warpgate/tests/test_http_user_auth_otp.py

174 lines
5.3 KiB
Python
Raw Normal View History

2022-08-14 18:36:49 +08:00
import requests
import pyotp
2022-11-12 00:00:12 +08:00
from base64 import b64decode
from uuid import uuid4
2022-08-14 18:36:49 +08:00
2022-11-12 00:00:12 +08:00
from .api_client import (
api_admin_session,
api_create_target,
api_create_user,
api_create_role,
api_add_role_to_user,
api_add_role_to_target,
)
from .conftest import WarpgateProcess
from .test_http_common import * # noqa
2022-08-14 18:36:49 +08:00
class TestHTTPUserAuthOTP:
def test_auth_otp_success(
self,
otp_key_base32,
2022-11-12 00:00:12 +08:00
otp_key_base64,
echo_server_port,
shared_wg: WarpgateProcess,
2022-08-14 18:36:49 +08:00
):
2022-11-12 00:00:12 +08:00
url = f"https://localhost:{shared_wg.http_port}"
with api_admin_session(url) as session:
role = api_create_role(url, session, {"name": f"role-{uuid4()}"})
user = api_create_user(
url,
session,
{
"username": f"user-{uuid4()}",
"credentials": [
{
"kind": "Password",
"hash": "123",
},
{
"kind": "Totp",
"key": list(b64decode(otp_key_base64)),
},
],
"credential_policy": {
"http": ["Password", "Totp"],
},
},
)
api_add_role_to_user(url, session, user["id"], role["id"])
echo_target = api_create_target(
url,
session,
{
"name": f"echo-{uuid4()}",
"options": {
"kind": "Http",
"url": f"http://localhost:{echo_server_port}",
"tls": {
"mode": "Disabled",
"verify": False,
},
},
},
)
api_add_role_to_target(url, session, echo_target["id"], role["id"])
2022-08-14 18:36:49 +08:00
session = requests.Session()
session.verify = False
totp = pyotp.TOTP(otp_key_base32)
response = session.post(
2022-11-12 00:00:12 +08:00
f"{url}/@warpgate/api/auth/login",
2022-08-14 18:36:49 +08:00
json={
2022-11-12 00:00:12 +08:00
"username": user["username"],
"password": "123",
2022-08-14 18:36:49 +08:00
},
)
assert response.status_code // 100 != 2
response = session.get(
2022-11-12 00:00:12 +08:00
f"{url}/some/path?a=b&warpgate-target={echo_target['name']}&c=d",
allow_redirects=False,
2022-08-14 18:36:49 +08:00
)
assert response.status_code // 100 != 2
response = session.post(
2022-11-12 00:00:12 +08:00
f"{url}/@warpgate/api/auth/otp",
2022-08-14 18:36:49 +08:00
json={
2022-11-12 00:00:12 +08:00
"otp": totp.now(),
2022-08-14 18:36:49 +08:00
},
)
assert response.status_code // 100 == 2
response = session.get(
2022-11-12 00:00:12 +08:00
f"{url}/some/path?a=b&warpgate-target={echo_target['name']}&c=d",
allow_redirects=False,
2022-08-14 18:36:49 +08:00
)
assert response.status_code // 100 == 2
2022-11-12 00:00:12 +08:00
assert response.json()["path"] == "/some/path"
2022-08-14 18:36:49 +08:00
def test_auth_otp_fail(
self,
2022-11-12 00:00:12 +08:00
otp_key_base64,
echo_server_port,
shared_wg: WarpgateProcess,
2022-08-14 18:36:49 +08:00
):
2022-11-12 00:00:12 +08:00
url = f"https://localhost:{shared_wg.http_port}"
with api_admin_session(url) as session:
role = api_create_role(url, session, {"name": f"role-{uuid4()}"})
user = api_create_user(
url,
session,
{
"username": f"user-{uuid4()}",
"credentials": [
{
"kind": "Password",
"hash": "123",
},
{
"kind": "Totp",
"key": list(b64decode(otp_key_base64)),
},
],
"credential_policy": {
"http": ["PublicKey", "Totp"],
},
},
)
api_add_role_to_user(url, session, user["id"], role["id"])
echo_target = api_create_target(
url,
session,
{
"name": f"echo-{uuid4()}",
"options": {
"kind": "Http",
"url": f"http://localhost:{echo_server_port}",
"tls": {
"mode": "Disabled",
"verify": False,
},
},
},
)
api_add_role_to_target(url, session, echo_target["id"], role["id"])
2022-08-14 18:36:49 +08:00
session = requests.Session()
session.verify = False
response = session.post(
2022-11-12 00:00:12 +08:00
f"{url}/@warpgate/api/auth/login",
2022-08-14 18:36:49 +08:00
json={
2022-11-12 00:00:12 +08:00
"username": user["username"],
"password": "123",
2022-08-14 18:36:49 +08:00
},
)
assert response.status_code // 100 != 2
response = session.post(
2022-11-12 00:00:12 +08:00
f"{url}/@warpgate/api/auth/otp",
2022-08-14 18:36:49 +08:00
json={
2022-11-12 00:00:12 +08:00
"otp": "00000000",
2022-08-14 18:36:49 +08:00
},
)
assert response.status_code // 100 != 2
response = session.get(
2022-11-12 00:00:12 +08:00
f"{url}/some/path?a=b&warpgate-target={echo_target['name']}&c=d",
allow_redirects=False,
2022-08-14 18:36:49 +08:00
)
assert response.status_code // 100 != 2