"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.10.5.2/linotpd/src/linotp/tests/functional/test_policy2/test_inactive_policy.py" (13 May 2019, 7751 Bytes) of package /linux/misc/LinOTP-release-2.10.5.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # -*- coding: utf-8 -*-
    2 #
    3 #    LinOTP - the open source solution for two factor authentication
    4 #    Copyright (C) 2010 - 2019 KeyIdentity GmbH
    5 #
    6 #    This file is part of LinOTP server.
    7 #
    8 #    This program is free software: you can redistribute it and/or
    9 #    modify it under the terms of the GNU Affero General Public
   10 #    License, version 3, as published by the Free Software Foundation.
   11 #
   12 #    This program is distributed in the hope that it will be useful,
   13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 #    GNU Affero General Public License for more details.
   16 #
   17 #    You should have received a copy of the
   18 #               GNU Affero General Public License
   19 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 #
   21 #
   22 #    E-mail: linotp@keyidentity.com
   23 #    Contact: www.linotp.org
   24 #    Support: www.keyidentity.com
   25 #
   26 
   27 
   28 """
   29 Test inactive policies are not evaluated
   30 """
   31 
   32 import json
   33 
   34 from linotp.tests import TestController
   35 
   36 
   37 class TestInactivePolicy(TestController):
   38     """
   39     Test the non-evaluation of inactive policies.
   40     """
   41 
   42     def setUp(self):
   43         TestController.setUp(self)
   44         self.delete_all_policies()
   45         self.delete_all_token()
   46         self.delete_all_realms()
   47         self.delete_all_resolvers()
   48         self.create_common_resolvers()
   49         self.create_common_realms()
   50 
   51     def tearDown(self):
   52         TestController.tearDown(self)
   53 
   54     def test_inactive_policy(self):
   55         """
   56         test that no inactive policy is evaluated for the old and new engine
   57         """
   58 
   59         # get the currently used policy engine and preserve this for restore
   60 
   61         params = {'key': 'NewPolicyEvaluation'}
   62         response = self.make_system_request('getConfig', params=params)
   63         self.assertTrue(
   64             '"getConfig NewPolicyEvaluation"' in response, response)
   65 
   66         jresp = json.loads(response.body)
   67 
   68         restore_new_policy_engine = jresp.get(
   69             'result', {}).get(
   70                 'value', {}).get('getConfig NewPolicyEvaluation', False)
   71 
   72         # ----------------------------------------------------------------- --
   73 
   74         # run the usage of 'active policy only' verification for both machines
   75 
   76         try:
   77 
   78             for policy_engine_version in ['new', 'old']:
   79 
   80                 if policy_engine_version == 'new':
   81                     params = {'NewPolicyEvaluation': 'True'}
   82                     response = self.make_system_request('setConfig',
   83                                                         params=params)
   84                     self.assertTrue(
   85                         '"setConfig NewPolicyEvaluation:True"' in response,
   86                         response)
   87 
   88                 if policy_engine_version == 'old':
   89                     params = {'key': 'NewPolicyEvaluation'}
   90                     response = self.make_system_request('delConfig',
   91                                                         params=params)
   92                     self.assertTrue(
   93                         '"delConfig NewPolicyEvaluation"' in response,
   94                         response)
   95 
   96                 self.run_inactive_policy_verifcation()
   97 
   98         # ----------------------------------------------------------------- --
   99 
  100         finally:
  101 
  102             # restore the inital policy engine behaviour
  103 
  104             if not restore_new_policy_engine:
  105                 params = {'key': 'NewPolicyEvaluation'}
  106                 response = self.make_system_request('delConfig', params=params)
  107 
  108             else:
  109                 params = {'NewPolicyEvaluation': 'True'}
  110                 response = self.make_system_request('setConfig', params=params)
  111 
  112         return
  113 
  114     def run_inactive_policy_verifcation(self):
  115         """
  116         verify that no inactive policy is evaluated
  117 
  118         the test is using the otppin=1 policy, which is checked to active
  119         in the first place. After the first check, the policy is disabled
  120         and the former authenication test will fail but the authentication
  121         without policy will work again.
  122         """
  123 
  124         user = 'passthru_user1'
  125         pw_pass = "geheim1"
  126         pw_otp = 'Test123'
  127         pw_pin = "123!"
  128 
  129         params = {
  130             "serial": 'KIPW_007',
  131             "type": "pw",
  132             'otpkey': pw_otp,
  133             'pin': pw_pin,
  134             'user': user,
  135             "description": "myTest123"}
  136 
  137         response = self.make_admin_request('init', params=params)
  138         jresp = json.loads(response.body)
  139 
  140         serial = jresp.get('detail', {}.get('serial'))
  141         self.assertIsNotNone(serial, response)
  142 
  143         # ----------------------------------------------------------------- --
  144 
  145         # run a simple validate check test without otppin policy
  146 
  147         params = {
  148             'user': user,
  149             'pass': pw_pin + pw_otp}
  150         response = self.make_validate_request('check', params=params)
  151 
  152         jresp = json.loads(response.body)
  153         value = jresp.get('result', {}).get('value')
  154         self.assertTrue(value, response)
  155 
  156         # ----------------------------------------------------------------- --
  157 
  158         # we use the otppin policy
  159 
  160         policy = {
  161             'name': 'inactive_policy',
  162             'active': True,
  163             'scope': 'authentication',
  164             'realm': '*',
  165             'client': '*',
  166             'user': '*',
  167             'action': 'otppin=1'}
  168 
  169         response = self.make_system_request('setPolicy', policy)
  170 
  171         jresp = json.loads(response.body)
  172         p_loaded = jresp.get(
  173             'result', {}).get(
  174                 'value', {}).get(
  175                     "setPolicy %s" % policy.get('name'))
  176         self.assertIsNotNone(p_loaded, response)
  177 
  178         # ----------------------------------------------------------------- --
  179 
  180         # run a validate check test with otppin=1 parameters
  181 
  182         params = {
  183             'user': user,
  184             'pass': pw_pass + pw_otp}
  185 
  186         response = self.make_validate_request('check', params=params)
  187 
  188         jresp = json.loads(response.body)
  189         value = jresp.get('result', {}).get('value')
  190         self.assertTrue(value, response)
  191 
  192         # ----------------------------------------------------------------- --
  193 
  194         # now disable the otppin policy
  195 
  196         policy = {
  197             'name': 'inactive_policy',
  198             'active': False,
  199             'scope': 'authentication',
  200             'realm': '*',
  201             'client': '*',
  202             'user': '*',
  203             'action': 'otppin=1'}
  204 
  205         response = self.make_system_request('setPolicy', policy)
  206 
  207         jresp = json.loads(response.body)
  208         p_loaded = jresp.get(
  209             'result', {}).get(
  210                 'value', {}).get(
  211                     "setPolicy %s" % policy.get('name'))
  212         self.assertIsNotNone(p_loaded, response)
  213 
  214         # ----------------------------------------------------------------- --
  215 
  216         # run a validate check test with otppin=1 parameters again
  217         # which now will fail
  218 
  219         params = {
  220             'user': user,
  221             'pass': pw_pass + pw_otp}
  222 
  223         response = self.make_validate_request('check', params=params)
  224 
  225         jresp = json.loads(response.body)
  226         value = jresp.get('result', {}).get('value')
  227         self.assertFalse(value, response)
  228 
  229         # ----------------------------------------------------------------- --
  230 
  231         # run a simple validate check test without otppin policy again
  232 
  233         params = {
  234             'user': user,
  235             'pass': pw_pin + pw_otp}
  236         response = self.make_validate_request('check', params=params)
  237 
  238         jresp = json.loads(response.body)
  239         value = jresp.get('result', {}).get('value')
  240         self.assertTrue(value, response)
  241 
  242         return
  243 
  244 # eof #