def test_10_auth_items(self): # create an SSH token token_obj = init_token({"serial": self.serial2, "type": "sshkey", "sshkey": sshkey}) self.assertEqual(token_obj.type, "sshkey") # Attach the token to the machine "gandalf" with the application SSH r = attach_token(hostname="gandalf", serial=self.serial2, application="ssh", options={"user": "******"}) self.assertEqual(r.machine_id, "192.168.0.1") # fetch the auth_items for application SSH on machine gandalf ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh") sshkey_auth_items = ai.get("ssh") self.assertEquals(len(sshkey_auth_items), 1) self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith( "ssh-rsa")) # fetch the auth_items with user restriction for SSH ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh", filter_param={"user": "******"}) sshkey_auth_items = ai.get("ssh") self.assertEquals(len(sshkey_auth_items), 1) self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith( "ssh-rsa")) # try to fetch SSH keys for user, who has no ssh keys ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh", filter_param={"user": "******"}) sshkey_auth_items = ai.get("ssh") # None or an empty list self.assertFalse(sshkey_auth_items)
def offline_info(request, response): """ This decorator is used with the function /validate/check. It is not triggered by an ordinary policy but by a MachineToken definition. If for the given Client and Token an offline application is defined, the response is enhanced with the offline information - the hashes of the OTP. """ content = json.loads(response.data) # check if the authentication was successful if content.get("result").get("value") is True and g.client_ip: # If there is no remote address, we can not determine # offline information client_ip = netaddr.IPAddress(g.client_ip) # check if there is a MachineToken definition detail = content.get("detail", {}) serial = detail.get("serial") try: # if the hostname can not be identified, there might be no # offline definition! hostname = get_hostname(ip=client_ip) auth_items = get_auth_items(hostname=hostname, ip=client_ip, serial=serial, application="offline", challenge=request.all_data.get("pass")) if auth_items: content["auth_items"] = auth_items response.data = json.dumps(content) except Exception as exx: log.info(exx) return response
def offline_info(request, response): """ This decorator is used with the function /validate/check. It is not triggered by an ordinary policy but by a MachineToken definition. If for the given Client and Token an offline application is defined, the response is enhanced with the offline information - the hashes of the OTP. """ content = json.loads(response.data) # check if the authentication was successful if content.get("result").get("value") is True: # If there is no remote address, we can not determine offline information if request.remote_addr: client_ip = netaddr.IPAddress(request.remote_addr) # check if there is a MachineToken definition detail = content.get("detail", {}) serial = detail.get("serial") try: # if the hostname can not be identified, there might be no # offline definition! hostname = get_hostname(ip=client_ip) auth_items = get_auth_items(hostname=hostname, ip=client_ip, serial=serial, application="offline", challenge=request.all_data.get("pass")) if auth_items: content["auth_items"] = auth_items response.data = json.dumps(content) except Exception as exx: log.info(exx) return response
def test_13_get_authitems_without_machine(self): # fetch the auth_items for application offline and token serialHotp ai = get_auth_items(application="offline", serial=self.serialHotp) offline_auth_items = ai.get("offline") self.assertEqual(len(offline_auth_items), 1) offline_auth_item = offline_auth_items[0] self.assertIn("refilltoken", offline_auth_item) self.assertIn("response", offline_auth_item) # The counter of the HOTP token is set to >100 tok = get_tokens(serial=self.serialHotp)[0] self.assertEqual(tok.token.count, 100)
def test_10_auth_items(self): # create an SSH token token_obj = init_token({"serial": self.serial2, "type": "sshkey", "sshkey": sshkey}) self.assertEqual(token_obj.type, "sshkey") # Attach the token to the machine "gandalf" with the application SSH r = attach_token(hostname="gandalf", serial=self.serial2, application="ssh", options={"user": "******"}) self.assertEqual(r.machine_id, "192.168.0.1") # fetch the auth_items for application SSH on machine gandalf ai = get_auth_items("gandalf", ip="192.168.0.1", application="ssh") sshkey_auth_items = ai.get("ssh") self.assertEquals(len(sshkey_auth_items), 1) self.assertTrue(sshkey_auth_items[0].get("sshkey").startswith( "ssh-rsa"))
def offline_info(request, response): """ This decorator is used with the function /validate/check. It is not triggered by an ordinary policy but by a MachineToken definition. If for the given Token an offline application is defined, the response is enhanced with the offline information - the hashes of the OTP. """ content = response.json # check if the authentication was successful if content.get("result").get("value") is True and g.client_ip: # check if there is a MachineToken definition serial = content.get("detail", {}).get("serial") try: auth_items = get_auth_items(serial=serial, application="offline", challenge=request.all_data.get("pass")) if auth_items: content["auth_items"] = auth_items response.set_data(json.dumps(content)) except Exception as exx: log.info(exx) return response