def test_10_check_conditions_tokentype(self):
uhandler = UserNotificationEventHandler()
# check if tokenrealm is contained
builder = EnvironBuilder(method='POST',
data={'user': "******"},
headers={})
tok = init_token({"serial": "oath1234", "type": "spass"},
user=User("cornelius", "realm1"))
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******",
"serial": "oath1234"}
req.User = User("cornelius", "realm1")
resp = Response()
resp.data = """{"result": {"value": true}}"""
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"tokentype": "totp,spass,oath,"}},
"request": req,
"response": resp
}
)
# Serial matches the regexp
self.assertEqual(r, True)
def test_04_loggingevent_broken_parameter(self, capture):
# simple logging event with faulty parameters
self.setUp_user_realms()
g = FakeFlaskG()
g.audit_object = FakeAudit()
env = EnvironBuilder(method='POST', headers={},
path='/auth').get_environ()
req = Request(env)
req.all_data = {}
req.User = User("cornelius", self.realm1)
resp = Response(response="""{"result": {"value": true}}""")
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
'options': {
'name': None,
'level': 'some_level',
'message': None
}
}
}
log_handler = LoggingEventHandler()
res = log_handler.do("logging", options=options)
self.assertTrue(res)
capture.check_present(('root', 'INFO', 'event=/auth triggered'))
def test_08_check_conditions_serial(self):
uhandler = UserNotificationEventHandler()
# check a serial with regexp
builder = EnvironBuilder(method='POST',
data={'user': "******"},
headers={})
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******", "serial": "OATH123456"}
req.User = User("cornelius", "realm1")
resp = Response()
resp.data = """{"result": {"value": true}}"""
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
"serial": "^OATH.*"
}
},
"request": req,
"response": resp
})
# Serial matches the regexp
self.assertEqual(r, True)
def test_06_check_conditions_realm(self):
uhandler = UserNotificationEventHandler()
# check a locked token with maxfail = failcount
builder = EnvironBuilder(method='POST',
data={'user': "******"},
headers={})
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******"}
req.User = User("cornelius", "realm1")
resp = Response()
resp.data = """{"result": {"value": false}}"""
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
"realm": "realm2"
}
},
"request": req,
"response": resp
})
# wrong realm
self.assertEqual(r, False)
def test_03_loggingevent_parameter(self, capture):
# simple logging event with user defined values
self.setUp_user_realms()
g = FakeFlaskG()
g.audit_object = FakeAudit()
env = EnvironBuilder(method='POST', headers={},
path='/auth').get_environ()
req = Request(env)
req.all_data = {}
req.User = User("cornelius", self.realm1)
resp = Response(response="""{"result": {"value": true}}""")
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
'options': {
'name': 'eventlogger-privacyidea',
'level': 'WARN',
'message': 'Hello {username}!'
}
}
}
log_handler = LoggingEventHandler()
res = log_handler.do("logging", options=options)
self.assertTrue(res)
capture.check_present(
('eventlogger-privacyidea', 'WARNING', 'Hello cornelius!'))
def test_10_check_conditions_token_has_owner(self):
uhandler = UserNotificationEventHandler()
# check if tokenrealm is contained
builder = EnvironBuilder(method='POST',
data={'user': "******"},
headers={})
tok = init_token({
"serial": "oath1234",
"type": "spass"
},
user=User("cornelius", "realm1"))
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******", "serial": "oath1234"}
req.User = User("cornelius", "realm1")
resp = Response()
resp.data = """{"result": {"value": true}}"""
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
CONDITION.TOKEN_HAS_OWNER: "True"
}
},
"request": req,
"response": resp
})
# Token has an owner
self.assertEqual(r, True)
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
CONDITION.TOKEN_HAS_OWNER: "False"
}
},
"request": req,
"response": resp
})
# Token has an owner, but the condition is wrong
self.assertEqual(r, False)
# unassign token, no owner
unassign_token("oath1234")
r = uhandler.check_condition({
"g": {},
"handler_def": {
"conditions": {
CONDITION.TOKEN_HAS_OWNER: "False"
}
},
"request": req,
"response": resp
})
# The condition was, token-not-assigned and the token has no user
self.assertEqual(r, True)
def test_05_loggingevent_tags(self, capture):
class UserAgentMock:
string = "hello world"
browser = "browser"
# simple logging event with all tags
self.setUp_sqlite_resolver_realm('testuser.sqlite', 'sqliterealm')
available_tags = [
'admin', 'realm', 'action', 'serial', 'url', 'user', 'surname',
'givenname', 'username', 'userrealm', 'tokentype', 'time', 'date',
'client_ip', 'ua_browser', 'ua_string'
]
tok = init_token(
{
"serial": "testserial",
"type": "spass",
"pin": "pin"
},
user=User("cornelius", "sqliterealm"))
g = FakeFlaskG()
g.audit_object = FakeAudit()
g.logged_in_user = {
"username": "******",
"role": "admin",
"realm": "super"
}
env = EnvironBuilder(method='POST', headers={},
path='/auth').get_environ()
req = Request(env)
req.user_agent = UserAgentMock()
req.all_data = {'serial': 'testserial'}
req.User = User("cornelius", 'sqliterealm')
resp = Response(response="""{"result": {"value": true}}""")
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
'options': {
'message':
' '.join(
['{0!s}={{{0!s}}}'.format(x) for x in available_tags])
}
}
}
current_utc_time = datetime(2018, 3, 4, 5, 6, 8)
with mock.patch('privacyidea.lib.utils.datetime') as mock_dt:
mock_dt.now.return_value = current_utc_time
log_handler = LoggingEventHandler()
res = log_handler.do("logging", options=options)
self.assertTrue(res)
capture.check_present(
('pi-eventlogger', 'INFO',
u'admin=admin realm=super action=/auth serial=testserial '
u'url=http://localhost/ user=Cornelius surname=Kölbel '
u'givenname=None username=cornelius userrealm=sqliterealm '
u'tokentype=spass time=05:06:08 date=2018-03-04 '
u'client_ip=None ua_browser=browser ua_string=hello world'))
def test_14_send_to_adminrealm(self):
# setup realms
self.setUp_user_realms()
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******", "role": "admin", "realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial", "user": "******"}
req.User = User("cornelius", self.realm1)
resp = Response()
resp.data = """{"result": {"value": true},
"detail": {"registrationcode": "12345678910"}
}
"""
# send email to user in adminrealm "realm1"
# Although this is no admin realm, but this realm contains some email
# addresses.
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
"conditions": {
"serial": "123.*"
},
"options": {
"body": "your {registrationcode}",
"emailconfig": "myserver",
"To": NOTIFY_TYPE.ADMIN_REALM,
"To " + NOTIFY_TYPE.ADMIN_REALM: "realm1"
}
}
}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendmail", options=options)
self.assertTrue(res)
def test_03_sendsms(self):
# setup realms
self.setUp_user_realms()
r = set_smsgateway(identifier="myGW",
providermodule="privacyidea.lib.smsprovider."
"SmtpSMSProvider.SmtpSMSProvider",
options={
"SMTPIDENTIFIER": "myserver",
"MAILTO": "*****@*****.**"
})
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******", "role": "admin", "realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial", "user": "******"}
req.User = User("cornelius", self.realm1)
resp = Response()
resp.data = """{"result": {"value": true}}"""
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
"options": {
"smsconfig": "myGW"
}
}
}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendsms", options=options)
self.assertTrue(res)
def test_07_locked_token_wrong_pin(self):
tok = init_token({
"serial": "lock2",
"type": "spass",
"pin": "pin"
},
user=User("cornelius", "realm1"))
# lock it
tok.set_failcount(10)
uhandler = UserNotificationEventHandler()
resp = Response()
resp.data = """{"result": {"value": false}}"""
builder = EnvironBuilder(method='POST')
env = builder.get_environ()
req = Request(env)
req.all_data = {"user": "******", "pass": "******"}
req.User = User("cornelius", self.realm1)
# check the do action.
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = None
g.audit_object = audit_object
options = {
"g": g,
"handler_def": {
"conditions": {
"token_locked": "True"
}
},
"response": resp,
"request": req
}
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
r = uhandler.check_condition(options)
self.assertEqual(r, True)
r = uhandler.do("sendmail", options=options)
self.assertEqual(r, True)
def test_02_sendmail(self):
# setup realms
self.setUp_user_realms()
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.logged_in_user = {"user": "******", "role": "admin", "realm": ""}
g.audit_object = audit_object
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
env = builder.get_environ()
# Set the remote address so that we can filter for it
env["REMOTE_ADDR"] = "10.0.0.1"
g.client_ip = env["REMOTE_ADDR"]
req = Request(env)
req.all_data = {"serial": "SomeSerial", "user": "******"}
req.User = User("cornelius", self.realm1)
resp = Response()
resp.data = """{"result": {"value": true}}"""
options = {
"g": g,
"request": req,
"response": resp,
"handler_def": {
"options": {
"emailconfig": "myserver"
}
}
}
un_handler = UserNotificationEventHandler()
res = un_handler.do("sendmail", options=options)
self.assertTrue(res)
def test_05_check_conditions(self):
uhandler = UserNotificationEventHandler()
resp = Response()
resp.data = """{"result": {"value": false}}"""
builder = EnvironBuilder(method='POST')
env = builder.get_environ()
req = Request(env)
req.all_data = {}
req.User = User()
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"logged_in_user": "******"}},
"response": resp,
"request": req})
self.assertEqual(r, False)
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"result_value": True}},
"response": resp,
"request": req})
self.assertEqual(r, False)
# check a locked token with maxfail = failcount
builder = EnvironBuilder(method='POST',
data={'serial': "OATH123456"},
headers={})
req.all_data = {"user": "******"}
resp.data = """{"result": {"value": false},
"detail": {"serial": "lockedtoken"}
}
"""
tok = init_token({"serial": "lockedtoken", "type": "spass"})
r = uhandler.check_condition(
{"g": {},
"handler_def": {"conditions": {"token_locked": "True"}},
"response": resp,
"request": req
}
)
# not yet locked
self.assertEqual(r, False)
# lock it
tok.set_failcount(10)
options = {"g": {},
"handler_def": {"conditions": {"token_locked": "True"}},
"response": resp,
"request": req
}
r = uhandler.check_condition(options)
# now locked
self.assertEqual(r, True)
# check the do action.
g = FakeFlaskG()
audit_object = FakeAudit()
audit_object.audit_data["serial"] = "123456"
g.audit_object = audit_object
options = {"g": g,
"handler_def": {"conditions": {"token_locked": "True"}},
"response": resp,
"request": req
}
r = add_smtpserver(identifier="myserver", server="1.2.3.4", tls=False)
self.assertTrue(r > 0)
smtpmock.setdata(response={"*****@*****.**": (200, "OK")},
support_tls=False)
r = uhandler.do("sendmail", options=options)
self.assertEqual(r, True)
