"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.10.5.2/linotpd/src/linotp/tests/functional/test_validate.py" (13 May 2019, 83867 Bytes) of package /linux/misc/LinOTP-release-2.10.5.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # -*- coding: utf-8 -*-
    2 #
    3 #    LinOTP - the open source solution for two factor authentication
    4 #    Copyright (C) 2010 - 2019 KeyIdentity GmbH
    5 #
    6 #    This file is part of LinOTP server.
    7 #
    8 #    This program is free software: you can redistribute it and/or
    9 #    modify it under the terms of the GNU Affero General Public
   10 #    License, version 3, as published by the Free Software Foundation.
   11 #
   12 #    This program is distributed in the hope that it will be useful,
   13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 #    GNU Affero General Public License for more details.
   16 #
   17 #    You should have received a copy of the
   18 #               GNU Affero General Public License
   19 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 #
   21 #
   22 #    E-mail: linotp@keyidentity.com
   23 #    Contact: www.linotp.org
   24 #    Support: www.keyidentity.com
   25 #
   26 
   27 
   28 """ """
   29 
   30 
   31 import httplib2
   32 import time
   33 import hmac
   34 import logging
   35 import binascii
   36 import struct
   37 import hashlib
   38 import sys
   39 import json
   40 from mock import patch
   41 
   42 # we need this for the radius token
   43 import pyrad
   44 
   45 from linotp.tests import TestController, url
   46 
   47 log = logging.getLogger(__name__)
   48 
   49 
   50 class Response(object):
   51     code = pyrad.packet.AccessAccept
   52 
   53 
   54 def mocked_radius_SendPacket(Client, *argparams, **kwparams):
   55 
   56     response = Response()
   57     #response.code = pyrad.packet.AccessAccept
   58 
   59     return response
   60 
   61 
   62 def mocked_http_request(HttpObject,  *argparams, **kwparams):
   63 
   64     resp = 200
   65 
   66     content = {
   67         "version": "LinOTP MOCK",
   68         "jsonrpc": "2.0",
   69         "result": {
   70             "status": True,
   71             "value": True
   72         },
   73         "id": 0
   74     }
   75     r_auth_info = TestValidateController.R_AUTH_DETAIL
   76     if r_auth_info:
   77         content['detail'] = r_auth_info
   78 
   79     return resp, json.dumps(content)
   80 
   81 
   82 class HmacOtp():
   83 
   84     def __init__(self, secret, counter=0, digits=6, hashfunc=hashlib.sha1):
   85         self.secret = secret
   86         self.counter = counter
   87         self.digits = digits
   88 
   89         # set up hashlib
   90         ty = type(hashfunc).__name__
   91         if ty == 'str' or ty == 'unicode':
   92             self.hashfunc = self._getHashlib(hashfunc)
   93         else:
   94             self.hashfunc = hashfunc
   95 
   96     def _getHashlib(self, hLibStr):
   97 
   98         if hLibStr is None:
   99             return hashlib.sha1
  100 
  101         hashlibStr = hLibStr.lower()
  102 
  103         if hashlibStr == "md5":
  104             return hashlib.md5
  105         elif hashlibStr == "sha1":
  106             return hashlib.sha1
  107         elif hashlibStr == "sha224":
  108             return hashlib.sha224
  109         elif hashlibStr == "sha256":
  110             return hashlib.sha256
  111         elif hashlibStr == "sha384":
  112             return hashlib.sha384
  113         elif hashlibStr == "sha512":
  114             return hashlib.sha512
  115         else:
  116             return hashlib.sha1
  117 
  118     def calcHmac(self, counter=None):
  119         # log.error("hmacSecret()")
  120         counter = counter or self.counter
  121 
  122         # # retrieve the unicode key
  123         akey = self.secret
  124 
  125         # log.debug("[hmac] key: %s", akey)
  126 
  127         # # and convert it to binary    from linotp.lib.crypto import SecretObj
  128         key = binascii.unhexlify(akey)
  129         msg = struct.pack(">Q", counter)
  130         dige = hmac.new(key, msg, self.hashfunc)
  131 
  132         digStr = str(dige.digest())
  133 
  134         del akey
  135         del key
  136         del dige
  137 
  138         return digStr
  139 
  140     def truncate(self, digest):
  141         offset = ord(digest[-1:]) & 0x0f
  142 
  143         binary = (ord(digest[offset + 0]) & 0x7f) << 24
  144         binary |= (ord(digest[offset + 1]) & 0xff) << 16
  145         binary |= (ord(digest[offset + 2]) & 0xff) << 8
  146         binary |= (ord(digest[offset + 3]) & 0xff)
  147 
  148         return binary % (10 ** self.digits)
  149 
  150     def generate(self, counter=None):
  151         counter = counter or self.counter
  152         myHmac = self.calcHmac(counter)
  153         otp = unicode(self.truncate(myHmac))
  154 
  155         #  fill in the leading zeros
  156         sotp = (self.digits - len(otp)) * "0" + otp
  157         self.counter = counter + 1
  158         return sotp
  159 
  160 
  161 class TestValidateController(TestController):
  162     """
  163     test the validate controller
  164 
  165     remark:
  166         validate test for the sms token test are in the
  167             test_sms2 and
  168             test_httpsms and
  169             test_challenge_response
  170     """
  171     R_AUTH_DETAIL = {}
  172 
  173     def setUp(self):
  174         self.tokens = {}
  175         TestController.setUp(self)
  176         self.set_config_selftest()
  177         self.create_common_resolvers()
  178         self.create_common_realms()
  179 
  180     def tearDown(self):
  181         self.delete_all_realms()
  182         self.delete_all_resolvers()
  183         TestController.tearDown(self)
  184 
  185     def createMOtpToken(self):
  186         parameters = {
  187             "serial": "M722362",
  188             "type": "motp",
  189             "otpkey": "1234567890123456",
  190             "otppin": "1234",
  191             "user": "root",
  192             "pin": "pin",
  193             "description": "TestToken1",
  194         }
  195 
  196         response = self.app.get(url(controller='admin', action='init'),
  197                                 params=parameters)
  198         self.assertTrue('"value": true' in response, response)
  199 
  200     def createTOtpToken(self, hashlib_def):
  201         '''
  202         // Seed for HMAC-SHA1 - 20 bytes
  203         String seed = "3132333435363738393031323334353637383930";
  204         // Seed for HMAC-SHA256 - 32 bytes
  205         String seed32 = "3132333435363738393031323334353637383930" +
  206         "313233343536373839303132";
  207         // Seed for HMAC-SHA512 - 64 bytes
  208         String seed64 = "3132333435363738393031323334353637383930" +
  209         "3132333435363738393031323334353637383930" +
  210         "3132333435363738393031323334353637383930" +
  211         "31323334";
  212         '''
  213 
  214         if hashlib_def == "SHA512":
  215             otpkey = (
  216                 "313233343536373839303132333435363738393031323334353"
  217                 "637383930313233343536373839303132333435363738393031323"
  218                 "33435363738393031323334")
  219         elif hashlib_def == "SHA256":
  220             otpkey = (
  221                 "31323334353637383930313233343536373839303132333435363"
  222                 "73839303132"
  223             )
  224         else:
  225             otpkey = "3132333435363738393031323334353637383930"
  226         parameters = {
  227             "serial": "TOTP",
  228             "type": "totp",
  229             # 64 byte key
  230             "otpkey": otpkey,
  231             "otppin": "1234",
  232             "user": "root",
  233             "pin": "pin",
  234             "otplen": 8,
  235             "description": "time based HMAC TestToken1",
  236             "hashlib": hashlib_def,
  237         }
  238 
  239         response = self.app.get(url(controller='admin', action='init'),
  240                                 params=parameters)
  241         self.assertTrue('"value": true' in response, response)
  242 
  243         try:
  244             hmac_val = HmacOtp(otpkey, digits=8, hashfunc=hashlib_def)
  245         except Exception as e:
  246             raise e
  247 
  248         return hmac_val
  249 
  250     def createTOtpValue(self, hmac_func, T0=None, shift=0, timeStepping=30):
  251         ret = ""
  252         try:
  253             if T0 is None:
  254                 T0 = time.time() - shift
  255             counter = int((T0 / timeStepping) + 0.5)
  256             ret = hmac_func.generate(counter)
  257 
  258         except Exception as e:
  259             raise e
  260 
  261         return ret
  262 
  263     def createToken1(self, user='root', pin='pin'):
  264         """
  265             otp[0]: 870581 :
  266             otp[1]: 793334 :
  267             otp[2]: 088491 :
  268             otp[3]: 013126 :
  269             otp[4]: 818771 :
  270             otp[5]: 454594 :
  271             otp[6]: 217219 :
  272             otp[7]: 250710 :
  273             otp[8]: 478893 :
  274             otp[9]: 517407 :
  275         """
  276         serial = "F722362"
  277         parameters = {
  278             "serial": serial,
  279             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  280             "user": user,
  281             "pin": pin,
  282             "description": "TestToken1",
  283         }
  284 
  285         response = self.make_admin_request('init', params=parameters)
  286         self.assertTrue('"value": true' in response, response)
  287 
  288         return serial
  289 
  290     def create_hmac_token(self, user='root', pin='pin'):
  291 
  292         serial = self.createToken1(user=user, pin=pin)
  293         otps = [
  294             "870581",
  295             "793334",
  296             "088491",
  297             "013126",
  298             "818771",
  299             "454594",
  300             "217219",
  301             "250710",
  302             "478893",
  303             "517407"
  304         ]
  305         return serial, otps
  306 
  307     def createRealmToken1(self, realm):
  308         """
  309             otp[0]: 870581 :
  310             otp[1]: 793334 :
  311             otp[2]: 088491 :
  312             otp[3]: 013126 :
  313             otp[4]: 818771 :
  314             otp[5]: 454594 :
  315             otp[6]: 217219 :
  316             otp[7]: 250710 :
  317             otp[8]: 478893 :
  318             otp[9]: 517407 :
  319         """
  320         parameters = {
  321             "serial": "F722362",
  322             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  323             "user": "root",
  324             "pin": "pin",
  325             "description": "TestToken1",
  326         }
  327         if realm is not None:
  328             parameters.update(realm)
  329         response = self.app.get(url(controller='admin', action='init'),
  330                                 params=parameters)
  331         self.assertTrue('"value": true' in response, response)
  332 
  333     def createHMACToken(self, serial="F722362", user='root', pin="pin"):
  334 
  335         parameters = {
  336             "serial": serial,
  337             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  338             "user": user,
  339             "pin": pin,
  340             "description": "TestToken1",
  341         }
  342 
  343         response = self.app.get(url(controller='admin', action='init'),
  344                                 params=parameters)
  345         return response
  346 
  347 
  348 
  349     def createToken(self):
  350         serials = set()
  351         parameters = {
  352             "serial": "F722362",
  353             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  354             "user": "root",
  355             "pin": "pin",
  356             "description": "TestToken1",
  357         }
  358 
  359         response = self.app.get(url(controller='admin', action='init'),
  360                                 params=parameters)
  361         self.assertTrue('"value": true' in response, response)
  362 
  363         serials.add(parameters.get('serial'))
  364 
  365         parameters = {
  366             "serial": "F722363",
  367             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B4473880B44738",
  368             "user": "root",
  369             "pin": "pin",
  370             "description": "TestToken2",
  371         }
  372 
  373         response = self.app.get(url(controller='admin', action='init'),
  374                                 params=parameters)
  375         self.assertTrue('"value": true' in response, response)
  376 
  377         serials.add(parameters.get('serial'))
  378 
  379         # # test the update
  380         parameters = {
  381             "serial": "F722364",
  382             "otpkey": "AD8EABE235FC57C815B26CEF37090755",
  383             "user": "root",
  384             "pin": "Pin3",
  385             "description": "TestToken3",
  386         }
  387 
  388         response = self.app.get(url(controller='admin', action='init'),
  389                                 params=parameters)
  390         self.assertTrue('"value": true' in response, response)
  391 
  392         serials.add(parameters.get('serial'))
  393 
  394         parameters = {
  395             "serial": "F722364",
  396             "otpkey": "AD8EABE235FC57C815B26CEF37090755",
  397             "user": "root",
  398             "pin": "pin",
  399             "description": "TestToken3",
  400         }
  401 
  402         response = self.app.get(url(controller='admin', action='init'),
  403                                 params=parameters)
  404         self.assertTrue('"value": true' in response, response)
  405 
  406         serials.add(parameters.get('serial'))
  407 
  408         return serials
  409 
  410     def createToken2(self):
  411         parameters = {
  412             "serial": "T2",
  413             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  414             "user": "root",
  415             "pin": "T2PIN",
  416             "description": "TestToken2",
  417         }
  418 
  419         response = self.app.get(url(controller='admin', action='init'),
  420                                 params=parameters)
  421         self.assertTrue('"value": true' in response, response)
  422 
  423     def createToken3(self):
  424         parameters = {
  425             "serial": "T3",
  426             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  427             "user": "root",
  428             "pin": "T2PIN",
  429             "description": "TestToken3",
  430         }
  431 
  432         response = self.app.get(url(controller='admin', action='init'),
  433                                 params=parameters)
  434         self.assertTrue('"value": true' in response, response)
  435 
  436     def createTokenSMS(self):
  437         parameters = {
  438             "serial": "SM1",
  439             "user": "root",
  440             "pin": "test",
  441             "description": "TestSMS",
  442             "type": "sms",
  443             "phone": "007"
  444         }
  445 
  446         response = self.app.get(url(controller='admin', action='init'),
  447                                 params=parameters)
  448         self.assertTrue('"value": true' in response, response)
  449 
  450     def createSpassToken(self, serial="TSpass", user="root", pin="pin"):
  451         parameters = {
  452             "serial": serial,
  453             "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
  454             "user": user,
  455             "pin": pin,
  456             "description": "TestToken1",
  457             "type": "spass"
  458         }
  459 
  460         response = self.make_admin_request('init', params=parameters)
  461         self.assertTrue('"value": true' in response, response)
  462         return serial
  463 
  464     def createPWToken(self, serial="TPW", user="root", pin="pin",
  465                       otpkey="123456"):
  466 
  467         parameters = {"serial": serial,
  468                       "type": "pw",
  469                       "otpkey": otpkey,
  470                       "otppin": pin,
  471                       "user": user,
  472                       "pin": pin,
  473                       }
  474 
  475         response = self.make_admin_request('init', params=parameters)
  476         self.assertTrue('"value": true' in response, response)
  477         return serial
  478 
  479     def create_yubi_token(self, serialnum="01382015",
  480                           yubi_slot=1,
  481                           otpkey="9163508031b20d2fbb1868954e041729",
  482                           public_uid="ecebeeejedecebeg",
  483                           use_public_id=False,
  484                           user='root'
  485                           ):
  486         serial = "UBAM%s_%s" % (serialnum, yubi_slot)
  487 
  488         valid_otps = [
  489             public_uid + "fcniufvgvjturjgvinhebbbertjnihit",
  490             public_uid + "tbkfkdhnfjbjnkcbtbcckklhvgkljifu",
  491             public_uid + "ktvkekfgufndgbfvctgfrrkinergbtdj",
  492             public_uid + "jbefledlhkvjjcibvrdfcfetnjdjitrn",
  493             public_uid + "druecevifbfufgdegglttghghhvhjcbh",
  494             public_uid + "nvfnejvhkcililuvhntcrrulrfcrukll",
  495             public_uid + "kttkktdergcenthdredlvbkiulrkftuk",
  496             public_uid + "hutbgchjucnjnhlcnfijckbniegbglrt",
  497             public_uid + "vneienejjnedbfnjnnrfhhjudjgghckl",
  498             public_uid + "krgevltjnujcnuhtngjndbhbiiufbnki",
  499             public_uid + "kehbefcrnlfejedfdulubuldfbhdlicc",
  500             public_uid + "ljlhjbkejkctubnejrhuvljkvglvvlbk",
  501             public_uid + "eihtnehtetluntirtirrvblfkttbjuih",
  502         ]
  503 
  504         params = {
  505             'type': 'yubikey',
  506             'serial': serial,
  507             'otpkey': otpkey,
  508             'description': "Yubikey enrolled in functional tests",
  509             'session': self.session
  510         }
  511 
  512         if not use_public_id:
  513             params['otplen'] = 32 + len(public_uid)
  514         else:
  515             params['public_uid'] = public_uid
  516 
  517         response = self.make_admin_request('init', params=params)
  518         self.assertTrue('"value": true' in response, "Response: %r" % response)
  519 
  520         # test initial assign
  521         params = {
  522             "serial": serial,
  523             "user": user,
  524         }
  525         response = self.make_admin_request('assign', params=params)
  526         # Test response...
  527         self.assertTrue('"value": true' in response, "Response: %r" % response)
  528 
  529         return (serial, valid_otps)
  530 
  531     def create_remote_token(self, target_serial, target_otplen=6, user='root',
  532                             pin='', check_pin=1,
  533                             remote_url='http://127.0.0.1/'):
  534         """
  535         call admin/init to create the remote token
  536 
  537         :param target_serial: the serial number of the target token
  538         :param target_otplen: the otplen of the target token
  539         :param user: the to be assigened user
  540         :param remote_url: the target url - could be ignored as the
  541                         '   http req is mocked
  542         :param check_pin: local=1, remote=0
  543         :return: the serial number of the remote token
  544         """
  545 
  546         serial = "LSRE%s" % target_serial
  547         params = {
  548             "serial": serial,
  549             "type": "remote",
  550             "otplen": target_otplen,
  551             "description": "RemoteToken",
  552             'remote.server': remote_url,
  553             'remote.realm': 'nopin',
  554             'remote.local_checkpin': check_pin,
  555             'remote.serial': target_serial,
  556             'user': user,
  557             'pin': pin
  558         }
  559 
  560         response = self.make_admin_request('init', params=params)
  561         self.assertIn('"value": true', response, "Response: %r" % response)
  562 
  563         return serial
  564 
  565     def create_radius_token(self, user="root", pin="pin", serial="radius2",
  566                             check_pin=1):
  567         # the token with the local PIN
  568         parameters = {
  569             "serial": serial,
  570             "type": "radius",
  571             "otpkey": "1234567890123456",
  572             "otppin": "local",
  573             "user": user,
  574             "pin": pin,
  575             "description": "RadiusToken2",
  576             'radius.server': 'localhost:18012',
  577             'radius.local_checkpin': check_pin,
  578             'radius.user': user,
  579             'radius.secret': 'testing123',
  580         }
  581 
  582         response = self.make_admin_request('init', params=parameters)
  583         self.assertTrue('"value": true' in response, response)
  584 
  585         return serial
  586 
  587     def test_cryptedPin(self):
  588         """
  589         test for encrypted pin
  590         """
  591         serials = self.createToken()
  592 
  593         for serial in serials:
  594             params = {'encryptpin': 'True',
  595                       'pin': 'crypted!',
  596                       'serial': serial
  597                       }
  598             response = self.make_admin_request('set', params=params)
  599             self.assertTrue('"set pin": 1' in response, response)
  600 
  601         # check all 3 tokens - the last one is it
  602         parameters = {"user": "root", "pass": "crypted!280395"}
  603         response = self.make_validate_request('check',
  604                                               params=parameters)
  605         self.assertTrue('"value": true' in response, response)
  606 
  607         for serial in serials:
  608             self.delete_token(serial)
  609 
  610         return
  611 
  612     #
  613     #    Use case:
  614     #        user:                 w.Token / wo.Token / unknown
  615     #        PassOnUserNotFound:   true / False / 'unset'
  616     #        Realm:                _default_  / myDomain
  617     #
  618 
  619     def checkFalse(self, realm):
  620 
  621         parameters = {"user": "root", "pass": "pin870581"}
  622         parameters.update(realm)
  623 
  624         response = self.app.get(url(controller='validate', action='check'),
  625                                 params=parameters)
  626         # log.error("response %s\n",response)
  627         # Test response...
  628         self.assertTrue('"value": true' in response, response)
  629 
  630         parameters = {"user": "postgres", "pass": "pin"}
  631         parameters.update(realm)
  632 
  633         response = self.app.get(url(controller='validate', action='check'),
  634                                 params=parameters)
  635         # log.error("response %s\n",response)
  636         # Test response...
  637         self.assertTrue('"value": false' in response, response)
  638 
  639         parameters = {"user": "postgres"}
  640         parameters.update(realm)
  641 
  642         response = self.app.get(url(controller='validate', action='check'),
  643                                 params=parameters)
  644         # log.error("response %s\n",response)
  645         # Test response...
  646         self.assertTrue('"value": false' in response, response)
  647 
  648         parameters = {"user": "UnKnownUser"}
  649         parameters.update(realm)
  650 
  651         response = self.app.get(url(controller='validate', action='check'),
  652                                 params=parameters)
  653         # log.error("response %s\n",response)
  654         # Test response...
  655         self.assertTrue('"value": false' in response, response)
  656 
  657     def checkFalse2(self, realm):
  658 
  659         parameters = {"user": "postgres"}
  660         parameters.update(realm)
  661 
  662         response = self.app.get(url(controller='validate', action='check'),
  663                                 params=parameters)
  664         # log.error("response %s\n", response)
  665         # Test response...
  666         self.assertTrue('"value": true' in response, response)
  667 
  668         parameters = {"user": "postgres", "pass": "pin"}
  669         parameters.update(realm)
  670 
  671         response = self.app.get(url(controller='validate', action='check'),
  672                                 params=parameters)
  673         # log.error("response %s\n",response)
  674         # Test response...
  675         self.assertTrue('"value": true' in response, response)
  676 
  677         parameters = {"user": "UnKnownUser"}
  678         parameters.update(realm)
  679 
  680         response = self.app.get(url(controller='validate', action='check'),
  681                                 params=parameters)
  682         # log.error("response %s\n",response)
  683         # Test response...
  684         self.assertTrue('"value": false' in response, response)
  685 
  686         parameters = {"user": "root", "pass": "pin088491"}
  687         parameters.update(realm)
  688 
  689         response = self.app.get(url(controller='validate', action='check'),
  690                                 params=parameters)
  691         # log.error("response %s\n",response)
  692         # Test response...
  693         self.assertTrue('"value": true' in response, response)
  694 
  695         parameters = {"user": "root"}
  696         parameters.update(realm)
  697 
  698         response = self.app.get(url(controller='validate', action='check'),
  699                                 params=parameters)
  700         self.assertTrue('"value": false' in response, response)
  701 
  702         return
  703 
  704     def checkFalse3(self, realm):
  705 
  706         parameters = {"user": "postgres"}
  707         parameters.update(realm)
  708 
  709         response = self.app.get(url(controller='validate', action='check'),
  710                                 params=parameters)
  711         # log.error("response %s\n",response)
  712         # Test response...
  713         self.assertTrue('"value": false' in response, response)
  714 
  715         parameters = {"user": "postgres", "pass": "pin"}
  716         parameters.update(realm)
  717 
  718         response = self.app.get(url(controller='validate', action='check'),
  719                                 params=parameters)
  720         # log.error("response %s\n",response)
  721         # Test response...
  722         self.assertTrue('"value": false' in response, response)
  723 
  724         parameters = {"user": "UnKnownUser"}
  725         parameters.update(realm)
  726 
  727         response = self.app.get(url(controller='validate', action='check'),
  728                                 params=parameters)
  729         # log.error("response %s\n",response)
  730         # Test response...
  731         self.assertTrue('"value": true' in response, response)
  732 
  733         parameters = {"user": "root", "pass": "pin818771"}
  734         parameters.update(realm)
  735 
  736         response = self.app.get(url(controller='validate', action='check'),
  737                                 params=parameters)
  738         # log.error("response %s\n",response)
  739         # Test response...
  740         self.assertTrue('"value": true' in response, response)
  741 
  742         parameters = {"user": "root"}
  743         parameters.update(realm)
  744 
  745         response = self.app.get(url(controller='validate', action='check'),
  746                                 params=parameters)
  747         self.assertTrue('"value": false' in response, response)
  748 
  749     def checkTrue(self, realm):
  750 
  751         parameters = {"user": "postgres", "pass": "pin"}
  752         parameters.update(realm)
  753         response = self.app.get(url(controller='validate', action='check'),
  754                                 params=parameters)
  755         # log.error("response %s\n",response)
  756         # Test response...
  757         self.assertTrue('"value": true' in response, response)
  758 
  759         parameters = {"user": "postgres"}
  760         parameters.update(realm)
  761 
  762         response = self.app.get(url(controller='validate', action='check'),
  763                                 params=parameters)
  764         # log.error("response %s\n",response)
  765         # Test response...
  766         self.assertTrue('"value": true' in response, response)
  767 
  768         parameters = {"user": "UnKnownUser"}
  769         parameters.update(realm)
  770 
  771         response = self.app.get(url(controller='validate', action='check'),
  772                                 params=parameters)
  773         # log.error("response %s\n",response)
  774         # Test response...
  775         self.assertTrue('"value": true' in response, response)
  776 
  777         parameters = {"user": "root", "pass": "pin217219"}
  778         parameters.update(realm)
  779 
  780         response = self.app.get(url(controller='validate', action='check'),
  781                                 params=parameters)
  782         # log.error("response %s\n",response)
  783         # Test response...
  784         self.assertTrue('"value": true' in response, response)
  785 
  786         parameters = {"user": "root"}
  787         parameters.update(realm)
  788 
  789         response = self.app.get(url(controller='validate', action='check'),
  790                                 params=parameters)
  791         self.assertTrue('"value": false' in response, response)
  792 
  793         #
  794         #    otp[0]: 870581 :
  795         #    otp[1]: 793334 :
  796         #    otp[2]: 088491 :
  797         #    otp[3]: 013126 :
  798         #    otp[4]: 818771 :
  799         #    otp[5]: 454594 :
  800         #    otp[6]: 217219 :
  801         #    otp[7]: 250710 :
  802         #    otp[8]: 478893 :
  803         #    otp[9]: 517407 :
  804         #
  805     def setPolicy(self, name, scope, action,
  806                   realm='*', user='*', active=True):
  807         params = {
  808             'name': name,
  809             'user': user,
  810             'action': action,
  811             'scope': scope,
  812             'realm': realm,
  813             'time': '',
  814             'client': '',
  815             'active': active,
  816             'session': self.session,
  817         }
  818         response = self.make_system_request('setPolicy', params)
  819         return response
  820 
  821     def test_autousercheck(self):
  822         '''
  823         testing PassOnUserNoToken and UserNotFound.
  824         '''
  825         realm = {}
  826 
  827         self.createToken1()
  828 
  829         self.app.get(url(controller='system', action='getRealms'))
  830         parameters = {"username": "*"}
  831         self.app.get(url(controller='admin', action='userlist'),
  832                      params=parameters)
  833         self.checkFalse(realm)
  834 
  835         parameters = {"PassOnUserNoToken": "True"}
  836         response = self.app.get(url(controller='system', action='setConfig'),
  837                                 params=parameters)
  838         self.assertTrue('"setConfig PassOnUserNoToken:True": true' in response,
  839                         response)
  840 
  841         self.checkFalse2(realm)
  842 
  843         parameters = {"PassOnUserNoToken": "False"}
  844         response = self.app.get(url(controller='system', action='setConfig'),
  845                                 params=parameters)
  846         self.assertTrue('"setConfig PassOnUserNoToken:False": true' in
  847                         response, response)
  848 
  849         parameters = {"PassOnUserNotFound": "True"}
  850         response = self.app.get(url(controller='system', action='setConfig'),
  851                                 params=parameters)
  852         self.assertTrue('"setConfig PassOnUserNotFound:True": true' in
  853                         response, response)
  854 
  855         self.checkFalse3(realm)
  856 
  857         parameters = {"PassOnUserNoToken": "True"}
  858         response = self.app.get(url(controller='system', action='setConfig'),
  859                                 params=parameters)
  860         self.assertTrue('"setConfig PassOnUserNoToken:True": true' in response,
  861                         response)
  862 
  863         self.checkTrue(realm)
  864 
  865         parameters = {"key": "PassOnUserNotFound"}
  866         response = self.app.get(url(controller='system', action='delConfig'),
  867                                 params=parameters)
  868         self.assertTrue('"delConfig PassOnUserNotFound": true' in response,
  869                         response)
  870 
  871         parameters = {"key": "PassOnUserNoToken"}
  872         response = self.app.get(url(controller='system', action='delConfig'),
  873                                 params=parameters)
  874         self.assertTrue('"delConfig PassOnUserNoToken": true' in response,
  875                         response)
  876 
  877         self.delete_token("F722362")
  878 
  879     def test_check_transaction_with_tokentype(self):
  880         """
  881         filter the possible tokens by tokentype parameter
  882 
  883         check by transactionid if token_type parameter will filter the tokens
  884 
  885         * enroll two challenge response token: hmac and pw
  886 
  887         * 0. trigger transaction w.o. filter - hmac and pw token in result
  888         * 1. filter for hmac - no pw token in result
  889         * 2. filter for pw - no hmac token in result
  890 
  891         """
  892 
  893         # ------------------------------------------------------------------ --
  894 
  895         # prepare that both hmac and pw token are running
  896         # as challenge response tokens and enroll the tokens
  897 
  898         self.setPolicy(name="ch_resp",
  899                        scope="authentication",
  900                        action='challenge_response=hmac pw ')
  901 
  902         self.createHMACToken("MyHamc007", "root", "123")
  903         self.createPWToken('MyPW007', 'root', '123')
  904 
  905         # ------------------------------------------------------------------ --
  906 
  907         # run request without token_type filter
  908 
  909         parameters = {"serial": "My*007",
  910                       "pass": "123"}
  911 
  912         response = self.make_validate_request('check_s',
  913                                               params=parameters)
  914 
  915         msg = '"linotp_tokentype": "HMAC"'
  916         self.assertTrue(msg in response, response)
  917         msg = '"linotp_tokentype": "pw"'
  918         self.assertTrue(msg in response, response)
  919 
  920         jresp = json.loads(response.body)
  921         transactionid = jresp.get('detail', {}).get('transactionid', {})
  922 
  923         # ------------------------------------------------------------------ --
  924 
  925         # run request with HMAC token_type filter
  926 
  927         parameters = {"transactionid": transactionid,
  928                       "pass": "123",
  929                       'token_type': 'HMAC'}
  930 
  931         response = self.make_validate_request('check_t',
  932                                               params=parameters)
  933 
  934         msg = '"token_type": "HMAC"'
  935         self.assertTrue(msg in response, response)
  936 
  937         # ------------------------------------------------------------------ --
  938 
  939         # run request with pw token_type filter
  940 
  941         parameters = {"transactionid": transactionid,
  942                       "pass": "123",
  943                       'token_type': 'pw'}
  944 
  945         response = self.make_validate_request('check_t',
  946                                               params=parameters)
  947 
  948         msg = '"token_type": "pw"'
  949         self.assertTrue(msg in response, response)
  950 
  951         # ------------------------------------------------------------------ --
  952 
  953         # run request with token_type filter ocra2 that is not involved
  954 
  955         parameters = {"transactionid": transactionid,
  956                       "pass": "123",
  957                       'token_type': 'ocra2'}
  958 
  959         response = self.make_validate_request('check_t',
  960                                               params=parameters)
  961 
  962         msg = '"token_type": ""'
  963         self.assertTrue(msg in response, response)
  964 
  965         # ------------------------------------------------------------------ --
  966 
  967         # make the dishes
  968 
  969         self.delete_all_policies()
  970         self.delete_all_token()
  971 
  972         return
  973 
  974     def test_check_serial_with_tokentype(self):
  975         """
  976         filter the possible tokens by tokentype parameter
  977 
  978         check by serial if token_type parameter will filter the tokens
  979 
  980         * enroll two challenge response token: hmac and pw
  981 
  982         * 0. no filter - hmac and pw token in result
  983         * 1. filter for hmac - no pw token in result
  984         * 2. filter for pw - no hmac token in result
  985 
  986         """
  987 
  988         # ------------------------------------------------------------------ --
  989 
  990         # prepare that both hmac and pw token are running
  991         # as challenge response tokens and enroll the tokens
  992 
  993         self.setPolicy(name="ch_resp",
  994                        scope="authentication",
  995                        action='challenge_response=hmac pw ')
  996 
  997         self.createHMACToken("MyHamc007", "root", "123")
  998         self.createPWToken('MyPW007', 'root', '123')
  999 
 1000         # ------------------------------------------------------------------ --
 1001 
 1002         # run request without token_type filter
 1003 
 1004         parameters = {"serial": "My*007",
 1005                       "pass": "123"}
 1006 
 1007         response = self.make_validate_request('check_s',
 1008                                               params=parameters)
 1009 
 1010         msg = '"linotp_tokentype": "HMAC"'
 1011         self.assertTrue(msg in response, response)
 1012         msg = '"linotp_tokentype": "pw"'
 1013         self.assertTrue(msg in response, response)
 1014 
 1015         # ------------------------------------------------------------------ --
 1016 
 1017         # run request with token_type filter for hmac token
 1018 
 1019         parameters = {"serial": "My*007",
 1020                       "pass": "123",
 1021                       "token_type": 'HMAC'}
 1022 
 1023         response = self.make_validate_request('check_s',
 1024                                               params=parameters)
 1025 
 1026         msg = '"linotp_tokentype": "HMAC"'
 1027         self.assertTrue(msg in response, response)
 1028         msg = '"linotp_tokentype": "pw"'
 1029         self.assertFalse(msg in response, response)
 1030 
 1031         # ------------------------------------------------------------------ --
 1032 
 1033         # run request with token_type filter for pw token
 1034 
 1035         parameters = {"serial": "My*007",
 1036                       "pass": "123",
 1037                       "token_type": 'pw'}
 1038 
 1039         response = self.make_validate_request('check_s',
 1040                                               params=parameters)
 1041 
 1042         msg = '"linotp_tokentype": "HMAC"'
 1043         self.assertFalse(msg in response, response)
 1044         msg = '"linotp_tokentype": "pw"'
 1045         self.assertTrue(msg in response, response)
 1046 
 1047         # ------------------------------------------------------------------ --
 1048 
 1049         # make the dishes
 1050 
 1051         self.delete_all_policies()
 1052         self.delete_all_token()
 1053 
 1054     def test_check_with_tokentype(self):
 1055         """
 1056         filter the possible tokens by tokentype parameter
 1057 
 1058         check if token_type parameter will filter the tokens
 1059 
 1060         * enroll two challenge response token: hmac and pw
 1061 
 1062         * 1. filter for hmac - no pw token in result
 1063         * 2. filter for pw - no hmac token in result
 1064         * 3. no filter - hmac and pw token in result
 1065 
 1066         """
 1067 
 1068         # ------------------------------------------------------------------ --
 1069 
 1070         # prepare that both hmac and pw token are running
 1071         # as challenge response tokens and enroll the tokens
 1072 
 1073         self.setPolicy(name="ch_resp",
 1074                        scope="authentication",
 1075                        action='challenge_response=hmac pw ')
 1076 
 1077         self.createHMACToken("MyHamc007", "root", "123")
 1078         self.createPWToken('MyPW007', 'root', '123')
 1079 
 1080         # ------------------------------------------------------------------ --
 1081 
 1082         # run request with token_type filter for hmac token
 1083 
 1084         parameters = {"user": "root",
 1085                       "pass": "123",
 1086                       "token_type": "HMAC"}
 1087 
 1088         response = self.make_validate_request('check',
 1089                                               params=parameters)
 1090 
 1091         msg = '"linotp_tokentype": "HMAC"'
 1092         self.assertTrue(msg in response, response)
 1093         msg = '"linotp_tokentype": "pw"'
 1094         self.assertFalse(msg in response, response)
 1095 
 1096         # ------------------------------------------------------------------ --
 1097 
 1098         # run request with token_type filter for pw token
 1099 
 1100         parameters = {"user": "root",
 1101                       "pass": "123",
 1102                       "token_type": "pw"}
 1103 
 1104         response = self.make_validate_request('check',
 1105                                               params=parameters)
 1106 
 1107         msg = '"linotp_tokentype": "HMAC"'
 1108         self.assertFalse(msg in response, response)
 1109         msg = '"linotp_tokentype": "pw"'
 1110         self.assertTrue(msg in response, response)
 1111 
 1112         # ------------------------------------------------------------------ --
 1113 
 1114         # run request without token_type filter
 1115 
 1116         parameters = {"user": "root",
 1117                       "pass": "123"}
 1118 
 1119         response = self.make_validate_request('check',
 1120                                               params=parameters)
 1121 
 1122         msg = '"linotp_tokentype": "HMAC"'
 1123         self.assertTrue(msg in response, response)
 1124         msg = '"linotp_tokentype": "pw"'
 1125         self.assertTrue(msg in response, response)
 1126 
 1127         # ------------------------------------------------------------------ --
 1128 
 1129         # make the dishes
 1130 
 1131         self.delete_all_policies()
 1132         self.delete_all_token()
 1133 
 1134         return
 1135 
 1136     def test_check(self):
 1137         '''
 1138         checking several different tokens /validate/check
 1139         '''
 1140         self.createToken()
 1141 
 1142         parameters = {"user": "root", "pass": "pin123456"}
 1143         response = self.app.get(url(controller='validate', action='check'),
 1144                                 params=parameters)
 1145         self.assertTrue('"value": false' in response, response)
 1146 
 1147         parameters = {"serial": "F722362"}
 1148         response = self.app.get(url(controller='admin', action='show'),
 1149                                 params=parameters)
 1150         self.assertTrue('"LinOtp.FailCount": 1' in response, response)
 1151         self.assertTrue('"LinOtp.FailCount": 0' not in response, response)
 1152 
 1153         # check all 3 tokens - the last one is it
 1154         parameters = {"user": "root", "pass": "pin280395"}
 1155         response = self.app.get(url(controller='validate', action='check'),
 1156                                 params=parameters)
 1157         self.assertTrue('"value": true' in response, response)
 1158 
 1159         parameters = {"serial": "F722364"}
 1160         response = self.app.get(url(controller='admin', action='show'),
 1161                                 params=parameters)
 1162         self.assertTrue('"LinOtp.Count": 1' in response, response)
 1163         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1164 
 1165         parameters = {"serial": "F722362"}
 1166         response = self.app.get(url(controller='admin', action='show'),
 1167                                 params=parameters)
 1168         # change with token counter fix:
 1169         # if one token of a set of tokens is valid,
 1170         # all others involved are resetted
 1171         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1172 
 1173         # check all 3 tokens - the last one is it
 1174         parameters = {"pin": "TPIN", "serial": "F722364"}
 1175         response = self.app.get(url(controller='admin', action='set'),
 1176                                 params=parameters)
 1177         self.assertTrue('"set pin": 1' in response, response)
 1178 
 1179         # check all 3 tokens - the last one is it
 1180         parameters = {"user": "root", "pass": "TPIN552629"}
 1181         response = self.app.get(url(controller='validate', action='check'),
 1182                                 params=parameters)
 1183         self.assertTrue('"value": true' in response, response)
 1184 
 1185         parameters = {"serial": "F722364"}
 1186         response = self.app.get(url(controller='admin', action='show'),
 1187                                 params=parameters)
 1188         self.assertTrue('"LinOtp.Count": 4' in response, response)
 1189         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1190 
 1191         # now increment the failcounter to 19
 1192         for _i in range(1, 20):
 1193             # check if otp could be reused
 1194             parameters = {"user": "root", "pass": "TPIN552629"}
 1195             response = self.app.get(url(controller='validate', action='check'),
 1196                                     params=parameters)
 1197             self.assertTrue('"value": false' in response, response)
 1198 
 1199         parameters = {"user": "root"}
 1200         response = self.app.get(url(controller='admin', action='show'),
 1201                                 params=parameters)
 1202         jresp = json.loads(response.body)
 1203         data = jresp.get('result', {}).get('value', {}).get('data', [])
 1204 
 1205         # assure that we have at least one data row found
 1206         self.assertGreater(len(data), 0, response)
 1207 
 1208         # now check, if the FailCounter has incremented:
 1209         # -> if the 3. token has max fail of 10 it will become invalid
 1210         # -> thus there is no pin matching token any more and all
 1211         #    tokens are invalid and incremented!!
 1212         # => finally we have 2 tokens with FailCounter 9 and one with 19
 1213 
 1214         tokens = 0
 1215         for token in data:
 1216             tokens += 1
 1217             if token.get('LinOtp.TokenSerialnumber') == 'F722362':
 1218                 self.assertEqual(token.get('LinOtp.FailCount', -1), 9)
 1219             if token.get('LinOtp.TokenSerialnumber') == 'F722363':
 1220                 self.assertEqual(token.get('LinOtp.FailCount', -1), 9)
 1221             if token.get('LinOtp.TokenSerialnumber') == 'F722364':
 1222                 self.assertEqual(token.get('LinOtp.FailCount', -1), 19)
 1223 
 1224         # check if we did see any token
 1225         self.assertEqual(tokens, 3, response)
 1226 
 1227         self.delete_token("F722364")
 1228         self.delete_token("F722363")
 1229         self.delete_token("F722362")
 1230 
 1231     def test_check_failcounter(self):
 1232         '''
 1233         checking tokens with pin matching - wrong otp only increment these
 1234         '''
 1235         self.createToken()
 1236 
 1237         # we change the pin of the 3. token to be different to the other ones
 1238         parameters = {"serial": "F722364", 'pin': 'Pin3!'}
 1239         response = self.app.get(url(controller='admin', action='set'),
 1240                                 params=parameters)
 1241         self.assertTrue('"set pin": 1' in response, response)
 1242 
 1243         parameters = {"user": "root", "pass": "pin123456"}
 1244         response = self.app.get(url(controller='validate', action='check'),
 1245                                 params=parameters)
 1246         self.assertTrue('"value": false' in response, response)
 1247 
 1248         parameters = {"user": "root"}
 1249         response = self.app.get(url(controller='admin', action='show'),
 1250                                 params=parameters)
 1251 
 1252         # check all 3 tokens - the last one is it
 1253         jresp = json.loads(response.body)
 1254         tokens = jresp.get('result', {}).get('value', {}).get('data', [])
 1255 
 1256         for token in tokens:
 1257             if token.get('LinOtp.TokenSerialnumber') == 'F722362':
 1258                 self.assertEqual(token.get('LinOtp.FailCount', -1), 1)
 1259             if token.get('LinOtp.TokenSerialnumber') == 'F722363':
 1260                 self.assertEqual(token.get('LinOtp.FailCount', -1), 1)
 1261             if token.get('LinOtp.TokenSerialnumber') == 'F722364':
 1262                 self.assertEqual(token.get('LinOtp.FailCount', -1), 0)
 1263 
 1264         # check all 3 tokens - one of them matches an resets all fail counter
 1265         parameters = {"user": "root", "pass": "Pin3!280395"}
 1266         response = self.app.get(url(controller='validate', action='check'),
 1267                                 params=parameters)
 1268         self.assertTrue('"value": true' in response, response)
 1269 
 1270         parameters = {"user": "root"}
 1271         response = self.app.get(url(controller='admin', action='show'),
 1272                                 params=parameters)
 1273 
 1274         jresp = json.loads(response.body)
 1275         tokens = jresp.get('result', {}).get('value', {}).get('data', [])
 1276 
 1277         for token in tokens:
 1278             if token.get('LinOtp.TokenSerialnumber') == 'F722362':
 1279                 self.assertEqual(token.get('LinOtp.FailCount', -1), 0)
 1280             if token.get('LinOtp.TokenSerialnumber') == 'F722363':
 1281                 self.assertEqual(token.get('LinOtp.FailCount', -1), 0)
 1282             if token.get('LinOtp.TokenSerialnumber') == 'F722364':
 1283                 self.assertEqual(token.get('LinOtp.FailCount', -1), 0)
 1284 
 1285         self.delete_token("F722364")
 1286         self.delete_token("F722363")
 1287         self.delete_token("F722362")
 1288 
 1289     def test_resync(self):
 1290         """
 1291         test the admin resync: jump ahead in the sync window from 0 to 40
 1292         """
 1293 
 1294         self.createToken2()
 1295 
 1296         parameters = {"serial": "T2", "otp1": "719818", "otp2": "204809"}
 1297         response = self.app.get(url(controller='admin', action='resync'),
 1298                                 params=parameters)
 1299         self.assertTrue('"value": true' in response, response)
 1300 
 1301         parameters = {"serial": "T2"}
 1302         response = self.app.get(url(controller='admin', action='show'),
 1303                                 params=parameters)
 1304         self.assertTrue('"LinOtp.Count": 40' in response, response)
 1305 
 1306         parameters = {"user": "root", "pass": "T2PIN204809"}
 1307         response = self.app.get(url(controller='validate', action='check'),
 1308                                 params=parameters)
 1309         self.assertTrue('"value": false' in response, response)
 1310 
 1311         # 957690
 1312         parameters = {"user": "root", "pass": "T2PIN957690"}
 1313         response = self.app.get(url(controller='validate', action='check'),
 1314                                 params=parameters)
 1315         self.assertTrue('"value": true' in response, response)
 1316 
 1317         parameters = {"serial": "T2"}
 1318         response = self.app.get(url(controller='admin', action='show'),
 1319                                 params=parameters)
 1320         self.assertTrue('"LinOtp.Count": 41' in response, response)
 1321 
 1322         self.delete_token("T2")
 1323 
 1324     def test_resync2(self):
 1325         '''
 1326             test of resync with two similar tokens
 1327         '''
 1328 
 1329         self.createToken2()
 1330         self.createToken3()
 1331 
 1332         parameters = {"user": "root", "pass": "T2PIN204809"}
 1333         response = self.app.get(url(controller='validate', action='check'),
 1334                                 params=parameters)
 1335         self.assertTrue('"value": false' in response, response)
 1336 
 1337         parameters = {"user": "root", "otp1": "719818", "otp2": "204809"}
 1338         response = self.app.get(url(controller='admin', action='resync'),
 1339                                 params=parameters)
 1340         self.assertTrue('"value": true' in response, response)
 1341 
 1342         parameters = {"serial": "T2"}
 1343         response = self.app.get(url(controller='admin', action='show'),
 1344                                 params=parameters)
 1345         self.assertTrue('"LinOtp.Count": 40' in response, response)
 1346 
 1347         parameters = {"serial": "T3"}
 1348         response = self.app.get(url(controller='admin', action='show'),
 1349                                 params=parameters)
 1350         self.assertTrue('"LinOtp.Count": 40' in response, response)
 1351 
 1352         parameters = {"serial": "T3", "pin": "T3PIN"}
 1353         response = self.app.get(url(controller='admin', action='set'),
 1354                                 params=parameters)
 1355         self.assertTrue('"set pin": 1' in response, response)
 1356 
 1357         parameters = {"user": "root", "pass": "T2PIN204809"}
 1358         response = self.app.get(url(controller='validate', action='check'),
 1359                                 params=parameters)
 1360         self.assertTrue('"value": false' in response, response)
 1361 
 1362         # 957690
 1363         parameters = {"user": "root", "pass": "T2PIN957690"}
 1364         response = self.app.get(url(controller='validate', action='check'),
 1365                                 params=parameters)
 1366         self.assertTrue('"value": true' in response, response)
 1367 
 1368         parameters = {"serial": "T2"}
 1369         response = self.app.get(url(controller='admin', action='show'),
 1370                                 params=parameters)
 1371         self.assertTrue('"LinOtp.Count": 41' in response, response)
 1372 
 1373         self.delete_token("T2")
 1374         self.delete_token("T3")
 1375 
 1376     def test_autoresync(self):
 1377         '''
 1378         auto resync:
 1379 
 1380         use case:
 1381         - on the otp device the otp became out of sync as the user triggered
 1382           the generation of otps to often. Now he will be able to automaticaly
 1383           resync his token automatically by providing two consecutive otp's.
 1384 
 1385         test implementaion
 1386         - switch the autosync: /system/set?autosync=true
 1387         - do two consecutive otp validation requests
 1388 
 1389         no test:
 1390         - disable autosync and same test should fail
 1391         - test no consecutive otp's
 1392         - test otp's out of sync window
 1393 
 1394         '''
 1395 
 1396         self.createToken2()
 1397 
 1398         # test resync of token 2
 1399         parameters = {"AutoResync": "true"}
 1400         response = self.app.get(url(controller='system', action='setConfig'),
 1401                                 params=parameters)
 1402         self.assertTrue('setConfig AutoResync:true": true' in response,
 1403                         response)
 1404 
 1405         # 35
 1406         parameters = {"user": "root", "pass": "T2PIN732866"}
 1407         response = self.app.get(url(controller='validate', action='check'),
 1408                                 params=parameters)
 1409         self.assertTrue('"value": false' in response, response)
 1410 
 1411         # 36
 1412         parameters = {"user": "root", "pass": "T2PIN920079"}
 1413         response = self.app.get(url(controller='validate', action='check'),
 1414                                 params=parameters)
 1415         self.assertTrue('"value": true' in response, response)
 1416 
 1417         parameters = {"user": "root", "pass": "T2PIN732866"}
 1418         response = self.app.get(url(controller='validate', action='check'),
 1419                                 params=parameters)
 1420         self.assertTrue('"value": false' in response, response)
 1421 
 1422         parameters = {"user": "root", "pass": "T2PIN957690"}
 1423         response = self.app.get(url(controller='validate', action='check'),
 1424                                 params=parameters)
 1425         self.assertTrue('"value": true' in response, response)
 1426 
 1427         self.delete_token("T2")
 1428 
 1429         ###############################################
 1430         # no test
 1431 
 1432         # no consecutive otps
 1433         self.createToken2()
 1434 
 1435         # test resync of token 2
 1436         parameters = {"AutoResync": "true"}
 1437         response = self.app.get(url(controller='system', action='setConfig'),
 1438                                 params=parameters)
 1439         self.assertTrue('setConfig AutoResync:true": true' in response,
 1440                         response)
 1441 
 1442         # 35
 1443         parameters = {"user": "root", "pass": "T2PIN732866"}
 1444         response = self.app.get(url(controller='validate', action='check'),
 1445                                 params=parameters)
 1446         self.assertTrue('"value": false' in response, response)
 1447 
 1448         # 37
 1449         parameters = {"user": "root", "pass": "T2PIN328973"}
 1450         response = self.app.get(url(controller='validate', action='check'),
 1451                                 params=parameters)
 1452         self.assertTrue('"value": false' in response, response)
 1453 
 1454         self.delete_token("T2")
 1455 
 1456         ###############################################
 1457         # no test
 1458 
 1459         # now unset the autosync
 1460         self.createToken2()
 1461 
 1462         # test resync of token 2
 1463         parameters = {"AutoResync": "false"}
 1464         response = self.app.get(url(controller='system', action='setConfig'),
 1465                                 params=parameters)
 1466         self.assertTrue('setConfig AutoResync:false": true' in response,
 1467                         response)
 1468 
 1469         # 35
 1470         parameters = {"user": "root", "pass": "T2PIN732866"}
 1471         response = self.app.get(url(controller='validate', action='check'),
 1472                                 params=parameters)
 1473         self.assertTrue('"value": false' in response, response)
 1474 
 1475         # 36
 1476         parameters = {"user": "root", "pass": "T2PIN920079"}
 1477         response = self.app.get(url(controller='validate', action='check'),
 1478                                 params=parameters)
 1479         self.assertTrue('"value": false' in response, response)
 1480 
 1481         self.delete_token("T2")
 1482 
 1483     def test_checkMOtp(self):
 1484 
 1485         self.createMOtpToken()
 1486 
 1487         parameters = {"serial": "M722362"}
 1488         response = self.app.get(url(controller='admin', action='show'),
 1489                                 params=parameters)
 1490         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1491 
 1492         parameters = {"user": "root", "pass": "pin7215e7"}
 1493         response = self.app.get(url(controller='validate', action='check'),
 1494                                 params=parameters)
 1495         self.assertTrue('"value": false' in response, response)
 1496 
 1497         parameters = {"serial": "M722362"}
 1498         response = self.app.get(url(controller='admin', action='show'),
 1499                                 params=parameters)
 1500         self.assertTrue('"LinOtp.FailCount": 1' in response, response)
 1501 
 1502         #
 1503         #    only in selfTest mode, it's allowed to set
 1504         #    the start time for the mobile otp
 1505         #
 1506 
 1507         parameters = {"user": "root", "pass": "pin7215e7", "init": "126753360"}
 1508         response = self.app.get(url(controller='validate', action='check'),
 1509                                 params=parameters)
 1510 
 1511         if self.isSelfTest is True:
 1512             self.assertTrue('"value": true' in response, response)
 1513         else:
 1514             log.error("-------------------------\n"
 1515                       "motp not tested for correctness \n"
 1516                       " please enable 'linotp.selfTest = True' in your *.ini")
 1517 
 1518             self.assertTrue('"value": false' in response, response)
 1519 
 1520         self.delete_token("M722362")
 1521 
 1522     def test_checkOTPAlgo(self):
 1523         """
 1524            The test token shared secret uses the ASCII string value
 1525            "12345678901234567890".  With Time Step X = 30, and the Unix epoch
 1526            as the initial value to count time steps, where T0 = 0, the TOTP
 1527            algorithm will display the following values for specified modes and
 1528            timestamps.
 1529 
 1530           +-------------+--------------+------------------+----------+--------+
 1531           |  Time (sec) |   UTC Time   | Value of T (hex) |   TOTP   |  Mode  |
 1532           +-------------+--------------+------------------+----------+--------+
 1533           |      59     |  1970-01-01  | 0000000000000001 | 94287082 |  SHA1  |
 1534           |             |   00:00:59   |                  |          |        |
 1535           |  1111111109 |  2005-03-18  | 00000000023523EC | 07081804 |  SHA1  |
 1536           |             |   00:00:59   |                  |          |        |
 1537           |  1111111111 |  2005-03-18  | 00000000023523ED | 14050471 |  SHA1  |
 1538           |             |   01:58:31   |                  |          |        |
 1539           |  1234567890 |  2009-02-13  | 000000000273EF07 | 89005924 |  SHA1  |
 1540           |             |   23:31:30   |                  |          |        |
 1541           |  2000000000 |  2033-05-18  | 0000000003F940AA | 69279037 |  SHA1  |
 1542           |             |   03:33:20   |                  |          |        |
 1543           | 20000000000 |  2603-10-11  | 0000000027BC86AA | 65353130 |  SHA1  |
 1544           |             |   11:33:20   |                  |          |        |
 1545 
 1546 
 1547           |      59     |  1970-01-01  | 0000000000000001 | 46119246 | SHA256 |
 1548           |             |   00:00:59   |                  |          |        |
 1549           |  1111111109 |  2005-03-18  | 00000000023523EC | 68084774 | SHA256 |
 1550           |             |   01:58:29   |                  |          |        |
 1551           |  1111111111 |  2005-03-18  | 00000000023523ED | 67062674 | SHA256 |
 1552           |             |   01:58:31   |                  |          |        |
 1553           |  1234567890 |  2009-02-13  | 000000000273EF07 | 91819424 | SHA256 |
 1554           |             |   23:31:30   |                  |          |        |
 1555           |  2000000000 |  2033-05-18  | 0000000003F940AA | 90698825 | SHA256 |
 1556           |             |   03:33:20   |                  |          |        |
 1557           | 20000000000 |  2603-10-11  | 0000000027BC86AA | 77737706 | SHA256 |
 1558           |             |   11:33:20   |                  |          |        |
 1559 
 1560 
 1561           |      59     |  1970-01-01  | 0000000000000001 | 90693936 | SHA512 |
 1562           |             |   01:58:29   |                  |          |        |
 1563           |  1111111109 |  2005-03-18  | 00000000023523EC | 25091201 | SHA512 |
 1564           |             |   01:58:29   |                  |          |        |
 1565           |  1111111111 |  2005-03-18  | 00000000023523ED | 99943326 | SHA512 |
 1566           |             |   01:58:31   |                  |          |        |
 1567           |  1234567890 |  2009-02-13  | 000000000273EF07 | 93441116 | SHA512 |
 1568           |             |   23:31:30   |                  |          |        |
 1569           |  2000000000 |  2033-05-18  | 0000000003F940AA | 38618901 | SHA512 |
 1570           |             |   03:33:20   |                  |          |        |
 1571           | 20000000000 |  2603-10-11  | 0000000027BC86AA | 47863826 | SHA512 |
 1572           |             |   11:33:20   |                  |          |        |
 1573           +-------------+--------------+------------------+----------+--------+
 1574         """
 1575 
 1576         testVector = {
 1577             'SHA1': [(59, '94287082'),
 1578                      (1111111109, '07081804'),
 1579                      (1111111111, '14050471'),
 1580                      (1234567890, '89005924'),
 1581                      (2000000000, '69279037'),
 1582                      (20000000000, '65353130'),
 1583                      ],
 1584             'SHA256': [(59, '46119246'),
 1585                        (1111111109, '68084774'),
 1586                        (1111111111, '67062674'),
 1587                        (1234567890, '91819424'),
 1588                        (2000000000, '90698825'),
 1589                        (20000000000, '77737706'),
 1590                        ],
 1591             'SHA512': [(59, '90693936'),
 1592                        (1111111109, '25091201'),
 1593                        (1111111111, '99943326'),
 1594                        (1234567890, '93441116'),
 1595                        (2000000000, '38618901'),
 1596                        (20000000000, '47863826'),
 1597                        ],
 1598         }
 1599 
 1600         try:
 1601             for hashAlgo in testVector.keys():
 1602                 totp = self.createTOtpToken(hashAlgo)
 1603                 arry = testVector.get(hashAlgo)
 1604                 for tupp in arry:
 1605                     (T0, otp) = tupp
 1606                     val = self.createTOtpValue(totp, T0)
 1607                     assert otp == val
 1608         except Exception as e:
 1609             log.exception("Error in TOTP algorithm!!")
 1610             raise Exception(e)
 1611         return
 1612 
 1613     def test_checkTOtp(self):
 1614 
 1615         self.createTOtpToken("SHA1")
 1616 
 1617         parameters = {"serial": "TOTP"}
 1618         response = self.app.get(url(controller='admin', action='show'),
 1619                                 params=parameters)
 1620         # log.error("response %s\n",response)
 1621         # Test response...
 1622         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1623 
 1624         parameters = {"user": "root", "pass": "pin12345678"}
 1625         response = self.app.get(url(controller='validate', action='check'),
 1626                                 params=parameters)
 1627         # log.error("response %s\n",response)
 1628         # Test response...
 1629         self.assertTrue('"value": false' in response, response)
 1630 
 1631         parameters = {"serial": "TOTP"}
 1632         response = self.app.get(url(controller='admin', action='show'),
 1633                                 params=parameters)
 1634         log.info("1 response /admin/hhow %s\n" % response)
 1635         self.assertTrue('"LinOtp.FailCount": 1' in response, response)
 1636 
 1637         #
 1638         #    only in selfTest mode, it's allowed to set
 1639         #    the start time for the mobile otp
 1640         #    ..
 1641         # |      59     |  1970-01-01  | 0000000000000001 | 94287082 |  SHA1  |
 1642         #     ..
 1643         #
 1644 
 1645         parameters = {"user": "root", "pass": "pin94287082", "init": "59"}
 1646         response = self.app.get(url(controller='validate', action='check'),
 1647                                 params=parameters)
 1648 
 1649         if self.isSelfTest is True:
 1650             self.assertTrue('"value": true' in response, response)
 1651         else:
 1652             log.error("-------------------------\n"
 1653                       "motp not tested for correctness \n"
 1654                       " please enable 'linotp.selfTest = True' in your *.ini")
 1655             self.assertTrue('"value": false' in response, response)
 1656 
 1657         # second test value
 1658         # |  1111111109 |  2005-03-18  | 00000000023523EC | 07081804 |  SHA1  |
 1659         #
 1660 
 1661         parameters = {"user": "root", "pass": "pin07081804",
 1662                       "init": "1111111109"}
 1663         response = self.app.get(url(controller='validate', action='check'),
 1664                                 params=parameters)
 1665 
 1666         if self.isSelfTest is True:
 1667             self.assertTrue('"value": true' in response, response)
 1668         else:
 1669             log.error("-------------------------\n"
 1670                       "totp not tested for correctness \n"
 1671                       " please enable 'linotp.selfTest = True' in your *.ini")
 1672 
 1673             self.assertTrue('"value": false' in response, response)
 1674 
 1675         parameters = {"user": "root", "pass": "pin89005924",
 1676                       "init": "1234567890"}
 1677         response = self.app.get(url(controller='validate', action='check'),
 1678                                 params=parameters)
 1679 
 1680         if self.isSelfTest is True:
 1681             self.assertTrue('"value": true' in response, response)
 1682         else:
 1683             log.error("-------------------------\n"
 1684                       "totp not tested for correctness \n"
 1685                       "please enable 'linotp.selfTest = True' in your *.ini")
 1686 
 1687             self.assertTrue('"value": false' in response, response)
 1688 
 1689         self.delete_token("TOTP")
 1690 
 1691         #
 1692         # |      59     |  1970-01-01  | 0000000000000001 | 46119246 | SHA256 |
 1693         # |             |   00:00:59   |                  |          |        |
 1694         # |      59     |  1970-01-01  | 0000000000000001 | 90693936 | SHA512 |
 1695         #
 1696 
 1697         self.createTOtpToken("SHA256")
 1698 
 1699         parameters = {"user": "root", "pass": "pin46119246", "init": "59"}
 1700         response = self.app.get(url(controller='validate', action='check'),
 1701                                 params=parameters)
 1702 
 1703         if self.isSelfTest is True:
 1704             self.assertTrue('"value": true' in response, response)
 1705         else:
 1706             log.error("""
 1707 -------------------------
 1708 totp not tested for correctness
 1709 please enable 'linotp.selfTest = True' in your *.ini
 1710 """)
 1711             self.assertTrue('"value": false' in response, response)
 1712 
 1713         self.delete_token("TOTP")
 1714 
 1715         self.createTOtpToken("SHA512")
 1716 
 1717         parameters = {"user": "root", "pass": "pin90693936", "init": "59"}
 1718         response = self.app.get(url(controller='validate', action='check'),
 1719                                 params=parameters)
 1720         log.error("response %s\n", response)
 1721 
 1722         if self.isSelfTest is True:
 1723             self.assertTrue('"value": true' in response, response)
 1724         else:
 1725             log.error("-------------------------\n"
 1726                       "totp not tested for correctness \n"
 1727                       "please enable 'linotp.selfTest = True' in your *.ini")
 1728             self.assertTrue('"value": false' in response, response)
 1729 
 1730         self.delete_token("TOTP")
 1731 
 1732     def test_totp_resync(self):
 1733 
 1734         try:
 1735             self.delete_token("TOTP")
 1736         except Exception as exx:
 1737             log.debug("Token does not existed: %r" % exx)
 1738 
 1739         totp = self.createTOtpToken("SHA1")
 1740 
 1741         parameters = {"serial": "TOTP"}
 1742         response = self.app.get(url(controller='admin', action='show'),
 1743                                 params=parameters)
 1744         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1745 
 1746         parameters = {"DefaultSyncWindow": "200"}
 1747         response = self.app.get(url(controller='system', action='setDefault'),
 1748                                 params=parameters)
 1749         self.assertTrue('"set DefaultSyncWindow": true' in response, response)
 1750 
 1751         parameters = {"AutoResync": "true"}
 1752         response = self.app.get(url(controller='system', action='setConfig'),
 1753                                 params=parameters)
 1754         self.assertTrue('setConfig AutoResync:true": true' in response,
 1755                         response)
 1756 
 1757         parameters = {"user": "root", "pass": "pin12345678"}
 1758         response = self.app.get(url(controller='validate', action='check'),
 1759                                 params=parameters)
 1760         self.assertTrue('"value": false' in response, response)
 1761 
 1762         parameters = {"serial": "TOTP"}
 1763         response = self.app.get(url(controller='admin', action='show'),
 1764                                 params=parameters)
 1765         # log.error("response %s\n", response)
 1766         self.assertTrue('"LinOtp.FailCount": 1' in response, response)
 1767 
 1768         #
 1769         #    now test TOTP resync - backward lookup
 1770         #    This test usese the verified HMAC algo
 1771         #    for generating hmac keys
 1772         #
 1773 
 1774         myTime = time.time()
 1775 
 1776         otp1 = self.createTOtpValue(totp, myTime - 100)
 1777         otp2 = self.createTOtpValue(totp, myTime - 70)
 1778 
 1779         parameters = {"user": "root", "otp1": otp1, "otp2": otp2}
 1780         response = self.app.get(url(controller='admin', action='resync'),
 1781                                 params=parameters)
 1782         # self.assertTrue('"value": true' in response
 1783 
 1784         #
 1785         #    now test TOTP resync - forward lookup
 1786         #    This test usese the verified HMAC algo
 1787         #    for generating hmac keys
 1788         #
 1789 
 1790         myTime = time.time()
 1791 
 1792         otp1 = self.createTOtpValue(totp, myTime + 122)
 1793         otp2 = self.createTOtpValue(totp, myTime + 152)
 1794 
 1795         parameters = {"user": "root", "otp1": otp1, "otp2": otp2}
 1796         response = self.app.get(url(controller='admin', action='resync'),
 1797                                 params=parameters)
 1798         self.assertTrue('"value": true' in response, response)
 1799 
 1800         self.delete_token("TOTP")
 1801 
 1802     def test_totp_autosync(self):
 1803         '''
 1804             now let's test the autosync !!!
 1805         '''
 1806 
 1807         parameters = {"DefaultSyncWindow": "200"}
 1808         response = self.app.get(url(controller='system', action='setDefault'),
 1809                                 params=parameters)
 1810         self.assertTrue('"set DefaultSyncWindow": true' in response, response)
 1811 
 1812         parameters = {"AutoResync": "true"}
 1813         response = self.app.get(url(controller='system', action='setConfig'),
 1814                                 params=parameters)
 1815         self.assertTrue('setConfig AutoResync:true": true' in response,
 1816                         response)
 1817 
 1818         try:
 1819             self.delete_token("TOTP")
 1820         except Exception as exx:
 1821             log.debug("Token does not existed: %r" % exx)
 1822 
 1823         totp = self.createTOtpToken("SHA512")
 1824 
 1825         myTime = time.time()
 1826 
 1827         otp1 = self.createTOtpValue(totp, myTime + 255)
 1828         otp2 = self.createTOtpValue(totp, myTime + 286)
 1829 
 1830         parameters = {"user": "root", "pass": "pin" + otp1}
 1831         response = self.app.get(url(controller='validate', action='check'),
 1832                                 params=parameters)
 1833 
 1834         parameters = {"user": "root", "pass": "pin" + otp2}
 1835         response = self.app.get(url(controller='validate', action='check'),
 1836                                 params=parameters)
 1837 
 1838         self.delete_token("TOTP")
 1839 
 1840     def test_failCount(self):
 1841         """
 1842         Idea: test if MaxFailCount works and if Token could not be resetted in
 1843               case of a valid OTP if MaxFailCount exceeded
 1844         """
 1845 
 1846         self.createToken1()
 1847 
 1848         parameters = {"serial": "F722362", "MaxFailCount": "15"}
 1849         response = self.app.get(url(controller='admin', action='set'),
 1850                                 params=parameters)
 1851         self.assertTrue('"set MaxFailCount": 1' in response, response)
 1852 
 1853         parameters = {"user": "root", "pass": "pin870581"}
 1854         response = self.app.get(url(controller='validate', action='check'),
 1855                                 params=parameters)
 1856         self.assertTrue('"value": true' in response, response)
 1857 
 1858         parameters = {"serial": "F722362"}
 1859         response = self.app.get(url(controller='admin', action='show'),
 1860                                 params=parameters)
 1861         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1862 
 1863         # Test if FailCount increments and in case of a valid OTP is resetted
 1864 
 1865         for _i in range(0, 14):
 1866             parameters = {"user": "root", "pass": "pin123456"}
 1867             response = self.app.get(url(controller='validate', action='check'),
 1868                                     params=parameters)
 1869             self.assertTrue('"value": false' in response, response)
 1870 
 1871         parameters = {"serial": "F722362"}
 1872         response = self.app.get(url(controller='admin', action='show'),
 1873                                 params=parameters)
 1874         self.assertTrue('"LinOtp.FailCount": 14' in response, response)
 1875 
 1876         # check all 3 tokens - the last one is it
 1877         parameters = {"user": "root", "pass": "pin818771"}
 1878         response = self.app.get(url(controller='validate', action='check'),
 1879                                 params=parameters)
 1880 
 1881         # Test response...
 1882         self.assertTrue('"value": true' in response, response)
 1883 
 1884         parameters = {"serial": "F722362"}
 1885         response = self.app.get(url(controller='admin', action='show'),
 1886                                 params=parameters)
 1887 
 1888         # Test response...
 1889         self.assertTrue('"LinOtp.Count": 5' in response, response)
 1890         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1891 
 1892         # Test if FailCount increments and in case of a maxFailCount
 1893         # could not be reseted by a valid OTP
 1894 
 1895         for _i in range(0, 15):
 1896             parameters = {"user": "root", "pass": "pin123456"}
 1897             response = self.app.get(url(controller='validate', action='check'),
 1898                                     params=parameters)
 1899             self.assertTrue('"value": false' in response, response)
 1900 
 1901         parameters = {"serial": "F722362"}
 1902         response = self.app.get(url(controller='admin', action='show'),
 1903                                 params=parameters)
 1904         self.assertTrue('"LinOtp.Count": 5' in response, response)
 1905         self.assertTrue('"LinOtp.FailCount": 15' in response, response)
 1906 
 1907         # the reset by a valid OTP must fail and
 1908         # the OTP Count must be incremented anyway
 1909 
 1910         parameters = {"user": "root", "pass": "pin250710"}
 1911         response = self.app.get(url(controller='validate', action='check'),
 1912                                 params=parameters)
 1913         self.assertTrue('"value": false' in response, response)
 1914 
 1915         parameters = {"serial": "F722362"}
 1916         response = self.app.get(url(controller='admin', action='show'),
 1917                                 params=parameters)
 1918 
 1919         # TODO: post merge: verify the real counts
 1920         self.assertTrue('"LinOtp.Count": 5' in response, response)
 1921         self.assertTrue('"LinOtp.FailCount": 16' in response, response)
 1922 
 1923         parameters = {"serial": "F722362"}
 1924         response = self.app.get(url(controller='admin', action='reset'),
 1925                                 params=parameters)
 1926         self.assertTrue('"value": 1' in response, response)
 1927 
 1928         parameters = {"serial": "F722362"}
 1929         response = self.app.get(url(controller='admin', action='show'),
 1930                                 params=parameters)
 1931 
 1932         # TODO: post merge: verify the real counts
 1933         self.assertTrue('"LinOtp.Count": 5' in response, response)
 1934         self.assertTrue('"LinOtp.FailCount": 0' in response, response)
 1935 
 1936         self.delete_token("F722362")
 1937 
 1938     def test_samlcheck(self):
 1939         """
 1940         Test the /validate/samlcheck
 1941         """
 1942         parameters = {
 1943             "serial": "saml0001",
 1944                       "otpkey": "AD8EABE235FC57C815B26CEF3709075580B44738",
 1945                       "user": "root",
 1946                       "pin": "test",
 1947                       "type": "spass"
 1948         }
 1949 
 1950         response = self.app.get(url(controller='admin', action='init'),
 1951                                 params=parameters)
 1952         self.assertTrue('"value": true' in response, response)
 1953 
 1954         parameters = {"allowSamlAttributes": "True"}
 1955         response = self.app.get(url(controller='system', action='setConfig'),
 1956                                 params=parameters)
 1957 
 1958         parameters = {"user": "root", "pass": "test"}
 1959         response = self.app.get(url(controller='validate', action='samlcheck'),
 1960                                 params=parameters)
 1961         self.assertTrue('"auth": true' in response, response)
 1962         self.assertTrue('"username": "root"' in response, response)
 1963 
 1964         self.delete_token("saml0001")
 1965 
 1966     def test_unicode(self):
 1967         '''
 1968         checking /validate/check with corrupted unicode
 1969         '''
 1970         serials = self.createToken()
 1971 
 1972         parameters = {"user": "root", "pass": "\xC0"}
 1973         response = self.app.get(url(controller='validate', action='check'),
 1974                                 params=parameters)
 1975 
 1976         self.assertTrue('"value": false' in response or
 1977                         '"status": false' in response, response)
 1978 
 1979         for serial in serials:
 1980             self.delete_token(serial)
 1981 
 1982         return
 1983 
 1984     def test_simple_check(self):
 1985         '''
 1986         Testing simplecheck
 1987         '''
 1988         serial = 'simple634'
 1989         response = self.app.get(url(controller='admin', action='init'),
 1990                                 params={'type': 'spass',
 1991                                         'user': 'root',
 1992                                         'pin': 'topSecret',
 1993                                         'serial': serial})
 1994         self.assertTrue('"status": true' in response, response)
 1995 
 1996         response = self.app.get(url(controller='validate',
 1997                                     action='simplecheck'),
 1998                                 params={'user': 'root',
 1999                                         'pass': 'topSecret'})
 2000 
 2001         self.assertTrue(':-)' in response, response)
 2002 
 2003         response = self.app.get(url(controller='validate',
 2004                                     action='simplecheck'),
 2005                                 params={'user': 'root',
 2006                                         'pass': 'wrongPW'})
 2007         self.assertTrue(':-(' in response, response)
 2008 
 2009         self.delete_token(serial)
 2010         return
 2011 
 2012     def test_auth_info_detail_standard(self):
 2013         """
 2014         check for additional auth_info in response of the validate check
 2015 
 2016         for the additional authentication information we require the
 2017         additional parameter auth_info=True
 2018 
 2019         Test must cover:
 2020          - simple tokens like spass or pw token
 2021          - hmac
 2022          - yubikey
 2023          - remote token with local and with remote pin split
 2024 
 2025         """
 2026         pin = "Test123!"
 2027         user = "root"
 2028 
 2029         # first check hmac token where most inherit from
 2030         serial, otps = self.create_hmac_token(pin=pin, user=user)
 2031         otp = otps[0]
 2032 
 2033         params = {'user': user,
 2034                   'pass': pin + otp}
 2035         response = self.make_validate_request('check', params=params)
 2036         self.assertTrue('"value": true' in response, response)
 2037 
 2038         jresp = json.loads(response.body)
 2039 
 2040         auth_info = jresp.get('detail', {}).get('auth_info', None)
 2041         self.assertTrue(auth_info is None, response)
 2042 
 2043         otp = otps[1]
 2044         params = {'user': user,
 2045                   'pass': pin + otp,
 2046                   'auth_info': True}
 2047         response = self.make_validate_request('check', params=params)
 2048         self.assertTrue('"value": true' in response, response)
 2049 
 2050         jresp = json.loads(response.body)
 2051 
 2052         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2053         self.assertTrue("pin_length" in pin_list, response)
 2054         self.assertTrue(pin_list[1] == len(pin), response)
 2055 
 2056         otp_list = jresp.get('detail', {}).get('auth_info', [])[1]
 2057         self.assertTrue("otp_length" in otp_list, response)
 2058         self.assertTrue(otp_list[1] == 6, response)
 2059 
 2060         self.delete_token(serial)
 2061 
 2062         # now check spass token
 2063         serial = self.createSpassToken(pin="Test123!", user="root")
 2064         params = {'user': user,
 2065                   'pass': pin,
 2066                   'auth_info': True}
 2067         response = self.make_validate_request('check', params=params)
 2068 
 2069         self.assertTrue('"value": true' in response, response)
 2070 
 2071         jresp = json.loads(response.body)
 2072 
 2073         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2074         self.assertTrue("pin_length" in pin_list, response)
 2075         self.assertTrue(pin_list[1] == len(pin), response)
 2076 
 2077         self.delete_token(serial)
 2078 
 2079         # now check pw token: the pw token requires the fixed pw, which was
 2080         # initially stored on the otpkey
 2081         otpkey = u"123456öäüß"
 2082         u_pin = u'#123ä'
 2083 
 2084         serial = self.createPWToken(pin=u_pin, user=user, otpkey=otpkey)
 2085         params = {'user': user,
 2086                   'pass': u_pin + otpkey,
 2087                   'auth_info': True
 2088                   }
 2089         response = self.make_validate_request('check', params=params)
 2090 
 2091         self.assertTrue('"value": true' in response, response)
 2092 
 2093         jresp = json.loads(response.body)
 2094 
 2095         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2096         self.assertTrue("pin_length" in pin_list, response)
 2097         self.assertTrue(pin_list[1] == len(u_pin), response)
 2098 
 2099         otp_list = jresp.get('detail', {}).get('auth_info', [])[1]
 2100         self.assertTrue("otp_length" in otp_list, response)
 2101         self.assertTrue(otp_list[1] == len(otpkey), response)
 2102 
 2103         self.delete_token(serial)
 2104 
 2105         return
 2106 
 2107     def test_auth_info_detail_yubi(self):
 2108         """
 2109         check for additional auth_info from validate check for yubikey
 2110         """
 2111         user = "root"
 2112         pin = "Test123!"
 2113         serial, otps = self.create_yubi_token(user=user)
 2114 
 2115         params = {'user': user,
 2116                   'pass': otps[0],
 2117                   'auth_info': True
 2118                   }
 2119         response = self.make_validate_request('check', params=params)
 2120 
 2121         self.assertTrue('"value": true' in response, response)
 2122 
 2123         jresp = json.loads(response.body)
 2124 
 2125         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2126         self.assertTrue("pin_length" in pin_list, response)
 2127         self.assertTrue(pin_list[1] == 0, response)
 2128 
 2129         otp_list = jresp.get('detail', {}).get('auth_info', [])[1]
 2130         self.assertTrue("otp_length" in otp_list, response)
 2131         self.assertTrue(otp_list[1] == len(otps[0]), response)
 2132 
 2133         params = {'user': user,
 2134                   'pin': pin,
 2135                   }
 2136         response = self.make_admin_request('set', params=params)
 2137         self.assertTrue('"set pin": ' in response, response)
 2138 
 2139         params = {'user': user,
 2140                   'pass': pin + otps[1],
 2141                   'auth_info': True
 2142                   }
 2143         response = self.make_validate_request('check', params=params)
 2144         self.assertTrue('"value": true' in response, response)
 2145 
 2146         jresp = json.loads(response.body)
 2147 
 2148         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2149         self.assertTrue("pin_length" in pin_list, response)
 2150         self.assertTrue(pin_list[1] == len(pin), response)
 2151 
 2152         otp_list = jresp.get('detail', {}).get('auth_info', [])[1]
 2153         self.assertTrue("otp_length" in otp_list, response)
 2154         self.assertTrue(otp_list[1] == len(otps[0]), response)
 2155 
 2156         self.delete_token(serial)
 2157 
 2158         return
 2159 
 2160     @patch.object(httplib2.Http, 'request', mocked_http_request)
 2161     def test_auth_info_detail_remotetoken(self):
 2162         """
 2163         check for additional auth_info from validate check for remotetoken
 2164         """
 2165         user = "root"
 2166         pin = "Test123!"
 2167 
 2168         # first check hmac token where most inherit from
 2169         target_serial, otps = self.create_hmac_token(pin='', user=user)
 2170         otp_len = len(otps[0])
 2171 
 2172         remote_serial = self.create_remote_token(user=user,
 2173                                                  target_serial=target_serial,
 2174                                                  target_otplen=otp_len,
 2175                                                  pin=pin)
 2176 
 2177         TestValidateController.R_AUTH_DETAIL = {}
 2178 
 2179         params = {'serial': remote_serial,
 2180                   'pass': pin + otps[0],
 2181                   'auth_info': True
 2182                   }
 2183         response = self.make_validate_request('check_s', params=params)
 2184 
 2185         self.assertTrue('"value": true' in response, response)
 2186 
 2187         jresp = json.loads(response.body)
 2188 
 2189         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2190         self.assertTrue("pin_length" in pin_list, response)
 2191         self.assertTrue(pin_list[1] == len(pin), response)
 2192 
 2193         otp_list = jresp.get('detail', {}).get('auth_info', [])[1]
 2194         self.assertTrue("otp_length" in otp_list, response)
 2195         self.assertTrue(otp_list[1] == len(otps[0]), response)
 2196 
 2197         self.delete_token(remote_serial)
 2198 
 2199         remote_serial = self.create_remote_token(user=user,
 2200                                                  target_serial=target_serial,
 2201                                                  target_otplen=otp_len,
 2202                                                  check_pin=0)
 2203 
 2204         TestValidateController.R_AUTH_DETAIL = {
 2205             'auth_info': [('pin_length', len(pin)),
 2206                             ('otp_length', len(otps[0]))
 2207                             ]
 2208         }
 2209 
 2210         params = {'serial': remote_serial,
 2211                   'pass': pin + otps[1],
 2212                   'auth_info': True
 2213                   }
 2214         response = self.make_validate_request('check_s', params=params)
 2215 
 2216         self.assertTrue('"value": true' in response, response)
 2217 
 2218         auth_info = jresp.get('detail', {}).get('auth_info', [])
 2219 
 2220         self.assertTrue(len(auth_info) == 2, response)
 2221 
 2222         pin_list = auth_info[0]
 2223         self.assertTrue("pin_length" in pin_list, response)
 2224         self.assertTrue(pin_list[1] == len(pin), response)
 2225 
 2226         otp_list = auth_info[1]
 2227         self.assertTrue("otp_length" in otp_list, response)
 2228         self.assertTrue(otp_list[1] == len(otps[0]), response)
 2229 
 2230         self.delete_token(target_serial)
 2231         self.delete_token(remote_serial)
 2232 
 2233         TestValidateController.R_AUTH_DETAIL = {}
 2234 
 2235         return
 2236 
 2237     @patch.object(pyrad.client.Client, 'SendPacket', mocked_radius_SendPacket)
 2238     def test_auth_info_detail_radiotoken(self):
 2239         """
 2240         check for additional auth_info from validate check for radiotoken
 2241 
 2242         as the radius could not transfer any additional info, we only could
 2243         deliver auth_info in case of the local pincheck
 2244         """
 2245         user = "root"
 2246         pin = "Test123!"
 2247 
 2248         # first check hmac token where most inherit from
 2249         target_serial, otps = self.create_hmac_token(pin='', user=user)
 2250 
 2251         remote_serial = self.create_radius_token(user=user, pin=pin,
 2252                                                  check_pin=1)
 2253 
 2254         params = {'serial': remote_serial,
 2255                   'pass': pin + otps[0],
 2256                   'auth_info': True
 2257                   }
 2258         response = self.make_validate_request('check_s', params=params)
 2259 
 2260         self.assertTrue('"value": true' in response, response)
 2261 
 2262         jresp = json.loads(response.body)
 2263 
 2264         pin_list = jresp.get('detail', {}).get('auth_info', [])[0]
 2265         self.assertTrue("pin_length" in pin_list, response)
 2266         self.assertTrue(pin_list[1] == len(pin), response)
 2267 
 2268         otp_list = jresp.get('detail', {}).get('auth_info', [])[1]
 2269         self.assertTrue("otp_length" in otp_list, response)
 2270         self.assertTrue(otp_list[1] == len(otps[0]), response)
 2271 
 2272         self.delete_token(target_serial)
 2273         self.delete_token(remote_serial)
 2274 
 2275         return
 2276 
 2277 # eof #########################################################################