def test_configuration_realserver_your_otp_other_server(self): """ To run this test you have to create and configure the database with a yubikey that is active on your own yubikey validation server. For example: http://code.google.com/p/yubico-yubiserve/ (This server do not allow timestamp verifications.) You also have to obtains an api_key/id for your server and add it to the database.: """ print "Performing test test_configuration_realserver_your_otp_other_server." #db = YubikeyDb(self.mydb) #db.clear_all_logs() validator = YubikeyValidation(self.server) print "Testing server " + self.server user = raw_input("Your username:"******"Your otp:") #Test the server without timestamp verification. result = validator.validate_opt(user, otp, self.mydb, 0) self.assertTrue(result) print "Test test_configuration_realserver_your_otp_other_server done."
def test_configuration_localserver_your_otp_yubico(self): """ This test will verify that the yubico implementation of a server and client still works. You can run this test as many times as you like and need no configurations. """ print "Performing test test_configuration_localserver_your_otp_yubico." print "Testing the local server and client!" validator = YubikeyValidation(None) username = "******" db = YubikeyDb(self.testDatabase) db.clear_all_logs() otplist = [ {"otp": "vvghndudfdbtrjnvehrjllnncdirbcegjghnhugtrkre", "time": 4}, {"otp": "vvghndudfdbtknuvbrkhhrubulhciilkbtjuiktkiflj", "time": 5}, {"otp": "vvghndudfdbtfiungirtikiketnhrdlljhjkjungunfc", "time": 8}, {"otp": "vvghndudfdbthriturtfendvthgluebtbvbinukuuknk", "time": 12}, {"otp": "vvghndudfdbtlfleblhiuveuiibcfejlgukicnrcnbir", "time": 0} ] result = validator.validate_opt(username, otplist[4]["otp"], self.testDatabase, 1) self.assertTrue(result) result = validator.validate_opt(username, otplist[0]["otp"], self.testDatabase, 1) self.assertFalse(result) db.clear_all_logs() for otp in otplist: print "Testing otp " + otp["otp"] + "." result = validator.validate_opt(username, otp["otp"], self.testDatabase, 1) self.assertTrue(result) print "Sleep for " + str(otp["time"]) + "seconds." sleep(otp["time"]) result = validator.validate_opt(username, otplist[1]["otp"], self.testDatabase, 1) self.assertFalse(result) print "Test test_configuration_localserver_your_otp_yubico done."
def test_configuration_localhost_server(self): """ This test will verify that the yubikey validation server works. To get a correct result you first have to start the server. Command: python yubikeyserver.py yubikeyserver_conf You must use the default configuration and the testdatabase yubikeylocaltest.db """ print "Performing test test_configuration_localhost_server." validator = YubikeyValidation(self.localServer) print "Testing server " + self.localServer user = "******" otplist = [ {"otp": "vvghndudfdbtrjnvehrjllnncdirbcegjghnhugtrkre", "time": 4}, {"otp": "vvghndudfdbtknuvbrkhhrubulhciilkbtjuiktkiflj", "time": 5}, {"otp": "vvghndudfdbtfiungirtikiketnhrdlljhjkjungunfc", "time": 8}, {"otp": "vvghndudfdbthriturtfendvthgluebtbvbinukuuknk", "time": 12}, {"otp": "vvghndudfdbtlfleblhiuveuiibcfejlgukicnrcnbir", "time": 0} ] db = YubikeyDb(self.testDatabase) db.clear_all_logs() for otp in otplist: result = validator.validate_opt(user, otp["otp"], self.testDatabase, timestamp = 1, timestamp_error_margin = 40, allow_duplicated_nonce=False, verifyssl=False) self.assertTrue(result) print "Sleep for " + str(otp["time"]) + "seconds." sleep(otp["time"]) print "Test test_configuration_localhost_server done."
def test_configuration_realserver_your_otp_yubico(self): """ To run this test you have to create and configure the database yubikeyconf.db with a yubikey that is active on yubico's servers. http://www.yubico.com/products/services-software/personalization-tools/use/ You also have to obtains an api_key/id that is active at yubico. https://upgrade.yubico.com/getapikey/yubi """ print "Performing test test_configuration_realserver_your_otp_yubico." #db = YubikeyDb(self.mydb) #db.clear_all_logs() validator = YubikeyValidation(self.yubicoServer) print "Testing server " + self.yubicoServer user = raw_input("Your username:"******"Your otp:") #This server support timestamp=1. result = validator.validate_opt(user, otp, self.mydb, 1) self.assertTrue(result) print "Test test_configuration_realserver_your_otp_yubico done."
class DirgUsernamePasswordYubikeyMako(Authenticate): def __init__( self, username_query_key, mako_template, template_lookup, pwd=None, password_query_key=None, yubikey_db=None, yubikey_server=None, yubikey_otp_key=None, cookie_dict=None, cookie_object=None, ): """ """ Authenticate.__init__(self, cookie_dict, cookie_object) self.username_query_key = username_query_key self.password_query_key = password_query_key self.yubikey_db = yubikey_db self.yubikey_server = yubikey_server self.yubikey_otp_key = yubikey_otp_key self.mako_template = mako_template self.template_lookup = template_lookup self.passwd = pwd self.yubikey_validator = None if self.yubikey_server is not None: self.yubikey_validator = YubikeyValidation(self.yubikey_server) def create_response(self, argv=None, cookie=None, **kwargs): """ Put up the login form """ if cookie: headers = [cookie] else: headers = [] resp = Response(headers=headers) logger.info("do_authentication argv: %s" % argv) mte = self.template_lookup.get_template(self.mako_template) resp.message = mte.render(**argv) return resp def verify(self, request, **kwargs): """ Verifies that the given username and password was correct :param request: Either the query part of a URL a urlencoded body of a HTTP message or a parse such. :param kwargs: Catch whatever else is sent. :return: redirect back to where ever the base applications wants the user after authentication. """ logger.debug("verify(%s)" % request) if isinstance(request, basestring): _dict = parse_qs(request) elif isinstance(request, dict): _dict = request else: raise ValueError("Wrong type of input") username = None password = None if isinstance(_dict[self.username_query_key], basestring): username = _dict[self.username_query_key] else: username = _dict[self.username_query_key][0] valid = False if self.password_query_key is not None: if isinstance(_dict[self.password_query_key], basestring): password = _dict[self.password_query_key] else: password = _dict[self.password_query_key][0] # verify username and password try: if self.passwd is not None: valid = password == self.passwd[username] if not valid: return False, None, None, None except (AssertionError, KeyError): if not valid: return False, None, None, None if self.yubikey_otp_key is not None and self.yubikey_validator is not None and self.yubikey_db is not None: # verify username and password otp = None if isinstance(_dict[self.yubikey_otp_key], basestring): otp = _dict[self.yubikey_otp_key] else: otp = _dict[self.yubikey_otp_key][0] if otp is not None: try: valid = self.yubikey_validator.validate_opt(username, otp, self.yubikey_db, 0) if not valid: return False, None, None, None except (AssertionError, KeyError): if not valid: return False, None, None, None if valid: return True, username, _dict return False, None, None, None