"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.10.5.2/linotpd/src/linotp/tests/functional/test_system.py" (13 May 2019, 22470 Bytes) of package /linux/misc/LinOTP-release-2.10.5.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # -*- coding: utf-8 -*-
    2 #
    3 #    LinOTP - the open source solution for two factor authentication
    4 #    Copyright (C) 2010 - 2019 KeyIdentity GmbH
    5 #
    6 #    This file is part of LinOTP server.
    7 #
    8 #    This program is free software: you can redistribute it and/or
    9 #    modify it under the terms of the GNU Affero General Public
   10 #    License, version 3, as published by the Free Software Foundation.
   11 #
   12 #    This program is distributed in the hope that it will be useful,
   13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 #    GNU Affero General Public License for more details.
   16 #
   17 #    You should have received a copy of the
   18 #               GNU Affero General Public License
   19 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 #
   21 #
   22 #    E-mail: linotp@keyidentity.com
   23 #    Contact: www.linotp.org
   24 #    Support: www.keyidentity.com
   25 #
   26 
   27 
   28 """
   29 """
   30 import os
   31 import logging
   32 from linotp.tests import TestController
   33 
   34 
   35 log = logging.getLogger(__name__)
   36 
   37 
   38 class TestSystemController(TestController):
   39 
   40     # ########################################################################
   41     def setUp(self):
   42         TestController.setUp(self)
   43         self.delete_all_policies()
   44 
   45     def test_setDefault(self):
   46         '''
   47         Testing setting default values
   48         '''
   49 
   50         params = {
   51             "DefaultMaxFailCount": "21",
   52             "DefaultSyncWindow": "200",
   53             "DefaultCountWindow": "20",
   54             "DefaultOtpLen": "8",
   55             "DefaultResetFailCount": "False"
   56         }
   57         response = self.make_system_request(action='setDefault',
   58                                             params=params)
   59         # log.debug("response %s\n",response)
   60         self.assertTrue('"set DefaultSyncWindow": true' in response, response)
   61         self.assertTrue('"set DefaultMaxFailCount": true' in response,
   62                         response)
   63         self.assertTrue('"set DefaultResetFailCount": true' in response,
   64                         response)
   65         self.assertTrue('"set DefaultSyncWindow": true' in response, response)
   66         self.assertTrue('"set DefaultMaxFailCount": true' in response,
   67                         response)
   68         self.assertTrue('"set DefaultCountWindow": true'in response, response)
   69 
   70         params = {"DefaultMaxFailCount": "10",
   71                   "DefaultSyncWindow": "1000",
   72                   "DefaultCountWindow": "10",
   73                   "DefaultOtpLen": "6",
   74                   "DefaultResetFailCount": "True"
   75                   }
   76 
   77         response = self.make_system_request(action='setDefault',
   78                                             params=params)
   79         # log.info("response %s\n",response)
   80 
   81         self.assertTrue('"set DefaultSyncWindow": true' in response, response)
   82         self.assertTrue('"set DefaultMaxFailCount": true' in response,
   83                         response)
   84         self.assertTrue('"set DefaultResetFailCount": true' in response,
   85                         response)
   86         self.assertTrue('"set DefaultSyncWindow": true' in response, response)
   87         self.assertTrue('"set DefaultMaxFailCount": true' in response,
   88                         response)
   89         self.assertTrue('"set DefaultCountWindow": true'in response, response)
   90 
   91     def test_001_resolvers(self):
   92         """
   93         setup: delete realms
   94         """
   95         self.delete_all_realms()
   96 
   97         params = {"username": "root"}
   98         response = self.make_admin_request(action='userlist', params=params)
   99 
  100         pass
  101         params = {"username": "root",
  102                   "realm": "myMixRealm"}
  103 
  104         response = self.make_admin_request(action='userlist', params=params)
  105 
  106         pass
  107 
  108     def test_001_realms(self):
  109         """
  110         """
  111         self.create_common_resolvers()
  112         self.create_common_realms()
  113         response = self.make_system_request(action='getRealms')
  114 
  115         # set realms
  116         self.assertTrue('"realmname": "mydefrealm"'in response, response)
  117         self.assertTrue('"realmname": "myotherrealm"'in response, response)
  118         self.assertTrue('"realmname": "mymixrealm"'in response, response)
  119 
  120         # now check for the different users in the different realms
  121         params = {"username": "root",
  122                   "realm": "*"}
  123 
  124         response = self.make_admin_request(action='userlist', params=params)
  125 
  126         self.assertTrue('"useridresolver.PasswdIdResolver.'
  127                         'IdResolver.myOtherRes"'in response, response)
  128         self.assertTrue('"useridresolver.PasswdIdResolver.'
  129                         'IdResolver.myDefRes"'in response, response)
  130 
  131         # now check for the different users in the different realms
  132         params = {"username": "root",
  133                   "realm": "myDefRealm"
  134                   }
  135 
  136         response = self.make_admin_request(action='userlist',
  137                                            params=params)
  138         # log.info("response %s\n",response)
  139 
  140         self.assertTrue('"useridresolver.PasswdIdResolver.'
  141                         'IdResolver.myDefRes"'in response, response)
  142         self.assertTrue('"root-def-passwd"'in response, response)
  143 
  144         # now check for the different users in the different realms
  145         params = {"username": "root",
  146                   "realm": "myMixRealm"}
  147 
  148         response = self.make_admin_request(action='userlist',
  149                                            params=params)
  150 
  151         self.assertTrue('"useridresolver.PasswdIdResolver.'
  152                         'IdResolver.myOtherRes"'in response, response)
  153         self.assertTrue('"root-myDom-passwd"'in response, response)
  154 
  155         self.assertTrue('"useridresolver.PasswdIdResolver.'
  156                         'IdResolver.myDefRes"'in response, response)
  157         self.assertTrue('"root-def-passwd"'in response, response)
  158 
  159         # now check for the different users in the different realms
  160         params = {"username": "root"}  # check in default
  161 
  162         response = self.make_admin_request(action='userlist',
  163                                            params=params)
  164 
  165         self.assertTrue('"useridresolver.PasswdIdResolver.'
  166                         'IdResolver.myDefRes"'in response, response)
  167         self.assertTrue('"root-def-passwd"'in response, response)
  168 
  169         # now set default to myDomain
  170         params = {"realm": "myOtherRealm"}
  171 
  172         response = self.make_system_request(action='setDefaultRealm',
  173                                             params=params)
  174         self.assertTrue('"value": true'in response, response)
  175 
  176         # now check for the different users in the different realms
  177         params = {"username": "root"}  # check in default
  178 
  179         response = self.make_admin_request(action='userlist',
  180                                            params=params)
  181 
  182         self.assertTrue('"useridresolver.PasswdIdResolver.'
  183                         'IdResolver.myOtherRes"'in response, response)
  184         self.assertTrue('"root-myDom-passwd"'in response, response)
  185 
  186         # now delete the default realm
  187         params = {"realm": "myOtherRealm"}  # check in default
  188 
  189         response = self.make_system_request(action='delRealm',
  190                                             params=params)
  191 
  192         self.assertTrue('"delRealm": {'in response, response)
  193         self.assertTrue('"result": true'in response, response)
  194 
  195         params = {"realms": "*"}
  196 
  197         response = self.make_system_request(action='getRealms',
  198                                             params=params)
  199         # set realms
  200         self.assertTrue('"realmname": "mydefrealm"'in response, response)
  201         self.assertTrue('"realmname": "myotherrealm"' not in response,
  202                         response)
  203         self.assertTrue('"realmname": "mymixrealm"'in response, response)
  204 
  205         # now check for the different users in the different realms
  206         params = {"username": "def"}  # check in default
  207 
  208         response = self.make_admin_request(action='userlist', params=params)
  209 
  210         self.assertTrue('"value": []'in response, response)
  211 
  212         # now check for the different users in the different realms
  213         params = {"username": "def",  # check in default
  214                   "realm": "myDefRealm"
  215                   }
  216 
  217         response = self.make_admin_request(action='userlist', params=params)
  218         # log.info("response %s\n",response)
  219         self.assertTrue('"description": "def User,,,,"'in response, response)
  220 
  221         # now set default to myDomain
  222         params = {"realm": "myDefRealm"}
  223 
  224         response = self.make_system_request(action='setDefaultRealm',
  225                                             params=params)
  226         self.assertTrue('"value": true'in response, response)
  227 
  228         # now check for the different users in the different realms
  229         params = {"username": "def"}  # check in default
  230 
  231         response = self.make_admin_request(action='userlist', params=params)
  232 
  233         self.assertTrue('"description": "def User,,,,"'in response, response)
  234 
  235         # now set default to myDomain
  236         params = {"realm": "myMixRealm"}
  237 
  238         response = self.make_system_request(action='setDefaultRealm',
  239                                             params=params)
  240         self.assertTrue('"value": true'in response, response)
  241 
  242         # now check for the different users in the different realms
  243         params = {"username": "root"}  # check in default
  244 
  245         response = self.make_admin_request(action='userlist', params=params)
  246 
  247         self.assertTrue('"root-def-passwd"'in response, response)
  248         self.assertTrue('"root-myDom-passwd"'in response, response)
  249 
  250         # now set default to myDomain
  251         params = {"realm": "myOtherRealm"}
  252 
  253         response = self.make_system_request(action='setDefaultRealm',
  254                                             params=params)
  255         self.assertTrue('"value": false'in response, response)
  256 
  257         # now check for the different users in the different realms
  258         params = {"username": "def",  # check in default
  259                   "resConf": "myDefRes"
  260                   }
  261 
  262         response = self.make_admin_request(action='userlist',
  263                                            params=params)
  264         # log.info("response %s\n",response)
  265         self.assertTrue('"description": "def User,,,,"'in response, response)
  266         self.delete_all_realms()
  267         self.delete_all_resolvers()
  268 
  269     def test_set_default(self):
  270         '''
  271         System-controller: set default without matching keys
  272         '''
  273         params = {'wrongKey': 'wrongVal'}
  274         response = self.make_system_request(action='setDefault',
  275                                             params=params)
  276 
  277         self.assertTrue('"status": false' in response, response)
  278         self.assertTrue('Usage: setDefault: parameters are' in response,
  279                         response)
  280 
  281     def test_setconfig_backwards(self):
  282         '''
  283         testing setconfig backward compat
  284         '''
  285         params = {'key': 'test',
  286                   'value': 'old',
  287                   'description': 'old value'}
  288         response = self.make_system_request(action='setConfig', params=params)
  289 
  290         self.assertTrue('"setConfig test": true' in response, response)
  291 
  292         params = {'key': 'some.resolver.config',
  293                   'value': 'resolverText',
  294                   'description': 'resolver test'}
  295         response = self.make_system_request(action='setConfig', params=params)
  296 
  297         self.assertTrue('"setConfig some.resolver.config": true' in response,
  298                         response)
  299 
  300     def test_setconfig_typing(self):
  301         '''
  302         Test: system/setConfig with typing
  303         '''
  304         params = {'secretkey': 'test123',
  305                   'secretkey.type': 'password'}
  306         response = self.make_system_request(action='setConfig', params=params)
  307         log.info(response)
  308         self.assertTrue('"setConfig secretkey:test123": true' in response,
  309                         response)
  310 
  311         # the value will be returned transparently
  312         response = self.make_system_request(action='getConfig',
  313                                             params={'key': 'secretkey'})
  314         self.assertTrue("test123" not in response, response)
  315 
  316         # the value will be returned transparently
  317         params = {'key': 'enclinotp.secretkey'}
  318         response = self.make_system_request(action='getConfig',
  319                                             params=params)
  320         self.assertTrue("test123" not in response, response)
  321 
  322         response = self.make_system_request(action='delConfig',
  323                                             params={'key': 'secretkey'})
  324         return
  325 
  326     def test_delResolver(self):
  327         '''
  328         Testing the deleting of a resolver
  329         '''
  330 
  331         params = {'name': 'reso1',
  332                   'type': 'passwdresolver',
  333                   'fileName': os.path.join(self.fixture_path, 'my-pass2')}
  334 
  335         response = self.make_system_request(action='setResolver',
  336                                             params=params)
  337 
  338         self.assertTrue('"value": true' in response, response)
  339 
  340         params = {'name': 'reso2',
  341                   'type': 'passwdresolver',
  342                   'fileName': os.path.join(self.fixture_path, 'my-pass2')}
  343 
  344         response = self.make_system_request(action='setResolver',
  345                                             params=params)
  346 
  347         self.assertTrue('"value": true' in response, response)
  348         params = {'name': 'reso3',
  349                   'type': 'passwdresolver',
  350                   'fileName': os.path.join(self.fixture_path, 'my-pass2')}
  351 
  352         response = self.make_system_request(action='setResolver',
  353                                             params=params)
  354 
  355         self.assertTrue('"value": true' in response, response)
  356 
  357         response = self.make_system_request(action='getResolvers', params={})
  358 
  359         self.assertTrue('"entry": "linotp.passwdresolver.fileName.reso2"' in
  360                         response, response)
  361         self.assertTrue('"entry": "linotp.passwdresolver.fileName.reso1"' in
  362                         response, response)
  363         self.assertTrue('"entry": "linotp.passwdresolver.fileName.reso3"' in
  364                         response, response)
  365 
  366         # create a realm
  367         params = {'realm': 'realm1',
  368                   'resolvers': 'passwdresolver.reso1, passwdresolver.reso2'
  369                   }
  370         response = self.make_system_request(action='setRealm', params=params)
  371 
  372         self.assertTrue('"value": true' in response, response)
  373 
  374         # try to delete a resolver, that is in a realm
  375         response = self.make_system_request(action='delResolver',
  376                                             params={'resolver': 'reso1'})
  377 
  378         self.assertTrue('Resolver u\'reso1\'  still in use' in response,
  379                         response)
  380 
  381         response = self.make_system_request(action='delResolver',
  382                                             params={'resolver': 'reso3'})
  383         self.assertTrue('"value": true' in response, response)
  384 
  385     def test_policy_wrong_name(self):
  386         '''
  387         testing to set a policy with a wrong name
  388         '''
  389         params = {'name': 'ads ads asd',
  390                   'action': '*',
  391                   'scope': 'admin',
  392                   'realm': '*'}
  393         response = self.make_system_request(action='setPolicy', params=params)
  394 
  395         self.assertTrue('The name of the policy may only contain'
  396                         ' the characters'in response, response)
  397 
  398         self.delete_all_policies()
  399 
  400         return
  401 
  402     def test_bad_policy_name_import(self):
  403 
  404         policy_content = '''[ded-ee]
  405 realm = *
  406 active = True
  407 client = ""
  408 user = *
  409 time = ""
  410 action = "otppin=password "
  411 scope = authentication
  412 '''
  413 
  414         upload_files = [("file", "savedPolicy.txt", policy_content)]
  415 
  416         response = self.make_system_request(action='importPolicy',
  417                                             params={},
  418                                             upload_files=upload_files)
  419 
  420         self.assertTrue('<status>False</status>' in response, response)
  421         self.assertTrue('may only contain the characters'in response, response)
  422 
  423         # Now check the policies, that we imported...
  424         response = self.make_system_request(action='getPolicy', method='POST',
  425                                             params={}, auth_user='superuser')
  426 
  427         self.assertFalse('ded-ee' in response, response)
  428 
  429         return
  430 
  431     def test_import_policy_empty_realm(self):
  432         """
  433         test import of policies with no or empty realm
  434         """
  435 
  436         # load the policy cfg for import
  437 
  438         policy_file = 'policy_realm.cfg'
  439 
  440         file_name = os.path.join(self.fixture_path, policy_file)
  441 
  442         with open(file_name, 'r') as f:
  443             policy_content = f.read()
  444 
  445         upload_files = [("file", policy_file, policy_content)]
  446 
  447         response = self.make_system_request(action='importPolicy',
  448                                             params={},
  449                                             upload_files=upload_files)
  450 
  451         self.assertTrue('<status>True</status>' in response, response)
  452 
  453         # Now check the policies, that we imported...
  454 
  455         response = self.make_system_request(action='getPolicy',
  456                                             method='POST',
  457                                             params={},
  458                                             auth_user='superuser')
  459 
  460         self.assertFalse('ded-ee' in response, response)
  461 
  462         return
  463 
  464     def test_import_policy(self):
  465 
  466         policy_content = '''[resovler_ss1]
  467 realm = realm2
  468 client = None
  469 user = lse_ad:
  470 time = None
  471 action = "webprovisionGOOGLE, "
  472 scope = selfservice
  473 [resovler_ss2]
  474 realm = realm2
  475 client = None
  476 user = "local:, koelbel"
  477 time = None
  478 action = "webprovisionGOOGLEtime, assign, "
  479 scope = selfservice
  480 [ss1_maria]
  481 realm = realm1
  482 client = None
  483 user = maria
  484 time = None
  485 action = "max_count_hotp=10, webprovisionGOOGLE, getotp, webprovisionOCRA, enrollYUBICO, "
  486 scope = selfservice
  487 [SMS]
  488 realm = realm1
  489 client = ""
  490 user = ""
  491 time = ""
  492 action = smstext=The OTP value for <serial>: <otp>
  493 scope = authentication
  494 [ss1_raff]
  495 realm = realm1
  496 client = None
  497 user = None
  498 time = None
  499 action = "webprovisionGOOGLE, max_count_hotp=5, getotp, assign, webprovisionOCRA, webprovisionOCRA, enrollSMS, enrollMOTP, setMOTPPIN, history"
  500 scope = selfservice
  501 [ocra]
  502 realm = *
  503 client = *
  504 user = admin
  505 time = None
  506 action = "request, activationcode, status, "
  507 scope = ocra
  508 [ss1_ocra]
  509 realm = realm1
  510 client = None
  511 user = None
  512 time = None
  513 action = "qrtanurl=https://localhost, "
  514 scope = authentication
  515 [gettoken]
  516 realm = *
  517 client = ""
  518 user = *
  519 time = ""
  520 action = max_count_hotp=50
  521 scope = gettoken
  522 '''
  523 
  524         upload_files = [("file", "savedPolicy.txt", policy_content)]
  525 
  526         response = self.make_system_request(action='importPolicy',
  527                                             params={},
  528                                             upload_files=upload_files)
  529 
  530         self.assertTrue('<status>True</status>' in response, response)
  531         self.assertTrue('<value>8</value>' in response, response)
  532 
  533         # Now check the policies, that we imported...
  534         response = self.make_system_request(action='getPolicy', method='POST',
  535                                             params={}, auth_user='superuser')
  536 
  537         self.assertTrue('"resovler_ss1": {' in response, response)
  538         self.assertTrue('"resovler_ss2": {' in response, response)
  539         self.assertTrue('"ss1_maria": {' in response, response)
  540         self.assertTrue('"SMS": {' in response, response)
  541         self.assertTrue('"ss1_raff": {' in response, response)
  542         self.assertTrue('"ocra": {' in response, response)
  543         self.assertTrue('"ss1_ocra": {' in response, response)
  544         self.assertTrue('"gettoken": {' in response, response)
  545 
  546         # Now we try to upload with access policies.
  547         params = {'name': 'superuser',
  548                   'scope': 'system',
  549                   'action': 'read,write',
  550                   'realm': '*',
  551                   'user': 'superuser'}
  552 
  553         response = self.make_system_request(action='setPolicy', method='POST',
  554                                             params=params,
  555                                             auth_user='superuser')
  556 
  557         self.assertTrue('"setPolicy superuser":' in response, response)
  558 
  559         params = {'name': 'readsystem',
  560                   'scope': 'system',
  561                   'action': 'read',
  562                   'realm': '*',
  563                   'user': 'readadmin'}
  564         response = self.make_system_request(action='setPolicy', method='POST',
  565                                             params=params,
  566                                             auth_user='superuser')
  567 
  568         self.assertTrue('"setPolicy readsystem":' in response, response)
  569 
  570         # superuser is allowed to import
  571         upload_files = [("file", "savedPolicy.txt", policy_content)]
  572         response = self.make_system_request(action='importPolicy',
  573                                             method='POST',
  574                                             params={},
  575                                             upload_files=upload_files,
  576                                             auth_user='superuser')
  577 
  578         self.assertTrue('<status>True</status>' in response, response)
  579         self.assertTrue('<value>8</value>' in response, response)
  580 
  581         # readadmin is not allowed to import
  582         upload_files = [("file", "savedPolicy.txt", policy_content)]
  583         response = self.make_system_request(action='importPolicy',
  584                                             method='POST',
  585                                             params={},
  586                                             upload_files=upload_files,
  587                                             auth_user='readadmin')
  588 
  589         self.assertTrue('Policy check failed. You are not allowed to'
  590                         ' write system config' in response, response)
  591 
  592         # finally remove all policies
  593         names = []
  594         for line in policy_content.split():
  595             if line[0] == '[':
  596                 name = line.replace('[', '').replace(']', '')
  597                 names.append(name)
  598         for name in names:
  599             self.delete_policy(name, auth_user='superuser')
  600 
  601         self.delete_policy('readsystem', auth_user='superuser')
  602         self.delete_policy('superuser', auth_user='superuser')
  603 
  604         return
  605 
  606 # eof ########################################################################