def test_auth_okta_step2_negative():
    """Authentication by OKTA step2 negative test case."""
    authenticator = 'https://testsso.snowflake.net/'
    application = 'testapplication'
    account = 'testaccount'
    user = '******'
    service_name = ''

    # invalid SSO URL
    ref_sso_url = 'https://testssoinvalid.snowflake.net/sso'
    ref_token_url = 'https://testsso.snowflake.net/token'
    rest = _init_rest(ref_sso_url, ref_token_url)

    auth = AuthByOkta(rest, application)
    # step 1
    headers, sso_url, token_url = auth._step1(authenticator, service_name,
                                              account, user)
    # step 2
    auth._step2(authenticator, sso_url, token_url)
    assert rest._connection.errorhandler.called  # error

    # invalid TOKEN URL
    ref_sso_url = 'https://testsso.snowflake.net/sso'
    ref_token_url = 'https://testssoinvalid.snowflake.net/token'
    rest = _init_rest(ref_sso_url, ref_token_url)

    auth = AuthByOkta(rest, application)
    # step 1
    headers, sso_url, token_url = auth._step1(authenticator, service_name,
                                              account, user)
    # step 2
    auth._step2(authenticator, sso_url, token_url)
    assert rest._connection.errorhandler.called  # error
def test_auth_okta_step5_negative():
    """
    Authentication by OKTA step5 negative test case
    """
    authenticator = 'https://testsso.snowflake.net/'
    application = 'testapplication'
    account = 'testaccount'
    user = '******'
    password = '******'
    service_name = ''

    ref_sso_url = 'https://testsso.snowflake.net/sso'
    ref_token_url = 'https://testsso.snowflake.net/token'
    rest = _init_rest(ref_sso_url, ref_token_url)

    auth = AuthByOkta(rest, application)
    # step 1
    headers, sso_url, token_url = auth._step1(authenticator, service_name,
                                              account, user)
    assert not rest._connection.errorhandler.called  # no error
    # step 2
    auth._step2(authenticator, sso_url, token_url)
    assert not rest._connection.errorhandler.called  # no error
    # step 3
    ref_one_time_token = '1token1'

    def fake_fetch(method, full_url, headers, **kwargs):
        return {
            'cookieToken': ref_one_time_token,
        }

    rest.fetch = fake_fetch
    one_time_token = auth._step3(headers, token_url, user, password)
    assert not rest._connection.errorhandler.called  # no error

    # step 4
    # HTML includes invalid account name
    ref_response_html = '''
<html><body>
<form action="https://invalidtestaccount.snowflakecomputing.com/post_back
"></form>
</body></body></html>
'''

    def fake_fetch(method, full_url, headers, **kwargs):
        return ref_response_html

    rest.fetch = fake_fetch
    response_html = auth._step4(one_time_token, sso_url)
    assert response_html == ref_response_html

    # step 5
    rest._protocol = 'https'
    rest._host = '{account}.snowflakecomputing.com'.format(account=account)
    rest._port = 443
    auth._step5(ref_response_html)
    assert rest._connection.errorhandler.called  # error
def test_auth_okta_step1_negative():
    """Authentication by OKTA step1 negative test case."""
    authenticator = "https://testsso.snowflake.net/"
    application = "testapplication"
    account = "testaccount"
    user = "******"
    service_name = ""

    # not success status is returned
    ref_sso_url = "https://testsso.snowflake.net/sso"
    ref_token_url = "https://testsso.snowflake.net/token"
    rest = _init_rest(ref_sso_url, ref_token_url, success=False, message="error")
    auth = AuthByOkta(rest, application)
    # step 1
    _, _, _ = auth._step1(authenticator, service_name, account, user)
    assert rest._connection.errorhandler.called  # error should be raised
def test_auth_okta_step1_negative():
    """
    Authentication by OKTA step1 negative test case
    """
    authenticator = 'https://testsso.snowflake.net/'
    application = 'testapplication'
    account = 'testaccount'
    user = '******'

    # not success status is returned
    ref_sso_url = 'https://testsso.snowflake.net/sso'
    ref_token_url = 'https://testsso.snowflake.net/token'
    rest = _init_rest(ref_sso_url,
                      ref_token_url,
                      success=False,
                      message='error')
    auth = AuthByOkta(rest, application)
    # step 1
    _, _, _ = auth._step1(authenticator, account, user)
    assert rest._connection.errorhandler.called  # error should be raised
def test_auth_okta_step3_negative():
    """Authentication by OKTA step3 negative test case."""
    authenticator = 'https://testsso.snowflake.net/'
    application = 'testapplication'
    account = 'testaccount'
    user = '******'
    password = '******'
    service_name = ''

    ref_sso_url = 'https://testsso.snowflake.net/sso'
    ref_token_url = 'https://testsso.snowflake.net/token'
    rest = _init_rest(ref_sso_url, ref_token_url)

    auth = AuthByOkta(rest, application)
    # step 1
    headers, sso_url, token_url = auth._step1(authenticator, service_name,
                                              account, user)
    # step 2
    auth._step2(authenticator, sso_url, token_url)
    assert not rest._connection.errorhandler.called  # no error

    # step 3: authentication by IdP failed.
    def fake_fetch(method, full_url, headers, **kwargs):
        return {
            'failed': 'auth failed',
        }

    rest.fetch = fake_fetch
    _ = auth._step3(headers, token_url, user, password)
    assert rest._connection.errorhandler.called  # auth failure error
예제 #6
0
def test_auth_okta():
    """Authentication by OKTA positive test case."""
    authenticator = "https://testsso.snowflake.net/"
    application = "testapplication"
    account = "testaccount"
    user = "******"
    password = "******"
    service_name = ""

    ref_sso_url = "https://testsso.snowflake.net/sso"
    ref_token_url = "https://testsso.snowflake.net/token"
    rest = _init_rest(ref_sso_url, ref_token_url)

    auth = AuthByOkta(rest, application)

    # step 1
    headers, sso_url, token_url = auth._step1(authenticator, service_name,
                                              account, user)
    assert not rest._connection.errorhandler.called  # no error
    assert headers.get("accept") is not None
    assert headers.get("Content-Type") is not None
    assert headers.get("User-Agent") is not None
    assert sso_url == ref_sso_url
    assert token_url == ref_token_url

    # step 2
    auth._step2(authenticator, sso_url, token_url)
    assert not rest._connection.errorhandler.called  # no error

    # step 3
    ref_one_time_token = "1token1"

    def fake_fetch(method, full_url, headers, **kwargs):
        return {
            "cookieToken": ref_one_time_token,
        }

    rest.fetch = fake_fetch
    one_time_token = auth._step3(headers, token_url, user, password)
    assert not rest._connection.errorhandler.called  # no error
    assert one_time_token == ref_one_time_token

    # step 4
    ref_response_html = """
<html><body>
<form action="https://testaccount.snowflakecomputing.com/post_back"></form>
</body></body></html>
"""

    def fake_fetch(method, full_url, headers, **kwargs):
        return ref_response_html

    rest.fetch = fake_fetch
    response_html = auth._step4(one_time_token, sso_url)
    assert response_html == response_html

    # step 5
    rest._protocol = "https"
    rest._host = "{account}.snowflakecomputing.com".format(account=account)
    rest._port = 443
    auth._step5(ref_response_html)
    assert not rest._connection.errorhandler.called  # no error
    assert ref_response_html == auth._saml_response
def test_auth_okta():
    """
    Authentication by OKTA positive test case
    """
    authenticator = 'https://testsso.snowflake.net/'
    application = 'testapplication'
    account = 'testaccount'
    user = '******'
    password = '******'

    ref_sso_url = 'https://testsso.snowflake.net/sso'
    ref_token_url = 'https://testsso.snowflake.net/token'
    rest = _init_rest(ref_sso_url, ref_token_url)

    auth = AuthByOkta(rest, application)

    # step 1
    headers, sso_url, token_url = auth._step1(authenticator, account, user)
    assert not rest._connection.errorhandler.called  # no error
    assert headers.get('accept') is not None
    assert headers.get('Content-Type') is not None
    assert headers.get('User-Agent') is not None
    assert sso_url == ref_sso_url
    assert token_url == ref_token_url

    # step 2
    auth._step2(authenticator, sso_url, token_url)
    assert not rest._connection.errorhandler.called  # no error

    # step 3
    ref_one_time_token = '1token1'

    def fake_fetch(method, full_url, headers, **kwargs):
        return {
            'cookieToken': ref_one_time_token,
        }

    rest.fetch = fake_fetch
    one_time_token = auth._step3(headers, token_url, user, password)
    assert not rest._connection.errorhandler.called  # no error
    assert one_time_token == ref_one_time_token

    # step 4
    ref_response_html = '''
<html><body>
<form action="https://testaccount.snowflakecomputing.com/post_back"></form>
</body></body></html>
'''

    def fake_fetch(method, full_url, headers, **kwargs):
        return ref_response_html

    rest.fetch = fake_fetch
    response_html = auth._step4(one_time_token, sso_url)
    assert response_html == response_html

    # step 5
    rest._protocol = 'https'
    rest._host = '{account}.snowflakecomputing.com'.format(account=account)
    rest._port = 443
    auth._step5(ref_response_html)
    assert not rest._connection.errorhandler.called  # no error
    assert ref_response_html == auth._saml_response