def test_process_mfa_sms(mock_requests_session, prompter, assertion, capsys):
def mock_prompter(prompt):
return "12345678"
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode()
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=mock_prompter)
with mock.patch("awsprocesscreds.saml.OktaAuthenticator.verify_sms_factor",
return_value=token_response):
result = authenticator._authenticator.process_mfa_sms(
"endpoint", "url", "statetoken")
assert result == assertion.decode()
def test_display_mfa_choices(mock_requests_session, prompter, assertion,
capsys):
parsed = {
"_embedded": {
"factors": [{
"factorType": "token",
"provider": "OKTA"
}, {
"factorType": "token:software:totp",
"provider": "OKTA"
}, {
"factorType": "sms"
}, {
"factorType": "push"
}, {
"factorType": "question"
}, {
"factorType": "blackboard",
"provider": "classroom"
}]
}
}
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
index, prompt = authenticator._authenticator.display_mfa_choices(parsed)
assert index == 7
assert prompt == ("1: OKTA token\r\n"
"2: OKTA authenticator app\r\n"
"3: SMS text message\r\n"
"4: Push notification\r\n"
"5: Security question\r\n"
"6: classroom blackboard\r\n")
def test_get_number_2(prompter):
def mock_prompter(prompt):
return "fred"
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=mock_prompter)
response = authenticator._authenticator.get_number("")
assert response == 0
def fetcher(generic_config, client_creator, prompter, mock_authenticator,
cache, mock_fake_pkg_resources):
provider_name = 'myprovider'
saml_fetcher = SAMLCredentialFetcher(client_creator=client_creator,
provider_name=provider_name,
saml_config=generic_config,
password_prompter=prompter,
cache=cache)
return saml_fetcher
def test_unsupported_saml_provider(client_creator, prompter):
invalid_config = {
'saml_authentication_type': 'form',
'saml_provider': 'unsupported',
'saml_endpoint': 'https://example.com/',
'saml_username': '******',
}
with pytest.raises(ValueError):
SAMLCredentialFetcher(
client_creator=client_creator,
saml_config=invalid_config,
provider_name='unsupported',
password_prompter=prompter,
)
def test_verify_sms_factor(mock_requests_session, prompter, assertion, capsys):
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
mock_requests_session.post.return_value = token_response
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
result = authenticator._authenticator.verify_sms_factor(
"url", "statetoken", "passcode")
assert result.status_code == 200
test = json.loads(result.text)
assert test["status"] == "SUCCESS"
def test_get_mfa_choice(mock_requests_session, prompter, assertion, capsys):
def mock_prompter(prompt):
assert prompt == (
"Please choose from the following authentication choices:\r\n"
"1: SMS text message\r\n"
"Enter the number corresponding to your choice or press RETURN to "
"cancel authentication: ")
return "1"
parsed = {"_embedded": {"factors": [{"factorType": "sms"}]}}
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=mock_prompter)
response = authenticator._authenticator.get_mfa_choice(parsed)
assert response == 1
def test_unsupported_saml_auth_type(client_creator, prompter,
mock_pkg_resources):
invalid_config = {
'saml_authentication_type': 'unsupported',
'saml_provider': 'okta',
'saml_endpoint': 'https://example.com/',
'saml_username': '******',
}
fetcher = SAMLCredentialFetcher(
client_creator=client_creator,
saml_config=invalid_config,
provider_name='okta',
password_prompter=prompter,
)
with pytest.raises(ValueError):
fetcher.fetch_credentials()
def test_process_response_1(mock_requests_session, assertion, prompter):
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode()
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.get.return_value = assertion_response
session_token = {'sessionToken': 'spam', 'status': 'SUCCESS'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
result = authenticator._authenticator.process_response(
token_response, "endpoint")
assert result == assertion.decode()
def test_process_mfa_push_2(mock_requests_session, prompter, assertion,
capsys):
session_token = {
'sessionToken': 'spam',
'status': 'CANCELLED',
'factorResult': 'FAILED'
}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
mock_requests_session.post.return_value = token_response
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=prompter)
with pytest.raises(SAMLError):
authenticator._authenticator.process_mfa_push("endpoint", "url",
"statetoken")
def test_prompter_only_called_once(client_creator, prompter, assertion,
mock_requests_session):
session_token = {'sessionToken': 'spam'}
token_response = mock.Mock(spec=requests.Response,
status_code=200,
text=json.dumps(session_token))
assertion_form = '<form><input name="SAMLResponse" value="%s"/></form>'
assertion_form = assertion_form % assertion.decode('ascii')
assertion_response = mock.Mock(spec=requests.Response,
status_code=200,
text=assertion_form)
mock_requests_session.post.return_value = token_response
mock_requests_session.get.return_value = assertion_response
config = {
'saml_authentication_type': 'form',
'saml_provider': 'okta',
'saml_endpoint': 'https://example.com/',
'saml_username': '******',
'role_arn': 'arn:aws:iam::123456789012:role/monty',
'form_username_field': 'username',
'form_password_field': 'password',
}
fetcher = SAMLCredentialFetcher(
client_creator=client_creator,
saml_config=config,
provider_name='okta',
password_prompter=prompter,
)
for _ in range(5):
fetcher.fetch_credentials()
response = fetcher.fetch_credentials()
expected_response = {
"AccessKeyId": "foo",
"SecretAccessKey": "bar",
"SessionToken": "baz",
"Expiration": mock.ANY,
}
assert response == expected_response
assert prompter.call_count == 1
def test_process_response_2(mock_requests_session, assertion, prompter):
def mock_prompter(prompt):
assert prompt == "Mock error\r\nPress RETURN to continue\r\n"
return ""
session_token = {
'sessionToken': 'spam',
'status': 'FAILED',
'errorCauses': [{
'errorSummary': "Mock error"
}]
}
token_response = mock.Mock(spec=requests.Response,
status_code=400,
text=json.dumps(session_token))
authenticator = SAMLCredentialFetcher(client_creator=None,
saml_config=None,
provider_name="okta",
password_prompter=mock_prompter)
result = authenticator._authenticator.process_response(
token_response, "endpoint")
assert result is None