin)
            self.assertFalse(access_granted,
                             "Should return false because this request only triggers the challenge.")
            try:
                message = validate_resp['detail']['message']
            except KeyError:
                self.fail("detail.message should be present %r" %
                          validate_resp)
            self.assertEqual(message,
                             "e-mail sent successfully",
                             "Wrong validate response %r" % validate_resp)
            otp = smtpsvc.get_otp()

        access_granted, validate_resp = validate.validate(user=self.username + "@" + self.realm_name,
                                                          password=self.email_token_pin + otp)
        self.assertTrue(access_granted,
                        "Could not authenticate user %s %r" % (self.username, validate_resp))
예제 #2
0
class TestEmailTokenAuth(TestEmailToken):

    def setUp(self):
        TestEmailToken.setUp(self)
        self.enroll_email_token()

    @unittest.skipIf(is_radius_disabled(), True)
    def test_radius_auth(self):

        def radius_auth(username, realm_name,
                        pin, radius_secret,
                        radius_server, state=None):
            call_array = "python ../../../tools/linotp-auth-radius -f ../../../test.ini".split()
            call_array.extend(['-u', username + "@" + realm_name,
                               '-p', pin,
                               '-s', radius_secret,
                               '-r', radius_server])
            if state:
                call_array.extend('-t', state)

            logger.debug("Executing %s" % ' '.join(call_array))
            try:
                return check_output(call_array)
            except CalledProcessError, e:
                assert e.returncode == 0, \
                    "radius auth process exit code %s. Command:%s Ouptut:%s" % \
                    (e.returncode, ' '.join(e.cmd), e.output)

        radius_server = get_from_tconfig(
            ['radius', 'server'],
            default=self.http_host.split(':')[0],
        )
        radius_secret = get_from_tconfig(['radius', 'secret'], required=True)

        with EmailProviderServer(self, 20) as smtpsvc:
            # Authenticate with RADIUS
            rad1 = radius_auth(
                self.username, self.realm_name,
                self.email_token_pin,
                radius_secret, radius_server)
            m = re.search(r"State:\['(\d+)'\]", rad1)
            self.assertTrue(m is not None,
                            "'State' not found in linotp-auth-radius output. %r" % rad1)
            state = m.group(1)
            logger.debug("State: %s" % state)

            otp = smtpsvc.get_otp()

        rad2 = radius_auth(
            self.username, self.realm_name,
            otp, radius_secret,
            radius_server, state)
        self.assertTrue("Access granted to user " + self.username in rad2,
                        "Access not granted to user. %r" % rad2)
예제 #3
0
    def test_web_api_auth(self):

        with EmailProviderServer(self.testcase, 20) as smtpsvc:

            # Authenticate over Web API
            validate = Validate(
                self.testcase.http_protocol,
                self.testcase.http_host,
                self.testcase.http_port,
                self.testcase.http_username,
                self.testcase.http_password,
            )
            access_granted, validate_resp = validate.validate(
                user=self.data["username"] + "@" + self.data["realm_name"],
                password=self.data["email_token_pin"],
            )
            assert (
                not access_granted
            ), "Should return false because this request only triggers the challenge."
            try:
                message = validate_resp["detail"]["message"]
            except KeyError as e:
                raise KeyError(e.message +
                               " | detail.message should be present %r" %
                               validate_resp)
            assert message == "e-mail sent successfully", (
                "Wrong validate response %r" % validate_resp)
            otp = smtpsvc.get_otp()

        access_granted, validate_resp = validate.validate(
            user=self.data["username"] + "@" + self.data["realm_name"],
            password=self.data["email_token_pin"] + otp,
        )
        assert access_granted, "Could not authenticate user %s %r" % (
            self.data["username"],
            validate_resp,
        )
예제 #4
0
    def test_radius_auth(self):
        def radius_auth(username,
                        realm_name,
                        pin,
                        radius_secret,
                        radius_server,
                        state=None):
            call_array = "python ../../../tools/linotp-auth-radius -f ../../../test.ini".split(
            )
            call_array.extend([
                "-u",
                username + "@" + realm_name,
                "-p",
                pin,
                "-s",
                radius_secret,
                "-r",
                radius_server,
            ])
            if state:
                call_array.extend("-t", state)

            logger.debug("Executing %s", " ".join(call_array))
            try:
                return check_output(call_array)
            except CalledProcessError as e:
                assert e.returncode == 0, (
                    "radius auth process exit code %s. Command:%s Ouptut:%s" %
                    (e.returncode, " ".join(e.cmd), e.output))

        radius_server = get_from_tconfig(
            ["radius", "server"],
            default=self.testcase.http_host.split(":")[0],
        )
        radius_secret = get_from_tconfig(["radius", "secret"], required=True)

        with EmailProviderServer(self.testcase, 20) as smtpsvc:
            # Authenticate with RADIUS
            rad1 = radius_auth(
                self.data["username"],
                self.data["realm_name"],
                self.data["email_token_pin"],
                radius_secret,
                radius_server,
            )
            m = re.search(r"State:\['(\d+)'\]", rad1)
            assert m is not None, (
                "'State' not found in linotp-auth-radius output. %r" % rad1)
            state = m.group(1)
            logger.debug("State: %s", state)

            otp = smtpsvc.get_otp()

        rad2 = radius_auth(
            self.data["username"],
            self.data["realm_name"],
            otp,
            radius_secret,
            radius_server,
            state,
        )
        assert "Access granted to user " + self.data["username"] in rad2, (
            "Access not granted to user. %r" % rad2)