"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.11/linotpd/src/linotp/tests/integration/test_emailtoken.py" (12 Nov 2019, 7038 Bytes) of package /linux/misc/LinOTP-release-2.11.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # -*- coding: utf-8 -*-
    2 #
    3 #    LinOTP - the open source solution for two factor authentication
    4 #    Copyright (C) 2010 - 2019 KeyIdentity GmbH
    5 #
    6 #    This file is part of LinOTP server.
    7 #
    8 #    This program is free software: you can redistribute it and/or
    9 #    modify it under the terms of the GNU Affero General Public
   10 #    License, version 3, as published by the Free Software Foundation.
   11 #
   12 #    This program is distributed in the hope that it will be useful,
   13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 #    GNU Affero General Public License for more details.
   16 #
   17 #    You should have received a copy of the
   18 #               GNU Affero General Public License
   19 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 #
   21 #
   22 #    E-mail: linotp@keyidentity.com
   23 #    Contact: www.linotp.org
   24 #    Support: www.keyidentity.com
   25 #
   26 """LinOTP Selenium Test for e-mail token"""
   27 
   28 from subprocess import check_output, CalledProcessError
   29 import logging
   30 import re
   31 import unittest
   32 
   33 from linotp_selenium_helper import TestCase
   34 from linotp_selenium_helper.user_view import UserView
   35 from linotp_selenium_helper.token_view import TokenView
   36 from linotp_selenium_helper.email_token import EmailToken
   37 from linotp_selenium_helper.helper import get_from_tconfig, is_radius_disabled
   38 from linotp_selenium_helper.validate import Validate
   39 from linotp_selenium_helper.smtp_server import EmailProviderServer
   40 
   41 import integration_data as data
   42 
   43 logger = logging.getLogger(__name__)
   44 
   45 
   46 class TestEmailToken(TestCase):
   47 
   48     def setUp(self):
   49         TestCase.setUp(self)
   50 
   51         self.realm_name = "SE_emailtoken"
   52         self.username = "hans"
   53 
   54         self.email_recipient = "hans@example.local"
   55         self.reset_resolvers_and_realms(
   56             data.sepasswd_resolver, self.realm_name)
   57 
   58         self.email_token_pin = "1234"
   59 
   60         self.token_view = self.manage_ui.token_view
   61         self.token_view.delete_all_tokens()
   62 
   63     def enroll_email_token(self):
   64 
   65         # Enroll e-mail token
   66         user_view = self.manage_ui.user_view
   67         user_view.select_realm(self.realm_name)
   68         user_view.select_user(self.username)
   69         description = "Rolled out by Selenium"
   70         expected_email_address = self.email_recipient
   71         email_token = EmailToken(driver=self.driver,
   72                                  base_url=self.base_url,
   73                                  pin=self.email_token_pin,
   74                                  email=expected_email_address,
   75                                  description=description)
   76         return email_token
   77 
   78 
   79 class TestEmailTokenEnroll(TestEmailToken):
   80 
   81     def test_enroll_token(self):
   82         """
   83         Enroll e-mail token.
   84 
   85         After enrolling it verifies that the token info contains the
   86         correct e-mail.
   87         """
   88         expected_email_address = self.email_recipient
   89         email_token = self.enroll_email_token()
   90 
   91         token_info = self.token_view.get_token_info(email_token.serial)
   92         description = "Rolled out by Selenium"
   93         expected_description = expected_email_address + " " + description
   94         self.assertEqual(expected_email_address, token_info['LinOtp.TokenInfo']['email_address'],
   95                          "Wrong e-mail address was set for e-mail token.")
   96         self.assertEqual(expected_description, token_info['LinOtp.TokenDesc'],
   97                          "Token description doesn't match")
   98 
   99 
  100 class TestEmailTokenAuth(TestEmailToken):
  101 
  102     def setUp(self):
  103         TestEmailToken.setUp(self)
  104         self.enroll_email_token()
  105 
  106     @unittest.skipIf(is_radius_disabled(), "Radius is disabled.")
  107     def test_radius_auth(self):
  108 
  109         def radius_auth(username, realm_name,
  110                         pin, radius_secret,
  111                         radius_server, state=None):
  112             call_array = "python ../../../tools/linotp-auth-radius -f ../../../test.ini".split()
  113             call_array.extend(['-u', username + "@" + realm_name,
  114                                '-p', pin,
  115                                '-s', radius_secret,
  116                                '-r', radius_server])
  117             if state:
  118                 call_array.extend('-t', state)
  119 
  120             logger.debug("Executing %s" % ' '.join(call_array))
  121             try:
  122                 return check_output(call_array)
  123             except CalledProcessError, e:
  124                 assert e.returncode == 0, \
  125                     "radius auth process exit code %s. Command:%s Ouptut:%s" % \
  126                     (e.returncode, ' '.join(e.cmd), e.output)
  127 
  128         radius_server = get_from_tconfig(
  129             ['radius', 'server'],
  130             default=self.http_host.split(':')[0],
  131         )
  132         radius_secret = get_from_tconfig(['radius', 'secret'], required=True)
  133 
  134         with EmailProviderServer(self, 20) as smtpsvc:
  135             # Authenticate with RADIUS
  136             rad1 = radius_auth(
  137                 self.username, self.realm_name,
  138                 self.email_token_pin,
  139                 radius_secret, radius_server)
  140             m = re.search(r"State:\['(\d+)'\]", rad1)
  141             self.assertTrue(m is not None,
  142                             "'State' not found in linotp-auth-radius output. %r" % rad1)
  143             state = m.group(1)
  144             logger.debug("State: %s" % state)
  145 
  146             otp = smtpsvc.get_otp()
  147 
  148         rad2 = radius_auth(
  149             self.username, self.realm_name,
  150             otp, radius_secret,
  151             radius_server, state)
  152         self.assertTrue("Access granted to user " + self.username in rad2,
  153                         "Access not granted to user. %r" % rad2)
  154 
  155     def test_web_api_auth(self):
  156 
  157         with EmailProviderServer(self, 20) as smtpsvc:
  158 
  159             # Authenticate over Web API
  160             validate = Validate(self.http_protocol, self.http_host,
  161                                 self.http_port, self.http_username,
  162                                 self.http_password)
  163             access_granted, validate_resp = validate.validate(user=self.username + "@" + self.realm_name,
  164                                                               password=self.email_token_pin)
  165             self.assertFalse(access_granted,
  166                              "Should return false because this request only triggers the challenge.")
  167             try:
  168                 message = validate_resp['detail']['message']
  169             except KeyError:
  170                 self.fail("detail.message should be present %r" %
  171                           validate_resp)
  172             self.assertEqual(message,
  173                              "e-mail sent successfully",
  174                              "Wrong validate response %r" % validate_resp)
  175             otp = smtpsvc.get_otp()
  176 
  177         access_granted, validate_resp = validate.validate(user=self.username + "@" + self.realm_name,
  178                                                           password=self.email_token_pin + otp)
  179         self.assertTrue(access_granted,
  180                         "Could not authenticate user %s %r" % (self.username, validate_resp))