Пример #1
0
 def test_04_do_request_success(self):
     radiusmock.setdata(success=True)
     set_privacyidea_config("radius.dictfile", DICT_FILE)
     db_token = Token.query.filter(Token.serial == self.serial1).first()
     token = RadiusTokenClass(db_token)
     otpcount = token.check_otp("123456")
     self.assertTrue(otpcount >= 0, otpcount)
 def test_05_RADIUS_request(self):
     radiusmock.setdata(success=True, timeout=True)
     r = add_radius(identifier="myserver", server="1.2.3.4",
                    secret="testing123", dictionary=DICT_FILE)
     self.assertTrue(r > 0)
     radius = get_radius("myserver")
     # A timeout will return false
     r = RADIUSServer.request(radius.config, "user", "password")
     self.assertEqual(r, False)
Пример #3
0
 def test_09_authenticate_radius_pin(self):
     radiusmock.setdata(success=True)
     db_token = Token.query.filter(Token.serial == self.serial2).first()
     token = RadiusTokenClass(db_token)
     token.set_pin("")
     r = token.authenticate("radiusPIN123456")
     self.assertTrue(r[0], r)
     self.assertTrue(r[1] >= 0, r)
     self.assertTrue(r[2].get("message") == "matching 1 tokens", r)
 def test_05_RADIUS_request(self):
     radiusmock.setdata(success=True, timeout=True)
     r = add_radius(identifier="myserver", server="1.2.3.4",
                    secret="testing123", dictionary=DICT_FILE)
     self.assertTrue(r > 0)
     radius = get_radius("myserver")
     # A timeout will return false
     r = RADIUSServer.request(radius.config, "user", "password")
     self.assertEqual(r, False)
Пример #5
0
 def test_11_RADIUS_request(self):
     set_privacyidea_config("radius.dictfile", DICT_FILE)
     radiusmock.setdata(success=True)
     r = add_radius(identifier="myserver", server="1.2.3.4",
                    secret="testing123", dictionary=DICT_FILE)
     self.assertTrue(r > 0)
     token = init_token({"type": "radius",
                         "radius.identifier": "myserver",
                         "radius.user": "******"})
     r = token.authenticate("radiuspassword")
     self.assertEqual(r[0], True)
     self.assertEqual(r[1], 0)
     self.assertEqual(r[2].get("message"), "matching 1 tokens")
Пример #6
0
 def test_10_authenticate_system_radius_settings(self):
     set_privacyidea_config("radius.server", "my.other.radiusserver:1812")
     set_privacyidea_config("radius.secret", "testing123")
     radiusmock.setdata(success=True)
     token = init_token({"type": "radius",
                         "radius.system_settings": True,
                         "radius.user": "******",
                         "radius.server": "",
                         "radius.secret": ""})
     r = token.authenticate("radiuspassword")
     self.assertEqual(r[0], True)
     self.assertEqual(r[1], 0)
     self.assertEqual(r[2].get("message"), "matching 1 tokens")
Пример #7
0
 def test_08_authenticate_local_pin(self):
     radiusmock.setdata(success=True)
     db_token = Token.query.filter(Token.serial == self.serial1).first()
     token = RadiusTokenClass(db_token)
     # wrong PIN
     r = token.authenticate("wrong"+"123456")
     self.assertFalse(r[0], r)
     self.assertTrue(r[1] == -1, r)
     self.assertTrue(r[2].get("message") == "Wrong PIN", r)
     # right PIN
     r = token.authenticate(self.otppin+"123456")
     self.assertTrue(r[0], r)
     self.assertTrue(r[1] >= 0, r)
     self.assertTrue(r[2].get("message") == "matching 1 tokens", r)
    def test_02_send_test_email(self):
        set_privacyidea_config("radius.dictfile", DICT_FILE)
        radiusmock.setdata(success=True)

        with self.app.test_request_context('/radiusserver/test_request',
                                           method='POST',
                                           data={"identifier": "someServer",
                                                 "secret": "secret",
                                                 "port": "1812",
                                                 "server": "1.2.3.4",
                                                 "dictionary": DICT_FILE,
                                                 "username": "******",
                                                 "password": "******"},
                                           headers={'Authorization': self.at}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            data = json.loads(res.data)
            self.assertEqual(data.get("result").get("value"), True)
Пример #9
0
    def test_02_send_test_email(self):
        set_privacyidea_config("radius.dictfile", DICT_FILE)
        radiusmock.setdata(success=True)

        with self.app.test_request_context('/radiusserver/test_request',
                                           method='POST',
                                           data={"identifier": "someServer",
                                                 "secret": "secret",
                                                 "port": "1812",
                                                 "server": "1.2.3.4",
                                                 "dictionary": DICT_FILE,
                                                 "username": "******",
                                                 "password": "******"},
                                           headers={'Authorization': self.at}):
            res = self.app.full_dispatch_request()
            self.assertTrue(res.status_code == 200, res)
            data = json.loads(res.data)
            self.assertEqual(data.get("result").get("value"), True)
Пример #10
0
    def test_06_test_radius(self):
        radiusmock.setdata(success=False)
        r = test_radius(identifier="myserver", server="1.2.3.4",
                        user="******", password="******",
                        secret="testing123", dictionary=DICT_FILE)
        self.assertFalse(r)

        radiusmock.setdata(success=True)
        r = test_radius(identifier="myserver", server="1.2.3.4",
                        user="******", password="******",
                        secret="testing123", dictionary=DICT_FILE)
        self.assertTrue(r)

        # raises error on long secrets
        self.assertRaises(privacyIDEAError,
                          test_radius,
                          identifier="myserver", server="1.2.3.4",
                          user="******", password="******",
                          secret="x" * 96, dictionary=DICT_FILE)
Пример #11
0
    def test_06_passthru(self):
        user = User("cornelius", realm="r1")
        passw = "test"
        options = {}
        # A user with no tokens will fail to authenticate
        self.assertEqual(get_tokens(user=user, count=True), 0)
        rv = auth_user_passthru(check_user_pass, user, passw, options)
        self.assertFalse(rv[0])
        self.assertEqual(rv[1].get("message"),
                         "The user has no tokens assigned")

        # Now we set a PASSTHRU policy, so that the user may authenticate
        # against his userstore (old style)
        set_policy(name="pol1", scope=SCOPE.AUTH, action=ACTION.PASSTHRU)
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(
            rv[1].get("message"),
            u"The user authenticated against his userstore "
            u"according to policy 'pol1'.")

        # Now set a PASSTHRU policy to the userstore (new style)
        set_policy(name="pol1",
                   scope=SCOPE.AUTH,
                   action="{0!s}=userstore".format(ACTION.PASSTHRU))
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(
            rv[1].get("message"),
            u"The user authenticated against his userstore "
            u"according to policy 'pol1'.")

        # Now set a PASSTHRU policy to a RADIUS config (new style)
        radiusmock.setdata(success=True)
        set_policy(name="pol1",
                   scope=SCOPE.AUTH,
                   action="{0!s}=radiusconfig1".format(ACTION.PASSTHRU))
        r = add_radius("radiusconfig1",
                       "1.2.3.4",
                       "testing123",
                       dictionary=DICT_FILE)
        self.assertTrue(r > 0)
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(
            rv[1].get("message"),
            u"The user authenticated against the RADIUS server "
            u"radiusconfig1 according to policy 'pol1'.")

        # Now assign a token to the user. If the user has a token and the
        # passthru policy is set, the user must not be able to authenticate
        # with his userstore password.
        init_token({
            "serial": "PTHRU",
            "type": "spass",
            "pin": "Hallo"
        },
                   user=user)
        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertFalse(rv[0])
        self.assertEqual(rv[1].get("message"), "wrong otp pin")

        remove_token("PTHRU")
        delete_policy("pol1")
Пример #12
0
 def test_05_do_request_fail(self):
     radiusmock.setdata(success=False)
     db_token = Token.query.filter(Token.serial == self.serial1).first()
     token = RadiusTokenClass(db_token)
     otpcount = token.check_otp("123456")
     self.assertTrue(otpcount == -1, otpcount)
    def test_06_passthru(self):
        user = User("cornelius", realm="r1")
        passw = "test"
        options = {}
        # A user with no tokens will fail to authenticate
        self.assertEqual(get_tokens(user=user, count=True), 0)
        rv = auth_user_passthru(check_user_pass, user, passw, options)
        self.assertFalse(rv[0])
        self.assertEqual(rv[1].get("message"),
                         "The user has no tokens assigned")

        # Now we set a PASSTHRU policy, so that the user may authenticate
        # against his userstore (old style)
        set_policy(name="pol1",
                   scope=SCOPE.AUTH,
                   action=ACTION.PASSTHRU)
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw,
                                options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"The user authenticated against his userstore "
                         u"according to policy 'pol1'.")

        # Now set a PASSTHRU policy to the userstore (new style)
        set_policy(name="pol1",
                   scope=SCOPE.AUTH,
                   action="%s=userstore" % ACTION.PASSTHRU)
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw,
                                options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"The user authenticated against his userstore "
                         u"according to policy 'pol1'.")

        # Now set a PASSTHRU policy to a RADIUS config (new style)
        radiusmock.setdata(success=True)
        set_policy(name="pol1",
                   scope=SCOPE.AUTH,
                   action="%s=radiusconfig1" % ACTION.PASSTHRU)
        r = add_radius("radiusconfig1", "1.2.3.4", "testing123",
                       dictionary=DICT_FILE)
        self.assertTrue(r > 0)
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw,
                                options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"The user authenticated against the RADIUS server "
                         u"radiusconfig1 according to policy 'pol1'.")

        # Now assign a token to the user. If the user has a token and the
        # passthru policy is set, the user must not be able to authenticate
        # with his userstore password.
        init_token({"serial": "PTHRU",
                    "type": "spass", "pin": "Hallo"},
                   user=user)
        rv = auth_user_passthru(check_user_pass, user, passw,
                                options=options)
        self.assertFalse(rv[0])
        self.assertEqual(rv[1].get("message"), "wrong otp pin")

        remove_token("PTHRU")
        delete_policy("pol1")
Пример #14
0
    def test_13_passthru_priorities(self):
        user = User("cornelius", realm="r1")
        passw = "test"
        options = {}
        # remove all tokens of cornelius
        remove_token(user=user)

        # A user with no tokens will fail to authenticate
        self.assertEqual(get_tokens(user=user, count=True), 0)
        rv = auth_user_passthru(check_user_pass, user, passw, options)
        self.assertFalse(rv[0])
        self.assertEqual(rv[1].get("message"),
                         "The user has no tokens assigned")

        # Now set a PASSTHRU policy to the userstore
        set_policy(name="pol1",
                   scope=SCOPE.AUTH,
                   action="{0!s}=userstore".format(ACTION.PASSTHRU))
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}
        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"against userstore due to 'pol1'")

        # Now add a PASSTHRU policy to a RADIUS config
        radiusmock.setdata(success=True)
        set_policy(name="pol2",
                   scope=SCOPE.AUTH,
                   action="{0!s}=radiusconfig1".format(ACTION.PASSTHRU))
        r = add_radius("radiusconfig1",
                       "1.2.3.4",
                       "testing123",
                       dictionary=DICT_FILE)
        self.assertTrue(r > 0)
        g = FakeFlaskG()
        g.policy_object = PolicyClass()
        options = {"g": g}

        # They will conflict, because they use the same priority
        with self.assertRaises(PolicyError):
            auth_user_passthru(check_user_pass, user, passw, options=options)

        # Lower pol1 priority
        set_policy(name="pol1", priority=2)
        g.policy_object.reload_from_db()

        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"against RADIUS server radiusconfig1 due to 'pol2'")

        # Lower pol2 priority
        set_policy(name="pol2", priority=3)
        g.policy_object.reload_from_db()

        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"against userstore due to 'pol1'")

        # Add old style priority
        set_policy(name="pol3", scope=SCOPE.AUTH, action=ACTION.PASSTHRU)
        g.policy_object.reload_from_db()

        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertTrue(rv[0])
        self.assertEqual(rv[1].get("message"),
                         u"against userstore due to 'pol3'")
        set_policy(name="pol3", priority=2)
        g.policy_object.reload_from_db()

        # They will conflict, because they use the same priority
        with self.assertRaises(PolicyError):
            auth_user_passthru(check_user_pass, user, passw, options=options)

        delete_policy("pol3")
        g.policy_object.reload_from_db()

        # Now assign a token to the user. If the user has a token and the
        # passthru policy is set, the user must not be able to authenticate
        # with his userstore password.
        init_token({
            "serial": "PTHRU",
            "type": "spass",
            "pin": "Hallo"
        },
                   user=user)
        rv = auth_user_passthru(check_user_pass, user, passw, options=options)
        self.assertFalse(rv[0])
        self.assertEqual(rv[1].get("message"), "wrong otp pin")

        remove_token("PTHRU")
        delete_policy("pol1")
        delete_policy("pol2")