예제 #1
0
    def setUp(self):
        """
        Create a AD UserIdResolver and add it to a realm. Verify that the user we
        want to test with exists.
        """
        TestCase.setUp(self)
        self.realm_name = "se_yubikey_realm"
        self.user_name = "maxwell"

        ad_certificate = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create physics AD
        physics_ad_name = "SE_yubikey_AD"
        physics_ad_id_resolver = LdapUserIdResolver(
            physics_ad_name,
            self.driver,
            self.base_url,
            uri="ldaps://hottybotty",
            certificate=ad_certificate,
            basedn="dc=hotad,dc=example,dc=net",
            binddn=u'cn="Clark Maxwell",ou=corp,dc=hotad,dc=example,dc=net',
            password="******",
            preset_ldap=False
        )
        time.sleep(1)

        # Create realm
        resolvers_realm1 = [physics_ad_id_resolver]
        realm1 = Realm(self.realm_name, resolvers_realm1)
        realm1.create(self.driver, self.base_url)
        time.sleep(1)

        user_view = UserView(self.driver, self.base_url, self.realm_name)
        self.assertTrue(user_view.user_exists(self.user_name), "User '" + self.user_name +
                                                               "' should exist.")
        time.sleep(1)
예제 #2
0
    def setUp(self):
        """
        Create a AD UserIdResolver and add it to a realm. Verify that the user we
        want to test with exists.
        """
        TestCase.setUp(self)
        self.realm_name = "se_yubikey_realm"
        self.user_name = "maxwell"

        ad_certificate = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create physics AD
        physics_ad_name = "SE_yubikey_AD"
        physics_ad_id_resolver = LdapUserIdResolver(
            physics_ad_name,
            self.driver,
            self.base_url,
            uri="ldaps://hottybotty",
            certificate=ad_certificate,
            basedn="dc=hotad,dc=example,dc=net",
            binddn=u'cn="Clark Maxwell",ou=corp,dc=hotad,dc=example,dc=net',
            password="******",
            preset_ldap=False
        )
        time.sleep(1)

        # Create realm
        resolvers_realm1 = [physics_ad_id_resolver]
        realm1 = Realm(self.realm_name, resolvers_realm1)
        realm1.create(self.driver, self.base_url)
        time.sleep(1)

        user_view = UserView(self.driver, self.base_url, self.realm_name)
        self.assertTrue(user_view.user_exists(self.user_name), "User '" + self.user_name +
                                                               "' should exist.")
        time.sleep(1)
예제 #3
0
    def test_enroll(self):
        """
        Enroll sms token. After enrolling it verifies that the token info contains the
        correct sms. Then a user is authenticated using challenge response over RADIUS
        and Web API.
        """

        sms_provider_config = get_from_tconfig(['sms_token', 'sms_provider_config'])
        radius_server = get_from_tconfig(
            ['radius', 'server'],
            default=self.http_host.split(':')[0],
            )
        radius_secret = get_from_tconfig(['radius', 'secret'], required=True)
        disable_radius = get_from_tconfig(['radius', 'disable'], default='False')

        driver = self.driver

        # Create Passwd UserIdResolver
        #
        # Expected content of /etc/se_mypasswd is:
        #
        # hans:x:42:0:Hans Müller,Room 22,+49(0)1234-22,+49(0)5678-22,[email protected]:x:x
        # susi:x:1336:0:Susanne Bauer,Room 23,+49(0)1234-24,+49(0)5678-23,[email protected]:x:x
        # rollo:x:21:0:Rollobert Fischer,Room 24,+49(0)1234-24,+49(0)5678-24,[email protected]:x:x
        #
        passwd_name = "SE_myPasswd"
        passwd_id_resolver = PasswdUserIdResolver(passwd_name, driver,
                                                  self.base_url, filename="/etc/se_mypasswd")
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm = [passwd_id_resolver]
        realm_name = "SE_smstoken"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        # Set SMTP sms config
        if sms_provider_config:
            parameters = {
                'SMSProvider': 'smsprovider.SmtpSMSProvider.SmtpSMSProvider',
                'SMSProviderConfig': sms_provider_config
            }
            set_config = SetConfig(self.http_protocol, self.http_host, self.http_username,
                                   self.http_password)
            result = set_config.setConfig(parameters)
            self.assertTrue(result, "It was not possible to set the config")
        else:
            print "No sms_provider_config in testconfig file. Using LinOTP default."

        # Enroll sms token
        driver.get(self.base_url + "/manage/")
        time.sleep(2)
        user_view = UserView(driver, self.base_url, realm_name)
        username = "******"
        user_view.select_user(username)
        sms_token_pin = "1234"
        description = "Rolled out by Selenium"
        sms_token = SmsToken(driver=self.driver,
                             base_url=self.base_url,
                             pin=sms_token_pin,
                             description=description)
        token_view = TokenView(self.driver, self.base_url)
        token_info = token_view.get_token_info(sms_token.serial)
        expected_phone_number = "+49(0)1234-24"
        self.assertEqual(expected_phone_number, token_info['LinOtp.TokenInfo']['phone'],
                         "Wrong phone number was set for sms token.")

        # Authenticate with RADIUS
        if disable_radius.lower() == 'true':
            print "Testconfig option radius.disable is set to True. Skipping RADIUS test!"
        else:
            call_array = "linotp-auth-radius -f ../../../test.ini".split()
            call_array.extend(['-u', username + "@" + realm_name,
                               '-p', '1234',
                               '-s', radius_secret,
                               '-r', radius_server])
            rad1 = check_output(call_array)
            m = re.search(r"State:\['(\d+)'\]", rad1)
            self.assertTrue(m is not None,
                            "'State' not found in linotp-auth-radius output. %r" % rad1)
            state = m.group(1)
            print "State: %s" % state
            otp = self._get_otp()
            call_array = "linotp-auth-radius -f ../../../test.ini".split()
            call_array.extend(['-u', username + "@" + realm_name,
                               '-p', otp,
                               '-t', state,
                               '-s', radius_secret,
                               '-r', radius_server])
            rad2 = check_output(call_array)
            self.assertTrue("Access granted to user " + username in rad2,
                            "Access not granted to user. %r" % rad2)

        # Authenticate over Web API
        validate = Validate(self.http_protocol, self.http_host, self.http_username,
                            self.http_password)
        access_granted, validate_resp = validate.validate(user=username + "@" + realm_name,
                                            password=sms_token_pin)
        self.assertFalse(access_granted,
                         "Should return false because this request only triggers the challenge.")
        try:
            message = validate_resp['detail']['message']
        except KeyError:
            self.fail("detail.message should be present %r" % validate_resp)
        self.assertEqual(message,
                         "sms submitted",
                         "Wrong validate response %r" % validate_resp)
        otp = self._get_otp()
        access_granted, validate_resp = validate.validate(user=username + "@" + realm_name,
                                            password=sms_token_pin + otp)
        self.assertTrue(access_granted,
                        "Could not authenticate user %s %r" % (username, validate_resp))
예제 #4
0
    def test_enroll(self):
        """
        Enroll sms token. After enrolling it verifies that the token info contains the
        correct sms. Then a user is authenticated using challenge response over RADIUS
        and Web API.
        """

        sms_provider_config = get_from_tconfig(['sms_token', 'sms_provider_config'])
        radius_server = get_from_tconfig(['radius', 'server'], default=self.http_host)
        radius_secret = get_from_tconfig(['radius', 'secret'], required=True)
        disable_radius = get_from_tconfig(['radius', 'disable'], default='False')

        driver = self.driver

        # Create Passwd UserIdResolver
        #
        # Expected content of /etc/se_mypasswd is:
        #
        # hans:x:42:0:Hans Müller,Room 22,+49(0)1234-22,+49(0)5678-22,[email protected]:x:x
        # susi:x:1336:0:Susanne Bauer,Room 23,+49(0)1234-24,+49(0)5678-23,[email protected]:x:x
        # rollo:x:21:0:Rollobert Fischer,Room 24,+49(0)1234-24,+49(0)5678-24,[email protected]:x:x
        #
        passwd_name = "SE_myPasswd"
        passwd_id_resolver = PasswdUserIdResolver(passwd_name, driver,
                                                  self.base_url, filename="/etc/se_mypasswd")
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm = [passwd_id_resolver]
        realm_name = "SE_smstoken"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        # Set SMTP sms config
        if sms_provider_config:
            parameters = {
                'SMSProvider': 'smsprovider.SmtpSMSProvider.SmtpSMSProvider',
                'SMSProviderConfig': sms_provider_config
            }
            set_config = SetConfig(self.http_protocol, self.http_host, self.http_username,
                                   self.http_password)
            result = set_config.setConfig(parameters)
            self.assertTrue(result, "It was not possible to set the config")
        else:
            print "No sms_provider_config in testconfig file. Using LinOTP default."

        # Enroll sms token
        driver.get(self.base_url + "/manage/")
        time.sleep(2)
        user_view = UserView(driver, self.base_url, realm_name)
        username = "******"
        user_view.select_user(username)
        sms_token_pin = "1234"
        description = "Rolled out by Selenium"
        sms_token = SmsToken(driver=self.driver,
                             base_url=self.base_url,
                             pin=sms_token_pin,
                             description=description)
        token_view = TokenView(self.driver, self.base_url)
        token_info = token_view.get_token_info(sms_token.serial)
        expected_phone_number = "+49(0)1234-24"
        self.assertEqual(expected_phone_number, token_info['LinOtp.TokenInfo']['phone'],
                         "Wrong phone number was set for sms token.")

        # Authenticate with RADIUS
        if disable_radius.lower() == 'true':
            print "Testconfig option radius.disable is set to True. Skipping RADIUS test!"
        else:
            call_array = "linotp-auth-radius -f ../../../test.ini".split()
            call_array.extend(['-u', username + "@" + realm_name,
                               '-p', '1234',
                               '-s', radius_secret,
                               '-r', radius_server])
            rad1 = check_output(call_array)
            m = re.search(r"State:\['(\d+)'\]", rad1)
            self.assertTrue(m is not None,
                            "'State' not found in linotp-auth-radius output. %r" % rad1)
            state = m.group(1)
            print "State: %s" % state
            otp = self._get_otp()
            call_array = "linotp-auth-radius -f ../../../test.ini".split()
            call_array.extend(['-u', username + "@" + realm_name,
                               '-p', otp,
                               '-t', state,
                               '-s', radius_secret,
                               '-r', radius_server])
            rad2 = check_output(call_array)
            self.assertTrue("Access granted to user " + username in rad2,
                            "Access not granted to user. %r" % rad2)

        # Authenticate over Web API
        validate = Validate(self.http_protocol, self.http_host, self.http_username,
                            self.http_password)
        access_granted, validate_resp = validate.validate(user=username + "@" + realm_name,
                                            password=sms_token_pin)
        self.assertFalse(access_granted,
                         "Should return false because this request only triggers the challenge.")
        try:
            message = validate_resp['detail']['message']
        except KeyError:
            self.fail("detail.message should be present %r" % validate_resp)
        self.assertEqual(message,
                         "sms submitted",
                         "Wrong validate response %r" % validate_resp)
        otp = self._get_otp()
        access_granted, validate_resp = validate.validate(user=username + "@" + realm_name,
                                            password=sms_token_pin + otp)
        self.assertTrue(access_granted,
                        "Could not authenticate user %s %r" % (username, validate_resp))
예제 #5
0
파일: test_auth.py 프로젝트: I85YL64/LinOTP
    def test_auth_index(self):
        """
        Test /auth/index form by authenticating susi with a HMAC/HOTP Token
        """
        driver = self.driver

        # Create Passwd UserIdResolver
        #
        # Expected content of /etc/se_mypasswd is:
        #
        # hans:x:42:0:Hans Müller,Room 22,+49(0)1234-22,+49(0)5678-22,[email protected]:x:x
        # susi:x:1336:0:Susanne Bauer,Room 23,+49(0)1234-24,+49(0)5678-23,[email protected]:x:x
        # rollo:x:21:0:Rollobert Fischer,Room 24,+49(0)1234-24,+49(0)5678-24,[email protected]:x:x
        #
        passwd_name = "SE_myPasswd"
        passwd_id_resolver = PasswdUserIdResolver(passwd_name,
                                                  driver,
                                                  self.base_url,
                                                  filename="/etc/se_mypasswd")
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm = [passwd_id_resolver]
        realm_name = "se_test_auth"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        # Enroll HOTP token
        # Seed and OTP values: https://tools.ietf.org/html/rfc4226#appendix-D
        driver.get(self.base_url + "/manage")
        time.sleep(2)
        user_view = UserView(driver, self.base_url, realm_name)
        username = "******"
        user_view.select_user(username)
        pin = "myauthpin"
        HotpToken(driver,
                  self.base_url,
                  pin=pin,
                  hmac_key="3132333435363738393031323334353637383930")
        time.sleep(1)

        otp_list = ["755224", "287082", "359152", "969429", "338314", "254676"]

        driver.get(self.base_url + "/auth/index")
        for otp in otp_list:
            driver.find_element_by_id("user").clear()
            driver.find_element_by_id("user").send_keys("susi@se_test_auth")
            driver.find_element_by_id("pass").clear()
            driver.find_element_by_id("pass").send_keys(pin + otp)
            driver.find_element_by_css_selector(
                "input[type=\"submit\"]").click()
            alert = self.driver.switch_to_alert()
            alert_text = alert.text
            alert.accept()
            self.assertEqual("User successfully authenticated!", alert_text)

        # wrong otp
        driver.find_element_by_id("user").clear()
        driver.find_element_by_id("user").send_keys("susi@se_test_auth")
        driver.find_element_by_id("pass").clear()
        driver.find_element_by_id("pass").send_keys("bla!")
        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
        alert = self.driver.switch_to_alert()
        alert_text = alert.text
        alert.accept()
        self.assertEqual("User failed to authenticate!", alert_text)

        # test auth/index3
        otp_list = ["287922", "162583", "399871", "520489"]

        driver.get(self.base_url + "/auth/index3")
        for otp in otp_list:
            driver.find_element_by_id("user3").clear()
            driver.find_element_by_id("user3").send_keys("susi@se_test_auth")
            driver.find_element_by_id("pass3").clear()
            driver.find_element_by_id("pass3").send_keys(pin)
            driver.find_element_by_id("otp3").clear()
            driver.find_element_by_id("otp3").send_keys(otp)
            driver.find_element_by_css_selector(
                "input[type=\"submit\"]").click()
            alert = self.driver.switch_to_alert()
            alert_text = alert.text
            alert.accept()
            self.assertEqual("User successfully authenticated!", alert_text)

        # wrong otp
        driver.find_element_by_id("user3").clear()
        driver.find_element_by_id("user3").send_keys("susi@se_test_auth")
        driver.find_element_by_id("pass3").clear()
        driver.find_element_by_id("pass3").send_keys(pin)
        driver.find_element_by_id("otp3").clear()
        driver.find_element_by_id("otp3").send_keys("some invalid otp")
        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
        alert = self.driver.switch_to_alert()
        alert_text = alert.text
        alert.accept()
        self.assertEqual("User failed to authenticate!", alert_text)
예제 #6
0
    def test_scenario01(self):
        """Tests Scenario 01 (https://wally/projects/linotp/wiki/TestingTest_Szenario_01)"""

        driver = self.driver

        ### 1. UserIdResolver anlegen ###
        CA001_cert = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create LDAP UserIdResolver
        ldap_name = "SE_scenario01_ldap"
        ldap_expected_users = [
            'bach', 'beethoven', 'berlioz', 'brahms', 'debussy', u'dvořák',
            'haydn', 'mozart', u'حافظ', u'郎'
        ]
        ldap_num_expected_users = len(ldap_expected_users)
        ldap_id_resolver = LdapUserIdResolver(
            ldap_name,
            driver,
            self.base_url,
            uri="ldaps://blackdog",
            certificate=CA001_cert,
            basedn="ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de",
            # You may also use cn="Wolfgang Amadeus Mozart"
            binddn=
            u'cn="عبد الحليم حافظ",ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de',
            password="******",
            preset_ldap=True)
        time.sleep(1)

        # Create SQL UserIdResolver
        sql_name = "SE_scenario01_sql"
        sql_server = "blackdog"
        sql_database = "userdb"
        sql_user = "******"
        sql_password = "******"
        sql_table = "user"
        sql_limit = "500"
        sql_encoding = "latin1"
        sql_expected_users = ["corny", "kay", "eric", u"knöt"]
        sql_num_expected_users = len(sql_expected_users)
        sql_id_resolver = SqlUserIdResolver(sql_name, driver, self.base_url,
                                            sql_server, sql_database, sql_user,
                                            sql_password, sql_table, sql_limit,
                                            sql_encoding)
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm1 = [ldap_id_resolver]
        realm_name1 = "SE_scenario01_realm1"
        realm1 = Realm(realm_name1, resolvers_realm1)
        realm1.create(driver, self.base_url)
        time.sleep(1)

        resolvers_realm2 = [sql_id_resolver]
        realm_name2 = "SE_scenario01_realm2"
        realm2 = Realm(realm_name2, resolvers_realm2)
        realm2.create(driver, self.base_url)
        time.sleep(1)

        ### 2. Im Management Webinterface testen, dass alle Benutzer sichtbar sind ###

        user_view = UserView(driver, self.base_url, realm_name1)
        self.assertEqual(ldap_num_expected_users, user_view.get_num_users(),
                         "Not the expected number of users")
        for user in ldap_expected_users:
            self.assertTrue(user_view.user_exists(user),
                            "User '" + user + "' should exist.")
        time.sleep(1)

        user_view = UserView(driver, self.base_url, realm_name2)
        self.assertEqual(sql_num_expected_users, user_view.get_num_users(),
                         "Not the expected number of users")
        for user in sql_expected_users:
            self.assertTrue(user_view.user_exists(user),
                            "User '" + user + "' should exist.")

        ### 3. eToken.xml ueber das Webinterface importieren  ###

        seed_oath137332 = "ff06df50017d3b981cfbc4ec4d374040164d8d19"
        seed_oath137332_bin = binascii.unhexlify(seed_oath137332)
        file_content = """<Tokens>
<Token serial="00040008CFA5">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb9}">
<Seed>123412354</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
<Token serial="00040008CFA52">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb9}">
<Seed>123456</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
<Token serial="oath137332">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb1}">
<Seed>""" + seed_oath137332 + """</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
<Token serial="oath12482B">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb2}">
<Seed>6ec1d0e9915a2bebf84745b318e39e481249c1eb</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
</Tokens>"""

        TokenImport(driver, self.base_url, "safenet", file_content, None)

        serial_token_bach = "oath137332"
        test1_realm = realm_name1.lower()

        ### 4. Im Management Webinterface nun eine Policy anlegen ###

        Policy(driver, self.base_url, "SE_scenario01", "selfservice",
               "enrollMOTP, setOTPPIN, setMOTPPIN, resync, disable ",
               test1_realm)

        ### 5. eToken zuweisen ###

        user_view = UserView(driver, self.base_url, test1_realm)
        user_view.select_user("bach")
        token_view = TokenView(driver, self.base_url)
        token_view.select_token(serial_token_bach)
        driver.find_element_by_id("button_assign").click()
        time.sleep(2)
        driver.find_element_by_id("pin1").clear()
        driver.find_element_by_id("pin1").send_keys("1234")
        driver.find_element_by_id("pin2").clear()
        driver.find_element_by_id("pin2").send_keys("1234")
        driver.find_element_by_id("button_setpin_setpin").click()
        time.sleep(1)

        ### 6. Remote Token zuweisen ###

        user_view = UserView(driver, self.base_url, test1_realm)
        user_view.select_user("debussy")
        remote_token = RemoteToken(
            driver=self.driver,
            base_url=self.base_url,
            url="https://billybones",
            remote_serial="LSSP0002F653",
            pin="1234",
            remote_otp_length=6,
        )
        serial_token_debussy = remote_token.serial
        remote_token_otp = "666666"
        time.sleep(1)

        ### 7. Spass-Token zuweisen ###

        user_view = UserView(driver, self.base_url, test1_realm)
        user_view.select_user("beethoven")
        spass_token = SpassToken(
            driver=self.driver,
            base_url=self.base_url,
            pin=u"beethovenspass#ñô",
            description="SPass Token enrolled with Selenium")
        serial_token_beethoven = spass_token.serial
        time.sleep(1)

        ### 8. Selfservice mOTP ###

        motp_key = "1234123412341234"
        motp_pin = "1234"
        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("mozart@" + test1_realm)
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()  # Submits the form
        time.sleep(1)
        driver.find_element_by_id("motp_secret").clear()
        driver.find_element_by_id("motp_secret").send_keys(motp_key)
        driver.find_element_by_id("motp_s_pin1").clear()
        driver.find_element_by_id("motp_s_pin1").send_keys(motp_pin)
        driver.find_element_by_id("motp_s_pin2").clear()
        driver.find_element_by_id("motp_s_pin2").send_keys(motp_pin)
        driver.find_element_by_id("motp_self_desc").clear()
        driver.find_element_by_id("motp_self_desc").send_keys(
            "Selenium self enrolled")
        driver.find_element_by_id("button_register_motp").click()
        time.sleep(1)
        alert_box_text = driver.find_element_by_id("alert_box_text").text
        m = re.match(
            r"""
                .*?
                Token\ enrolled\ successfully
                .*?
                [sS]erial(\ number)?:     # 'serial:' or 'Serial number:'
                \s*
                (?P<serial>\w+)           # For example: LSMO0001222C
                """, alert_box_text, re.DOTALL | re.VERBOSE)
        self.assertTrue(
            m is not None,
            "alert_box_text does not match regex. Possibly the token was not enrolled properly. %r"
            % alert_box_text)
        serial_token_mozart = m.group('serial')
        self.driver.find_element_by_xpath(
            "//button[@type='button' and ancestor::div[@aria-describedby='alert_box']]"
        ).click()
        driver.find_element_by_link_text("Logout").click()

        ### 9. Alle 4 Benutzer melden sich im selfservice Portal an und setzen die PIN

        user_token_dict = {
            "bach": serial_token_bach,
            "debussy": serial_token_debussy,
            "mozart": serial_token_mozart,
            "beethoven": serial_token_beethoven
        }
        for user in user_token_dict:
            driver.get(self.base_url + "/account/login")
            driver.find_element_by_id("login").clear()
            driver.find_element_by_id("login").send_keys("%s@%s" %
                                                         (user, test1_realm))
            driver.find_element_by_id("password").clear()
            driver.find_element_by_id("password").send_keys("Test123!")
            driver.find_element_by_id("password").submit()
            driver.find_element_by_xpath(
                "//div[@id='tabs']/ul/li/a/span[text()='set PIN']").click()
            time.sleep(1)
            # driver.find_element_by_css_selector('#tokenDiv > ul > li > a').click()
            driver.find_element_by_id(
                'tokenDiv').find_element_by_partial_link_text(
                    user_token_dict[user]).click()
            driver.find_element_by_id("pin1").clear()
            driver.find_element_by_id("pin1").send_keys(user + "newpin")
            driver.find_element_by_id("pin2").clear()
            driver.find_element_by_id("pin2").send_keys(user + "newpin")
            driver.find_element_by_id("button_setpin").click()
            time.sleep(1)
            self.assertEqual("PIN set successfully",
                             self.close_alert_and_get_its_text())
            driver.find_element_by_link_text("Logout").click()

        ### 10. Authentisierung der 4 Benutzer ###
        validate = Validate(self.http_protocol, self.http_host,
                            self.http_username, self.http_password)

        # Validate HOTP Token - bach
        hotp = HmacOtp()
        for counter in range(0, 20):
            otp = "bachnewpin" + hotp.generate(counter=counter,
                                               key=seed_oath137332_bin)
            access_granted, _ = validate.validate(user="******" + test1_realm,
                                                  password=otp)
            self.assertTrue(
                access_granted, "OTP: " + otp + " for user " + "bach@" +
                test1_realm + " returned False")
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******")
        self.assertFalse(access_granted,
                         "OTP: 1234111111 should be False for user bach")

        # Validate Remote token - debussy
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******" +
                                              remote_token_otp)
        self.assertTrue(
            access_granted, "OTP: " + remote_token_otp + " for user " +
            "debussy@" + test1_realm + " returned False")
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******")
        self.assertFalse(access_granted,
                         "OTP: 1234111111 should be False for user debussy")

        # Validate Spass token - beethoven
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******")
        self.assertTrue(
            access_granted, "OTP: " + "beethovennewpin" + " for user " +
            "beethoven@" + test1_realm + " returned False")
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******")
        self.assertFalse(
            access_granted,
            "OTP: randominvalidpin should be False for user beethoven")

        # Validate mOTP token - mozart
        current_epoch = time.time()
        motp_otp = calculate_motp(epoch=current_epoch,
                                  key=motp_key,
                                  pin=motp_pin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******" +
                                              motp_otp)
        self.assertTrue(
            access_granted, "OTP: " + motp_otp + " for user " + "mozart@" +
            test1_realm + " returned False")
        motp_otp = calculate_motp(epoch=current_epoch - 4000,
                                  key=motp_key,
                                  pin=motp_pin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******" +
                                              motp_otp)
        self.assertFalse(
            access_granted,
            "OTP: mozartnewpin%s should be False for user mozart" % motp_otp)

        ### 11. mOTP Pin im selfservice ändern ###

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("%s@%s" %
                                                     ("mozart", test1_realm))
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()
        driver.find_element_by_xpath(
            "//div[@id='tabs']/ul/li/a/span[text()='set mOTP PIN']").click()
        time.sleep(1)
        driver.find_element_by_id('tokenDiv').find_element_by_link_text(
            serial_token_mozart).click()
        driver.find_element_by_id("mpin1").clear()
        new_motp_pin = "5588"
        driver.find_element_by_id("mpin1").send_keys(new_motp_pin)
        driver.find_element_by_id("mpin2").clear()
        driver.find_element_by_id("mpin2").send_keys(new_motp_pin)
        driver.find_element_by_id("button_setmpin").click()
        time.sleep(1)
        self.assertEqual("mOTP PIN set successfully",
                         self.close_alert_and_get_its_text())
        driver.find_element_by_link_text("Logout").click()

        time.sleep(10)  # otherwise next mOTP value might not be valid

        current_epoch = time.time()
        motp_otp = calculate_motp(epoch=current_epoch,
                                  key=motp_key,
                                  pin=new_motp_pin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******" +
                                              motp_otp)
        self.assertTrue(
            access_granted, "OTP: mozartnewpin" + motp_otp + " for user " +
            "mozart@" + test1_realm + " returned False")

        ### 12. Token Resynchronisierung ###

        # Bach 'presses' his token more than 10 times and fails to authenticate
        counter = 50  # was 19
        hotp = HmacOtp()
        otp = "bachnewpin" + hotp.generate(counter=counter,
                                           key=seed_oath137332_bin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password=otp)
        self.assertFalse(access_granted,
                         "OTP: %s should be False for user bach" % otp)

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("%s@%s" %
                                                     ("bach", test1_realm))
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()
        driver.find_element_by_xpath(
            "//div[@id='tabs']/ul/li/a/span[text()='Resync Token']").click()
        time.sleep(1)
        driver.find_element_by_id('tokenDiv').find_element_by_link_text(
            serial_token_bach).click()
        otp1 = hotp.generate(counter=counter + 1, key=seed_oath137332_bin)
        otp2 = hotp.generate(counter=counter + 2, key=seed_oath137332_bin)
        driver.find_element_by_id("otp1").clear()
        driver.find_element_by_id("otp1").send_keys(otp1)
        driver.find_element_by_id("otp2").clear()
        driver.find_element_by_id("otp2").send_keys(otp2)
        driver.find_element_by_id("button_resync").click()
        time.sleep(1)
        self.assertEqual("Token resynced successfully",
                         self.close_alert_and_get_its_text())
        driver.find_element_by_link_text("Logout").click()

        # Should be able to authenticate again
        otp = "bachnewpin" + hotp.generate(counter=counter + 3,
                                           key=seed_oath137332_bin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password=otp)
        self.assertTrue(access_granted,
                        "OTP: %s should be True for user bach" % otp)

        ### 13. Ein Benutzer debussy deaktiviert seinen Token im Selfservice portal und versucht sich anzumelden. ###

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("%s@%s" %
                                                     ("debussy", test1_realm))
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()
        driver.find_element_by_xpath(
            "//div[@id='tabs']/ul/li/a/span[text()='Disable Token']").click()
        time.sleep(1)
        driver.find_element_by_id('tokenDiv').find_element_by_link_text(
            serial_token_debussy).click()
        driver.find_element_by_id("button_disable").click()
        time.sleep(1)
        self.assertEqual("Token disabled successfully",
                         self.close_alert_and_get_its_text())
        driver.find_element_by_link_text("Logout").click()

        # debussy should be unable to authenticate
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******" +
                                              remote_token_otp)
        self.assertFalse(
            access_granted, "OTP: debussynewpin" + remote_token_otp +
            "should be False for user debussy")

        ### 14. Der Admin entsperrt diesen Token, der Benutzer debussy kann sich wieder anmelden. ###

        driver.get(self.base_url + "/manage")
        time.sleep(1)
        token_view = TokenView(driver, self.base_url)
        token_view.select_token(serial_token_debussy)
        driver.find_element_by_id("button_enable").click()
        time.sleep(1)

        # debussy should be able to authenticate
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password="******" +
                                              remote_token_otp)
        self.assertTrue(
            access_granted, "OTP: debussynewpin" + remote_token_otp +
            "should be True for user debussy")
예제 #7
0
파일: test_auth.py 프로젝트: choth02/LinOTP
    def test_auth_index(self):
        """
        Test /auth/index form by authenticating susi with a HMAC/HOTP Token
        """
        driver = self.driver

        # Create Passwd UserIdResolver
        #
        # Expected content of /etc/se_mypasswd is:
        #
        # hans:x:42:0:Hans Müller,Room 22,+49(0)1234-22,+49(0)5678-22,[email protected]:x:x
        # susi:x:1336:0:Susanne Bauer,Room 23,+49(0)1234-24,+49(0)5678-23,[email protected]:x:x
        # rollo:x:21:0:Rollobert Fischer,Room 24,+49(0)1234-24,+49(0)5678-24,[email protected]:x:x
        #
        passwd_name = "SE_myPasswd"
        passwd_id_resolver = PasswdUserIdResolver(passwd_name, driver,
                                                  self.base_url, filename="/etc/se_mypasswd")
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm = [passwd_id_resolver]
        realm_name = "se_test_auth"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        # Enroll HOTP token
        # Seed and OTP values: https://tools.ietf.org/html/rfc4226#appendix-D
        driver.get(self.base_url + "/manage")
        time.sleep(2)
        user_view = UserView(driver, self.base_url, realm_name)
        username = "******"
        user_view.select_user(username)
        pin = "myauthpin"
        HotpToken(driver,
                  self.base_url,
                  pin=pin,
                  hmac_key="3132333435363738393031323334353637383930")
        time.sleep(1)

        otp_list = ["755224",
                    "287082",
                    "359152",
                    "969429",
                    "338314",
                    "254676"]

        driver.get(self.base_url + "/auth/index")
        for otp in otp_list:
            driver.find_element_by_id("user").clear()
            driver.find_element_by_id("user").send_keys("susi@se_test_auth")
            driver.find_element_by_id("pass").clear()
            driver.find_element_by_id("pass").send_keys(pin + otp)
            driver.find_element_by_css_selector("input[type=\"submit\"]").click()
            alert = self.driver.switch_to_alert()
            alert_text = alert.text
            alert.accept()
            self.assertEqual("User successfully authenticated!", alert_text)

        # wrong otp
        driver.find_element_by_id("user").clear()
        driver.find_element_by_id("user").send_keys("susi@se_test_auth")
        driver.find_element_by_id("pass").clear()
        driver.find_element_by_id("pass").send_keys("bla!")
        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
        alert = self.driver.switch_to_alert()
        alert_text = alert.text
        alert.accept()
        self.assertEqual("User failed to authenticate!", alert_text)

        # test auth/index3
        otp_list = ["287922",
                    "162583",
                    "399871",
                    "520489"]

        driver.get(self.base_url + "/auth/index3")
        for otp in otp_list:
            driver.find_element_by_id("user3").clear()
            driver.find_element_by_id("user3").send_keys("susi@se_test_auth")
            driver.find_element_by_id("pass3").clear()
            driver.find_element_by_id("pass3").send_keys(pin)
            driver.find_element_by_id("otp3").clear()
            driver.find_element_by_id("otp3").send_keys(otp)
            driver.find_element_by_css_selector("input[type=\"submit\"]").click()
            alert = self.driver.switch_to_alert()
            alert_text = alert.text
            alert.accept()
            self.assertEqual("User successfully authenticated!", alert_text)

        # wrong otp
        driver.find_element_by_id("user3").clear()
        driver.find_element_by_id("user3").send_keys("susi@se_test_auth")
        driver.find_element_by_id("pass3").clear()
        driver.find_element_by_id("pass3").send_keys(pin)
        driver.find_element_by_id("otp3").clear()
        driver.find_element_by_id("otp3").send_keys("some invalid otp")
        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
        alert = self.driver.switch_to_alert()
        alert_text = alert.text
        alert.accept()
        self.assertEqual("User failed to authenticate!", alert_text)
예제 #8
0
    def test_create_user_id_resolvers(self):
        """Creates User-Id-Resolvers"""
        driver = self.driver

        ad_certificate = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create musicians LDAP
        music_ldap_name = "SE_musicians"
        music_ldap_num_expected_users = 10
        music_ldap_id_resolver = LdapUserIdResolver(
            music_ldap_name,
            driver,
            self.base_url,
            uri="ldaps://blackdog",
            certificate=ad_certificate,
            basedn="ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de",
            # You may also use cn="Wolfgang Amadeus Mozart"
            binddn=u'cn="عبد الحليم حافظ",ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de',
            password="******",
            preset_ldap=True
        )
        time.sleep(1)
        music_ldap_num_users_found = music_ldap_id_resolver.test_connection()
        try:
            self.assertTrue(music_ldap_num_users_found >= music_ldap_num_expected_users,
                            "Not enough users found in musicians' LDAP")
        except AssertionError as assertion_error:
            self.verification_errors.append(str(assertion_error))
        time.sleep(1)

        # Create physics AD
        physics_ad_name = "SE_physics"
        physics_ad_num_expected_users = 7
        physics_ad_id_resolver = LdapUserIdResolver(
            physics_ad_name,
            driver,
            self.base_url,
            uri="ldaps://hottybotty",
            certificate=ad_certificate,
            basedn="dc=hotad,dc=example,dc=net",
            binddn=u'cn="Clark Maxwell",ou=corp,dc=hotad,dc=example,dc=net',
            password="******",
            preset_ldap=False
        )
        time.sleep(1)
        physics_ad_num_users_found = physics_ad_id_resolver.test_connection()
        try:
            self.assertTrue(physics_ad_num_users_found >= physics_ad_num_expected_users,
                            "Not enough users found in physics' LDAP")
        except AssertionError as assertion_error:
            self.verification_errors.append(str(assertion_error))
        time.sleep(1)

        # Create SQL UserIdResolver
        sql_name = "SE_mySql"
        sql_num_expected_users = 4
        sql_id_resolver = SqlUserIdResolver(
            sql_name,
            driver,
            self.base_url,
            server="blackdog",
            database="userdb",
            user="******",
            password="******",
            table="user",
            limit="500",
            encoding="latin1"
        )
        time.sleep(1)
        sql_num_users_found = sql_id_resolver.test_connection()
        try:
            self.assertEquals(sql_num_users_found, sql_num_expected_users)
        except AssertionError as assertion_error:
            self.verification_errors.append(str(assertion_error))
        time.sleep(1)

        # Create Passwd UserIdResolver
        #
        # Expected content of /etc/se_mypasswd is:
        #
        # hans:x:42:0:Hans Müller,Room 22,+49(0)1234-22,+49(0)5678-22,[email protected]:x:x
        # susi:x:1336:0:Susanne Bauer,Room 23,+49(0)1234-24,+49(0)5678-23,[email protected]:x:x
        # rollo:x:21:0:Rollobert Fischer,Room 24,+49(0)1234-24,+49(0)5678-24,[email protected]:x:x
        #
        passwd_name = "SE_myPasswd"
        passwd_num_expected_users = 3
        passwd_id_resolver = PasswdUserIdResolver(
            passwd_name,
            driver,
            self.base_url,
            filename="/etc/se_mypasswd"
        )
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm = [sql_id_resolver,
                          passwd_id_resolver,
                          music_ldap_id_resolver,
                          physics_ad_id_resolver]
        realm_name = "SE_realm1"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        ## Assert that all users were found
        total_expected_users = sum([sql_num_users_found,
                                    passwd_num_expected_users,
                                    music_ldap_num_users_found,
                                    physics_ad_num_users_found])

        user_view = UserView(driver, self.base_url, realm_name)
        self.assertEqual(total_expected_users, user_view.get_num_users(),
                         "Not the expected number of users")
예제 #9
0
    def test_scenario01(self):
        """Tests Scenario 01 (https://wally/projects/linotp/wiki/TestingTest_Szenario_01)"""

        driver = self.driver

        ### 1. UserIdResolver anlegen ###
        CA001_cert = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create LDAP UserIdResolver
        ldap_name = "SE_scenario01_ldap"
        ldap_expected_users = ['bach', 'beethoven', 'berlioz', 'brahms', 'debussy', u'dvořák',
                               'haydn', 'mozart', u'حافظ', u'郎']
        ldap_num_expected_users = len(ldap_expected_users)
        ldap_id_resolver = LdapUserIdResolver(
            ldap_name,
            driver,
            self.base_url,
            uri="ldaps://blackdog",
            certificate=CA001_cert,
            basedn="ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de",
            # You may also use cn="Wolfgang Amadeus Mozart"
            binddn=u'cn="عبد الحليم حافظ",ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de',
            password="******",
            preset_ldap=True
        )
        time.sleep(1)

        # Create SQL UserIdResolver
        sql_name = "SE_scenario01_sql"
        sql_server = "blackdog"
        sql_database = "userdb"
        sql_user = "******"
        sql_password = "******"
        sql_table = "user"
        sql_limit = "500"
        sql_encoding = "latin1"
        sql_expected_users = ["corny", "kay", "eric", u"knöt"]
        sql_num_expected_users = len(sql_expected_users)
        sql_id_resolver = SqlUserIdResolver(sql_name, driver, self.base_url,
                                            sql_server, sql_database,
                                            sql_user, sql_password, sql_table,
                                            sql_limit, sql_encoding)
        time.sleep(1)

        # Create realm for all resolvers
        resolvers_realm1 = [ldap_id_resolver]
        realm_name1 = "SE_scenario01_realm1"
        realm1 = Realm(realm_name1, resolvers_realm1)
        realm1.create(driver, self.base_url)
        time.sleep(1)

        resolvers_realm2 = [sql_id_resolver]
        realm_name2 = "SE_scenario01_realm2"
        realm2 = Realm(realm_name2, resolvers_realm2)
        realm2.create(driver, self.base_url)
        time.sleep(1)

        ### 2. Im Management Webinterface testen, dass alle Benutzer sichtbar sind ###

        user_view = UserView(driver, self.base_url, realm_name1)
        self.assertEqual(ldap_num_expected_users, user_view.get_num_users(),
                         "Not the expected number of users")
        for user in ldap_expected_users:
            self.assertTrue(user_view.user_exists(user), "User '" + user +
                            "' should exist.")
        time.sleep(1)

        user_view = UserView(driver, self.base_url, realm_name2)
        self.assertEqual(sql_num_expected_users, user_view.get_num_users(),
                         "Not the expected number of users")
        for user in sql_expected_users:
            self.assertTrue(user_view.user_exists(user), "User '" + user +
                            "' should exist.")

        ### 3. eToken.xml ueber das Webinterface importieren  ###

        seed_oath137332 = "ff06df50017d3b981cfbc4ec4d374040164d8d19"
        seed_oath137332_bin = binascii.unhexlify(seed_oath137332)
        file_content = """<Tokens>
<Token serial="00040008CFA5">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb9}">
<Seed>123412354</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
<Token serial="00040008CFA52">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb9}">
<Seed>123456</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
<Token serial="oath137332">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb1}">
<Seed>""" + seed_oath137332 + """</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
<Token serial="oath12482B">
<CaseModel>5</CaseModel>
<Model>101</Model>
<ProductionDate>02/19/2009</ProductionDate>
<ProductName>Safeword Alpine</ProductName>
<Applications>
<Application ConnectorID="{ab1397d2-ddb6-4705-b66e-9f83f322deb2}">
<Seed>6ec1d0e9915a2bebf84745b318e39e481249c1eb</Seed>
<MovingFactor>1</MovingFactor>
</Application>
</Applications>
</Token>
</Tokens>"""

        TokenImport(driver, self.base_url, "safenet", file_content, None)

        serial_token_bach = "oath137332"
        test1_realm = realm_name1.lower()

        ### 4. Im Management Webinterface nun eine Policy anlegen ###

        Policy(driver, self.base_url, "SE_scenario01", "selfservice",
               "enrollMOTP, setOTPPIN, setMOTPPIN, resync, disable ",
               test1_realm)

        ### 5. eToken zuweisen ###

        user_view = UserView(driver, self.base_url, test1_realm)
        user_view.select_user("bach")
        token_view = TokenView(driver, self.base_url)
        token_view.select_token(serial_token_bach)
        driver.find_element_by_id("button_assign").click()
        time.sleep(2)
        driver.find_element_by_id("pin1").clear()
        driver.find_element_by_id("pin1").send_keys("1234")
        driver.find_element_by_id("pin2").clear()
        driver.find_element_by_id("pin2").send_keys("1234")
        driver.find_element_by_id("button_setpin_setpin").click()
        time.sleep(1)

        ### 6. Remote Token zuweisen ###

        user_view = UserView(driver, self.base_url, test1_realm)
        user_view.select_user("debussy")
        remote_token = RemoteToken(driver=self.driver,
                                   base_url=self.base_url,
                                   url="https://billybones",
                                   remote_serial="LSSP0002F653",
                                   pin="1234",
                                   remote_otp_length=6,
                                   )
        serial_token_debussy = remote_token.serial
        remote_token_otp = "666666"
        time.sleep(1)

        ### 7. Spass-Token zuweisen ###

        user_view = UserView(driver, self.base_url, test1_realm)
        user_view.select_user("beethoven")
        spass_token = SpassToken(
            driver=self.driver,
            base_url=self.base_url,
            pin=u"beethovenspass#ñô",
            description="SPass Token enrolled with Selenium"
            )
        serial_token_beethoven = spass_token.serial
        time.sleep(1)

        ### 8. Selfservice mOTP ###

        motp_key = "1234123412341234"
        motp_pin = "1234"
        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("mozart@" + test1_realm)
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit() # Submits the form
        time.sleep(1)
        driver.find_element_by_id("motp_secret").clear()
        driver.find_element_by_id("motp_secret").send_keys(motp_key)
        driver.find_element_by_id("motp_s_pin1").clear()
        driver.find_element_by_id("motp_s_pin1").send_keys(motp_pin)
        driver.find_element_by_id("motp_s_pin2").clear()
        driver.find_element_by_id("motp_s_pin2").send_keys(motp_pin)
        driver.find_element_by_id("motp_self_desc").clear()
        driver.find_element_by_id("motp_self_desc").send_keys("Selenium self enrolled")
        driver.find_element_by_id("button_register_motp").click()
        time.sleep(1)
        alert_box_text = driver.find_element_by_id("alert_box_text").text
        m = re.match(
            r"""
                .*?
                Token\ enrolled\ successfully
                .*?
                [sS]erial(\ number)?:     # 'serial:' or 'Serial number:'
                \s*
                (?P<serial>\w+)           # For example: LSMO0001222C
                """,
            alert_box_text,
            re.DOTALL | re.VERBOSE
            )
        self.assertTrue(
            m is not None,
            "alert_box_text does not match regex. Possibly the token was not enrolled properly. %r" % alert_box_text
            )
        serial_token_mozart = m.group('serial')
        self.driver.find_element_by_xpath("//button[@type='button' and ancestor::div[@aria-describedby='alert_box']]").click()
        driver.find_element_by_link_text("Logout").click()

        ### 9. Alle 4 Benutzer melden sich im selfservice Portal an und setzen die PIN

        user_token_dict = {
            "bach": serial_token_bach,
            "debussy": serial_token_debussy,
            "mozart": serial_token_mozart,
            "beethoven": serial_token_beethoven
            }
        for user in user_token_dict:
            driver.get(self.base_url + "/account/login")
            driver.find_element_by_id("login").clear()
            driver.find_element_by_id("login").send_keys("%s@%s" % (user, test1_realm))
            driver.find_element_by_id("password").clear()
            driver.find_element_by_id("password").send_keys("Test123!")
            driver.find_element_by_id("password").submit()
            driver.find_element_by_xpath("//div[@id='tabs']/ul/li/a/span[text()='set PIN']").click()
            time.sleep(1)
            # driver.find_element_by_css_selector('#tokenDiv > ul > li > a').click()
            driver.find_element_by_id('tokenDiv').find_element_by_partial_link_text(user_token_dict[user]).click()
            driver.find_element_by_id("pin1").clear()
            driver.find_element_by_id("pin1").send_keys(user + "newpin")
            driver.find_element_by_id("pin2").clear()
            driver.find_element_by_id("pin2").send_keys(user + "newpin")
            driver.find_element_by_id("button_setpin").click()
            time.sleep(1)
            self.assertEqual("PIN set successfully", self.close_alert_and_get_its_text())
            driver.find_element_by_link_text("Logout").click()

        ### 10. Authentisierung der 4 Benutzer ###
        validate = Validate(self.http_protocol,
                            self.http_host,
                            self.http_username,
                            self.http_password)

        # Validate HOTP Token - bach
        hotp = HmacOtp()
        for counter in range(0, 20):
            otp = "bachnewpin" + hotp.generate(counter=counter, key=seed_oath137332_bin)
            access_granted, _ = validate.validate(user="******" +
                                                test1_realm, password=otp)
            self.assertTrue(access_granted, "OTP: " + otp + " for user " +
                            "bach@" + test1_realm + " returned False")
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******")
        self.assertFalse(access_granted, "OTP: 1234111111 should be False for user bach")

        # Validate Remote token - debussy
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******" + remote_token_otp)
        self.assertTrue(access_granted, "OTP: " + remote_token_otp + " for user " +
                        "debussy@" + test1_realm + " returned False")
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******")
        self.assertFalse(access_granted, "OTP: 1234111111 should be False for user debussy")

        # Validate Spass token - beethoven
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******")
        self.assertTrue(access_granted, "OTP: " + "beethovennewpin" + " for user " +
                        "beethoven@" + test1_realm + " returned False")
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******")
        self.assertFalse(access_granted, "OTP: randominvalidpin should be False for user beethoven")

        # Validate mOTP token - mozart
        current_epoch = time.time()
        motp_otp = calculate_motp(
            epoch=current_epoch,
            key=motp_key,
            pin=motp_pin
            )
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******" + motp_otp)
        self.assertTrue(access_granted, "OTP: " + motp_otp + " for user " +
                        "mozart@" + test1_realm + " returned False")
        motp_otp = calculate_motp(
            epoch=current_epoch - 4000,
            key=motp_key,
            pin=motp_pin
            )
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******" + motp_otp)
        self.assertFalse(access_granted, "OTP: mozartnewpin%s should be False for user mozart" % motp_otp)

        ### 11. mOTP Pin im selfservice ändern ###

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("%s@%s" % ("mozart", test1_realm))
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()
        driver.find_element_by_xpath("//div[@id='tabs']/ul/li/a/span[text()='set mOTP PIN']").click()
        time.sleep(1)
        driver.find_element_by_id('tokenDiv').find_element_by_link_text(serial_token_mozart).click()
        driver.find_element_by_id("mpin1").clear()
        new_motp_pin = "5588"
        driver.find_element_by_id("mpin1").send_keys(new_motp_pin)
        driver.find_element_by_id("mpin2").clear()
        driver.find_element_by_id("mpin2").send_keys(new_motp_pin)
        driver.find_element_by_id("button_setmpin").click()
        time.sleep(1)
        self.assertEqual("mOTP PIN set successfully", self.close_alert_and_get_its_text())
        driver.find_element_by_link_text("Logout").click()

        time.sleep(10) # otherwise next mOTP value might not be valid

        current_epoch = time.time()
        motp_otp = calculate_motp(
            epoch=current_epoch,
            key=motp_key,
            pin=new_motp_pin
            )
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******" + motp_otp)
        self.assertTrue(access_granted, "OTP: mozartnewpin" + motp_otp + " for user " +
                        "mozart@" + test1_realm + " returned False")

        ### 12. Token Resynchronisierung ###

        # Bach 'presses' his token more than 10 times and fails to authenticate
        counter = 50 # was 19
        hotp = HmacOtp()
        otp = "bachnewpin" + hotp.generate(counter=counter, key=seed_oath137332_bin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password=otp)
        self.assertFalse(access_granted, "OTP: %s should be False for user bach" % otp)

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("%s@%s" % ("bach", test1_realm))
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()
        driver.find_element_by_xpath("//div[@id='tabs']/ul/li/a/span[text()='Resync Token']").click()
        time.sleep(1)
        driver.find_element_by_id('tokenDiv').find_element_by_link_text(serial_token_bach).click()
        otp1 = hotp.generate(counter=counter + 1, key=seed_oath137332_bin)
        otp2 = hotp.generate(counter=counter + 2, key=seed_oath137332_bin)
        driver.find_element_by_id("otp1").clear()
        driver.find_element_by_id("otp1").send_keys(otp1)
        driver.find_element_by_id("otp2").clear()
        driver.find_element_by_id("otp2").send_keys(otp2)
        driver.find_element_by_id("button_resync").click()
        time.sleep(1)
        self.assertEqual("Token resynced successfully", self.close_alert_and_get_its_text())
        driver.find_element_by_link_text("Logout").click()

        # Should be able to authenticate again
        otp = "bachnewpin" + hotp.generate(counter=counter + 3, key=seed_oath137332_bin)
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                              password=otp)
        self.assertTrue(access_granted, "OTP: %s should be True for user bach" % otp)

        ### 13. Ein Benutzer debussy deaktiviert seinen Token im Selfservice portal und versucht sich anzumelden. ###

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys("%s@%s" % ("debussy", test1_realm))
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys("Test123!")
        driver.find_element_by_id("password").submit()
        driver.find_element_by_xpath("//div[@id='tabs']/ul/li/a/span[text()='Disable Token']").click()
        time.sleep(1)
        driver.find_element_by_id('tokenDiv').find_element_by_link_text(serial_token_debussy).click()
        driver.find_element_by_id("button_disable").click()
        time.sleep(1)
        self.assertEqual("Token disabled successfully", self.close_alert_and_get_its_text())
        driver.find_element_by_link_text("Logout").click()

        # debussy should be unable to authenticate
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******" + remote_token_otp)
        self.assertFalse(access_granted, "OTP: debussynewpin" + remote_token_otp + "should be False for user debussy")

        ### 14. Der Admin entsperrt diesen Token, der Benutzer debussy kann sich wieder anmelden. ###

        driver.get(self.base_url + "/manage")
        time.sleep(1)
        token_view = TokenView(driver, self.base_url)
        token_view.select_token(serial_token_debussy)
        driver.find_element_by_id("button_enable").click()
        time.sleep(1)

        # debussy should be able to authenticate
        access_granted, _ = validate.validate(user="******" + test1_realm,
                                            password="******" + remote_token_otp)
        self.assertTrue(access_granted, "OTP: debussynewpin" + remote_token_otp + "should be True for user debussy")
예제 #10
0
    def test_selfservice(self):
        """Creates User-Id-Resolvers"""
        driver = self.driver

        ad_certificate = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create LDAP resolver
        music_ldap_name = "SE_selfservice"
        music_ldap_id_resolver = LdapUserIdResolver(
            music_ldap_name,
            driver,
            self.base_url,
            uri="ldaps://blackdog",
            certificate=ad_certificate,
            basedn="ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de",
            binddn=
            u'cn="Antonín Dvořák",ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de',
            password="******",
            preset_ldap=True)
        time.sleep(1)

        # Create realm
        resolvers_realm = [music_ldap_id_resolver]
        realm_name = "SE_realm_selfservice"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        Policy(driver, self.base_url, "SE_policy_selfservice", "selfservice",
               "setOTPPIN, ", realm_name.lower())
        time.sleep(1)

        login_user = u"郎"
        login_password = "******"

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys(login_user + "@" +
                                                     realm_name.lower())
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys(login_password)
        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
        time.sleep(3)
        try:
            self.assertRegexpMatches(
                driver.find_element_by_css_selector("BODY").text,
                r"^[\s\S]*set PIN[\s\S]*$")
        except AssertionError as assertion_error:
            self.verification_errors.append(str(assertion_error))
예제 #11
0
    def test_selfservice(self):
        """Creates User-Id-Resolvers"""
        driver = self.driver

        ad_certificate = \
"""-----BEGIN CERTIFICATE-----
MIIDcjCCAtugAwIBAgIQVSU6NwMTmKNI6t3WcjY6uTANBgkqhkiG9w0BAQUFADBC
MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGTAXBgoJkiaJk/IsZAEZFglsc2V4cGVy
dHMxDjAMBgNVBAMTBUNBMDAxMB4XDTA1MDQxMTE2NDgzOVoXDTQwMDQxMTE2NTY1
MFowQjEVMBMGCgmSJomT8ixkARkWBWxvY2FsMRkwFwYKCZImiZPyLGQBGRYJbHNl
eHBlcnRzMQ4wDAYDVQQDEwVDQTAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqlWLfYK+dExjG+Qa/jpYjSo3EQnweQ7azacosa+xsrTMfDV5wLgMBSclCTX2
i/35VRg282Bh7hKCZifOBnAxjCBIHMpHQmW9c0T/GpeWSOQ1x0KeKrZ4PRj5oHEv
/uDJ7q2HlWXgRQo6NR75yDGLpsAWk64TyQ/I4f2vlC+AtjMCAyPS46OCAWcwggFj
MBMGCSsGAQQBgjcUAgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTCY8rVNcU/NGvgZxaPmO+Kz8bG4TCB/AYDVR0fBIH0MIHx
MIHuoIHroIHohoGwbGRhcDovLy9DTj1DQTAwMSxDTj1sc2V4czAxLENOPUNEUCxD
Tj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1
cmF0aW9uLERDPWxzZXhwZXJ0cyxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRp
b25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGM2h0
dHA6Ly9sc2V4czAxLmxzZXhwZXJ0cy5sb2NhbC9DZXJ0RW5yb2xsL0NBMDAxLmNy
bDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOBgQBa+RGoezCgJS5W
PFCPy9BWqZr7iRimfRGBDqHpYDCPDtgec2fKCZ+u4jfwuTisZ7UOoiM1iEvkw0hH
Z7R1pz4Yd6E074kS/fe6u7U+9L3dmSUjFvO3gkLKtHKbhQi0NA+EHMRrPsQQemLm
gYzNiYwtvAu74Q+eTC6R5Uf0hOlFig==
-----END CERTIFICATE-----"""

        # Create LDAP resolver
        music_ldap_name = "SE_selfservice"
        music_ldap_id_resolver = LdapUserIdResolver(
            music_ldap_name,
            driver,
            self.base_url,
            uri="ldaps://blackdog",
            certificate=ad_certificate,
            basedn="ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de",
            binddn=u'cn="Antonín Dvořák",ou=people,dc=blackdog,dc=office,dc=lsexperts,dc=de',
            password="******",
            preset_ldap=True
        )
        time.sleep(1)

        # Create realm
        resolvers_realm = [music_ldap_id_resolver]
        realm_name = "SE_realm_selfservice"
        realm = Realm(realm_name, resolvers_realm)
        realm.create(driver, self.base_url)
        time.sleep(1)

        Policy(driver, self.base_url, "SE_policy_selfservice",
               "selfservice", "setOTPPIN, ", realm_name.lower())
        time.sleep(1)

        login_user = u"郎"
        login_password = "******"

        driver.get(self.base_url + "/account/login")
        driver.find_element_by_id("login").clear()
        driver.find_element_by_id("login").send_keys(login_user + "@" + realm_name.lower())
        driver.find_element_by_id("password").clear()
        driver.find_element_by_id("password").send_keys(login_password)
        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
        time.sleep(3)
        try:
            self.assertRegexpMatches(driver.find_element_by_css_selector("BODY").text,
                                     r"^[\s\S]*set PIN[\s\S]*$")
        except AssertionError as assertion_error:
            self.verification_errors.append(str(assertion_error))