func TestOneWayChallengeResponse(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityChallengeToken)
res := exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", cr.StringMessage{Str: cr.GetMessageStr})
var OcraData ocraData
err := json.Unmarshal([]byte(res), &OcraData)
if err != nil {
t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
url, res, err)
}
//Calculate the cleint OTP
otp, err := ocra.GenerateOCRAAdvance(ocraUserDataInfo.OcraSuite, secretCode,
OcraData.Counter, OcraData.ServerQuestion, OcraData.Password, OcraData.SessionID, OcraData.TimeStamp)
logger.Info.Println("The calculated OTP for ocra data:", res, "is:", otp)
if err != nil {
t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
}
OcraData.Otp = otp
data, _ := json.Marshal(OcraData)
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityOtpToken)
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
// 1. Generate token and verify it is OK
// 2. As a root: Update the user privilege, verify the results
// 3. As a root: Update the user privilege to undefined previlege, verify the results are StatusBadRequest
// 4. As a root: Update the root privilege, verify that it is not allowed
// 5. As the user: Update the user privilege, verify that it is not allowed
func TestUpdatePrivilege(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), verifyPath)
data := cr.StringMessage{Str: cr.GetMessageStr}
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data)
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, userName, privilegePath)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
privilege, _ := json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(privilege), okURLJ)
privilege, _ = json.Marshal(privilegePwd{Privilege: "no p"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, privilegePath)
okURLJ = cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, defs.RootUserName)}
privilege, _ = json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, false, clientIP, stRestful.SignKey)
cr.TestSetCookie(cookieStr)
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusMethodNotAllowed, string(privilege), cr.Error{Code: http.StatusMethodNotAllowed})
}
// 1. Check with match OTP code using HOTP/TOTP, verify the results
// 2. Check with not matched code using HOTP/TOTP, verify the results
func TestVerifyHotpCode(t *testing.T) {
var exp string
userName := usersName[0]
initAListOfUsers(t, usersName)
secret, _ := json.Marshal(cr.Secret{Secret: secretCode})
url := resourcePath + "/" + userName
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusCreated, string(secret), okURLJ) // TODO fix it
user, _ := otp.NewSimpleOtpUser([]byte(secretCode), false)
for i := 0; i < 2; i++ {
if i == 0 { // HOTP
exp, _ = user.BaseHotp.AtCount(user.BaseHotp.Count)
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), usersPath, userName, verifyHotpTypeParam)
} else {
exp, _ = user.BaseTotp.Now()
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), usersPath, userName, verifyTotpTypeParam)
}
secret, _ = json.Marshal(cr.Secret{Secret: exp})
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret), cr.Match{Match: true, Message: cr.NoMessageStr})
// The same code can't be used twice
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret), cr.Match{Match: false, Message: cr.NoMessageStr})
}
}
// 2. Reset the user password
// 3. Check that the new password match only once
// 4. Update user password and verify that the new password matched
func TestVerifyResetPassword(t *testing.T) {
userName := usersName[0]
initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[resetUserPasswordCommand]), usersPath, userName, resetUserPwdPath)
secretStr := exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusCreated, cr.GetMessageStr, cr.StringMessage{Str: cr.GetMessageStr})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserPasswordCommand]), usersPath, userName)
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, secretStr, cr.Match{Match: true, Message: cr.NoMessageStr})
secret1, _ := json.Marshal(secretData{secretCode})
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret1), cr.Match{Match: false, Message: cr.NoMessageStr})
}
// Set User blocked to true, false, true and verify the status
func TestSetUserBlockedState(t *testing.T) {
userName := usersName[0]
states := []bool{true, false, true}
initAListOfUsers(t, usersName)
for _, val := range states {
data, _ := json.Marshal(userState{val})
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, userName, blockedStateToken)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), okURLJ) // fix the statusOK
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, userName, blockedStateToken)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", userState{val})
}
}
// Verify errors for the following secenarios:
// 1. Invalid password
// 2. Ilegal password data
// 3. Undefined user
// 4. Reset password for undefined user
func TestErrors(t *testing.T) {
initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
data, _ := json.Marshal(cr.UpdateSecret{OldPassword: "******", NewPassword: "******"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, "", cr.StringMessage{Str: cr.GetMessageStr})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, "undef user", pwdPath)
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusNotFound, string(data), cr.StringMessage{Str: cr.GetMessageStr})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, string(data), cr.StringMessage{Str: cr.GetMessageStr})
// reset undefined user password
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, "undefined user")
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusNotFound, cr.GetMessageStr, cr.StringMessage{Str: cr.GetMessageStr})
}
// Test the following functions: add/get/delete item to/from storage and get storage
// 1. Create a storage, and 2 key-value to the storage
// 2. Get the items and verify their values
// 3. Get the storage information and compare to the expected data
// 4. Delete the items and verify that it is not in the storage
// 5. Remove storage and verify that the list is empty
func TestAddGetDeleteItem(t *testing.T) {
keys := []string{"data1", "data2"}
values := []string{"value1", "value2"}
headerInfo := make(headerMapT)
headerInfo[secretIDParam] = secretCode
initState(t)
okURLJ := cr.URL{URL: fmt.Sprintf("%v", servicePath)}
for i, key := range keys {
url := itemPath
item, _ := json.Marshal(itemData{key, values[i]})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(item), baseHeaderInfo, okURLJ)
headerInfo[keyIDParam] = key
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", headerInfo, itemValue{values[i]})
}
for i, key := range keys {
url := itemPath
headerInfo[keyIDParam] = key
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", headerInfo, itemValue{values[i]})
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", headerInfo, cr.EmptyStr)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, "", headerInfo, cr.Error{Code: http.StatusNotFound})
}
url := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), resourcePath)
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", baseHeaderInfo, cr.EmptyStr)
}
func initState(t *testing.T) {
headerInfo := make(headerMapT)
headerInfo[secretIDParam] = secretCode
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), storagePath)
okURLJ := cr.URL{URL: fmt.Sprintf("%v", servicePath)}
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusCreated, "", baseHeaderInfo, okURLJ)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, cr.GetMessageStr, baseHeaderInfo, cr.StringMessage{Str: cr.GetMessageStr})
}
// 1. Verify that a root login with appropriate password successfully
// 2. Verify that a root login with wrong password fails
// 3. Verify that an unknown user can't login
// 4. Verify that logout works ok
// 5. VErify that undefined user can't login
func TestLogin(t *testing.T) {
loginRoot(t)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
userLogin, _ := json.Marshal(userData{defs.RootUserName, []byte(string(rootPwd + "a"))})
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
userLogin, _ = json.Marshal(userData{defs.RootUserName + "1", []byte(string(rootPwd))})
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), logoutPath)
userLogin, _ = json.Marshal(pUserData{defs.RootUserName, rootPwd})
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
userLogin, _ = json.Marshal(userData{"undef user", []byte(string(rootPwd))})
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})
}
// 1. As a root:
// 1.1 Reset user password
// 1.2 Success get user account info
// 1.3 Fail to reset root user password
// 2. As a user:
// 2.1 login with the new password
// 2.2 Fail to get account info
// 2.3 Change account password
// 2.4 Success get account info
func TestResetPassword(t *testing.T) {
userName := usersName[0]
updatedPwd := secretCode + "1"
initAListOfUsers(t, usersName)
// reset user password
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, userName)
newPwd := exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, cr.GetMessageStr, cr.StringMessage{Str: cr.GetMessageStr})
// fail to reset root user password
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, defs.RootUserName)
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, "", cr.Match{Match: false})
// get user info
url = resourcePath + "/" + userName
data, _ := stRestful.UsersList.GetPropertyAttachedToEntity(userName, propertyName)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data.(*am.AmUserInfo))
// login as user and fail to get user info
d := data.(*am.AmUserInfo)
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, d.Pwd.TemporaryPwd, clientIP, stRestful.SignKey)
cr.TestSetCookie(cookieStr)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusMethodNotAllowed, "", cr.Match{Match: false})
var newPwdStr cr.Secret
json.Unmarshal([]byte(newPwd), &newPwdStr)
// update user account password
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, userName, pwdPath)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: newPwdStr.Secret, NewPassword: updatedPwd})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(pwd), okURLJ)
// login as root and get user info
cookieStr, _ = app.GenerateToken(defs.RootUserName, am.SuperUserPermission, false, clientIP, stRestful.SignKey)
cr.TestSetCookie(cookieStr)
url = resourcePath + "/" + userName
data, _ = stRestful.UsersList.GetPropertyAttachedToEntity(userName, propertyName)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data.(*am.AmUserInfo))
// login as user and get user info
d = data.(*am.AmUserInfo)
cookieStr, _ = app.GenerateToken(userName, am.UserPermission, d.Pwd.TemporaryPwd, clientIP, stRestful.SignKey)
cr.TestSetCookie(cookieStr)
url = resourcePath + "/" + userName
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data.(*am.AmUserInfo))
}
// Verify errors for the following secenarios:
// 1. Verify that simple password is not accepted
// 2. Verify that wrong parameter as password is not accepted
// 3. Verify that put new OPT to undefined user return with error
// 4. Verify that delete OPT from undefined user return with error
// 5. Verify that get block status from undefined user return with error
// 6. Verify that put block status to undefined user return with error
func TestErrors(t *testing.T) {
data, _ := json.Marshal(cr.Secret{Secret: "123"})
sData, _ := json.Marshal(userState{true})
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, usersName[0])
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, string(data), cr.Match{Match: false, Message: cr.NoMessageStr})
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, string(sData), cr.Match{Match: false, Message: cr.NoMessageStr})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, "undef user")
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusNotFound, string(uData), cr.Match{Match: false, Message: cr.NoMessageStr})
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNotFound, string(uData), cr.Match{Match: false, Message: cr.NoMessageStr})
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, "undef user", blockedStateToken)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, string(sData), cr.Match{Match: false, Message: cr.NoMessageStr})
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusNotFound, string(sData), cr.Match{Match: false, Message: cr.NoMessageStr})
// use the wrong object return with error: it is not checked by golang, if it is critical, unmarshal to map and verify the relevant fields can be used
// initAListOfUsers(t, usersName)
// url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, usersName[0], blockedStateToken)
// exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, string(uData), cr.Match{Match: false, Message: cr.NoMessageStr})
}
// Test estGetAllPermissionsOfEntity
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissionsOfEntity(t *testing.T) {
initState()
generateAcl()
baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), entityToken, userName1, resourceToken, resourceName1)
url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
data, _ := acl.GetUserPermissions(stRestful.UsersList, userName1, resourceName1)
res := []string{}
for p := range data {
res = append(res, string(p))
}
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
// Test restGetAllPermissions
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissions(t *testing.T) {
initState()
_, a, _ := generateAcl()
baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionCommand]), permissionsToken, resourceToken, resourceName1)
url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
data := a.GetAllPermissions()
res := []string{}
for p := range data {
res = append(res, string(p))
}
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
// Test restGetWhoUsesAResourcePermission
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getWhoUsesAResourcePermission(t *testing.T) {
initState()
generateAcl()
permission := perAll
baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), resourceToken, resourceName1, permissionsToken, permission)
url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
data := acl.GetWhoUseAPermission(stRestful.UsersList, resourceName1, permission)
res := []string{}
for p := range data {
res = append(res, p)
}
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
// Check that an update key is working as expected
func TestVerifyUpdateKey(t *testing.T) {
userName := usersName[0]
newSecret := secretCode + "aa"
initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserUpdateCommand]), usersPath, userName, keyToken)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
secret, _ := json.Marshal(cr.Secret{Secret: newSecret})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(secret), okURLJ)
OcraData, _ := ocra.NewOcraUser([]byte(newSecret), internalOcraSuite)
url = resourcePath + "/" + userName
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", OcraData)
}
// 1. As a user: Update the password, verify the results
// 2. As a root: Fail to update the password to the root
// 3. As a root: Update the password, verify that it is allowed
func TestUpdatePassword(t *testing.T) {
userName := usersName[0]
// initAListOfUsers(t, usersName)
cookieStr, _ := app.GenerateToken(userName, am.UserPermission, false, clientIP, stRestful.SignKey)
cr.TestSetCookie(cookieStr)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, userName, pwdPath)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "1"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(pwd), okURLJ)
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
okURLJ = cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, defs.RootUserName)}
pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "2"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusMethodNotAllowed, string(pwd), cr.Error{Code: http.StatusMethodNotAllowed})
cookieStr, _ = app.GenerateToken(defs.RootUserName, am.SuperUserPermission, false, clientIP, stRestful.SignKey)
cr.TestSetCookie(cookieStr)
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
okURLJ = cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, defs.RootUserName)}
pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "1"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(pwd), okURLJ)
}
func TestMutualChallengeResponse(t *testing.T) {
var OcraData ocraData
userName := usersName[0]
initAListOfUsers(t, usersName)
OcraData.ClientQuestion = "The client 1"
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep1Token)
data, _ := json.Marshal(cr.StringMessage{Str: OcraData.ClientQuestion})
res := exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), cr.StringMessage{Str: cr.GetMessageStr})
err := json.Unmarshal([]byte(res), &OcraData)
if err != nil {
t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
url, res, err)
t.FailNow()
}
clientOtp, err := ocra.GenerateOCRAAdvance(ocraUserDataInfo.OcraSuite, secretCode,
OcraData.Counter, OcraData.ServerQuestion+OcraData.ClientQuestion, OcraData.Password, OcraData.SessionID, OcraData.TimeStamp)
serverOtp, _ := ocra.GenerateOCRAAdvance(ocraUserDataInfo.OcraSuite, secretCode,
OcraData.Counter, OcraData.ClientQuestion+OcraData.ServerQuestion, OcraData.Password, OcraData.SessionID, OcraData.TimeStamp)
logger.Info.Println("The calculated client OTP for ocra data:", res, "and client question:", OcraData.ClientQuestion, "is:", clientOtp, "the server otp:", serverOtp)
if err != nil {
t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
t.FailNow()
}
if OcraData.Otp != serverOtp {
t.Errorf("Test fail: The calculated server OTP: %v is not as the received OTP: %v", serverOtp, OcraData.Otp)
t.FailNow()
}
url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep2Token)
OcraData.Otp = clientOtp
data, _ = json.Marshal(OcraData)
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
// 2. Check that an update ocraSuite is working as expected
func TestVerifyUpdateOcraSuite(t *testing.T) {
userName := usersName[0]
newOcra := "OCRA-1:HOTP-SHA512-8:C-QH08-T1M-S064-PSHA256"
initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserUpdateCommand]), usersPath, userName, ocraSuiteToken)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
str, _ := json.Marshal(cr.StringMessage{Str: newOcra})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(str), okURLJ)
OcraData, _ := ocra.NewOcraUser([]byte(secretCode), newOcra)
url = resourcePath + "/" + userName
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", OcraData)
}
// 1. Verify that secure storage with simple password cannot be created
// 2. Verify that get of undefined secure storage return an error
// 3. Verify that delete of undefined secure storage return an error
// 4. VErify that add/get/delete item to secure storage with the wrong secret cannot be done
func TestErrors(t *testing.T) {
headerInfo := make(headerMapT)
headerInfo[secretIDParam] = "1234"
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), storagePath)
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, "", headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, cr.GetMessageStr, headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNotFound, cr.GetMessageStr, headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
url = itemPath
item, _ := json.Marshal(itemData{"123", "1"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusNotFound, string(item), headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, string(item), headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNotFound, string(item), headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
}
// Add a permission to resource for a given user and verify that it have it
// Remove the permission for the resource from the user and verify it doesn't have it
func Test_addCheckDeletePermission(t *testing.T) {
initState()
strFmt := "%v/%v"
permission := en.Permission(perRead)
stRestful.UsersList.AddPermission(en.Permission(permission))
baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handlePermissionCommand]),
entityToken, userName1, resourceToken, resourceName1, permissionsToken, permission)
okURLJ := cr.URL{URL: fmt.Sprintf(strFmt, servicePath, baseURL)}
url := fmt.Sprintf(strFmt, resourcePath, baseURL)
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusCreated, "", okURLJ)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", cr.Match{Match: true, Message: ""})
exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})
str := fmt.Sprintf("Permission '%v' doesn't allowed", permission)
exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, "", cr.Error{Code: 0, Message: str})
}
// 1. Check with match password, verify the results
// 2. Check with not matched password, verify the results
// 3. Update user password and verify that the new password matched
// 4. Verify that the old password not matched
func TestVerifyPassword(t *testing.T) {
userName := usersName[0]
secret := initAListOfUsers(t, usersName)
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserPasswordCommand]), usersPath, userName)
okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, secret, cr.Match{Match: true, Message: cr.NoMessageStr})
secret1, _ := json.Marshal(secretData{secretCode + "a"})
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret1), cr.Match{Match: false, Message: cr.NoMessageStr})
secret2, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "a"})
exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(secret2), okURLJ)
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret1), cr.Match{Match: true, Message: cr.NoMessageStr})
exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, secret, cr.Match{Match: false, Message: cr.NoMessageStr})
}
func loginRoot(t *testing.T) {
url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
userLogin, _ := json.Marshal(pUserData{defs.RootUserName, rootPwd})
exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(userLogin), cr.Match{Match: true})
}
