def test_recovery_codes_regenerate(self, email_log): interface = RecoveryCodeInterface() interface.enroll(self.user) url = reverse( "sentry-api-0-user-authenticator-details", kwargs={"user_id": self.user.id, "auth_id": interface.authenticator.id}, ) resp = self.client.get(url) assert resp.status_code == 200 old_codes = resp.data["codes"] old_created_at = resp.data["createdAt"] resp = self.client.get(url) assert old_codes == resp.data["codes"] assert old_created_at == resp.data["createdAt"] # regenerate codes tomorrow = timezone.now() + datetime.timedelta(days=1) with mock.patch.object(timezone, "now", return_value=tomorrow): resp = self.client.put(url) resp = self.client.get(url) assert old_codes != resp.data["codes"] assert old_created_at != resp.data["createdAt"] self._assert_security_email_sent("recovery-codes-regenerated", email_log)
def test_recovery_codes_regenerate(self): interface = RecoveryCodeInterface() interface.enroll(self.user) resp = self.get_success_response(self.user.id, interface.authenticator.id) old_codes = resp.data["codes"] old_created_at = resp.data["createdAt"] resp = self.get_success_response(self.user.id, interface.authenticator.id) assert old_codes == resp.data["codes"] assert old_created_at == resp.data["createdAt"] # regenerate codes tomorrow = timezone.now() + datetime.timedelta(days=1) with mock.patch.object(timezone, "now", return_value=tomorrow): with self.tasks(): self.get_success_response(self.user.id, interface.authenticator.id, method="put") resp = self.get_success_response(self.user.id, interface.authenticator.id) assert old_codes != resp.data["codes"] assert old_created_at != resp.data["createdAt"] assert_security_email_sent("recovery-codes-regenerated")
def test_get_recovery_codes(self): interface = RecoveryCodeInterface() interface.enroll(self.user) with self.tasks(): resp = self.get_success_response(self.user.id, interface.authenticator.id) assert resp.data["id"] == "recovery" assert resp.data["authId"] == str(interface.authenticator.id) assert len(resp.data["codes"]) assert len(mail.outbox) == 0
def test_get_recovery_codes(self, email_log): interface = RecoveryCodeInterface() interface.enroll(self.user) url = reverse( "sentry-api-0-user-authenticator-details", kwargs={"user_id": self.user.id, "auth_id": interface.authenticator.id}, ) resp = self.client.get(url) assert resp.status_code == 200 assert resp.data["id"] == "recovery" assert resp.data["authId"] == six.text_type(interface.authenticator.id) assert len(resp.data["codes"]) assert email_log.info.call_count == 0
def test_owner_can_only_reset_member_2fa(self): self.login_as(self.owner) path = reverse("sentry-api-0-user-authenticator-details", args=[self.member.id, self.interface_id]) resp = self.client.get(path) assert resp.status_code == 403 # cannot regenerate recovery codes recovery = RecoveryCodeInterface() recovery.enroll(self.user) path = reverse( "sentry-api-0-user-authenticator-details", args=[self.member.id, recovery.authenticator.id], ) resp = self.client.put(path) assert resp.status_code == 403
def test_correct_redirect_as_2fa_user_no_membership(self): user = self.create_user("*****@*****.**") RecoveryCodeInterface().enroll(user) TotpInterface().enroll(user) resp = self.client.post( self.path, {"username": user, "password": "******", "op": "login"}, follow=True ) assert resp.redirect_chain == [("/auth/2fa/", 302)]
def test_user_has_2fa(self): user = self.create_user("*****@*****.**") assert Authenticator.objects.user_has_2fa(user) is False assert Authenticator.objects.filter(user=user).count() == 0 RecoveryCodeInterface().enroll(user) assert Authenticator.objects.user_has_2fa(user) is False assert Authenticator.objects.filter(user=user).count() == 1 TotpInterface().enroll(user) assert Authenticator.objects.user_has_2fa(user) is True assert Authenticator.objects.filter(user=user).count() == 2
def test_correct_redirect_as_2fa_user_invited_member(self): user = self.create_user("*****@*****.**") RecoveryCodeInterface().enroll(user) TotpInterface().enroll(user) self.create_member(organization=self.organization, user=user) member = OrganizationMember.objects.get(organization=self.organization, user=user) member.email = "*****@*****.**" member.save() resp = self.client.post( self.path, {"username": user, "password": "******", "op": "login"}, follow=True ) assert resp.redirect_chain == [("/auth/2fa/", 302)]
def test_login_valid_credentials_2fa_redirect(self): user = self.create_user("*****@*****.**") RecoveryCodeInterface().enroll(user) TotpInterface().enroll(user) self.create_member(organization=self.organization, user=user) self.client.get(self.path) resp = self.client.post( self.path, { "username": user.username, "password": "******", "op": "login" }, ) assert resp.url == "/auth/2fa/" assert resp.status_code == 302