def test_01_create_token(self):
for serial in self.serials:
db_token = Token(serial, tokentype="totp")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = TotpTokenClass(db_token)
self.assertTrue(token.token.serial == serial, token)
self.assertTrue(token.token.tokentype == "totp",
token.token.tokentype)
self.assertTrue(token.type == "totp", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "TOTP", class_prefix)
self.assertTrue(token.get_class_type() == "totp", token)
# Now we create a tokenclass, without knowing, that it is TOTP
token_object = create_tokenclass_object(db_token)
# Do some tests, that we have a TotpTokenClass
self.assertTrue(token_object.type == "totp", token_object.type)
self.assertTrue(token_object.mode[0] == "authenticate",
token_object.mode)
self.assertTrue(token_object.mode[1] == "challenge",
token_object.mode)
# Test wrong type or old entry in database
# a wrong token type will create None
db_token = Token("asdf", tokentype="remnant")
db_token.update_otpkey(self.otpkey)
db_token.save()
token_object = create_tokenclass_object(db_token)
self.assertTrue(token_object is None, token_object)
# delete the token, so that we do not get confused, later
db_token.delete()
def test_01_create_token(self):
for serial in self.serials:
db_token = Token(serial, tokentype="totp")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = TotpTokenClass(db_token)
self.assertTrue(token.token.serial == serial, token)
self.assertTrue(token.token.tokentype == "totp",
token.token.tokentype)
self.assertTrue(token.type == "totp", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "TOTP", class_prefix)
self.assertTrue(token.get_class_type() == "totp", token)
# Now we create a tokenclass, without knowing, that it is TOTP
token_object = create_tokenclass_object(db_token)
# Do some tests, that we have a TotpTokenClass
self.assertTrue(token_object.type == "totp", token_object.type)
self.assertTrue(token_object.mode[0] == "authenticate",
token_object.mode)
self.assertTrue(token_object.mode[1] == "challenge",
token_object.mode)
# Test wrong type or old entry in database
# a wrong token type will create None
db_token = Token("asdf", tokentype="remnant")
db_token.update_otpkey(self.otpkey)
db_token.save()
token_object = create_tokenclass_object(db_token)
self.assertTrue(token_object is None, token_object)
# delete the token, so that we do not get confused, later
db_token.delete()
def test_11_challenge_response_hotp(self):
# set a chalresp policy for HOTP
with self.app.test_request_context('/policy/pol_chal_resp',
data={'action':
"challenge_response=hotp",
'scope': "authentication",
'realm': '',
'active': True},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data,
res.data)
serial = "CHALRESP1"
pin = "chalresp1"
# create a token and assign to the user
db_token = Token(serial, tokentype="hotp")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = HotpTokenClass(db_token)
token.set_user(User("cornelius", self.realm1))
token.set_pin(pin)
# Set the failcounter
token.set_failcount(5)
# create the challenge by authenticating with the OTP PIN
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"pass": pin}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertFalse(result.get("value"))
self.assertEqual(detail.get("message"), "please enter otp: ")
transaction_id = detail.get("transaction_id")
self.assertEqual(token.get_failcount(), 5)
# send the OTP value
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"transaction_id":
transaction_id,
"pass": "******"}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertTrue(result.get("value"))
self.assertEqual(token.get_failcount(), 0)
# delete the token
remove_token(serial=serial)
def test_00_create_realms(self):
self.setUp_user_realms()
# create a token and assign it to the user
db_token = Token(self.serials[0], tokentype="hotp")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = HotpTokenClass(db_token)
self.assertTrue(token.token.serial == self.serials[0], token)
token.set_user(User("cornelius", self.realm1))
token.set_pin("pin")
self.assertTrue(token.token.user_id == "1000", token.token.user_id)
def test_00_create_realms(self):
self.setUp_user_realms()
# create a token and assign it to the user
db_token = Token(self.serials[0], tokentype="hotp")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = HotpTokenClass(db_token)
self.assertTrue(token.token.serial == self.serials[0], token)
token.set_user(User("cornelius", self.realm1))
token.set_pin("pin")
self.assertTrue(token.token.user_id == "1000", token.token.user_id)
def test_02_get_tokens(self):
# get All tokens
tokenobject_list = get_tokens()
# Check if these are valid tokentypes
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
for token_object in tokenobject_list:
self.assertTrue(token_object.type in get_token_types(),
token_object.type)
# get assigned tokens
tokenobject_list = get_tokens(assigned=True)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get unassigned tokens
tokenobject_list = get_tokens(assigned=False)
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# pass the wrong parameter
# This will ignore the filter!
tokenobject_list = get_tokens(assigned="True")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# get tokens of type HOTP
tokenobject_list = get_tokens(tokentype="hotp")
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get tokens of type TOTP
tokenobject_list = get_tokens(tokentype="totp")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# Search for tokens in realm
db_token = Token("hotptoken",
tokentype="hotp",
userid=1000,
resolver=self.resolvername1,
realm=self.realm1)
db_token.update_otpkey(self.otpkey)
db_token.save()
tokenobject_list = get_tokens(realm=self.realm1)
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
self.assertTrue(tokenobject_list[0].type == "hotp",
tokenobject_list[0].type)
# get tokens for a given serial number
tokenobject_list = get_tokens(serial="hotptoken")
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
# ...but not in an unassigned state!
tokenobject_list = get_tokens(serial="hotptoken", assigned=False)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get the tokens for the given user
tokenobject_list = get_tokens(
user=User(login="******", realm=self.realm1))
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
def test_02_get_tokens(self):
# get All tokens
tokenobject_list = get_tokens()
# Check if these are valid tokentypes
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
for token_object in tokenobject_list:
self.assertTrue(token_object.type in get_token_types(),
token_object.type)
# get assigned tokens
tokenobject_list = get_tokens(assigned=True)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get unassigned tokens
tokenobject_list = get_tokens(assigned=False)
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# pass the wrong parameter
# This will ignore the filter!
tokenobject_list = get_tokens(assigned="True")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# get tokens of type HOTP
tokenobject_list = get_tokens(tokentype="hotp")
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get tokens of type TOTP
tokenobject_list = get_tokens(tokentype="totp")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# Search for tokens in realm
db_token = Token("hotptoken",
tokentype="hotp",
userid=1000,
resolver=self.resolvername1,
realm=self.realm1)
db_token.update_otpkey(self.otpkey)
db_token.save()
tokenobject_list = get_tokens(realm=self.realm1)
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
self.assertTrue(tokenobject_list[0].type == "hotp",
tokenobject_list[0].type)
# get tokens for a given serial number
tokenobject_list = get_tokens(serial="hotptoken")
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
# ...but not in an unassigned state!
tokenobject_list = get_tokens(serial="hotptoken", assigned=False)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get the tokens for the given user
tokenobject_list = get_tokens(user=User(login="******",
realm=self.realm1))
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
def test_12_get_token_by_otp(self):
tokenobject = get_token_by_otp(get_tokens(), otp="755224")
self.assertTrue(tokenobject.token.serial == "hotptoken", tokenobject)
serial = get_serial_by_otp(get_tokens(), otp="287082")
self.assertTrue(serial == "hotptoken", serial)
# create a second HOTP token, so that we have two tokens,
# that generate the same OTP value
db_token = Token("token2", tokentype="hotp")
db_token.update_otpkey(self.otpkey)
db_token.save()
self.assertRaises(TokenAdminError, get_serial_by_otp, get_tokens(),
"287922")
db_token.delete()
def test_12_get_token_by_otp(self):
tokenobject = get_token_by_otp(get_tokens(), otp="755224")
self.assertTrue(tokenobject.token.serial == "hotptoken", tokenobject)
serial = get_serial_by_otp(get_tokens(), otp="287082")
self.assertTrue(serial == "hotptoken", serial)
# create a second HOTP token, so that we have two tokens,
# that generate the same OTP value
db_token = Token("token2",
tokentype="hotp")
db_token.update_otpkey(self.otpkey)
db_token.save()
self.assertRaises(TokenAdminError, get_serial_by_otp,
get_tokens(), "287922")
db_token.delete()
def test_10_get_all_token_users(self):
tokens = get_all_token_users()
self.assertTrue("hotptoken" in tokens, tokens)
self.assertTrue(self.serials[1] not in tokens, tokens)
# A token with a user, that does not exist in the userstore anymore
# the uid 1000017 does not exist
db_token = Token("missinguser",
tokentype="hotp",
userid=1000017,
resolver=self.resolvername1,
realm=self.realm1)
db_token.update_otpkey(self.otpkey)
db_token.save()
tokens = get_all_token_users()
self.assertTrue("missinguser" in tokens, tokens)
self.assertTrue(tokens.get("missinguser").get("username") == '/:no '
'user '
'info:/', tokens)
db_token.delete()
def test_10_get_all_token_users(self):
tokens = get_all_token_users()
self.assertTrue("hotptoken" in tokens, tokens)
self.assertTrue(self.serials[1] not in tokens, tokens)
# A token with a user, that does not exist in the userstore anymore
# the uid 1000017 does not exist
db_token = Token("missinguser",
tokentype="hotp",
userid=1000017,
resolver=self.resolvername1,
realm=self.realm1)
db_token.update_otpkey(self.otpkey)
db_token.save()
tokens = get_all_token_users()
self.assertTrue("missinguser" in tokens, tokens)
self.assertTrue(
tokens.get("missinguser").get("username") == '/:no '
'user '
'info:/', tokens)
db_token.delete()
def test_13_challenge_response_email(self):
serial = "CHALRESP3"
pin = "chalresp3"
# create a token and assign to the user
db_token = Token(serial, tokentype="email")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = HotpTokenClass(db_token)
token.set_user(User("cornelius", self.realm1))
token.set_pin(pin)
# create the challenge by authenticating with the OTP PIN
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"pass": pin}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertFalse(result.get("value"))
self.assertEqual(detail.get("message"), "please enter otp: ")
transaction_id = detail.get("transaction_id")
# send the OTP value
# Test with parameter state.
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"state":
transaction_id,
"pass": "******"}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertTrue(result.get("value"))
# delete the token
remove_token(serial=serial)
def test_02_get_tokens(self):
# get All tokens
tokenobject_list = get_tokens()
# Check if these are valid tokentypes
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
for token_object in tokenobject_list:
self.assertTrue(token_object.type in get_token_types(),
token_object.type)
# get assigned tokens
tokenobject_list = get_tokens(assigned=True)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get unassigned tokens
tokenobject_list = get_tokens(assigned=False)
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# pass the wrong parameter
# This will ignore the filter!
tokenobject_list = get_tokens(assigned="True")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# get tokens of type HOTP
tokenobject_list = get_tokens(tokentype="hotp")
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get tokens of type TOTP
tokenobject_list = get_tokens(tokentype="totp")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# Search for tokens in realm
db_token = Token("hotptoken",
tokentype="hotp",
userid=1000,
resolver=self.resolvername1,
realm=self.realm1)
db_token.update_otpkey(self.otpkey)
db_token.save()
tokenobject_list = get_tokens(realm=self.realm1)
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
self.assertTrue(tokenobject_list[0].type == "hotp",
tokenobject_list[0].type)
# get tokens for a given serial number
tokenobject_list = get_tokens(serial="hotptoken")
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
# ...but not in an unassigned state!
tokenobject_list = get_tokens(serial="hotptoken", assigned=False)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get the tokens for the given user
tokenobject_list = get_tokens(user=User(login="******",
realm=self.realm1))
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
# get tokens for a given tokeninfo of the token!!!
token = init_token({"type": "yubikey",
"serial": "yk1",
"yubikey.prefix": "vv123456",
"otpkey": self.otpkey})
self.assertEqual(token.token.serial, "yk1")
tokenobject_list = get_tokens(tokeninfo={"yubikey.prefix": "vv123456"})
self.assertEqual(len(tokenobject_list), 1)
self.assertEqual(tokenobject_list[0].get_tokeninfo("yubikey.prefix"),
"vv123456")
remove_token("yk1")
# Tokeninfo with more than one entry is not supported
self.assertRaises(privacyIDEAError, get_tokens,
tokeninfo={"key1": "value1",
"key2": "value2"})
def test_11_challenge_response_hotp(self):
# set a chalresp policy for HOTP
with self.app.test_request_context('/policy/pol_chal_resp',
data={
'action':
"challenge_response=hotp",
'scope': "authentication",
'realm': '',
'active': True
},
method='POST',
headers={'Authorization': self.at}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
self.assertTrue(result["status"] is True, result)
self.assertTrue('"setPolicy pol_chal_resp": 1' in res.data,
res.data)
serial = "CHALRESP1"
pin = "chalresp1"
# create a token and assign to the user
db_token = Token(serial, tokentype="hotp")
db_token.update_otpkey(self.otpkey)
db_token.save()
token = HotpTokenClass(db_token)
token.set_user(User("cornelius", self.realm1))
token.set_pin(pin)
# Set the failcounter
token.set_failcount(5)
# create the challenge by authenticating with the OTP PIN
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user": "******",
"pass": pin
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertFalse(result.get("value"))
self.assertEqual(detail.get("message"), "please enter otp: ")
transaction_id = detail.get("transaction_id")
self.assertEqual(token.get_failcount(), 5)
# send the OTP value
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user": "******",
"transaction_id":
transaction_id,
"pass": "******"
}):
res = self.app.full_dispatch_request()
self.assertTrue(res.status_code == 200, res)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertTrue(result.get("value"))
self.assertEqual(token.get_failcount(), 0)
# delete the token
remove_token(serial=serial)
def test_02_get_tokens(self):
# get All tokens
tokenobject_list = get_tokens()
# Check if these are valid tokentypes
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
for token_object in tokenobject_list:
self.assertTrue(token_object.type in get_token_types(),
token_object.type)
# get assigned tokens
tokenobject_list = get_tokens(assigned=True)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get unassigned tokens
tokenobject_list = get_tokens(assigned=False)
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# pass the wrong parameter
# This will ignore the filter!
tokenobject_list = get_tokens(assigned="True")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# get tokens of type HOTP
tokenobject_list = get_tokens(tokentype="hotp")
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get tokens of type TOTP
tokenobject_list = get_tokens(tokentype="totp")
self.assertTrue(len(tokenobject_list) > 0, tokenobject_list)
# Search for tokens in realm
db_token = Token("hotptoken",
tokentype="hotp",
userid=1000,
resolver=self.resolvername1,
realm=self.realm1)
db_token.update_otpkey(self.otpkey)
db_token.save()
tokenobject_list = get_tokens(realm=self.realm1)
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
self.assertTrue(tokenobject_list[0].type == "hotp",
tokenobject_list[0].type)
# get tokens for a given serial number
tokenobject_list = get_tokens(serial="hotptoken")
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
# ...but not in an unassigned state!
tokenobject_list = get_tokens(serial="hotptoken", assigned=False)
self.assertTrue(len(tokenobject_list) == 0, tokenobject_list)
# get the tokens for the given user
tokenobject_list = get_tokens(
user=User(login="******", realm=self.realm1))
self.assertTrue(len(tokenobject_list) == 1, tokenobject_list)
# get tokens for a given tokeninfo of the token!!!
token = init_token({
"type": "yubikey",
"serial": "yk1",
"yubikey.prefix": "vv123456",
"otpkey": self.otpkey
})
self.assertEqual(token.token.serial, "yk1")
tokenobject_list = get_tokens(tokeninfo={"yubikey.prefix": "vv123456"})
self.assertEqual(len(tokenobject_list), 1)
self.assertEqual(tokenobject_list[0].get_tokeninfo("yubikey.prefix"),
"vv123456")
remove_token("yk1")
# Tokeninfo with more than one entry is not supported
self.assertRaises(privacyIDEAError,
get_tokens,
tokeninfo={
"key1": "value1",
"key2": "value2"
})
