def test_handle_mfa_response_trigger_sms_otp(self): client = okta.Okta("organization", "username", "password") client.handle_push_factors = mock.MagicMock() client.handle_push_factors.return_value = False client.handle_response_factors = mock.MagicMock( name="handle_response_factors", ) passcode = okta.PasscodeRequired("", "", "") client.handle_response_factors.side_effect = passcode with self.assertRaises(okta.PasscodeRequired): client.handle_mfa_response(MFA_CHALLENGE_SMS_OTP) client.handle_response_factors.assert_has_calls([ mock.call( [ { "factorType": "sms", "provider": "OKTA", "id": "abcd", "profile": { "phoneNumber": "(xxx) xxx-1234" }, }, ], "token", ), ], )
def test_class_properties(self): error_response = None try: raise okta.PasscodeRequired('fid', 'state_token', 'provider') except okta.PasscodeRequired as err: error_response = err self.assertEqual(error_response.fid, 'fid') self.assertEqual(error_response.state_token, 'state_token') self.assertEqual(error_response.provider, 'provider')
def test_class_properties(self): error_response = None try: raise okta.PasscodeRequired("fid", "state_token", "provider") except okta.PasscodeRequired as err: error_response = err self.assertEqual(error_response.fid, "fid") self.assertEqual(error_response.state_token, "state_token") self.assertEqual(error_response.provider, "provider")
def test_entry_point_mfa(self, pass_mock, config_mock, okta_mock, aws_mock, input_mock): # First call to this is the password. Second call is the mis-typed # passcode. Third call is a valid passcode. pass_mock.side_effect = ['test_password'] input_mock.side_effect = ['123', '123456'] # Just mock out the entire Okta object, we won't really instantiate it fake_okta = mock.MagicMock(name='OktaSaml') okta_mock.return_value = fake_okta aws_mock.return_value = mock.MagicMock() # Make sure we don't get stuck in a loop, always have to mock out the # reup option. fake_parser = mock.MagicMock(name='fake_parser') fake_parser.reup = 0 config_mock.return_value = fake_parser # Now, when we auth() throw a okta.PasscodeRequired exception to # trigger the MFA requirement. Note, this is only the manually entered # in passcode MFA req. OktaSaml client automatically handles Okta # Verify with Push MFA reqs. fake_okta.auth.side_effect = okta.PasscodeRequired( fid='test_factor_id', state_token='test_token') # Pretend that the validate_mfa() call fails the first time, and # succeeds the second time. This simulates a typo on the MFA code. fake_okta.validate_mfa.side_effect = [False, True] main.main('test') # Ensure that getpass was called once for the password pass_mock.assert_has_calls([ mock.call(), ]) # Ensure that we called auth, then called validate_mfa() twice - each # with different passcodes. Validating that the user was indeed asked # for a passcode on each iteration. fake_okta.assert_has_calls([ mock.call.auth(), mock.call.validate_mfa('test_factor_id', 'test_token', '123'), mock.call.validate_mfa('test_factor_id', 'test_token', '123456'), ]) # Ensure that user_input was called twice; once for the bad input and # once for the retry input_mock.assert_has_calls([ mock.call('MFA Passcode: '), mock.call('MFA Passcode: '), ])
def test_auth_okta_mfa(self, _config_mock): keyman = Keyman(['foo', '-o', 'foo', '-u', 'bar', '-a', 'baz']) keyman.okta_client = mock.MagicMock() keyman.okta_client.auth.side_effect = okta.PasscodeRequired( 'a', 'b', 'c') keyman.okta_client.validate_mfa.return_value = True keyman.user_input = mock.MagicMock() keyman.user_input.return_value = '000000' keyman.auth_okta() keyman.okta_client.validate_mfa.assert_has_calls([ mock.call('a', 'b', '000000'), ])
def test_handle_mfa_response_trigger_sms_otp(self): client = okta.Okta('organization', 'username', 'password') client.handle_push_factors = mock.MagicMock() client.handle_push_factors.return_value = False client.handle_response_factors = mock.MagicMock( name='handle_response_factors') passcode = okta.PasscodeRequired('', '', '') client.handle_response_factors.side_effect = passcode with self.assertRaises(okta.PasscodeRequired): client.handle_mfa_response(MFA_CHALLENGE_SMS_OTP) client.handle_response_factors.assert_has_calls([ mock.call([{'factorType': 'sms', 'provider': 'OKTA', 'id': 'abcd', 'profile': {'phoneNumber': '(xxx) xxx-1234'}}], 'token') ])
def test_auth_okta_mfa(self, _config_mock): keyman = Keyman(["foo", "-o", "foo", "-u", "bar", "-a", "baz"]) keyman.okta_client = mock.MagicMock() keyman.okta_client.auth.side_effect = okta.PasscodeRequired( "a", "b", "c", ) keyman.okta_client.validate_mfa.return_value = True keyman.user_input = mock.MagicMock() keyman.user_input.return_value = "000000" keyman.auth_okta() keyman.okta_client.validate_mfa.assert_has_calls( [ mock.call("a", "b", "000000"), ], )