Пример #1
0
    def test_12_access_timeout(self):
        """ When Duo is down, handle it well. """
        os.environ['auth_control_file'] = '/tmp/foo'

        def too_slow_authentication():
            '''
                This function is waiting 5 seconds and the responding true.
                The idea here is that 5s is "too long" (we use a 2s alarm below) but
                then pretend the check passed.  This True should be ignored since we're
                going to timeout and thus fail, but it's here to be True in case the test
                breaks down and lets someone in.
            '''
            time.sleep(5)
            # The return statement should never be reached:because of the alarm.
            return True  # pragma: no cover

        with mock.patch('duo_openvpn.DuoOpenVPN') as mock_duo:
            duo_instance = mock_duo.return_value
            duo_instance.duo_timeout = 2
            duo_instance.failopen = False
            with self.assertRaises(SystemExit) as exiting, \
                    mock.patch('duo_openvpn.open', create=True,
                               return_value=mock.MagicMock(spec=StringIO())) as mock_open, \
                    mock.patch.object(duo_instance, 'main_authentication',
                                      side_effect=too_slow_authentication):
                # our timeout is 2s, beating the 5s delay.  Actual times are irrelevant,
                # so long as we alarm, and alarm before a response comes back.
                # We fail closed, meaning that we should deny the user.
                duo_openvpn.main()
        file_handle = mock_open.return_value.__enter__.return_value
        file_handle.write.assert_called_with('0')
        self.assertEqual(exiting.exception.code, 0)
Пример #2
0
 def test_05_write_failed(self):
     """ When we can't write out auth_control_file, we must die """
     os.environ['auth_control_file'] = '/tmp/foo'
     with mock.patch('duo_openvpn.DuoOpenVPN'), \
             self.assertRaises(SystemExit) as exiting, \
             mock.patch('duo_openvpn.open', create=True, side_effect=IOError):
         duo_openvpn.main()
     self.assertEqual(exiting.exception.code, 1)
Пример #3
0
 def test_01_no_control_file(self):
     """ When there's no auth_control_file, we must die. """
     with mock.patch('sys.stdout', new=StringIO()) as fake_out, \
             self.assertRaises(SystemExit) as exiting:
         duo_openvpn.main()
     self.assertEqual(exiting.exception.code, 1)
     self.assertEqual('No auth_control_file env variable provided.\n',
                      fake_out.getvalue())
Пример #4
0
 def test_11_access_granted(self):
     """ When auth is allowed, let someone in. """
     os.environ['auth_control_file'] = '/tmp/foo'
     with mock.patch('duo_openvpn.DuoOpenVPN') as mock_duo, \
             self.assertRaises(SystemExit) as exiting, \
             mock.patch('duo_openvpn.open', create=True,
                        return_value=mock.MagicMock(spec=StringIO())) as mock_open, \
             mock.patch.object(mock_duo.return_value, 'main_authentication', return_value=True):
         duo_openvpn.main()
     file_handle = mock_open.return_value.__enter__.return_value
     file_handle.write.assert_called_with('1')
     self.assertEqual(exiting.exception.code, 0)
Пример #5
0
    def assert_auth(self, environ, expected_control, send_control=True):
        self.mox.ReplayAll()

        with tempfile.NamedTemporaryFile() as control:
            if send_control:
                environ['control'] = control.name

            with self.assertRaises(SystemExit) as cm:
                duo_openvpn.main(
                    environ=environ,
                    Client=mock_client_factory(self.expected_calls),
                )
            self.mox.VerifyAll()

            control.seek(0, os.SEEK_SET)
            output = control.read()
            self.assertEqual(expected_control, output)
            if expected_control == '1':
                self.assertEqual(0, cm.exception.args[0])
            else:
                self.assertEqual(1, cm.exception.args[0])
Пример #6
0
    def assert_auth(self, environ, expected_control,
                    send_control=True):
        self.mox.ReplayAll()

        with tempfile.NamedTemporaryFile() as control:
            if send_control:
                environ['control'] = control.name

            with self.assertRaises(SystemExit) as cm:
                duo_openvpn.main(
                    environ=environ,
                    Client=mock_client_factory(self.expected_calls),
                )
            self.mox.VerifyAll()

            control.seek(0, os.SEEK_SET)
            output = control.read()
            self.assertEqual(expected_control, output)
            if expected_control == '1':
                self.assertEqual(0, cm.exception.args[0])
            else:
                self.assertEqual(1, cm.exception.args[0])