def test_04_do_request_success(self): radiusmock.setdata(success=True) set_privacyidea_config("radius.dictfile", DICT_FILE) db_token = Token.query.filter(Token.serial == self.serial1).first() token = RadiusTokenClass(db_token) otpcount = token.check_otp("123456") self.assertTrue(otpcount >= 0, otpcount)
def test_00_get_config(self): # set the config set_privacyidea_config(key="Hallo", value="What?", typ="string", desc="Some dumb value") # get the complete config conf = get_from_config() self.assertTrue("Hallo" in conf, conf) conf = get_from_config("Hallo") self.assertTrue(conf == "What?", conf) conf = get_from_config("Hello", "Does not exist") self.assertTrue(conf == "Does not exist", conf) conf = get_privacyidea_config() self.assertTrue("Hallo" in conf, conf) # delete privacyidea config delete_privacyidea_config("Hallo") conf = get_from_config("Hallo") self.assertFalse(conf == "What?", conf) # set more values to create a timestamp and overwrite set_privacyidea_config(key="k1", value="v1") set_privacyidea_config(key="k2", value="v2") set_privacyidea_config(key="k3", value="v3") conf = get_from_config("k3") self.assertTrue(conf == "v3", conf) set_privacyidea_config(key="k3", value="new", typ="string", desc="n") conf = get_from_config("k3") self.assertTrue(conf == "new", conf)
def test_10_saml_check(self): # test successful authentication set_privacyidea_config("ReturnSamlAttributes", "0") with self.app.test_request_context( "/validate/samlcheck", method="POST", data={"user": "******", "pass": "******"} ): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") value = result.get("value") attributes = value.get("attributes") self.assertEqual(value.get("auth"), True) # No SAML return attributes self.assertEqual(attributes.get("email"), None) set_privacyidea_config("ReturnSamlAttributes", "1") with self.app.test_request_context( "/validate/samlcheck", method="POST", data={"user": "******", "pass": "******"} ): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") value = result.get("value") attributes = value.get("attributes") self.assertEqual(value.get("auth"), True) self.assertEqual(attributes.get("email"), "*****@*****.**") self.assertEqual(attributes.get("givenname"), "Cornelius") self.assertEqual(attributes.get("mobile"), "+491111111") self.assertEqual(attributes.get("phone"), "+491234566") self.assertEqual(attributes.get("realm"), "realm1") self.assertEqual(attributes.get("username"), "cornelius")
def test_10_api_endpoint(self): fixed = "ebedeeefegeheiej" otpkey = "cc17a4d77eaed96e9d14b5c87a02e718" uid = "000000000000" otps = ["ebedeeefegeheiejtjtrutblehenfjljrirgdihrfuetljtt", "ebedeeefegeheiejlekvlrlkrcluvctenlnnjfknrhgtjned", "ebedeeefegeheiejktudedbktcnbuntrhdueikggtrugckij", "ebedeeefegeheiejjvjncbnffdrvjcvrbgdfufjgndfetieu", "ebedeeefegeheiejdruibhvlvktcgfjiruhltketifnitbuk" ] token = init_token({"type": "yubikey", "otpkey": otpkey, "otplen": len(otps[0]), "yubikey.prefix": fixed, "serial": "UBAM12345678_1"}) builder = EnvironBuilder(method='GET', headers={}) env = builder.get_environ() # Set the remote address so that we can filter for it env["REMOTE_ADDR"] = "10.0.0.1" g.client_ip = env["REMOTE_ADDR"] req = Request(env) nonce = "random nonce" apiid = "hallo" apikey = "1YMEbMZijD3DzL21UfKGnOOI13c=" set_privacyidea_config("yubikey.apiid.{0!s}".format(apiid), apikey) req.all_data = {'id': apiid, "otp": otps[0], "nonce": nonce} text_type, result = YubikeyTokenClass.api_endpoint(req, g) self.assertEqual(text_type, "plain") self.assertTrue("status=OK" in result, result) self.assertTrue("nonce={0!s}".format(nonce) in result, result)
def test_16_autoresync_hotp(self): serial = "autosync1" token = init_token({"serial": serial, "otpkey": self.otpkey, "pin": "async"}, User("cornelius", self.realm2)) set_privacyidea_config("AutoResync", True) token.set_sync_window(10) token.set_count_window(5) # counter = 8, is out of sync with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": "******"}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), False) # counter = 9, will be autosynced. # Authentication is successful with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": "******"}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), True) delete_privacyidea_config("AutoResync")
def test_08_config_object(self): set_privacyidea_config(key="k1", value="v1") self.assertEqual(get_config_object().get_config("k1"), "v1") set_privacyidea_config(key="k1", value="v2") # not updated yet self.assertEqual(get_config_object().get_config("k1"), "v1") # updated now self.assertEqual(update_config_object().get_config("k1"), "v2")
def test_20_questionnaire(self): pin = "pin" serial = "QUST1234" questions = {"frage1": "antwort1", "frage2": "antwort2", "frage3": "antwort3"} j_questions = json.dumps(questions) with self.app.test_request_context('/token/init', method='POST', data={"type": "question", "pin": pin, "serial": serial, "questions": j_questions}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res) set_privacyidea_config("question.num_answers", 2) with self.app.test_request_context('/token/init', method='POST', data={"type": "question", "pin": pin, "serial": serial, "questions": j_questions}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") value = result.get("value") self.assertEqual(value, True) # Start a challenge with self.app.test_request_context('/validate/check', method='POST', data={"serial": serial, "pass": pin}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertFalse(result.get("value")) detail = json.loads(res.data).get("detail") transaction_id = detail.get("transaction_id") question = detail.get("message") self.assertTrue(question in questions) # Respond to the challenge answer = questions[question] with self.app.test_request_context('/validate/check', method='POST', data={"serial": serial, "transaction_id": transaction_id, "pass": answer}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), True)
def test_000_setup_realms(self): self.setUp_user_realms() # U2F is not configured yet with self.app.test_request_context('/ttype/u2f', method='GET'): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 400) set_privacyidea_config("u2f.appId", "http://localhost:5000")
def test_06_u2f_enrollment_fails_wrong_issuer(self): # test data taken from # https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-raw-message-formats-ps-20141009.html#examples serial = "U2F0010BF6F" set_privacyidea_config("u2f.appId", "https://puck.az.intern") pin = "test" # Registration data client_data = "eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6ImpIakIxaEM2VjA3dDl4ZnNNaDRfOEQ3U1JuSHRFY1BqUTdsaVl3cWxkX009Iiwib3JpZ2luIjoiaHR0cHM6Ly9wdWNrLmF6LmludGVybiIsImNpZF9wdWJrZXkiOiJ1bnVzZWQifQ" reg_data = "BQRHjwxEYFCkLHz3xdrmifKOHl2h17BmRJQ_S1Y9PRAhS2R186T391YE-ryqWis9HSmdp0XpRqUaKk9L8lxJTPpTQF_xFJ_LAsKkPTzKIwUlPIjGZDsLmv0en2Iya17Yz8X8OS89fuxwZOvEok-NQOKUTJP3att_RVe3dEAbq_iOtyAwggJEMIIBLqADAgECAgRVYr6gMAsGCSqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowKjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTQzMjUzNDY4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEszH3c9gUS5mVy-RYVRfhdYOqR2I2lcvoWsSCyAGfLJuUZ64EWw5m8TGy6jJDyR_aYC4xjz_F2NKnq65yvRQwmjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS41MBMGCysGAQQBguUcAgEBBAQDAgUgMAsGCSqGSIb3DQEBCwOCAQEArBbZs262s6m3bXWUs09Z9Pc-28n96yk162tFHKv0HSXT5xYU10cmBMpypXjjI-23YARoXwXn0bm-BdtulED6xc_JMqbK-uhSmXcu2wJ4ICA81BQdPutvaizpnjlXgDJjq6uNbsSAp98IStLLp7fW13yUw-vAsWb5YFfK9f46Yx6iakM3YqNvvs9M9EUJYl_VrxBJqnyLx2iaZlnpr13o8NcsKIJRdMUOBqt_ageQg3ttsyq_3LyoNcu7CQ7x8NmeCGm_6eVnZMQjDmwFdymwEN4OxfnM5MkcKCYhjqgIGruWkVHsFnJa8qjZXneVvKoiepuUQyDEJ2GcqvhU2YKY1zBFAiEA4ZkIXXyjEPExcMGtW6kJXqYv7UHgjxJR5h3H9w9FV7gCIFGdhxZDqwCQKplDi-LU4WJ45OyCpNK6lGa72eZqUR_k" # Authentication data transaction_id = "05871369157706202013" challenge = "1616515928c389ba9e028d83eb5f63782cbf351ca6abbc81aeb0dddd4895b609" # challenge = "FhZRWSjDibqeAo2D619jeCy_NRymq7yBrrDd3UiVtgk" key_handle = "X_EUn8sCwqQ9PMojBSU8iMZkOwua_R6fYjJrXtjPxfw5Lz1-7HBk68SiT41A4pRMk_dq239FV7d0QBur-I63IA" client_data_auth = "eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiRmhaUldTakRpYnFlQW8yRDYxOWplQ3lfTlJ5bXE3eUJyckRkM1VpVnRnayIsIm9yaWdpbiI6Imh0dHBzOi8vcHVjay5hei5pbnRlcm4iLCJjaWRfcHVia2V5IjoidW51c2VkIn0" signature_data = "AQAAAAMwRQIgU8d6waOIRVVydg_AXxediEZGkfFioUjd6FG3OxH2wUMCIQDpxzavJyxRlMwgNmD1Kw-iw_oP2egdshU9hrpxFHTRzQ" # step 1 with self.app.test_request_context('/token/init', method='POST', data={"type": "u2f", "user": "******", "realm": self.realm1, "serial": serial}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertEqual(result.get("status"), True) self.assertEqual(result.get("value"), True) set_policy(name="u2f01", scope=SCOPE.ENROLL, action="{0!s}=issuer/.*Plugup.*/".format(U2FACTION.REQ)) # Init step 2 with self.app.test_request_context('/token/init', method='POST', data={"type": "u2f", "serial": serial, "regdata": reg_data, "clientdata": client_data}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 403) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertEqual(result.get("status"), False) self.assertEqual(result.get("error").get("message"), u'The U2F device is not allowed to be registered ' u'due to policy restriction.') delete_policy("u2f01") remove_token(serial)
def test_04_check_otp_success_with_post_request(self): set_privacyidea_config("yubico.do_post", True) responses.add(responses.POST, YUBICO_URL, body=self.success_body) db_token = Token.query.filter(Token.serial == self.serial1).first() token = YubicoTokenClass(db_token) otpcount = token.check_otp("vvbgidlghkhgndujklhhudbcuttkcklhvjktrjrt") # Nonce and hash do not match self.assertTrue(otpcount == -2, otpcount) set_privacyidea_config("yubico.do_post", False)
def test_15_validate_at_sign(self): self.setUp_user_realm2() serial1 = "Split001" serial2 = "Split002" init_token({"serial": serial1, "type": "spass", "pin": serial1}, user=User("cornelius", self.realm1)) init_token({"serial": serial2, "type": "spass", "pin": serial2}, user=User("cornelius", self.realm2)) with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "pass": serial1}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value")) set_privacyidea_config("splitAtSign", "0") with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": serial2}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 400, res) set_privacyidea_config("splitAtSign", "1") with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": serial2}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value")) # The default behaviour - if the config entry does not exist, # is to split the @Sign delete_privacyidea_config("splitAtSign") with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm2, "pass": serial2}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") self.assertTrue(result.get("value"))
def test_06_do_request_success_remote_user(self): # verify SSL set_privacyidea_config("remote.verify_ssl_certificate", True) responses.add(responses.POST, "http://my.privacyidea.server/validate/check", body=json.dumps(self.success_body), content_type="application/json") db_token = Token.query.filter(Token.serial == self.serial2).first() token = RemoteTokenClass(db_token) otpcount = token.check_otp("123456") self.assertTrue(otpcount > 0, otpcount)
def test_02_reset_password(self): smtpmock.setdata(response={"*****@*****.**": (200, "OK")}) set_privacyidea_config("recovery.identifier", "myserver") with self.app.test_request_context( "/recover", method="POST", data={"user": "******", "realm": "register", "email": "*****@*****.**"}, ): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res.data) data = json.loads(res.data) self.assertEqual(data.get("result").get("value"), True)
def test_06_do_request_success_remote_user(self): # verify SSL set_privacyidea_config("remote.verify_ssl_certificate", True) responses.add(responses.POST, "http://my.privacyidea.server/mypi/validate/check", body=json.dumps(self.success_body), content_type="application/json") db_token = Token.query.filter(Token.serial == self.serial2).first() token = RemoteTokenClass(db_token) otpcount = token.check_otp("123456") self.assertTrue(otpcount > 0, otpcount)
def test_10_authenticate_system_radius_settings(self): set_privacyidea_config("radius.server", "my.other.radiusserver:1812") set_privacyidea_config("radius.secret", "testing123") radiusmock.setdata(success=True) token = init_token({"type": "radius", "radius.system_settings": True, "radius.user": "******", "radius.server": "", "radius.secret": ""}) r = token.authenticate("radiuspassword") self.assertEqual(r[0], True) self.assertEqual(r[1], 0) self.assertEqual(r[2].get("message"), "matching 1 tokens")
def test_04_dumb_question(self): set_privacyidea_config("question.num_answers", 1) token = init_token({ "type": "question", "pin": self.pin, "serial": "2ndtoken", "user": "******", "realm": self.realm1, "questions": self.j_dumb_questions }) _r, question, _transaction, _none = token.create_challenge() self.assertEqual("dumb questiontype", question) token.delete_token()
def test_01_create_recovery(self): smtpmock.setdata(response={"*****@*****.**": (200, "OK")}) # missing configuration self.assertRaises(privacyIDEAError, create_recoverycode, user=User("cornelius", self.realm1)) # recover password with "recovery.identifier" r = add_smtpserver(identifier="myserver", server="1.2.3.4") self.assertTrue(r > 0) set_privacyidea_config("recovery.identifier", "myserver") r = create_recoverycode(User("cornelius", self.realm1)) self.assertEqual(r, True)
def test_11_RADIUS_request(self): set_privacyidea_config("radius.dictfile", DICT_FILE) radiusmock.setdata(success=True) r = add_radius(identifier="myserver", server="1.2.3.4", secret="testing123", dictionary=DICT_FILE) self.assertTrue(r > 0) token = init_token({"type": "radius", "radius.identifier": "myserver", "radius.user": "******"}) r = token.authenticate("radiuspassword") self.assertEqual(r[0], True) self.assertEqual(r[1], 0) self.assertEqual(r[2].get("message"), "matching 1 tokens")
def test_02_reset_password(self): smtpmock.setdata(response={"*****@*****.**": (200, "OK")}) set_privacyidea_config("recovery.identifier", "myserver") with self.app.test_request_context('/recover', method='POST', data={"user": "******", "realm": "register", "email": "*****@*****.**"}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res.data) data = json.loads(res.data) self.assertEqual(data.get("result").get("value"), True)
def test_19_smstext(self): # The single quotes in the smstext "'Your <otp>'" is legacy and results in # the string without single quotes "Your <otp>". smstext_tests = {"'Your <otp>'": r"Your [0-9]{6}", "Your <otp>": r"Your [0-9]{6}", "{user} has the OTP: {otp}": r"Cornelius has the OTP: [0-9]{6}"} for pol_text, result_text in smstext_tests.items(): # create a SMSTEXT policy: p = set_policy(name="smstext", action="{0!s}={1!s}".format(SMSACTION.SMSTEXT, pol_text), scope=SCOPE.AUTH) self.assertTrue(p > 0) g = FakeFlaskG() P = PolicyClass() g.audit_object = FakeAudit() g.policy_object = P options = {"g": g, "user": User("cornelius", self.realm1)} responses.add(responses.POST, self.SMSHttpUrl, body=self.success_body) set_privacyidea_config("sms.providerConfig", self.SMSProviderConfig) db_token = Token.query.filter_by(serial=self.serial1).first() token = SmsTokenClass(db_token) c = token.create_challenge(options=options) self.assertTrue(c[0], c) display_message = c[1] self.assertEqual(display_message, _("Enter the OTP from the SMS:")) self.assertEqual(c[3].get("state"), None) smstext = token._get_sms_text(options) self.assertEqual(pol_text.strip("'"), smstext) r, message = token._send_sms(smstext, options) self.assertRegexpMatches(message, result_text) # Test AUTOSMS p = set_policy(name="autosms", action=SMSACTION.SMSAUTO, scope=SCOPE.AUTH) self.assertTrue(p > 0) g = FakeFlaskG() P = PolicyClass() g.policy_object = P g.audit_object = FakeAudit() options = {"g": g} r = token.check_otp(self.valid_otp_values[5 + len(smstext_tests)], options=options) self.assertTrue(r > 0, r)
def test_06_u2f_enrollment_fails_wrong_issuer(self): # test data taken from # https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-raw-message-formats-ps-20141009.html#examples serial = "U2F0010BF6F" set_privacyidea_config("u2f.appId", "https://puck.az.intern") # Registration data client_data = "eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6ImpIakIxaEM2VjA3dDl4ZnNNaDRfOEQ3U1JuSHRFY1BqUTdsaVl3cWxkX009Iiwib3JpZ2luIjoiaHR0cHM6Ly9wdWNrLmF6LmludGVybiIsImNpZF9wdWJrZXkiOiJ1bnVzZWQifQ" reg_data = "BQRHjwxEYFCkLHz3xdrmifKOHl2h17BmRJQ_S1Y9PRAhS2R186T391YE-ryqWis9HSmdp0XpRqUaKk9L8lxJTPpTQF_xFJ_LAsKkPTzKIwUlPIjGZDsLmv0en2Iya17Yz8X8OS89fuxwZOvEok-NQOKUTJP3att_RVe3dEAbq_iOtyAwggJEMIIBLqADAgECAgRVYr6gMAsGCSqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowKjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTQzMjUzNDY4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEszH3c9gUS5mVy-RYVRfhdYOqR2I2lcvoWsSCyAGfLJuUZ64EWw5m8TGy6jJDyR_aYC4xjz_F2NKnq65yvRQwmjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS41MBMGCysGAQQBguUcAgEBBAQDAgUgMAsGCSqGSIb3DQEBCwOCAQEArBbZs262s6m3bXWUs09Z9Pc-28n96yk162tFHKv0HSXT5xYU10cmBMpypXjjI-23YARoXwXn0bm-BdtulED6xc_JMqbK-uhSmXcu2wJ4ICA81BQdPutvaizpnjlXgDJjq6uNbsSAp98IStLLp7fW13yUw-vAsWb5YFfK9f46Yx6iakM3YqNvvs9M9EUJYl_VrxBJqnyLx2iaZlnpr13o8NcsKIJRdMUOBqt_ageQg3ttsyq_3LyoNcu7CQ7x8NmeCGm_6eVnZMQjDmwFdymwEN4OxfnM5MkcKCYhjqgIGruWkVHsFnJa8qjZXneVvKoiepuUQyDEJ2GcqvhU2YKY1zBFAiEA4ZkIXXyjEPExcMGtW6kJXqYv7UHgjxJR5h3H9w9FV7gCIFGdhxZDqwCQKplDi-LU4WJ45OyCpNK6lGa72eZqUR_k" # step 1 with self.app.test_request_context('/token/init', method='POST', data={ "type": "u2f", "user": "******", "realm": self.realm1, "serial": serial }, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = res.json.get("result") detail = res.json.get("detail") self.assertEqual(result.get("status"), True) self.assertEqual(result.get("value"), True) set_policy(name="u2f01", scope=SCOPE.ENROLL, action="{0!s}=issuer/.*Plugup.*/".format(U2FACTION.REQ)) # Init step 2 with self.app.test_request_context('/token/init', method='POST', data={ "type": "u2f", "serial": serial, "regdata": reg_data, "clientdata": client_data }, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 403) result = res.json.get("result") self.assertEqual(result.get("status"), False) self.assertEqual( result.get("error").get("message"), u'The U2F device is not allowed to be registered ' u'due to policy restriction.') delete_policy("u2f01") remove_token(serial)
def test_10_authenticate_system_radius_settings(self): set_privacyidea_config("radius.server", "my.other.radiusserver:1812") set_privacyidea_config("radius.secret", "testing123") radiusmock.setdata(response=radiusmock.AccessAccept) token = init_token({ "type": "radius", "radius.system_settings": True, "radius.user": "******", "radius.server": "", "radius.secret": "" }) r = token.authenticate("radiuspassword") self.assertEqual(r[0], True) self.assertEqual(r[1], 1)
def test_08_config_object(self): obj1 = get_config_object() # Another call to ``get_config_object`` returns the identical config object self.assertIs(obj1, get_config_object()) set_privacyidea_config(key="k1", value="v1") # ``set_privacyidea_config`` invalidates the config object, so we get a different one obj2 = get_config_object() self.assertIsNot(obj1, obj2) self.assertEqual(get_config_object().get_config("k1"), "v1") # ``set_privacyidea_config`` again invalidates the config object set_privacyidea_config(key="k1", value="v2") obj3 = get_config_object() self.assertIsNot(obj2, obj3) self.assertEqual(get_config_object().get_config("k1"), "v2")
def test_18_challenge_request(self): responses.add(responses.POST, self.SMSHttpUrl, body=self.success_body) transactionid = "123456098712" set_privacyidea_config("sms.providerConfig", self.SMSProviderConfig) db_token = Token.query.filter_by(serial=self.serial1).first() token = SmsTokenClass(db_token) self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge(transactionid) self.assertTrue(c[0], c) otp = c[1] self.assertTrue(c[3].get("state"), transactionid) # check for the challenges response r = token.check_challenge_response(passw=otp) self.assertTrue(r, r)
def test_99_unset_config(self): # Test early exit! # Assert that the function `retrieve_latest_entry` is called if the cache is enabled with patch('privacyidea.lib.usercache.retrieve_latest_entry') as mock_retrieve: mock_retrieve.return_value = None get_username('some-userid', 'resolver1') self.assertEqual(mock_retrieve.call_count, 1) set_privacyidea_config(EXPIRATION_SECONDS, 0) self.assertFalse(is_cache_enabled()) # Assert that the function `retrieve_latest_entry` is not called anymore with patch('privacyidea.lib.usercache.retrieve_latest_entry') as mock_retrieve: mock_retrieve.return_value = None get_username('some-userid', 'resolver1') self.assertEqual(mock_retrieve.call_count, 0)
def test_12_non_ascii(self): set_privacyidea_config("radius.dictfile", DICT_FILE) radiusmock.setdata(response=radiusmock.AccessAccept) r = add_radius(identifier="myserver", server="1.2.3.4", secret="testing123", dictionary=DICT_FILE) self.assertTrue(r > 0) token = init_token({ "type": "radius", "radius.identifier": "myserver", "radius.user": u"nönäscii" }) r = token.authenticate(u"passwörd") self.assertEqual(r[0], True) self.assertEqual(r[1], 1)
def test_06_u2f_enrollment_fails_wrong_issuer(self): # test data taken from # https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-raw-message-formats-ps-20141009.html#examples serial = "U2F0010BF6F" set_privacyidea_config("u2f.appId", "https://puck.az.intern") # Registration data client_data = "eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6ImpIakIxaEM2VjA3dDl4ZnNNaDRfOEQ3U1JuSHRFY1BqUTdsaVl3cWxkX009Iiwib3JpZ2luIjoiaHR0cHM6Ly9wdWNrLmF6LmludGVybiIsImNpZF9wdWJrZXkiOiJ1bnVzZWQifQ" reg_data = "BQRHjwxEYFCkLHz3xdrmifKOHl2h17BmRJQ_S1Y9PRAhS2R186T391YE-ryqWis9HSmdp0XpRqUaKk9L8lxJTPpTQF_xFJ_LAsKkPTzKIwUlPIjGZDsLmv0en2Iya17Yz8X8OS89fuxwZOvEok-NQOKUTJP3att_RVe3dEAbq_iOtyAwggJEMIIBLqADAgECAgRVYr6gMAsGCSqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowKjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTQzMjUzNDY4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEszH3c9gUS5mVy-RYVRfhdYOqR2I2lcvoWsSCyAGfLJuUZ64EWw5m8TGy6jJDyR_aYC4xjz_F2NKnq65yvRQwmjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS41MBMGCysGAQQBguUcAgEBBAQDAgUgMAsGCSqGSIb3DQEBCwOCAQEArBbZs262s6m3bXWUs09Z9Pc-28n96yk162tFHKv0HSXT5xYU10cmBMpypXjjI-23YARoXwXn0bm-BdtulED6xc_JMqbK-uhSmXcu2wJ4ICA81BQdPutvaizpnjlXgDJjq6uNbsSAp98IStLLp7fW13yUw-vAsWb5YFfK9f46Yx6iakM3YqNvvs9M9EUJYl_VrxBJqnyLx2iaZlnpr13o8NcsKIJRdMUOBqt_ageQg3ttsyq_3LyoNcu7CQ7x8NmeCGm_6eVnZMQjDmwFdymwEN4OxfnM5MkcKCYhjqgIGruWkVHsFnJa8qjZXneVvKoiepuUQyDEJ2GcqvhU2YKY1zBFAiEA4ZkIXXyjEPExcMGtW6kJXqYv7UHgjxJR5h3H9w9FV7gCIFGdhxZDqwCQKplDi-LU4WJ45OyCpNK6lGa72eZqUR_k" # step 1 with self.app.test_request_context('/token/init', method='POST', data={"type": "u2f", "user": "******", "realm": self.realm1, "serial": serial}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data.decode('utf8')).get("result") detail = json.loads(res.data.decode('utf8')).get("detail") self.assertEqual(result.get("status"), True) self.assertEqual(result.get("value"), True) set_policy(name="u2f01", scope=SCOPE.ENROLL, action="{0!s}=issuer/.*Plugup.*/".format(U2FACTION.REQ)) # Init step 2 with self.app.test_request_context('/token/init', method='POST', data={"type": "u2f", "serial": serial, "regdata": reg_data, "clientdata": client_data}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 403) result = json.loads(res.data.decode('utf8')).get("result") self.assertEqual(result.get("status"), False) self.assertEqual(result.get("error").get("message"), u'The U2F device is not allowed to be registered ' u'due to policy restriction.') delete_policy("u2f01") remove_token(serial)
def test_18a_challenge_request_dynamic(self): # Send a challenge request for an SMS token with a dynamic phone number responses.add(responses.POST, self.SMSHttpUrl, body=self.success_body) transactionid = "123456098712" set_privacyidea_config("sms.providerConfig", self.SMSProviderConfig) db_token = Token.query.filter_by(serial=self.serial2).first() token = SmsTokenClass(db_token) self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge(transactionid) self.assertTrue(c[0], c) otp = c[1] self.assertTrue(c[3].get("state"), transactionid) # check for the challenges response r = token.check_challenge_response( passw=otp, options={"transaction_id": transactionid}) self.assertTrue(r, r)
def test_18b_challenge_request_dynamic_multivalue(self): responses.add(responses.POST, self.SMSHttpUrl, body=self.success_body) transactionid = "123456098712" set_privacyidea_config("sms.providerConfig", self.SMSProviderConfig) db_token = Token.query.filter_by(serial=self.serial2).first() token = SmsTokenClass(db_token) # if the email is a multi-value attribute, the first address should be chosen new_user_info = token.user.info.copy() new_user_info['mobile'] = ['1234', '5678'] with mock.patch('privacyidea.lib.resolvers.PasswdIdResolver.IdResolver.getUserInfo') as mock_user_info: mock_user_info.return_value = new_user_info c = token.create_challenge(transactionid) self.assertTrue(c[0], c) self.assertIn('destination=1234', responses.calls[0].request.body) self.assertNotIn('destination=5678', responses.calls[0].request.body)
def test_02_send_test_email(self): set_privacyidea_config("radius.dictfile", DICT_FILE) radiusmock.setdata(success=True) with self.app.test_request_context('/radiusserver/test_request', method='POST', data={"identifier": "someServer", "secret": "secret", "port": "1812", "server": "1.2.3.4", "dictionary": DICT_FILE, "username": "******", "password": "******"}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) data = json.loads(res.data) self.assertEqual(data.get("result").get("value"), True)
def test_02_send_test_email(self): set_privacyidea_config("radius.dictfile", DICT_FILE) radiusmock.setdata(response=radiusmock.AccessAccept) with self.app.test_request_context('/radiusserver/test_request', method='POST', data={"identifier": "someServer", "secret": "secret", "port": "1812", "server": "1.2.3.4", "dictionary": DICT_FILE, "username": "******", "password": "******"}, headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) data = res.json self.assertEqual(data.get("result").get("value"), True)
def test_19_smstext(self): # create a SMSTEXT policy: p = set_policy(name="smstext", action="{0!s}={1!s}".format(SMSACTION.SMSTEXT, "'Your <otp>'"), scope=SCOPE.AUTH) self.assertTrue(p > 0) g = FakeFlaskG() P = PolicyClass() g.audit_object = FakeAudit() g.policy_object = P options = {"g": g} responses.add(responses.POST, self.SMSHttpUrl, body=self.success_body) set_privacyidea_config("sms.providerConfig", self.SMSProviderConfig) db_token = Token.query.filter_by(serial=self.serial1).first() token = SmsTokenClass(db_token) c = token.create_challenge(options=options) self.assertTrue(c[0], c) display_message = c[1] self.assertEqual(display_message, _("Enter the OTP from the SMS:")) self.assertEqual(c[3].get("state"), None) # check for the challenges response # r = token.check_challenge_response(passw="287922") # self.assertTrue(r, r) # Test AUTOSMS p = set_policy(name="autosms", action=SMSACTION.SMSAUTO, scope=SCOPE.AUTH) self.assertTrue(p > 0) g = FakeFlaskG() P = PolicyClass() g.policy_object = P g.audit_object = FakeAudit() options = {"g": g} r = token.check_otp("287922", options=options) self.assertTrue(r > 0, r)
def test_40_failcounter_exceeded(self): from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED, FAILCOUNTER_CLEAR_TIMEOUT) db_token = Token("failcounter", tokentype="spass") db_token.save() token_obj = TokenClass(db_token) for i in range(0, 11): token_obj.inc_failcount() now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT) # Now the FAILCOUNTER_EXCEEDED is set ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) # We only compare the date self.assertEqual(ti[:10], now[:10]) # and the timezone self.assertEqual(ti[-5:], now[-5:]) # reset the failcounter token_obj.reset() ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) self.assertEqual(ti, None) # Now check with failcounter clear, with timeout 5 minutes set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5) token_obj.set_failcount(10) failed_recently = (datetime.datetime.now(tzlocal()) - datetime.timedelta(minutes=3)).strftime(DATE_FORMAT) token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently) r = token_obj.check_failcount() # the fail is only 3 minutes ago, so we will not reset and check will # be false self.assertFalse(r) # Set the timeout to a shorter value set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2) r = token_obj.check_failcount() # The fail is longer ago. self.assertTrue(r) # The tokeninfo of this token is deleted and the failcounter is 0 self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None) self.assertEqual(token_obj.get_failcount(), 0) token_obj.delete_token()
def test_22_new_email_config(self): smtpmock.setdata(response={"*****@*****.**": (200, 'OK')}) transactionid = "123456098717" # send the email with the new configuration r = add_smtpserver(identifier="myServer", server="1.2.3.4") set_privacyidea_config("email.identifier", "myServer") db_token = Token.query.filter_by(serial=self.serial1).first() token = EmailTokenClass(db_token) self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge(transactionid) self.assertTrue(c[0], c) otp = c[1] self.assertTrue(c[3].get("state"), transactionid) # check for the challenges response r = token.check_challenge_response(passw=otp) self.assertTrue(r, r) delete_smtpserver("myServer") delete_privacyidea_config("email.identifier")
def test_01_create_token(self): set_privacyidea_config("question.num_answers", 3) token = init_token({"type": "question", "pin": self.pin, "serial": self.serial1, "user": "******", "realm": self.realm1, "questions": self.j_questions }) self.assertEqual(token.type, "question") prefix = QuestionnaireTokenClass.get_class_prefix() self.assertEqual(prefix, "QUST") info = QuestionnaireTokenClass.get_class_info() self.assertEqual(info.get("type"), "question") info = QuestionnaireTokenClass.get_class_info("type") self.assertEqual(info, "question")
def test_04_store_encrypted_values(self): r = set_privacyidea_config("mySecretData", "soho", typ="password", desc="Very important") self.assertTrue(r == "insert", r) r = get_from_config("mySecretData") self.assertTrue(r == "soho", r) r = get_from_config() self.assertTrue(r.get("mySecretData") == "soho", r.get("mySecretData"))
def test_18a_challenge_request_dynamic(self): # Send a challenge request for an SMS token with a dynamic phone number responses.add(responses.POST, self.SMSHttpUrl, body=self.success_body) transactionid = "123456098712" set_privacyidea_config("sms.providerConfig", self.SMSProviderConfig) db_token = Token.query.filter_by(serial=self.serial2).first() token = SmsTokenClass(db_token) self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge(transactionid) self.assertTrue(c[0], c) otp = c[1] self.assertTrue(c[3].get("state"), transactionid) # check for the challenges response r = token.check_challenge_response(passw=otp, options={"transaction_id": transactionid}) self.assertTrue(r, r)
def test_23_specific_email_config(self): smtpmock.setdata(response={"*****@*****.**": (200, 'OK')}) transactionid = "123456098723" # create new configuration r = add_smtpserver(identifier="myServer", server="1.2.3.4") set_privacyidea_config("email.identifier", "myServer") # set it to the token instead of changing the global config db_token = Token.query.filter_by(serial=self.serial1).first() token = EmailTokenClass(db_token) token.add_tokeninfo("email.identifier", "myServer") self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge(transactionid) self.assertTrue(c[0], c) otp = c[1] self.assertTrue(c[3]["attributes"]["state"], transactionid) # check for the challenges response r = token.check_challenge_response(passw=otp) self.assertTrue(r, r) delete_smtpserver("myServer")
def test_02_get_resolvers(self): # enable user cache set_privacyidea_config(EXPIRATION_SECONDS, 600) # create realm self._create_realm() # delete user_cache r = delete_user_cache() self.assertTrue(r >= 0) # The username is not in the cache. It is fetched from the resolver # At the same time the cache is filled. user = User(self.username, self.realm1) self.assertEqual(user.login, self.username) # The user ID is fetched from the resolver self.assertEqual(user.uid, self.uid) # Now, the cache should have exactly one entry entry = UserCache.query.one() self.assertEqual(entry.user_id, self.uid) self.assertEqual(entry.username, self.username) self.assertEqual(entry.resolver, self.resolvername1) ts = entry.timestamp # delete the resolver, which also purges the cache self._delete_realm() # manually re-add the entry from above UserCache(self.username, self.username, self.resolvername1, self.uid, ts).save() # the username is fetched from the cache u_name = get_username(self.uid, self.resolvername1) self.assertEqual(u_name, self.username) # delete the cache r = delete_user_cache() # try to fetch the username. It is not in the cache and the # resolver does not exist anymore. u_name = get_username(self.uid, self.resolvername1) self.assertEqual(u_name, "")
def test_22_autosync(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) set_privacyidea_config("AutoResync", True) token.update({"otpkey": self.otpkey, "otplen": 6}) token.token.count = 0 token.set_sync_window(10) token.set_count_window(5) # counter = 8, is out of sync r = token.check_otp(anOtpVal="399871") self.assertTrue(r == -1, r) # counter = 9, will be autosynced. r = token.check_otp(anOtpVal="520489") self.assertTrue(r == 9, r) # counter = 10, has also to authenticate! The counter of the token is # set. r = token.check_otp(anOtpVal="403154") self.assertTrue(r == 10, r) self.assertEqual(token.token.count, 11) # Autosync with a gap in the next otp value will fail token.token.count = 0 # Just try some bullshit config value set_privacyidea_config("AutoResyncTimeout", "totally not a number") # counter = 7, is out of sync r = token.check_otp(anOtpVal="162583") self.assertTrue(r == -1, r) # counter = 9, will NOT _autosync r = token.check_otp(anOtpVal="520489") self.assertTrue(r == -1, r) # Autosync fails, if dueDate is over token.token.count = 0 set_privacyidea_config("AutoResyncTimeout", 0) # counter = 8, is out of sync r = token.check_otp(anOtpVal="399871") self.assertTrue(r == -1, r) # counter = 9, is the next value, but duedate is over. r = token.check_otp(anOtpVal="520489") self.assertTrue(r == -1, r) # No _autosync set_privacyidea_config("AutoResync", False) token.token.count = 0 # counter = 8, is out of sync r = token.check_otp(anOtpVal="399871") self.assertTrue(r == -1, r) # counter = 9, will not be autosynced r = token.check_otp(anOtpVal="520489") self.assertTrue(r == -1, r)
def test_10_saml_check(self): # test successful authentication set_privacyidea_config("ReturnSamlAttributes", "0") with self.app.test_request_context('/validate/samlcheck', method='POST', data={ "user": "******", "pass": "******" }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") value = result.get("value") attributes = value.get("attributes") self.assertEqual(value.get("auth"), True) # No SAML return attributes self.assertEqual(attributes.get("email"), None) set_privacyidea_config("ReturnSamlAttributes", "1") with self.app.test_request_context('/validate/samlcheck', method='POST', data={ "user": "******", "pass": "******" }): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") value = result.get("value") attributes = value.get("attributes") self.assertEqual(value.get("auth"), True) self.assertEqual(attributes.get("email"), "*****@*****.**") self.assertEqual(attributes.get("givenname"), "Cornelius") self.assertEqual(attributes.get("mobile"), "+491111111") self.assertEqual(attributes.get("phone"), "+491234566") self.assertEqual(attributes.get("realm"), "realm1") self.assertEqual(attributes.get("username"), "cornelius")
def test_02_u2f(self): set_privacyidea_config("u2f.appId", "https://puck.az.intern") with self.app.test_request_context('/ttype/u2f', method='GET'): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) self.assertEqual(res.mimetype, u'application/fido.trusted-apps+json') data = json.loads(res.data.decode('utf8')) self.assertTrue("trustedFacets" in data) # Check the audit log. with self.app.test_request_context('/audit/?action=*GET /ttype/*', method='GET', headers={'Authorization': self.at}): res = self.app.full_dispatch_request() self.assertTrue(res.status_code == 200, res) json_response = json.loads(res.data.decode('utf8')) result = json_response.get("result") auditdata = result.get("value").get("auditdata") self.assertTrue(len(auditdata) > 0) self.assertEqual(auditdata[0].get("token_type"), "u2f")
def test_06_public_and_admin(self): # This tests the new public available config set_privacyidea_config("publicInfo1", "info1", typ="public") set_privacyidea_config("publicInfo2", "info2", typ="public") set_privacyidea_config("secretInfo1", "info1") # Get administrators info a = get_from_config() self.assertTrue("secretInfo1" in a) self.assertTrue("publicInfo1" in a) a = get_from_config("publicInfo1") self.assertEqual(a, "info1") a = get_from_config("secretInfo1") self.assertEqual(a, "info1") # Get public info as user a = get_from_config() self.assertTrue("publicInfo1" in a) a = get_from_config("publicInfo1") self.assertEqual(a, "info1") # Not able to get private info as user a = get_from_config(role="public") self.assertTrue("secretInfo1" not in a) a = get_from_config("secretInfo1", role="public") self.assertEqual(a, None)
def test_03_admin_auth(self): set_privacyidea_config(SYSCONF.SPLITATSIGN, True) # check that the default admin works with self.app.test_request_context('/auth', method='POST', data={"username": "******", "password": "******"}): res = self.app.full_dispatch_request() self.assertEqual(200, res.status_code, res) result = res.json.get("result") self.assertTrue(result.get("status"), result) self.assertIn('token', result.get("value"), result) # role should be 'admin' self.assertEqual('admin', result['value']['role'], result) # add an admin with an '@' in the login name create_db_admin(self.app, 'super@intern', password='******') # as long as the part after the '@' does not resemble an existing realm, # this should work with 'spltAtSign' set to True with self.app.test_request_context('/auth', method='POST', data={"username": "******", "password": "******"}): res = self.app.full_dispatch_request() self.assertEqual(200, res.status_code, res) result = res.json.get("result") self.assertTrue(result.get("status"), result) self.assertIn('token', result.get("value"), result) # role should be 'admin' self.assertEqual('admin', result['value']['role'], result) # both admin logins should also work with 'splitAtSign' set to False set_privacyidea_config(SYSCONF.SPLITATSIGN, False) with self.app.test_request_context('/auth', method='POST', data={"username": "******", "password": "******"}): res = self.app.full_dispatch_request() self.assertEqual(200, res.status_code, res) result = res.json.get("result") self.assertTrue(result.get("status"), result) self.assertIn('token', result.get("value"), result) # role should be 'admin' self.assertEqual('admin', result['value']['role'], result) with self.app.test_request_context('/auth', method='POST', data={"username": "******", "password": "******"}): res = self.app.full_dispatch_request() self.assertEqual(200, res.status_code, res) result = res.json.get("result") self.assertTrue(result.get("status"), result) self.assertIn('token', result.get("value"), result) # role should be 'admin' self.assertEqual('admin', result['value']['role'], result) # reset 'splitAtSign' to default value set_privacyidea_config(SYSCONF.SPLITATSIGN, True)
def test_16_autoresync_hotp(self): serial = "autosync1" token = init_token( { "serial": serial, "otpkey": self.otpkey, "pin": "async" }, User("cornelius", self.realm2)) set_privacyidea_config("AutoResync", True) token.set_sync_window(10) token.set_count_window(5) # counter = 8, is out of sync with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": "******" }): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), False) # counter = 9, will be autosynced. # Authentication is successful with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm2, "pass": "******" }): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") self.assertEqual(result.get("value"), True) delete_privacyidea_config("AutoResync")
def test_05_unicode_question(self): questions = {u'cité': u'Nîmes', u'城市': u'北京', 'ciudad': u'Almería'} set_privacyidea_config("question.num_answers", 2) token = init_token({ "type": "question", "pin": self.pin, "user": "******", "realm": self.realm1, "questions": json.dumps(questions) }) self.assertEqual(token.type, "question") r = token.create_challenge() self.assertEqual(r[0], True) question = r[1] transactionid = r[2] self.assertTrue(question in questions) # Now that we have the question, we can give the answer r = token.check_challenge_response( passw=questions[question], options={"transaction_id": transactionid}) self.assertEqual(r, 1) token.delete_token()