def test_configuration_realserver_your_otp_other_server(self):
"""
To run this test you have to create and configure the database with a yubikey
that is active on your own yubikey validation server.
For example: http://code.google.com/p/yubico-yubiserve/
(This server do not allow timestamp verifications.)
You also have to obtains an api_key/id for your server and add it to the database.:
"""
print "Performing test test_configuration_realserver_your_otp_other_server."
#db = YubikeyDb(self.mydb)
#db.clear_all_logs()
validator = YubikeyValidation(self.server)
print "Testing server " + self.server
user = raw_input("Your username:"******"Your otp:")
#Test the server without timestamp verification.
result = validator.validate_opt(user, otp, self.mydb, 0)
self.assertTrue(result)
print "Test test_configuration_realserver_your_otp_other_server done."
def __init__(
self,
username_query_key,
mako_template,
template_lookup,
pwd=None,
password_query_key=None,
yubikey_db=None,
yubikey_server=None,
yubikey_otp_key=None,
cookie_dict=None,
cookie_object=None,
):
"""
"""
Authenticate.__init__(self, cookie_dict, cookie_object)
self.username_query_key = username_query_key
self.password_query_key = password_query_key
self.yubikey_db = yubikey_db
self.yubikey_server = yubikey_server
self.yubikey_otp_key = yubikey_otp_key
self.mako_template = mako_template
self.template_lookup = template_lookup
self.passwd = pwd
self.yubikey_validator = None
if self.yubikey_server is not None:
self.yubikey_validator = YubikeyValidation(self.yubikey_server)
def application(environ, start_response):
headers = []
headers.append(('Content-type', "text/plain"))
if environ["PATH_INFO"] == config.PATH:
validator = YubikeyValidation(None)
payload = dict((k, v if len(v) > 1 else v[0]) for k, v in parse_qs(environ["QUERY_STRING"]).iteritems())
response_payload = validator.local_validate_otp(payload, config.DATABASE,config.TIMESTAMP_ERROR_MARGIN,
config.ALLOW_DUPLICATED_NONCE)
response = ""
for key, value in response_payload.iteritems():
response += key + "=" + value +"\r\n"
start_response("200 OK", headers)
return response
start_response("404 NOT FOUND", [])
return "404 NOT FOUND"
def test_configuration_localserver_your_otp_yubico(self):
"""
This test will verify that the yubico implementation of a server and client still works.
You can run this test as many times as you like and need no configurations.
"""
print "Performing test test_configuration_localserver_your_otp_yubico."
print "Testing the local server and client!"
validator = YubikeyValidation(None)
username = "******"
db = YubikeyDb(self.testDatabase)
db.clear_all_logs()
otplist = [
{"otp": "vvghndudfdbtrjnvehrjllnncdirbcegjghnhugtrkre", "time": 4},
{"otp": "vvghndudfdbtknuvbrkhhrubulhciilkbtjuiktkiflj", "time": 5},
{"otp": "vvghndudfdbtfiungirtikiketnhrdlljhjkjungunfc", "time": 8},
{"otp": "vvghndudfdbthriturtfendvthgluebtbvbinukuuknk", "time": 12},
{"otp": "vvghndudfdbtlfleblhiuveuiibcfejlgukicnrcnbir", "time": 0}
]
result = validator.validate_opt(username, otplist[4]["otp"], self.testDatabase, 1)
self.assertTrue(result)
result = validator.validate_opt(username, otplist[0]["otp"], self.testDatabase, 1)
self.assertFalse(result)
db.clear_all_logs()
for otp in otplist:
print "Testing otp " + otp["otp"] + "."
result = validator.validate_opt(username, otp["otp"], self.testDatabase, 1)
self.assertTrue(result)
print "Sleep for " + str(otp["time"]) + "seconds."
sleep(otp["time"])
result = validator.validate_opt(username, otplist[1]["otp"], self.testDatabase, 1)
self.assertFalse(result)
print "Test test_configuration_localserver_your_otp_yubico done."
def test_configuration_localhost_server(self):
"""
This test will verify that the yubikey validation server works.
To get a correct result you first have to start the server.
Command: python yubikeyserver.py yubikeyserver_conf
You must use the default configuration and the testdatabase yubikeylocaltest.db
"""
print "Performing test test_configuration_localhost_server."
validator = YubikeyValidation(self.localServer)
print "Testing server " + self.localServer
user = "******"
otplist = [
{"otp": "vvghndudfdbtrjnvehrjllnncdirbcegjghnhugtrkre", "time": 4},
{"otp": "vvghndudfdbtknuvbrkhhrubulhciilkbtjuiktkiflj", "time": 5},
{"otp": "vvghndudfdbtfiungirtikiketnhrdlljhjkjungunfc", "time": 8},
{"otp": "vvghndudfdbthriturtfendvthgluebtbvbinukuuknk", "time": 12},
{"otp": "vvghndudfdbtlfleblhiuveuiibcfejlgukicnrcnbir", "time": 0}
]
db = YubikeyDb(self.testDatabase)
db.clear_all_logs()
for otp in otplist:
result = validator.validate_opt(user, otp["otp"], self.testDatabase,
timestamp = 1,
timestamp_error_margin = 40,
allow_duplicated_nonce=False,
verifyssl=False)
self.assertTrue(result)
print "Sleep for " + str(otp["time"]) + "seconds."
sleep(otp["time"])
print "Test test_configuration_localhost_server done."
def test_configuration_realserver_your_otp_yubico(self):
"""
To run this test you have to create and configure the database yubikeyconf.db with a yubikey
that is active on yubico's servers.
http://www.yubico.com/products/services-software/personalization-tools/use/
You also have to obtains an api_key/id that is active at yubico.
https://upgrade.yubico.com/getapikey/yubi
"""
print "Performing test test_configuration_realserver_your_otp_yubico."
#db = YubikeyDb(self.mydb)
#db.clear_all_logs()
validator = YubikeyValidation(self.yubicoServer)
print "Testing server " + self.yubicoServer
user = raw_input("Your username:"******"Your otp:")
#This server support timestamp=1.
result = validator.validate_opt(user, otp, self.mydb, 1)
self.assertTrue(result)
print "Test test_configuration_realserver_your_otp_yubico done."
class DirgUsernamePasswordYubikeyMako(Authenticate):
def __init__(
self,
username_query_key,
mako_template,
template_lookup,
pwd=None,
password_query_key=None,
yubikey_db=None,
yubikey_server=None,
yubikey_otp_key=None,
cookie_dict=None,
cookie_object=None,
):
"""
"""
Authenticate.__init__(self, cookie_dict, cookie_object)
self.username_query_key = username_query_key
self.password_query_key = password_query_key
self.yubikey_db = yubikey_db
self.yubikey_server = yubikey_server
self.yubikey_otp_key = yubikey_otp_key
self.mako_template = mako_template
self.template_lookup = template_lookup
self.passwd = pwd
self.yubikey_validator = None
if self.yubikey_server is not None:
self.yubikey_validator = YubikeyValidation(self.yubikey_server)
def create_response(self, argv=None, cookie=None, **kwargs):
"""
Put up the login form
"""
if cookie:
headers = [cookie]
else:
headers = []
resp = Response(headers=headers)
logger.info("do_authentication argv: %s" % argv)
mte = self.template_lookup.get_template(self.mako_template)
resp.message = mte.render(**argv)
return resp
def verify(self, request, **kwargs):
"""
Verifies that the given username and password was correct
:param request: Either the query part of a URL a urlencoded
body of a HTTP message or a parse such.
:param kwargs: Catch whatever else is sent.
:return: redirect back to where ever the base applications
wants the user after authentication.
"""
logger.debug("verify(%s)" % request)
if isinstance(request, basestring):
_dict = parse_qs(request)
elif isinstance(request, dict):
_dict = request
else:
raise ValueError("Wrong type of input")
username = None
password = None
if isinstance(_dict[self.username_query_key], basestring):
username = _dict[self.username_query_key]
else:
username = _dict[self.username_query_key][0]
valid = False
if self.password_query_key is not None:
if isinstance(_dict[self.password_query_key], basestring):
password = _dict[self.password_query_key]
else:
password = _dict[self.password_query_key][0]
# verify username and password
try:
if self.passwd is not None:
valid = password == self.passwd[username]
if not valid:
return False, None, None, None
except (AssertionError, KeyError):
if not valid:
return False, None, None, None
if self.yubikey_otp_key is not None and self.yubikey_validator is not None and self.yubikey_db is not None:
# verify username and password
otp = None
if isinstance(_dict[self.yubikey_otp_key], basestring):
otp = _dict[self.yubikey_otp_key]
else:
otp = _dict[self.yubikey_otp_key][0]
if otp is not None:
try:
valid = self.yubikey_validator.validate_opt(username, otp, self.yubikey_db, 0)
if not valid:
return False, None, None, None
except (AssertionError, KeyError):
if not valid:
return False, None, None, None
if valid:
return True, username, _dict
return False, None, None, None
