class GoogleAuthenticatorTests(TestCase):
def setUp(self):
self.api_client = ApiClient()
self.auth_client = OktaAuthClient(OktaFactors(self.api_client))
self.mb = MountebankProcess()
def tearDown(self):
self.mb.destroy_all_imposters()
def setup_imposter(self, file_name):
port = self.mb.create_imposter("test_auth_client/stubs/" + file_name)
imposter_url = self.mb.get_imposter_url(port)
self.api_client.settings.set("BASE_URL", imposter_url)
return imposter_url
def test_enrollment_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.enroll_user_for_google_authenticator(None)
def test_activation_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.activate_google_authenticator_factor(None, "123456")
with self.assertRaises(AssertionError):
self.auth_client.activate_google_authenticator_factor("0001", None)
def test_verification_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.verify_google_authenticator_factor(None, "123456")
with self.assertRaises(AssertionError):
self.auth_client.verify_google_authenticator_factor("0001", None)
def test_is_enrolled_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.is_user_enrolled_for_google_authenticator(None)
def test_delete_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.delete_google_authenticator_factor(None)
def test_enrollment_success(self):
self.setup_imposter("test_google_authenticator_enrollment.json")
response, message, error_code, extras = self.auth_client.enroll_user_for_google_authenticator(USER_ONE["id"])
self.assertTrue(response)
self.assertIsNotNone(response["id"])
self.assertEqual("token:software:totp", response["factorType"])
self.assertEqual("GOOGLE", response["provider"])
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
self.assertIn("shared_secret", extras)
self.assertIsNotNone(extras["shared_secret"])
self.assertIn("qr_code", extras)
self.assertIsNotNone(extras["qr_code"])
def test_enrollment_failure(self):
self.setup_imposter("test_google_authenticator_enrollment.json")
response, message, error_code, extras = self.auth_client.enroll_user_for_google_authenticator(USER_TWO["id"])
self.assertFalse(response)
self.assertEqual("Factor already exists.", message)
self.assertIsNotNone(error_code)
def test_activation_success(self):
self.setup_imposter("test_google_authenticator_activation.json")
response, message, error_code = self.auth_client.activate_google_authenticator_factor(USER_ONE["id"], "12345")
self.assertTrue(response)
self.assertEqual("Success", message)
self.assertIsNone(error_code)
def test_activation_failure_one(self):
self.setup_imposter("test_google_authenticator_activation.json")
response, message, error_code = self.auth_client.activate_google_authenticator_factor(USER_TWO["id"], "1")
self.assertFalse(response)
self.assertEqual("Your passcode doesn't match our records. Please try again.", message)
self.assertEqual("E0000068", error_code)
def test_activation_failure_two(self):
self.setup_imposter("test_google_authenticator_activation.json")
response, message, error_code = self.auth_client.activate_google_authenticator_factor(
USER_THREE["id"], "not-enrolled"
)
self.assertFalse(response)
self.assertEqual("Not enrolled in factor.", message)
self.assertIsNotNone(error_code)
def test_activation_failure_three(self):
self.setup_imposter("test_google_authenticator_activation.json")
response, message, error_code = self.auth_client.activate_google_authenticator_factor(
USER_FOUR["id"], "not-found"
)
self.assertFalse(response)
self.assertEqual("Not found: Resource not found: invalid_id (User)", message)
self.assertIsNotNone(error_code)
def test_verify_challenge_success(self):
self.setup_imposter("test_google_authenticator_challenge.json")
response, message, error_code = self.auth_client.verify_google_authenticator_factor(USER_ONE["id"], "12345")
self.assertTrue(response)
self.assertEqual(response.get("factorResult"), "SUCCESS")
self.assertEqual("Success", message)
self.assertIsNone(error_code)
def test_verify_challenge_failure_one(self):
self.setup_imposter("test_google_authenticator_challenge.json")
response, message, error_code = self.auth_client.verify_google_authenticator_factor(
USER_ONE["id"], "invalid-passcode"
)
self.assertFalse(response)
self.assertEqual("Your passcode doesn't match our records. Please try again.", message)
self.assertEqual("E0000068", error_code)
def test_verify_challenge_two(self):
self.setup_imposter("test_google_authenticator_challenge.json")
response, message, error_code = self.auth_client.verify_google_authenticator_factor(USER_THREE["id"], "12345")
self.assertFalse(response)
self.assertEqual("Not enrolled in factor.", message)
def test_verify_challenge_failure_three(self):
self.setup_imposter("test_google_authenticator_challenge.json")
response, message, error_code = self.auth_client.verify_google_authenticator_factor(USER_FOUR["id"], "12345")
self.assertFalse(response)
self.assertEqual("Not found: Resource not found: invalid_id (User)", message)
def test_user_is_enrolled(self):
self.setup_imposter("test_google_authenticator_challenge.json")
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(USER_ONE["id"])
self.assertTrue(is_enrolled)
def test_user_is_not_enrolled_in_pending_activation(self):
self.setup_imposter("test_google_authenticator_challenge.json")
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(USER_TWO["id"])
self.assertFalse(is_enrolled)
def test_user_is_not_enrolled_different_factor(self):
self.setup_imposter("test_google_authenticator_challenge.json")
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(USER_THREE["id"])
self.assertFalse(is_enrolled)
def test_user_is_not_enrolled_invalid_id(self):
self.setup_imposter("test_google_authenticator_challenge.json")
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator("invalid_id")
self.assertFalse(is_enrolled)
def test_delete_factor(self):
self.setup_imposter("test_google_authenticator_challenge.json")
response, message, error_code = self.auth_client.delete_google_authenticator_factor(USER_ONE["id"])
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
def setUp(self):
self.api_client = ApiClient()
self.auth_client = OktaAuthClient(OktaFactors(self.api_client))
self.mb = MountebankProcess()
def setUp(self):
self.api_client = ApiClient()
self.auth_client = OktaAuthClient(OktaFactors(self.api_client))
self.mb = MountebankProcess()
class GoogleAuthenticatorTests(TestCase):
def setUp(self):
self.api_client = ApiClient()
self.auth_client = OktaAuthClient(OktaFactors(self.api_client))
self.mb = MountebankProcess()
def tearDown(self):
self.mb.destroy_all_imposters()
def setup_imposter(self, file_name):
port = self.mb.create_imposter('test_auth_client/stubs/' + file_name)
imposter_url = self.mb.get_imposter_url(port)
self.api_client.settings.set('BASE_URL', imposter_url)
return imposter_url
def test_enrollment_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.enroll_user_for_google_authenticator(None)
def test_activation_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.activate_google_authenticator_factor(
None, '123456')
with self.assertRaises(AssertionError):
self.auth_client.activate_google_authenticator_factor('0001', None)
def test_verification_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.verify_google_authenticator_factor(None, '123456')
with self.assertRaises(AssertionError):
self.auth_client.verify_google_authenticator_factor('0001', None)
def test_is_enrolled_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.is_user_enrolled_for_google_authenticator(None)
def test_delete_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.delete_google_authenticator_factor(None)
def test_enrollment_success(self):
self.setup_imposter('test_google_authenticator_enrollment.json')
response, message, error_code, extras = self.auth_client.enroll_user_for_google_authenticator(
USER_ONE['id'])
self.assertTrue(response)
self.assertIsNotNone(response['id'])
self.assertEqual('token:software:totp', response['factorType'])
self.assertEqual('GOOGLE', response['provider'])
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
self.assertIn('shared_secret', extras)
self.assertIsNotNone(extras['shared_secret'])
self.assertIn('qr_code', extras)
self.assertIsNotNone(extras['qr_code'])
def test_enrollment_failure(self):
self.setup_imposter('test_google_authenticator_enrollment.json')
response, message, error_code, extras = self.auth_client.enroll_user_for_google_authenticator(
USER_TWO['id'])
self.assertFalse(response)
self.assertEqual('Factor already exists.', message)
self.assertIsNotNone(error_code)
def test_activation_success(self):
self.setup_imposter('test_google_authenticator_activation.json')
response, message, error_code = self.auth_client.activate_google_authenticator_factor(
USER_ONE['id'], '12345')
self.assertTrue(response)
self.assertEqual("Success", message)
self.assertIsNone(error_code)
def test_activation_failure_one(self):
self.setup_imposter('test_google_authenticator_activation.json')
response, message, error_code = self.auth_client.activate_google_authenticator_factor(
USER_TWO['id'], '1')
self.assertFalse(response)
self.assertEqual(
"Your passcode doesn't match our records. Please try again.",
message)
self.assertEqual('E0000068', error_code)
def test_activation_failure_two(self):
self.setup_imposter('test_google_authenticator_activation.json')
response, message, error_code = self.auth_client.activate_google_authenticator_factor(
USER_THREE['id'], 'not-enrolled')
self.assertFalse(response)
self.assertEqual("Not enrolled in factor.", message)
self.assertIsNotNone(error_code)
def test_activation_failure_three(self):
self.setup_imposter('test_google_authenticator_activation.json')
response, message, error_code = self.auth_client.activate_google_authenticator_factor(
USER_FOUR['id'], 'not-found')
self.assertFalse(response)
self.assertEqual("Not found: Resource not found: invalid_id (User)",
message)
self.assertIsNotNone(error_code)
def test_verify_challenge_success(self):
self.setup_imposter('test_google_authenticator_challenge.json')
response, message, error_code = self.auth_client.verify_google_authenticator_factor(
USER_ONE['id'], '12345')
self.assertTrue(response)
self.assertEqual(response.get('factorResult'), 'SUCCESS')
self.assertEqual("Success", message)
self.assertIsNone(error_code)
def test_verify_challenge_failure_one(self):
self.setup_imposter('test_google_authenticator_challenge.json')
response, message, error_code = self.auth_client.verify_google_authenticator_factor(
USER_ONE['id'], 'invalid-passcode')
self.assertFalse(response)
self.assertEqual(
"Your passcode doesn't match our records. Please try again.",
message)
self.assertEqual('E0000068', error_code)
def test_verify_challenge_two(self):
self.setup_imposter('test_google_authenticator_challenge.json')
response, message, error_code = self.auth_client.verify_google_authenticator_factor(
USER_THREE['id'], '12345')
self.assertFalse(response)
self.assertEqual("Not enrolled in factor.", message)
def test_verify_challenge_failure_three(self):
self.setup_imposter('test_google_authenticator_challenge.json')
response, message, error_code = self.auth_client.verify_google_authenticator_factor(
USER_FOUR['id'], '12345')
self.assertFalse(response)
self.assertEqual("Not found: Resource not found: invalid_id (User)",
message)
def test_user_is_enrolled(self):
self.setup_imposter('test_google_authenticator_challenge.json')
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(
USER_ONE['id'])
self.assertTrue(is_enrolled)
def test_user_is_not_enrolled_in_pending_activation(self):
self.setup_imposter('test_google_authenticator_challenge.json')
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(
USER_TWO['id'])
self.assertFalse(is_enrolled)
def test_user_is_not_enrolled_different_factor(self):
self.setup_imposter('test_google_authenticator_challenge.json')
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(
USER_THREE['id'])
self.assertFalse(is_enrolled)
def test_user_is_not_enrolled_invalid_id(self):
self.setup_imposter('test_google_authenticator_challenge.json')
is_enrolled = self.auth_client.is_user_enrolled_for_google_authenticator(
"invalid_id")
self.assertFalse(is_enrolled)
def test_delete_factor(self):
self.setup_imposter('test_google_authenticator_challenge.json')
response, message, error_code = self.auth_client.delete_google_authenticator_factor(
USER_ONE['id'])
self.assertEqual(message, 'Success')
self.assertIsNone(error_code)
def setup_imposter(self, file_name):
imposter = self.mb.create_imposter('test_auth_client/stubs/' + file_name)
api_client = ApiClient(BASE_URL=self.mb.get_imposter_url(imposter))
return OktaAuthClient(OktaFactors(api_client))
def setUp(self):
self.api_client = ApiClient(API_TOKEN='jrr-tolkien')
self.auth_client = OktaAuthClient(OktaFactors(self.api_client))
self.mb = MountebankProcess()
class SMSAuthTests(unittest.TestCase):
def setUp(self):
self.api_client = ApiClient(API_TOKEN='jrr-tolkien')
self.auth_client = OktaAuthClient(OktaFactors(self.api_client))
self.mb = MountebankProcess()
def tearDown(self):
self.mb.destroy_all_imposters()
def setup_imposter(self, file_name):
imposter = self.mb.create_imposter('test_auth_client/stubs/' + file_name)
api_client = ApiClient(BASE_URL=self.mb.get_imposter_url(imposter))
return OktaAuthClient(OktaFactors(api_client))
def test_sms_enrollment_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.enroll_user_for_sms(user_no_id.get('id'), user_no_id.get('phone_number'))
with self.assertRaises(AssertionError):
self.auth_client.enroll_user_for_sms(
user_no_phone_number.get('id'), user_no_phone_number.get('phone_number'))
def test_sms_enrollment_success(self):
auth_client = self.setup_imposter('test_sms_enrollment.json')
response, message, error_code = auth_client.enroll_user_for_sms(
user_one.get('id'), user_one.get('phone_number'))
self.assertTrue(response)
self.assertEqual(response.get('id'), user_one.get('id'))
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
def test_sms_enrollment_failure(self):
auth_client = self.setup_imposter('test_sms_enrollment.json')
response, message, error_code = auth_client.enroll_user_for_sms(
user_two.get('id'), user_two.get('phone_number'))
self.assertFalse(response)
self.assertEqual(message, "Factor already exists.")
self.assertIsNotNone(error_code)
def test_sms_activation_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.activate_sms_factor(user_no_id.get('id'), '123')
with self.assertRaises(AssertionError):
self.auth_client.activate_sms_factor(user_one.get('id'), None)
def test_sms_activation_success(self):
auth_client = self.setup_imposter('test_sms_activation.json')
response, message, error_code = auth_client.activate_sms_factor(user_one.get('id'), '12345')
self.assertTrue(response)
self.assertEqual(response.get('id'), user_one.get('id'))
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
def test_sms_activation_failure_one(self):
auth_client = self.setup_imposter('test_sms_activation.json')
response, message, error_code = auth_client.activate_sms_factor(user_two.get('id'), 'invalid-passcode')
self.assertFalse(response)
self.assertEqual(message, "Your passcode doesn't match our records. Please try again.")
self.assertEqual('E0000068', error_code)
def test_sms_activation_failure_two(self):
auth_client = self.setup_imposter('test_sms_activation.json')
response, message, error_code = auth_client.activate_sms_factor(user_three.get('id'), '12345')
self.assertFalse(response)
self.assertEqual(message, "Not enrolled in factor.")
self.assertIsNotNone(error_code)
def test_sms_activation_failure_three(self):
auth_client = self.setup_imposter('test_sms_activation.json')
response, message, error_code = auth_client.activate_sms_factor(user_invalid_id.get('id'), '12345')
self.assertFalse(response)
self.assertEqual(message, "Not found: Resource not found: invalid_id (User)")
self.assertIsNotNone(error_code)
def test_sms_challenge_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.send_sms_challenge(user_no_id.get('id'))
def test_sms_challenge_success(self):
auth_client = self.setup_imposter('test_send_sms_challenge.json')
response, message, error_code = auth_client.send_sms_challenge(user_one.get('id'))
self.assertTrue(response)
self.assertEqual(response.get('factorResult'), 'CHALLENGE')
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
def test_sms_challenge_failure_one(self):
auth_client = self.setup_imposter('test_send_sms_challenge.json')
response, message, error_code = auth_client.send_sms_challenge(user_two.get('id'))
self.assertFalse(response)
self.assertEqual(message, "Your passcode doesn't match our records. Please try again.")
self.assertEqual('E0000068', error_code)
def test_sms_challenge_failure_two(self):
auth_client = self.setup_imposter('test_send_sms_challenge.json')
response, message, error_code = auth_client.send_sms_challenge(user_invalid_id.get('id'))
self.assertFalse(response)
self.assertEqual(message, "Not found: Resource not found: invalid_id (User)")
def test_sms_challenge_failure_three(self):
auth_client = self.setup_imposter('test_send_sms_challenge.json')
response, message, error_code = auth_client.send_sms_challenge(user_three.get('id'))
self.assertFalse(response)
self.assertEqual('Not enrolled in factor.', message)
self.assertIsNotNone(error_code)
def test_verify_sms_challenge_requirements(self):
with self.assertRaises(AssertionError):
self.auth_client.verify_sms_challenge_passcode(user_no_id.get('id'), '12345')
def test_verify_sms_challenge_success(self):
auth_client = self.setup_imposter('test_verify_sms_challenge.json')
response, message, error_code = auth_client.verify_sms_challenge_passcode(user_one.get('id'), '12345')
self.assertTrue(response)
self.assertEqual(response.get('factorResult'), 'SUCCESS')
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
def test_verify_sms_challenge_failure_one(self):
auth_client = self.setup_imposter('test_verify_sms_challenge.json')
response, message, error_code = auth_client.verify_sms_challenge_passcode(
user_two.get('id'), "invalid-passcode")
self.assertFalse(response)
self.assertEqual(message, "Your passcode doesn't match our records. Please try again.")
self.assertEqual('E0000068', error_code)
def test_verify_sms_challenge_failure_two(self):
auth_client = self.setup_imposter('test_verify_sms_challenge.json')
response, message, error_code = auth_client.verify_sms_challenge_passcode(user_invalid_id.get('id'), '12345')
self.assertFalse(response)
self.assertEqual(message, "Not found: Resource not found: invalid_id (User)")
def test_verify_sms_challenge_three(self):
auth_client = self.setup_imposter('test_verify_sms_challenge.json')
response, message, error_code = auth_client.verify_sms_challenge_passcode(user_three.get('id'), '12345')
self.assertFalse(response)
self.assertEqual("Not enrolled in factor.", message)
def test_user_is_enrolled_in_sms(self):
auth_client = self.setup_imposter('test_sms_is_enrolled.json')
is_enrolled = auth_client.is_user_enrolled_for_sms(user_one.get('id'))
self.assertTrue(is_enrolled)
def test_user_is_not_enrolled_in_sms_pending_activation(self):
auth_client = self.setup_imposter('test_sms_is_enrolled.json')
is_enrolled = auth_client.is_user_enrolled_for_sms(user_two.get('id'))
self.assertFalse(is_enrolled)
def test_user_is_not_enrolled_in_sms_different_factor(self):
auth_client = self.setup_imposter('test_sms_is_enrolled.json')
is_enrolled = auth_client.is_user_enrolled_for_sms(user_three.get('id'))
self.assertFalse(is_enrolled)
def test_user_is_not_enrolled_in_sms_invalid_id(self):
auth_client = self.setup_imposter('test_sms_is_enrolled.json')
is_enrolled = auth_client.is_user_enrolled_for_sms("invalid_id")
self.assertFalse(is_enrolled)
def test_delete_sms_factor(self):
auth_client = self.setup_imposter('test_sms_delete_factor.json')
response, message, error_code = auth_client.delete_sms_factor(user_one['id'])
self.assertEqual(message, 'Success')
self.assertIsNone(error_code)
def test_update_sms_phone_number(self):
auth_client = self.setup_imposter('test_sms_delete_factor.json')
new_phone_number = '+1 666-666-6666'
response, message, error_code = auth_client.update_sms_phone_number(user_one['id'], new_phone_number)
self.assertTrue(response)
self.assertEqual(response.get('id'), user_one.get('id'))
self.assertEqual(response['profile']['phoneNumber'], new_phone_number)
self.assertEqual(message, "Success")
self.assertIsNone(error_code)
def test_update_sms_phone_number_failure(self):
auth_client = self.setup_imposter('test_sms_delete_factor.json')
response, message, error_code = auth_client.update_sms_phone_number(user_two['id'], '+1 666-666-6666')
self.assertFalse(response)
self.assertEqual('Tom wanted 100% test coverage.', message)
self.assertIsNotNone(error_code)
def test_update_sms_phone_number_delete_failure(self):
auth_client = self.setup_imposter('test_sms_delete_factor.json')
response, message, error_code = auth_client.update_sms_phone_number(user_three['id'], '+1 666-666-6666')
self.assertFalse(response)
self.assertEqual('Tom wanted 100% test coverage.', message)
self.assertIsNotNone(error_code)
