def _create_client(self):
self.lotpc = linotpclient(PROTOCOL, URL , admin=ADMIN, adminpw=ADMINPW,)
def test_yubico_mode(self):
"""
Enrolls a Yubikey in YUBICO mode and verifies OTPs against it
"""
# Enroll Yubikey
lotpc = linotpclient(self.http_protocol,
self.http_host,
admin=self.http_username,
adminpw=self.http_password)
serialnum = "01382015"
yubi_slot = 1
serial = "UBAM%s_%s" % (serialnum, yubi_slot)
otpkey = "9163508031b20d2fbb1868954e041729"
yubi_otplen = 48
description = "Enrolled by TestYubikey"
public_uid = "ecebeeejedecebeg"
r1 = lotpc.inittoken({'type': 'yubikey',
'serial': serial,
'otpkey': otpkey,
'otplen': yubi_otplen,
'description': description})
self.assertTrue(r1['result']['status'], "Error enrolling Yubikey")
self.assertTrue(r1['result']['value'], "Error enrolling Yubikey")
driver = self.driver
driver.get(self.base_url + "/manage/")
user_view = UserView(driver, self.base_url, self.realm_name)
user_view.select_user(self.user_name)
token_view = TokenView(driver, self.base_url)
token_view.select_token(serial)
driver.find_element_by_id("button_assign").click()
time.sleep(2)
pin = "asdf1234"
driver.find_element_by_id("pin1").clear()
driver.find_element_by_id("pin1").send_keys(pin)
driver.find_element_by_id("pin2").clear()
driver.find_element_by_id("pin2").send_keys(pin)
driver.find_element_by_id("button_setpin_setpin").click()
time.sleep(1)
validate = Validate(self.http_protocol, self.http_host, self.http_username,
self.http_password)
valid_otps = [
public_uid + "fcniufvgvjturjgvinhebbbertjnihit",
public_uid + "tbkfkdhnfjbjnkcbtbcckklhvgkljifu",
public_uid + "ktvkekfgufndgbfvctgfrrkinergbtdj",
public_uid + "jbefledlhkvjjcibvrdfcfetnjdjitrn",
public_uid + "druecevifbfufgdegglttghghhvhjcbh",
public_uid + "nvfnejvhkcililuvhntcrrulrfcrukll",
public_uid + "kttkktdergcenthdredlvbkiulrkftuk",
public_uid + "hutbgchjucnjnhlcnfijckbniegbglrt",
public_uid + "vneienejjnedbfnjnnrfhhjudjgghckl",
public_uid + "krgevltjnujcnuhtngjndbhbiiufbnki",
public_uid + "kehbefcrnlfejedfdulubuldfbhdlicc",
public_uid + "ljlhjbkejkctubnejrhuvljkvglvvlbk",
]
for otp in valid_otps:
access_granted, _ = validate.validate(user=self.user_name + "@" +
self.realm_name, password=pin + otp)
self.assertTrue(access_granted, "OTP: " + pin + otp + " for user " +
self.user_name + "@" + self.realm_name + " returned False")
# validate/check_yubikey
password = pin + public_uid + "eihtnehtetluntirtirrvblfkttbjuih"
cy_auth = HTTPDigestAuth(self.http_username, self.http_password)
cy_validate_url = self.http_protocol + "://" + self.http_host + "/validate/check_yubikey?"
response = requests.get(cy_validate_url,
params={'pass': password},
auth=cy_auth,
verify=False)
self.assertEqual(response.status_code, 200, "Invalid response %r" % response)
return_json = response.json()
self.assertTrue(return_json['result']['status'],
"Invalid return value: %r" % return_json)
self.assertTrue(return_json['result']['value'],
"Invalid return value: %r" % return_json)
self.assertEqual(return_json['detail']['user'],
self.user_name,
"Invalid return value: %r" % return_json)
self.assertEqual(return_json['detail']['realm'],
self.realm_name,
"Invalid return value: %r" % return_json)
# Repeat an old (therefore invalid) OTP value
invalid_otp = public_uid + "fcniufvgvjturjgvinhebbbertjnihit"
access_granted, _ = validate.validate(user=self.user_name + "@" +
self.realm_name, password=pin + invalid_otp)
self.assertFalse(access_granted,
"OTP: " + pin + invalid_otp + " for user " + self.user_name + "@" +
self.realm_name + " should be rejected.")
# Repeat an old (therefore invalid) OTP value with validate/check_yubikey
invalid_otp = pin + public_uid + "fcniufvgvjturjgvinhebbbertjnihit"
response = requests.get(cy_validate_url,
params={'pass': password},
auth=cy_auth,
verify=False)
self.assertEqual(response.status_code, 200, "Invalid response %r" % response)
return_json = response.json()
self.assertTrue(return_json['result']['status'],
"Invalid return value: %r" % return_json)
self.assertFalse(return_json['result']['value'],
"Invalid return value: %r" % return_json)
try:
return_json['detail']['user']
self.fail("Response should not contain detail.user %r" % return_json)
except KeyError:
pass
try:
return_json['detail']['realm']
self.fail("Response should not contain detail.realm %r" % return_json)
except KeyError:
pass