"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.10.5.2/linotpd/src/linotp/tests/functional/test_selfservice.py" (13 May 2019, 27427 Bytes) of package /linux/misc/LinOTP-release-2.10.5.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # -*- coding: utf-8 -*-
    2 #
    3 #    LinOTP - the open source solution for two factor authentication
    4 #    Copyright (C) 2010 - 2019 KeyIdentity GmbH
    5 #
    6 #    This file is part of LinOTP server.
    7 #
    8 #    This program is free software: you can redistribute it and/or
    9 #    modify it under the terms of the GNU Affero General Public
   10 #    License, version 3, as published by the Free Software Foundation.
   11 #
   12 #    This program is distributed in the hope that it will be useful,
   13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 #    GNU Affero General Public License for more details.
   16 #
   17 #    You should have received a copy of the
   18 #               GNU Affero General Public License
   19 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 #
   21 #
   22 #    E-mail: linotp@keyidentity.com
   23 #    Contact: www.linotp.org
   24 #    Support: www.keyidentity.com
   25 #
   26 
   27 
   28 """
   29 """
   30 
   31 import logging
   32 import json
   33 
   34 from linotp.tests import TestController, url
   35 
   36 log = logging.getLogger(__name__)
   37 
   38 
   39 
   40 class TestSelfserviceController(TestController):
   41 
   42     def setUp(self):
   43         TestController.setUp(self)
   44         self.set_config_selftest()
   45         self.create_common_resolvers()
   46         self.create_common_realms()
   47 
   48     def tearDown(self):
   49         self.delete_all_realms()
   50         self.delete_all_resolvers()
   51         TestController.tearDown(self)
   52 
   53     def createPolicy(self, policy):
   54         response = self.app.get(url(controller='system', action='setPolicy'),
   55                                 params={'name' : 'self01',
   56                                         'scope' : 'selfservice',
   57                                         'realm' : 'myDefRealm',
   58                                         'action' : policy,
   59                                         'selftest_admin' : 'superadmin'
   60                                         })
   61         print response
   62         assert '"status": true' in response
   63         assert '"setPolicy self01": {' in response
   64 
   65     def deleteToken(self, serial):
   66         response = self.app.get(url(controller='admin', action='remove'),
   67                                 params={'serial': serial,
   68                                         'selftest_admin' : 'superadmin'})
   69 
   70         log.debug(response)
   71 
   72     def test_history(self):
   73         '''
   74         Selfservice: Testing history
   75         '''
   76         self.createPolicy("history")
   77 
   78         auth_user = {
   79              'login': 'passthru_user1@myDefRealm',
   80              'password': 'geheim1'}
   81 
   82         response = self.make_userselfservice_request('history',
   83                                 auth_user=auth_user)
   84         print response
   85         assert '"rows": [' in response
   86 
   87         response = self.make_selfservice_request('history',
   88                                 auth_user=auth_user)
   89         print response
   90         assert 'view_audit_selfservice' in response
   91 
   92     def test_reset(self):
   93         '''
   94         Selfservice: Testing user reset
   95         '''
   96 
   97         auth_user = {
   98              'login': 'passthru_user1@myDefRealm',
   99              'password': 'geheim1'}
  100 
  101         response = self.make_userselfservice_request('reset',
  102                                 auth_user=auth_user)
  103         print response
  104         assert '"status": false' in response
  105         assert '"code": -311' in response
  106 
  107         self.createPolicy("reset")
  108         response = self.make_userselfservice_request('reset',
  109                                 auth_user=auth_user)
  110         print response
  111         assert 'Missing parameter: ' in response
  112         assert '"code": 905' in response
  113 
  114         response = self.app.get(url(controller='admin', action='init'),
  115                                 params={'serial':'reset01',
  116                                         'type': 'spass',
  117                                         'user': 'passthru_user1@myDefRealm',
  118                                         'pin': "secret"
  119                                         })
  120         print response
  121         assert '"status": true' in response
  122 
  123         for i in "12345678901234567890":
  124             response = self.app.get(url(controller='validate', action='check'),
  125                                     params={'user': 'passthru_user1@myDefRealm',
  126                                             'pass': 'wrongpass'})
  127             print response
  128             assert '"value": false' in response
  129 
  130         response = self.make_userselfservice_request('reset',
  131                                 auth_user=auth_user,
  132                                 params={'serial': 'reset01'})
  133         print response
  134         assert '"status": true' in response
  135         assert '"reset Failcounter": 1' in response
  136 
  137         response = self.app.get(url(controller='validate', action='check'),
  138                                 params={'user': 'passthru_user1@myDefRealm',
  139                                         'pass': 'secret'})
  140         print response
  141         assert '"value": true' in response
  142 
  143         response = self.make_selfservice_request('reset',
  144                                 auth_user=auth_user)
  145         print response
  146         assert "<div id='resetform'>" in response
  147 
  148     def test_resync(self):
  149         '''
  150         Selfservice: Testing user resync
  151         '''
  152 
  153         auth_user = {
  154              'login': 'passthru_user1@myDefRealm',
  155              'password': 'geheim1'}
  156 
  157         response = self.make_userselfservice_request('resync',
  158                                 auth_user=auth_user)
  159         print response
  160         assert '"status": false' in response
  161         assert '"code": -311' in response
  162 
  163         self.createPolicy("resync")
  164         response = self.make_userselfservice_request('resync',
  165                                 auth_user=auth_user)
  166         print response
  167         assert 'Missing parameter' in response
  168         assert '"code": 905' in response
  169 
  170         response = self.app.get(url(controller='admin', action='init'),
  171                                 params={'serial':'token01',
  172                                         'type': 'hmac',
  173                                         'user': 'passthru_user1@myDefRealm',
  174                                         'pin': "secret",
  175                                         'otpkey': '6161e082d736d3d9d67bc1d4711ff1a81af26160'
  176                                         })
  177         print response
  178         assert '"status": true' in response
  179 
  180         response = self.make_userselfservice_request('resync',
  181                                 auth_user=auth_user,
  182                                 params={'serial': 'XXXX',
  183                                         "otp1": "359864",
  184                                         "otp2": "348448" })
  185         print response
  186         assert '"status": false' in response
  187         assert 'no token found!' in response
  188 
  189         response = self.make_userselfservice_request('resync',
  190                                 auth_user=auth_user,
  191                                 params={'serial': 'token01',
  192                                         "otp1": "885497",
  193                                         "otp2": "696793" })
  194         print response
  195         assert '"status": true' in response
  196         assert '"resync Token": true' in response
  197 
  198         response = self.make_selfservice_request('resync',
  199                                 auth_user=auth_user)
  200         print response
  201         assert "<div id='resyncform'>" in response
  202 
  203 
  204 
  205     def test_setmpin(self):
  206         '''
  207         Selfservice: setting mOTP PIN
  208         '''
  209 
  210         auth_user = {
  211              'login': 'passthru_user1@myDefRealm',
  212              'password': 'geheim1'}
  213 
  214         response = self.make_userselfservice_request('setmpin',
  215                                 auth_user=auth_user,
  216                                 params={'serial': 'XXXX',
  217                                         'pin': '1234'})
  218         print response
  219         assert '"status": false' in response
  220         assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response
  221 
  222         self.createPolicy("setMOTPPIN")
  223         response = self.make_userselfservice_request('setmpin',
  224                                 auth_user=auth_user)
  225         print response
  226         assert 'Missing parameter: \'pin\'' in response
  227         assert '"code": 905' in response
  228 
  229 
  230         response = self.app.get(url(controller='admin', action='init'),
  231                                 params={'serial':'token01',
  232                                         'type': 'hmac',
  233                                         'user': 'passthru_user1@myDefRealm',
  234                                         'pin': "secret",
  235                                         'otpkey': '6161e082d736d3d9d67bc1d4711ff1a81af26160'
  236                                         })
  237         print response
  238         assert '"status": true' in response
  239 
  240         response = self.make_userselfservice_request('setmpin',
  241                                 auth_user=auth_user,
  242                                 params={'serial': 'token01',
  243                                         'pin': '1234'})
  244         print response
  245         assert '"status": true' in response
  246         assert '"set userpin": 1' in response
  247 
  248         response = self.make_selfservice_request('setmpin',
  249                                 auth_user=auth_user)
  250         print response
  251         assert "<div id='passwordform'>" in response
  252 
  253 
  254     def test_setpin(self):
  255         '''
  256         Selfservice: testing setting PIN
  257         '''
  258         response = self.app.get(url(controller='admin', action='init'),
  259                                 params={'serial':'spass01',
  260                                         'type': 'spass',
  261                                         'user': 'passthru_user1@myDefRealm',
  262                                         })
  263         print response
  264         assert '"status": true' in response
  265 
  266         auth_user = {
  267              'login': 'passthru_user1@myDefRealm',
  268              'password': 'geheim1'}
  269 
  270         response = self.make_userselfservice_request('setpin',
  271                                 auth_user=auth_user,
  272                                 params={'serial': 'spass01',
  273                                         'pin': '1234'})
  274         print response
  275         assert '"status": false' in response
  276         assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response
  277 
  278         self.createPolicy("setOTPPIN")
  279         response = self.make_userselfservice_request('setpin',
  280                                 auth_user=auth_user)
  281         print response
  282         assert 'Missing parameter: \'userpin\'' in response
  283         assert '"code": 905' in response
  284 
  285 
  286         response = self.make_userselfservice_request('setpin',
  287                                 auth_user=auth_user,
  288                                 params={'serial': 'spass01',
  289                                         'userpin': 'secretPin'})
  290         print response
  291         assert '"status": true' in response
  292         assert '"set userpin": 1' in response
  293 
  294         response = self.app.get(url(controller='validate', action='check'),
  295                                 params={'user': 'passthru_user1@myDefRealm',
  296                                         'pass': 'secretPin'})
  297         print response
  298         assert '"status": true' in response
  299         assert '"value": true' in response
  300 
  301         response = self.make_selfservice_request('setpin',
  302                                 auth_user=auth_user)
  303         print response
  304         assert "<div id='passwordform'>" in response
  305 
  306         # testing the index and the list of the tokens
  307         response = self.make_selfservice_request('index',
  308                                 auth_user=auth_user)
  309 
  310         print "%r" % response
  311 
  312     def test_get_serial_by_otp(self):
  313         '''
  314         selfservice: get serial by otp value
  315         '''
  316         self.deleteToken('token01')
  317 
  318         auth_user = {
  319              'login': 'passthru_user1@myDefRealm',
  320              'password': 'geheim1'}
  321 
  322         response = self.make_userselfservice_request('getSerialByOtp',
  323                                 auth_user=auth_user,
  324                                 params={'type': 'hmac',
  325                                         'otp': '885497'})
  326         print response
  327         assert '"status": false' in response
  328         assert '"message": "ERR410: The policy settings do not allow you to request a serial by OTP!",' in response
  329 
  330         response = self.app.get(url(controller='admin', action='init'),
  331                                 params={'serial':'token01',
  332                                         'type': 'hmac',
  333                                         'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d'
  334                                         })
  335         print response
  336         assert '"status": true' in response
  337 
  338         self.createPolicy("getserial")
  339         response = self.make_userselfservice_request('getSerialByOtp',
  340                                 auth_user=auth_user,
  341                                 params={'type': 'hmac',
  342                                         'otp': '459812'})
  343         print response
  344         # The token is not found, as it is not in the realm of the user
  345         assert '"serial": ""' in response
  346 
  347         response = self.app.get(url(controller='admin', action='tokenrealm'),
  348                                 params={'serial': 'token01',
  349                                         'realms': 'myDefRealm'})
  350         print response
  351         assert '"value": 1' in response
  352 
  353         # NOw the token is found
  354         response = self.make_userselfservice_request('getSerialByOtp',
  355                                 auth_user=auth_user,
  356                                 params={'type': 'hmac',
  357                                         'otp': '459812'})
  358         print response
  359         assert '"serial": "token01"' in response
  360 
  361     def test_assign(self):
  362         '''
  363         selfservice: testing assign token and unassign token
  364         '''
  365         self.deleteToken('token01')
  366 
  367         # init token
  368         response = self.app.get(url(controller='admin', action='init'),
  369                                 params={'serial':'token01',
  370                                         'type': 'hmac',
  371                                         'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d'
  372                                         })
  373         print response
  374         assert '"status": true' in response
  375 
  376         # put into realm
  377         response = self.app.get(url(controller='admin', action='tokenrealm'),
  378                                 params={'serial': 'token01',
  379                                         'realms': 'myDefRealm'})
  380         print response
  381         assert '"value": 1' in response
  382 
  383         # Now try to assign
  384 
  385         auth_user = {
  386              'login': 'passthru_user1@myDefRealm',
  387              'password': 'geheim1'}
  388 
  389         response = self.make_userselfservice_request('assign',
  390                             auth_user=auth_user, params={'serial': 'token01'})
  391 
  392         print response
  393         assert '"message": "ERR410: ' in response
  394 
  395         self.createPolicy("assign")
  396         response = self.make_userselfservice_request('assign',
  397                                 auth_user=auth_user,
  398                                 params={'serial': 'token01'})
  399         print response
  400         assert '"assign token": true' in response
  401 
  402         # unassign
  403         response = self.make_userselfservice_request('unassign',
  404                                 auth_user=auth_user,
  405                                 params={'serial': 'token01'})
  406         print response
  407         assert '"message": "ERR410: The policy settings do not allow you to issue this request!",' in response
  408 
  409         self.createPolicy("unassign")
  410         response = self.make_userselfservice_request('unassign',
  411                                 auth_user=auth_user,
  412                                 params={'serial': 'token01'})
  413         print response
  414         assert '"unassign token": true' in response
  415 
  416         # UI
  417         response = self.make_selfservice_request('assign',
  418                                 auth_user=auth_user)
  419         print response
  420         assert "<div id='assignform'>" in response
  421 
  422         response = self.make_selfservice_request('unassign',
  423                                 auth_user=auth_user)
  424         print response
  425         assert "<div id='unassignform'>" in response
  426 
  427 
  428     def test_delete(self):
  429         '''
  430         selfservice: testing deleting token
  431         '''
  432         self.deleteToken('token01')
  433 
  434         response = self.app.get(url(controller='admin', action='init'),
  435                                 params={'serial':'token01',
  436                                         'type': 'hmac',
  437                                         'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d',
  438                                         'user': 'passthru_user1@myDefRealm'
  439                                         })
  440         print response
  441         assert '"status": true' in response
  442 
  443         auth_user = {
  444              'login': 'passthru_user1@myDefRealm',
  445              'password': 'geheim1'}
  446 
  447         response = self.make_userselfservice_request('delete',
  448                                 auth_user=auth_user,
  449                                 params={'serial': 'token01'})
  450         print response
  451         assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response
  452 
  453         self.createPolicy("delete")
  454         response = self.make_userselfservice_request('delete',
  455                                 auth_user=auth_user,
  456                                 params={'serial': 'token01'})
  457         print response
  458         assert '"delete token": 1' in response
  459 
  460         # UI
  461         response = self.make_selfservice_request('delete',
  462                                 auth_user=auth_user)
  463         print response
  464         assert "<div id='deleteform'>" in response
  465 
  466     def test_disable(self):
  467         '''
  468         selfservice: testing disable and enable token
  469         '''
  470         self.deleteToken('token01')
  471 
  472         response = self.app.get(url(controller='admin', action='init'),
  473                                 params={'serial':'token01',
  474                                         'type': 'hmac',
  475                                         'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d',
  476                                         'user': 'passthru_user1@myDefRealm'
  477                                         })
  478         print response
  479         assert '"status": true' in response
  480 
  481         # disable
  482 
  483         auth_user = {
  484              'login': 'passthru_user1@myDefRealm',
  485              'password': 'geheim1'}
  486 
  487         response = self.make_userselfservice_request('disable',
  488                                 auth_user=auth_user,
  489                                 params={'serial': 'token01'})
  490         print response
  491         assert '"message": "ERR410: The policy settings do not allow you to issue this request!",' in response
  492 
  493         self.createPolicy("disable")
  494         response = self.make_userselfservice_request('disable',
  495                                 auth_user=auth_user,
  496                                 params={'serial': 'token01'})
  497         print response
  498         assert '"disable token": 1' in response
  499 
  500         response = self.app.get(url(controller='admin', action='show'),
  501                                 params={'serial': 'token01'})
  502         print response
  503         assert '"LinOtp.TokenSerialnumber": "token01",' in response
  504         assert '"LinOtp.Isactive": false' in response
  505 
  506         # now enable again
  507 
  508         response = self.make_userselfservice_request('enable',
  509                                 auth_user=auth_user,
  510                                 params={'serial': 'token01'})
  511         print response
  512         assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response
  513 
  514         self.createPolicy("enable")
  515         response = self.make_userselfservice_request('enable',
  516                                 auth_user=auth_user,
  517                                 params={'serial': 'token01'})
  518         print response
  519         assert '"enable token": 1' in response
  520 
  521         response = self.app.get(url(controller='admin', action='show'),
  522                                 params={'serial': 'token01'})
  523         print response
  524         assert '"LinOtp.TokenSerialnumber": "token01",' in response
  525         assert '"LinOtp.Isactive": true' in response
  526 
  527         # UI
  528         response = self.make_selfservice_request('disable',
  529                                 auth_user=auth_user)
  530         print response
  531         assert "<div id='disableform'>" in response
  532 
  533         response = self.make_selfservice_request('enable',
  534                                 auth_user=auth_user)
  535         print response
  536         assert "<div id='enableform'>" in response
  537 
  538     def test_init(self):
  539         '''
  540         selfservice: testing enrollment of token as normal user
  541         '''
  542         self.deleteToken('token01')
  543 
  544         auth_user = {
  545              'login': 'passthru_user1@myDefRealm',
  546              'password': 'geheim1'}
  547 
  548         response = self.make_userselfservice_request('enroll',
  549                                 auth_user=auth_user,
  550                                 params={'serial':'token01',
  551                                         'type': 'hmac',
  552                                         'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d'
  553                                         })
  554         print response
  555         assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response
  556 
  557         self.createPolicy('enrollHMAC')
  558 
  559         response = self.make_userselfservice_request('enroll',
  560                                 auth_user=auth_user,
  561                                 params={'serial':'token01',
  562                                         'type': 'hmac',
  563                                         'otpkey': 'c4a3923c8d97e03af6a12fa40264c54b8429cf0d'
  564                                         })
  565         print response
  566         assert '"status": true' in response
  567 
  568         response = self.app.get(url(controller='admin', action='show'),
  569                                 params={'serial': 'token01'})
  570         print response
  571         assert '"LinOtp.TokenSerialnumber": "token01",' in response
  572         assert '"LinOtp.Isactive": true' in response
  573 
  574     def test_enroll_onetime_spass(self):
  575         '''
  576         selfservice: testing enrollment of a onetime spass token as normal user
  577         '''
  578         self.deleteToken('token01')
  579 
  580         ''' Verify that the relevant policy is required '''
  581 
  582         auth_user = {
  583              'login': 'passthru_user1@myDefRealm',
  584              'password': 'geheim1'}
  585 
  586         response = self.make_userselfservice_request('enroll',
  587                                 auth_user=auth_user,
  588                                 params={'serial':'token01',
  589                                         'type': 'spass',
  590                                         'pin': '!token0secret!'
  591                                         })
  592         print response
  593         assert '"message": "ERR410: The policy settings do not allow you to issue this request!"' in response
  594 
  595         ''' Verify that a spass token is properly created '''
  596         self.createPolicy('enrollSPASS')
  597 
  598         response = self.make_userselfservice_request('enroll',
  599                                 auth_user=auth_user,
  600                                 params={'serial':'token01',
  601                                         'type': 'spass',
  602                                         'onetime': 'true',
  603                                         'pin': '!token0secret!'
  604                                         })
  605         print response
  606         assert '"status": true' in response
  607 
  608         response = self.app.get(url(controller='admin', action='show'),
  609                                 params={'serial': 'token01'})
  610         print response
  611         assert '"LinOtp.TokenSerialnumber": "token01",' in response
  612         assert '"LinOtp.Isactive": true' in response
  613 
  614         ''' Verify this spass works once... '''
  615         parameters = {
  616                       "user"     : 'passthru_user1@myDefRealm',
  617                       "pass"     : '!token0secret!',
  618                       }
  619         response = self.app.get(url(controller='validate', action='check'), params=parameters)
  620         assert '"status": true' in response
  621         assert '"value": true'  in response
  622 
  623         ''' ... and exactly once '''
  624         response = self.app.get(url(controller='validate', action='check'), params=parameters)
  625         assert '"status": true' in response
  626         assert '"value": false'  in response
  627 
  628     def test_webprovision(self):
  629         '''
  630         selfservice: testing user webprovision
  631         '''
  632         self.deleteToken('token01')
  633 
  634         auth_user = {
  635              'login': 'passthru_user1@myDefRealm',
  636              'password': 'geheim1'}
  637 
  638         response = self.make_userselfservice_request('webprovision',
  639                                 auth_user=auth_user,
  640                                 params={'serial':'token01',
  641                                         'type': 'hmac'})
  642 
  643         self.assertTrue('"message": "valid types are \'oathtoken\' and \'googleauthenticator\' and \'googleauthenticator_time\'. You provided hmac",' in response,response)
  644 
  645         response = self.make_userselfservice_request('webprovision',
  646                                 auth_user=auth_user,
  647                                 params={'serial':'token01',
  648                                         'type': 'googleauthenticator'
  649                                         })
  650 
  651         self.assertTrue('"message": "ERR410: The policy settings do not allow you to issue this request!"' in response,response)
  652 
  653         self.createPolicy('webprovisionGOOGLE')
  654 
  655         response = self.make_userselfservice_request('webprovision',
  656                                 auth_user=auth_user,
  657                                 params={'prefix':'LSGO',
  658                                         'type': 'googleauthenticator'
  659                                         })
  660         self.assertTrue('"url": "otpauth://hotp/LinOTP:LSGO' in response,
  661                         response)
  662 
  663         # test
  664         response = self.app.get(url(controller='admin', action='show'),
  665                                 params={'user': 'passthru_user1@myDefRealm'})
  666         self.assertTrue('"LinOtp.TokenSerialnumber": "LSGO' in response,response)
  667         self.assertTrue('"LinOtp.Isactive": true' in response, response)
  668 
  669         # UI
  670 
  671         response = self.make_selfservice_request('webprovisiongoogletoken',
  672                                 auth_user=auth_user)
  673         self.assertTrue("googletokenform" in response.body, response)
  674 
  675         return
  676 
  677 
  678     def test_ocra(self):
  679         '''
  680         TODO selfservice: testing ocra
  681         '''
  682         pass
  683 
  684 
  685     def test_getmultiotp(self):
  686         '''
  687         TODO selfservice: testing getting multiple otps
  688         '''
  689         pass
  690 
  691     def test_privilege_escalation_fix(self):
  692 
  693         """
  694         Check if logged in users can not see token data
  695         of another user through /userservice/context
  696 
  697         refers LINOTP-702
  698         """
  699 
  700         auth_user = {
  701              'login': 'passthru_user1@myDefRealm',
  702              'password': 'geheim1'}
  703 
  704         response = self.make_userselfservice_request('context',
  705                                 auth_user=auth_user,
  706                                 params={'user': 'hans'})
  707 
  708         response_dict = json.loads(response.body)
  709 
  710         user = response_dict['user']
  711         self.assertEqual(user, 'passthru_user1')