def test_suffix_with_valid_config_file(self): config_format = ( "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "UsernameSuffix: {}\n") cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format( self.okta_url, self.okta_token, self.username_suffix)) cfg.file.seek(0) env = MockEnviron({ 'common_name': self.username_prefix, 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages['info'][-1:][0] self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_with_valid_config_file(self): config_format = ( "[OktaAPI]\n" "Url: {}\n" "Token: {}\n") cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format( self.okta_url, self.okta_token)) cfg.file.seek(0) env = MockEnviron({ 'common_name': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages['info'][-1:][0] self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_with_valid_config_file_with_untrusted_user_disabled(self): for val in ['yes', '1', 'true', 'ok', 'False', '0']: config_format = ( "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: {}") cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format( self.okta_url, self.okta_token, val)) cfg.file.seek(0) env = MockEnviron({ 'username': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config['assert_pinset'] = [ self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, False)
def test_invalid_configuration_file(self): validator = OktaOpenVPNValidator() validator.config_file = '/dev/false' rv = validator.read_configuration_file() self.assertEquals(rv, False) last_error = self.okta_log_messages['critical'][-1:][0] self.assertIn('Failed to load config', last_error)
def test_with_valid_config_file_with_untrusted_user_disabled(self): for val in ["yes", "1", "true", "ok", "False", "0"]: config_format = "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: {}" cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format(self.okta_url, self.okta_token, val)) cfg.file.seek(0) env = MockEnviron({"username": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, False)
def test_with_valid_config_file_with_untrusted_user_enabled(self): config_format = "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: True" cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format(self.okta_url, self.okta_token)) cfg.file.seek(0) env = MockEnviron({"username": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages["info"][-1:][0] self.assertIn("is now authenticated with MFA via Okta API", last_error)
def test_with_invalid_config_file(self): cfg = tempfile.NamedTemporaryFile() cfg.file.write("invalidconfig") cfg.file.seek(0) env = MockEnviron({"common_name": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env rv = validator.read_configuration_file() self.assertEquals(rv, False)
def test_with_invalid_config_file(self): cfg = tempfile.NamedTemporaryFile() cfg.file.write('invalidconfig') cfg.file.seek(0) env = MockEnviron({ 'common_name': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env rv = validator.read_configuration_file() self.assertEquals(rv, False)