def test_authorisation(self):
""" connect to the helpdesk contoller """
response = self.make_helpdesk_request('getsession')
assert 'false' not in response
cookies = TestController.get_cookies(response)
assert 'helpdesk_session' in cookies
session = cookies.get('helpdesk_session')
assert session, cookies
params = {'session': session}
response = self.make_helpdesk_request('users', params=params)
cookies = TestController.get_cookies(response)
assert 'false' not in response, (cookies, session)
response = self.make_helpdesk_request('dropsession')
assert 'false' not in response
cookies = TestController.get_cookies(response)
assert ' Expires' in cookies
assert cookies.get('helpdesk_session') == ''
def test_login_with_challenge_response(self):
"""
test authentication with challenge response
with a single token
the authentication is running in multiple steps:
1. get the credentials_verified step
2. by calling the login with the 'credentials_verified' cookie
and no otp, we trigger a challenge
3. reply with the previous cookie 'challenge_triggered'
and the otp should return the final 'authenticated' cookie
After the 3 step any operation could be made, like history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
'login': '******',
'password': '******'
}
response = self.app.get(url(controller='userservice', action='login'),
params=auth_user)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
# verify that 'history' could not be called in this status
params = {}
params['session'] = auth_cookie
with self.assertRaises(webtest.app.AppError) as app_error:
response = self.app.get(url(controller='userservice',
action='history'),
params=params)
self.assertTrue("403 Forbidden" in app_error.exception.message)
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.app.get(url(controller='userservice',
action='usertokenlist'),
params=params)
self.assertTrue('LoginToken' in response, response)
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.app.get(url(controller='userservice', action='login'),
params=params)
self.assertTrue('"Please enter your otp value: "' in response,
response)
# response should contain the challenge information
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
# next request replies to the challenge response and
# finishes the authorisation
params = {}
params['session'] = auth_cookie
params['otp'] = self.otps.pop()
response = self.app.get(url(controller='userservice', action='login'),
params=params)
self.assertTrue('"value": true' in response, response)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
params = {}
params['session'] = auth_cookie
response = self.app.get(url(controller='userservice',
action='history'),
params=params)
self.assertTrue('"rows": [' in response, response)
return
def test_login_with_challenge_response(self):
"""
test authentication with challenge response
with a single token
the authentication is running in multiple steps:
1. get the credentials_verified step
2. by calling the login with the 'credentials_verified' cookie
and no otp, we trigger a challenge
3a. reply with the previous cookie 'challenge_triggered'
and an wrong otp should increment the token fail count
3b. reply with the previous cookie 'challenge_triggered'
and the otp should return the final 'authenticated' cookie
After the 3 step any operation could be made, like history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
'login': '******',
'password': '******'
}
response = self.client.post(url(controller='userservice',
action='login'),
data=auth_user)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
# ------------------------------------------------------------------ --
# verify that 'history' could not be called in this status
params = {}
params['session'] = 'void'
response = self.client.post(url(controller='userservice',
action='history'),
data=params)
assert response.status_code == 401
assert "No valid session" in response.data.decode()
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.client.post(url(controller='userservice',
action='usertokenlist'),
data=params)
response.body = response.data.decode("utf-8")
assert 'LoginToken' in response, response
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.client.post(url(controller='userservice',
action='login'),
data=params)
response.body = response.data.decode("utf-8")
assert '"Please enter your otp value: "' in response, \
response
# response should contain the challenge information
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
# next request replies to the challenge response with a wrong otp
# and check if the fail counter is incremented
params = {'serial': 'LoginToken'}
response = self.make_admin_request('show', params)
token_data = json.loads(response.body)['result']['value']['data'][0]
failcount = token_data["LinOtp.FailCount"]
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
otp = self.otps.pop()
params['otp'] = otp[::-1]
response = self.client.post(url(controller='userservice',
action='login'),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": false' in response, response
params = {'serial': 'LoginToken'}
response = self.make_admin_request('show', params)
token_data = json.loads(response.body)['result']['value']['data'][0]
new_failcount = token_data["LinOtp.FailCount"]
assert new_failcount > failcount
# ------------------------------------------------------------------ --
# next request replies to the challenge response with an emptyotp
# and check if the fail counter is incremented
params = {'serial': 'LoginToken'}
response = self.make_admin_request('show', params)
token_data = json.loads(response.body)['result']['value']['data'][0]
failcount = token_data["LinOtp.FailCount"]
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
otp = self.otps.pop()
params['otp'] = ''
response = self.client.post(url(controller='userservice',
action='login'),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": false' in response, response
params = {'serial': 'LoginToken'}
response = self.make_admin_request('show', params)
token_data = json.loads(response.body)['result']['value']['data'][0]
new_failcount = token_data["LinOtp.FailCount"]
assert new_failcount > failcount
# ------------------------------------------------------------------ --
# next request replies to the challenge response and
# finishes the authorisation
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
params['otp'] = self.otps.pop()
response = self.client.post(url(controller='userservice',
action='login'),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": true' in response, response
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
params = {}
params['session'] = auth_cookie
response = self.client.post(url(controller='userservice',
action='history'),
data=params)
response.body = response.data.decode("utf-8")
assert '"rows": [' in response, response
return
def test_login_with_assync_challenge_response(self):
"""Test authentication with challenge response with a single token.
the authentication is running in multiple steps:
1. get the credentials_verified step
2. by calling the login with the 'credentials_verified' cookie
and no otp, we trigger a challenge
3a. reply with the previous cookie 'challenge_triggered'
and an wrong otp should increment the token fail count
3b. reply with the previous cookie 'challenge_triggered'
and no otp should increment check the status
4. validate/check with otp should validate the challenge
5. login request cookie 'challenge_triggered' should return the
final 'authenticated' cookie
After the 5 step any operation could be made, like history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
"login": "******",
"password": "******",
}
response = self.client.get(url(controller="userservice",
action="login"),
data=auth_user)
response.body = response.data.decode("utf-8")
assert '"value": false' in response, response
assert "additional authentication parameter" in response, response
# ------------------------------------------------------------------ --
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
response = self.client.get(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"Please enter your otp value: "' in response, response
# response should contain the challenge information
jresp = response.json
transactionid = jresp["detail"]["transactionId"]
# ------------------------------------------------------------------ --
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
# ------------------------------------------------------------------ --
# next request queries the challeng status
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {"session": auth_cookie}
response = self.client.get(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": false' in response, response
# ------------------------------------------------------------------ --
# make a /validate/check to verify the challenge
params = {
"pass": self.otps.pop(),
"transactionid": transactionid,
}
response = self.client.get(url(controller="validate",
action="check_t"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": true' in response, response
# ------------------------------------------------------------------ --
# verify that transaction is verified
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
response = self.client.get(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": true' in response, response
# ------------------------------------------------------------------ --
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
# ------------------------------------------------------------------ --
params = {}
params["session"] = auth_cookie
response = self.client.get(url(controller="userservice",
action="history"),
data=params)
response.body = response.data.decode("utf-8")
assert '"rows": [' in response, response
def test_login_with_challenge_response_simple(self):
"""
test authentication with challenge response
with a single token
the authentication is running in multiple steps:
* calling login with a valid password will return
* the token list and
* the 'credentials_verified' cookie
* calling the login with
* the 'credentials_verified' cookie and
* no otp
will trigger a challenge
- the serial is not required as the user has only one token
* calling loggin with
* the previous cookie 'challenge_triggered' and
* the otp returns the final 'authenticated' cookie
* the completness of the login is verified by quering the history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
"login": "******",
"password": "******",
}
response = self.client.post(url(controller="userservice",
action="login"),
data=auth_user)
jresp = response.json
tokenlist = jresp["detail"]["tokenList"]
assert len(tokenlist) == 1
assert tokenlist[0]["LinOtp.TokenSerialnumber"] == "LoginToken"
# ------------------------------------------------------------------ --
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
assert auth_cookie
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
# response should contain the challenge information
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
response = self.client.post(url(controller="userservice",
action="login"),
data=params)
jresp = response.json
assert jresp["detail"]
assert jresp["detail"]["message"] == "Please enter your otp value: "
# ------------------------------------------------------------------ --
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
# ------------------------------------------------------------------ --
# replies to the challenge response which finishes the authorisation
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
params["otp"] = self.otps.pop()
response = self.client.post(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": true' in response, response
# ------------------------------------------------------------------ --
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
# ------------------------------------------------------------------ --
# verify that the authentication was successful
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
response = self.client.post(url(controller="userservice",
action="history"),
data=params)
response.body = response.data.decode("utf-8")
assert '"rows": [' in response, response
return
def test_login_with_challenge_response(self):
"""
test authentication with challenge response
with a single token
the authentication is running in multiple steps:
1. get the credentials_verified step
2. by calling the login with the 'credentials_verified' cookie
and no otp, we trigger a challenge
3a. reply with the previous cookie 'challenge_triggered'
and an wrong otp should increment the token fail count
3b. reply with the previous cookie 'challenge_triggered'
and the otp should return the final 'authenticated' cookie
After the 3 step any operation could be made, like history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
"login": "******",
"password": "******",
}
response = self.client.post(url(controller="userservice",
action="login"),
data=auth_user)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
jresp = response.json
tokenlist = jresp["detail"]["tokenList"]
assert len(tokenlist) == 1
assert tokenlist[0]["LinOtp.TokenSerialnumber"] == "LoginToken"
# ------------------------------------------------------------------ --
# verify that 'history' could not be called in this status
params = {}
params["session"] = "void"
response = self.client.post(url(controller="userservice",
action="history"),
data=params)
assert response.status_code == 401
assert "No valid session" in response.data.decode()
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
response = self.client.post(url(controller="userservice",
action="usertokenlist"),
data=params)
response.body = response.data.decode("utf-8")
assert "LoginToken" in response, response
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
response = self.client.post(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"Please enter your otp value: "' in response, response
# response should contain the challenge information
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
# ------------------------------------------------------------------ --
# next request replies to the challenge response with a wrong otp
# and check if the fail counter is incremented
params = {"serial": "LoginToken"}
response = self.make_admin_request("show", params)
token_data = json.loads(response.body)["result"]["value"]["data"][0]
failcount = token_data["LinOtp.FailCount"]
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
otp = self.otps.pop()
params["otp"] = otp[::-1]
response = self.client.post(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": false' in response, response
params = {"serial": "LoginToken"}
response = self.make_admin_request("show", params)
token_data = json.loads(response.body)["result"]["value"]["data"][0]
new_failcount = token_data["LinOtp.FailCount"]
assert new_failcount > failcount
# ------------------------------------------------------------------ --
# next request replies to the challenge response with an emptyotp
# and check if the fail counter is incremented
params = {"serial": "LoginToken"}
response = self.make_admin_request("show", params)
token_data = json.loads(response.body)["result"]["value"]["data"][0]
failcount = token_data["LinOtp.FailCount"]
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
otp = self.otps.pop()
params["otp"] = ""
response = self.client.post(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": false' in response, response
params = {"serial": "LoginToken"}
response = self.make_admin_request("show", params)
token_data = json.loads(response.body)["result"]["value"]["data"][0]
new_failcount = token_data["LinOtp.FailCount"]
assert new_failcount > failcount
# ------------------------------------------------------------------ --
# next request replies to the challenge response and
# finishes the authorisation
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
params = {}
params["session"] = auth_cookie
params["otp"] = self.otps.pop()
response = self.client.post(url(controller="userservice",
action="login"),
data=params)
response.body = response.data.decode("utf-8")
assert '"value": true' in response, response
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get("user_selfservice")
TestController.set_cookie(self.client, "user_selfservice", auth_cookie)
# ------------------------------------------------------------------ --
params = {}
params["session"] = auth_cookie
response = self.client.post(url(controller="userservice",
action="history"),
data=params)
response.body = response.data.decode("utf-8")
assert '"rows": [' in response, response
return
def test_login_with_challenge_response(self):
"""
test authentication with challenge response
with a single token
the authentication is running in multiple steps:
1. get the credentials_verified step
2. by calling the login with the 'credentials_verified' cookie
and no otp, we trigger a challenge
3. reply with the previous cookie 'challenge_triggered'
and the otp should return the final 'authenticated' cookie
After the 3 step any operation could be made, like history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
'login': '******',
'password': '******'}
response = self.client.post(url(controller='userservice',
action='login'), data=auth_user)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
# ------------------------------------------------------------------ --
# verify that 'history' could not be called in this status
params = {}
params['session'] = 'void'
response = self.client.post(url(controller='userservice',
action='history'), data=params)
assert response.status_code == 401
assert "No valid session" in response.data.decode()
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.client.post(url(controller='userservice',
action='usertokenlist'), data=params)
response.body = response.data.decode("utf-8")
assert 'LoginToken' in response, response
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.client.post(url(controller='userservice',
action='login'), data=params)
response.body = response.data.decode("utf-8")
assert '"Please enter your otp value: "' in response, \
response
# response should contain the challenge information
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
# next request replies to the challenge response and
# finishes the authorisation
params = {}
params['session'] = auth_cookie
params['otp'] = self.otps.pop()
response = self.client.post(url(controller='userservice',
action='login'), data=params)
response.body = response.data.decode("utf-8")
assert '"value": true' in response, response
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.client, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
params = {}
params['session'] = auth_cookie
response = self.client.post(url(controller='userservice',
action='history'), data=params)
response.body = response.data.decode("utf-8")
assert '"rows": [' in response, response
return
def test_login_with_challenge_response(self):
"""
test authentication with challenge response
with a single token
the authentication is running in multiple steps:
1. get the credentials_verified step
2. by calling the login with the 'credentials_verified' cookie
and no otp, we trigger a challenge
3. reply with the previous cookie 'challenge_triggered'
and the otp should return the final 'authenticated' cookie
After the 3 step any operation could be made, like history
"""
# ------------------------------------------------------------------ --
# run the credential verification step
auth_user = {
'login': '******',
'password': '******'}
response = self.app.get(url(controller='userservice',
action='login'), params=auth_user)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
# verify that 'history' could not be called in this status
params = {}
params['session'] = auth_cookie
with self.assertRaises(webtest.app.AppError) as app_error:
response = self.app.get(url(controller='userservice',
action='history'), params=params)
self.assertTrue("403 Forbidden" in app_error.exception.message)
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.app.get(url(controller='userservice',
action='usertokenlist'), params=params)
self.assertTrue('LoginToken' in response, response)
# ------------------------------------------------------------------ --
# next request is to trigger the login challenge response
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
params = {}
params['session'] = auth_cookie
response = self.app.get(url(controller='userservice',
action='login'), params=params)
self.assertTrue('"Please enter your otp value: "' in response,
response)
# response should contain the challenge information
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
# next request replies to the challenge response and
# finishes the authorisation
params = {}
params['session'] = auth_cookie
params['otp'] = self.otps.pop()
response = self.app.get(url(controller='userservice',
action='login'), params=params)
self.assertTrue('"value": true' in response, response)
cookies = TestController.get_cookies(response)
auth_cookie = cookies.get('user_selfservice')
TestController.set_cookie(self.app, 'user_selfservice', auth_cookie)
# ------------------------------------------------------------------ --
params = {}
params['session'] = auth_cookie
response = self.app.get(url(controller='userservice',
action='history'), params=params)
self.assertTrue('"rows": [' in response, response)
return