def test_okta_verify_push_int(self, patched_time_sleep): cfg = { 'okta_url': self.okta_url, 'okta_token': self.okta_token, 'mfa_push_max_retries': int(20), 'mfa_push_delay_secs': int(11), } env = MockEnviron({ 'common_name': '*****@*****.**', 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env validator.load_environment_variables() validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] validator.authenticate() for call in patched_time_sleep.call_args_list: args, kwargs = call for arg in args: import pprint pprint.pprint(arg) msg = "time.sleep() must be called with a float not %s" assert isinstance(arg, float), msg % type(arg) patched_time_sleep.assert_called_with(11)
def test_with_valid_config_file(self): config_format = ( "[OktaAPI]\n" "Url: {}\n" "Token: {}\n") cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format( self.okta_url, self.okta_token)) cfg.file.seek(0) env = MockEnviron({ 'common_name': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages['info'][-1:][0] self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_suffix_with_valid_config_file(self): config_format = ( "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "UsernameSuffix: {}\n") cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format( self.okta_url, self.okta_token, self.username_suffix)) cfg.file.seek(0) env = MockEnviron({ 'common_name': self.username_prefix, 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages['info'][-1:][0] self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_with_valid_config_file_with_untrusted_user_disabled(self): for val in ['yes', '1', 'true', 'ok', 'False', '0']: config_format = ( "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: {}") cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format( self.okta_url, self.okta_token, val)) cfg.file.seek(0) env = MockEnviron({ 'username': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config['assert_pinset'] = [ self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, False)
def test_no_username_or_password(self): cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token} env = MockEnviron({}) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env rv = validator.load_environment_variables() rv = validator.authenticate() self.assertEquals(rv, False) last_error = self.okta_log_messages["warning"][-1:][0] self.assertIn("is not trusted - failing", last_error)
def test_authenticate_handles_exceptions(self): cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token} env = MockEnviron({"common_name": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.cls = ThrowsErrorOktaAPI validator.site_config = cfg validator.env = env validator.load_environment_variables() rv = validator.authenticate() self.assertEquals(rv, False) last_error = self.okta_log_messages["error"][-1:][0] self.assertIn("authentication failed, because", last_error)
def test_with_username_and_password(self): cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token} env = MockEnviron({"common_name": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env validator.load_environment_variables() validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages["info"][-1:][0] self.assertIn("is now authenticated with MFA via Okta API", last_error)
def test_no_username_or_password(self): cfg = { 'okta_url': self.okta_url, 'okta_token': self.okta_token, } env = MockEnviron({}) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env rv = validator.load_environment_variables() rv = validator.authenticate() self.assertEquals(rv, False) last_error = self.okta_log_messages['warning'][-1:][0] self.assertIn('is not trusted - failing', last_error)
def test_with_valid_config_file_with_untrusted_user_disabled(self): for val in ["yes", "1", "true", "ok", "False", "0"]: config_format = "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: {}" cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format(self.okta_url, self.okta_token, val)) cfg.file.seek(0) env = MockEnviron({"username": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, False)
def test_with_valid_config_file_with_untrusted_user_enabled(self): config_format = "[OktaAPI]\n" "Url: {}\n" "Token: {}\n" "AllowUntrustedUsers: True" cfg = tempfile.NamedTemporaryFile() cfg.file.write(config_format.format(self.okta_url, self.okta_token)) cfg.file.seek(0) env = MockEnviron({"username": self.config["username"], "password": self.config["password"]}) validator = OktaOpenVPNValidator() validator.config_file = cfg.name validator.env = env validator.read_configuration_file() validator.load_environment_variables() # Disable Public Key Pinning validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages["info"][-1:][0] self.assertIn("is now authenticated with MFA via Okta API", last_error)
def test_authenticate_handles_exceptions(self): cfg = { 'okta_url': self.okta_url, 'okta_token': self.okta_token, } env = MockEnviron({ 'common_name': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.cls = ThrowsErrorOktaAPI validator.site_config = cfg validator.env = env validator.load_environment_variables() rv = validator.authenticate() self.assertEquals(rv, False) last_error = self.okta_log_messages['error'][-1:][0] self.assertIn('authentication failed, because', last_error)
def test_with_username_and_password(self): cfg = { 'okta_url': self.okta_url, 'okta_token': self.okta_token, } env = MockEnviron({ 'common_name': self.config['username'], 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env validator.load_environment_variables() validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages['info'][-1:][0] self.assertIn('is now authenticated with MFA via Okta API', last_error)
def test_okta_verify_push_fails(self): cfg = { 'okta_url': self.okta_url, 'okta_token': self.okta_token, 'mfa_push_max_retries': 20, 'mfa_push_delay_secs': self.mfa_push_delay_secs, } env = MockEnviron({ 'common_name': '*****@*****.**', 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env validator.load_environment_variables() validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, False)
def test_okta_verify_push(self): cfg = { 'okta_url': self.okta_url, 'okta_token': self.okta_token, 'mfa_push_max_retries': 20, 'mfa_push_delay_secs': self.mfa_push_delay_secs, } env = MockEnviron({ 'common_name': '*****@*****.**', 'password': self.config['password'] }) validator = OktaOpenVPNValidator() validator.site_config = cfg validator.env = env validator.load_environment_variables() validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin] rv = validator.authenticate() self.assertEquals(rv, True) last_error = self.okta_log_messages['info'][-1] self.assertIn('is now authenticated with MFA via Okta API', last_error)