コード例 #1
0
func TestOneWayChallengeResponse(t *testing.T) {
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityChallengeToken)
	res := exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", cr.StringMessage{Str: cr.GetMessageStr})
	var OcraData ocraData
	err := json.Unmarshal([]byte(res), &OcraData)
	if err != nil {
		t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
			url, res, err)
	}
	//Calculate the cleint OTP
	otp, err := ocra.GenerateOCRAAdvance(ocraUserDataInfo.OcraSuite, secretCode,
		OcraData.Counter, OcraData.ServerQuestion, OcraData.Password, OcraData.SessionID, OcraData.TimeStamp)
	logger.Info.Println("The calculated OTP for ocra data:", res, "is:", otp)
	if err != nil {
		t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
	}
	OcraData.Otp = otp
	data, _ := json.Marshal(OcraData)
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityOtpToken)
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
コード例 #2
0
// 1. Generate token and verify it is OK
// 2. As a root: Update the user privilege, verify the results
// 3. As a root: Update the user privilege to undefined previlege, verify the results are StatusBadRequest
// 4. As a root: Update the root privilege, verify that it is not allowed
// 5. As the user: Update the user privilege, verify that it is not allowed
func TestUpdatePrivilege(t *testing.T) {
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), verifyPath)
	data := cr.StringMessage{Str: cr.GetMessageStr}
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data)

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, userName, privilegePath)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	privilege, _ := json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(privilege), okURLJ)

	privilege, _ = json.Marshal(privilegePwd{Privilege: "no p"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, privilegePath)
	okURLJ = cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, defs.RootUserName)}
	privilege, _ = json.Marshal(privilegePwd{Privilege: am.SuperUserPermission})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, string(privilege), cr.Error{Code: http.StatusBadRequest})

	cookieStr, _ := app.GenerateToken(userName, am.UserPermission, false, clientIP, stRestful.SignKey)
	cr.TestSetCookie(cookieStr)
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusMethodNotAllowed, string(privilege), cr.Error{Code: http.StatusMethodNotAllowed})
}
コード例 #3
0
// 1. Check with match OTP code using HOTP/TOTP, verify the results
// 2. Check with not matched code using HOTP/TOTP, verify the results
func TestVerifyHotpCode(t *testing.T) {
	var exp string
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	secret, _ := json.Marshal(cr.Secret{Secret: secretCode})
	url := resourcePath + "/" + userName
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusCreated, string(secret), okURLJ) // TODO fix it
	user, _ := otp.NewSimpleOtpUser([]byte(secretCode), false)

	for i := 0; i < 2; i++ {
		if i == 0 { // HOTP
			exp, _ = user.BaseHotp.AtCount(user.BaseHotp.Count)
			url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), usersPath, userName, verifyHotpTypeParam)
		} else {
			exp, _ = user.BaseTotp.Now()
			url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), usersPath, userName, verifyTotpTypeParam)
		}
		secret, _ = json.Marshal(cr.Secret{Secret: exp})
		exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret), cr.Match{Match: true, Message: cr.NoMessageStr})
		// The same code can't be used twice
		exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret), cr.Match{Match: false, Message: cr.NoMessageStr})
	}
}
コード例 #4
0
// 2. Reset the user password
// 3. Check that the new password match only once
// 4. Update user password and verify that the new password matched
func TestVerifyResetPassword(t *testing.T) {
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[resetUserPasswordCommand]), usersPath, userName, resetUserPwdPath)
	secretStr := exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusCreated, cr.GetMessageStr, cr.StringMessage{Str: cr.GetMessageStr})

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserPasswordCommand]), usersPath, userName)
	exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, secretStr, cr.Match{Match: true, Message: cr.NoMessageStr})

	secret1, _ := json.Marshal(secretData{secretCode})
	exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret1), cr.Match{Match: false, Message: cr.NoMessageStr})
}
コード例 #5
0
// Set User blocked to true, false, true and verify the status
func TestSetUserBlockedState(t *testing.T) {
	userName := usersName[0]
	states := []bool{true, false, true}

	initAListOfUsers(t, usersName)

	for _, val := range states {
		data, _ := json.Marshal(userState{val})
		url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, userName, blockedStateToken)
		okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
		exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), okURLJ) // fix the statusOK
		url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, userName, blockedStateToken)
		exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", userState{val})
	}
}
コード例 #6
0
// Verify errors for the following secenarios:
// 1. Invalid password
// 2. Ilegal password data
// 3. Undefined user
// 4. Reset password for undefined user
func TestErrors(t *testing.T) {
	initAListOfUsers(t, usersName)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
	data, _ := json.Marshal(cr.UpdateSecret{OldPassword: "******", NewPassword: "******"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, "", cr.StringMessage{Str: cr.GetMessageStr})
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, "undef user", pwdPath)
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusNotFound, string(data), cr.StringMessage{Str: cr.GetMessageStr})
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, string(data), cr.StringMessage{Str: cr.GetMessageStr})

	// reset undefined user password
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, "undefined user")
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusNotFound, cr.GetMessageStr, cr.StringMessage{Str: cr.GetMessageStr})
}
// Test the following functions: add/get/delete item to/from storage and get storage
// 1. Create a storage, and 2 key-value to the storage
// 2. Get the items and verify their values
// 3. Get the storage information and compare to the expected data
// 4. Delete the items and verify that it is not in the storage
// 5. Remove storage and verify that the list is empty
func TestAddGetDeleteItem(t *testing.T) {
	keys := []string{"data1", "data2"}
	values := []string{"value1", "value2"}
	headerInfo := make(headerMapT)

	headerInfo[secretIDParam] = secretCode
	initState(t)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v", servicePath)}
	for i, key := range keys {
		url := itemPath
		item, _ := json.Marshal(itemData{key, values[i]})
		exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(item), baseHeaderInfo, okURLJ)
		headerInfo[keyIDParam] = key
		exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", headerInfo, itemValue{values[i]})
	}

	for i, key := range keys {
		url := itemPath
		headerInfo[keyIDParam] = key
		exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", headerInfo, itemValue{values[i]})
		exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", headerInfo, cr.EmptyStr)
		exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, "", headerInfo, cr.Error{Code: http.StatusNotFound})
	}
	url := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), resourcePath)
	exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", baseHeaderInfo, cr.EmptyStr)
}
func initState(t *testing.T) {
	headerInfo := make(headerMapT)
	headerInfo[secretIDParam] = secretCode
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), storagePath)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v", servicePath)}
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusCreated, "", baseHeaderInfo, okURLJ)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, cr.GetMessageStr, baseHeaderInfo, cr.StringMessage{Str: cr.GetMessageStr})
}
コード例 #9
0
// 1. Verify that a root login with appropriate password successfully
// 2. Verify that a root login with wrong password fails
// 3. Verify that an unknown user can't login
// 4. Verify that logout works ok
// 5. VErify that undefined user can't login
func TestLogin(t *testing.T) {
	loginRoot(t)
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
	userLogin, _ := json.Marshal(userData{defs.RootUserName, []byte(string(rootPwd + "a"))})
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
	userLogin, _ = json.Marshal(userData{defs.RootUserName + "1", []byte(string(rootPwd))})
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), logoutPath)
	userLogin, _ = json.Marshal(pUserData{defs.RootUserName, rootPwd})
	exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
	userLogin, _ = json.Marshal(userData{"undef user", []byte(string(rootPwd))})
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusMethodNotAllowed, string(userLogin), cr.Match{Match: false})
}
コード例 #10
0
// 1. As a root:
//	1.1 Reset user password
//	1.2 Success get user account info
//	1.3 Fail to reset root user password
// 2. As a user:
//	2.1 login with the new password
//	2.2 Fail to get account info
//	2.3 Change account password
//	2.4 Success get account info
func TestResetPassword(t *testing.T) {
	userName := usersName[0]
	updatedPwd := secretCode + "1"

	initAListOfUsers(t, usersName)
	// reset user password
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, userName)
	newPwd := exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, cr.GetMessageStr, cr.StringMessage{Str: cr.GetMessageStr})

	// fail to reset root user password
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, defs.RootUserName)
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusBadRequest, "", cr.Match{Match: false})

	// get user info
	url = resourcePath + "/" + userName
	data, _ := stRestful.UsersList.GetPropertyAttachedToEntity(userName, propertyName)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data.(*am.AmUserInfo))

	// login as user and fail to get user info
	d := data.(*am.AmUserInfo)
	cookieStr, _ := app.GenerateToken(userName, am.UserPermission, d.Pwd.TemporaryPwd, clientIP, stRestful.SignKey)
	cr.TestSetCookie(cookieStr)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusMethodNotAllowed, "", cr.Match{Match: false})

	var newPwdStr cr.Secret
	json.Unmarshal([]byte(newPwd), &newPwdStr)
	// update user account password
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, userName, pwdPath)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: newPwdStr.Secret, NewPassword: updatedPwd})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(pwd), okURLJ)

	// login as root and get user info
	cookieStr, _ = app.GenerateToken(defs.RootUserName, am.SuperUserPermission, false, clientIP, stRestful.SignKey)
	cr.TestSetCookie(cookieStr)
	url = resourcePath + "/" + userName
	data, _ = stRestful.UsersList.GetPropertyAttachedToEntity(userName, propertyName)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data.(*am.AmUserInfo))

	// login as user and get user info
	d = data.(*am.AmUserInfo)
	cookieStr, _ = app.GenerateToken(userName, am.UserPermission, d.Pwd.TemporaryPwd, clientIP, stRestful.SignKey)
	cr.TestSetCookie(cookieStr)
	url = resourcePath + "/" + userName
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", data.(*am.AmUserInfo))
}
コード例 #11
0
// Verify errors for the following secenarios:
// 1. Verify that simple password is not accepted
// 2. Verify that wrong parameter as password is not accepted
// 3. Verify that put new OPT to undefined user return with error
// 4. Verify that delete OPT from undefined user return with error
// 5. Verify that get block status from undefined user return with error
// 6. Verify that put block status to undefined user return with error
func TestErrors(t *testing.T) {
	data, _ := json.Marshal(cr.Secret{Secret: "123"})
	sData, _ := json.Marshal(userState{true})

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, usersName[0])
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, string(data), cr.Match{Match: false, Message: cr.NoMessageStr})
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, string(sData), cr.Match{Match: false, Message: cr.NoMessageStr})
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserCommand]), usersPath, "undef user")
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusNotFound, string(uData), cr.Match{Match: false, Message: cr.NoMessageStr})
	exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNotFound, string(uData), cr.Match{Match: false, Message: cr.NoMessageStr})

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, "undef user", blockedStateToken)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, string(sData), cr.Match{Match: false, Message: cr.NoMessageStr})
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusNotFound, string(sData), cr.Match{Match: false, Message: cr.NoMessageStr})

	// use the wrong object return with error: it is not checked by golang, if it is critical, unmarshal to map and verify the relevant fields can be used
	//	initAListOfUsers(t, usersName)
	//	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserBlockCommand]), usersPath, usersName[0], blockedStateToken)
	//	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, string(uData), cr.Match{Match: false, Message: cr.NoMessageStr})
}
コード例 #12
0
// Test estGetAllPermissionsOfEntity
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissionsOfEntity(t *testing.T) {
	initState()
	generateAcl()
	baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), entityToken, userName1, resourceToken, resourceName1)
	url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
	data, _ := acl.GetUserPermissions(stRestful.UsersList, userName1, resourceName1)
	res := []string{}
	for p := range data {
		res = append(res, string(p))
	}
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
コード例 #13
0
// Test restGetAllPermissions
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getAllPermissions(t *testing.T) {
	initState()
	_, a, _ := generateAcl()
	baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionCommand]), permissionsToken, resourceToken, resourceName1)
	url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
	data := a.GetAllPermissions()
	res := []string{}
	for p := range data {
		res = append(res, string(p))
	}
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
コード例 #14
0
// Test restGetWhoUsesAResourcePermission
// Add a set of permissions to resource for a given users list and verify that the respobse is as expected
func Test_getWhoUsesAResourcePermission(t *testing.T) {
	initState()
	generateAcl()
	permission := perAll
	baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[getAllPermissionsOfEntityCommand]), resourceToken, resourceName1, permissionsToken, permission)
	url := fmt.Sprintf("%v/%v", resourcePath, baseURL)
	data := acl.GetWhoUseAPermission(stRestful.UsersList, resourceName1, permission)
	res := []string{}
	for p := range data {
		res = append(res, p)
	}
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", res)
}
コード例 #15
0
// Check that an update key is working as expected
func TestVerifyUpdateKey(t *testing.T) {
	userName := usersName[0]
	newSecret := secretCode + "aa"

	initAListOfUsers(t, usersName)
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserUpdateCommand]), usersPath, userName, keyToken)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	secret, _ := json.Marshal(cr.Secret{Secret: newSecret})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(secret), okURLJ)

	OcraData, _ := ocra.NewOcraUser([]byte(newSecret), internalOcraSuite)
	url = resourcePath + "/" + userName
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", OcraData)
}
コード例 #16
0
// 1. As a user: Update the password, verify the results
// 2. As a root: Fail to update the password to the root
// 3. As a root: Update the password, verify that it is allowed
func TestUpdatePassword(t *testing.T) {
	userName := usersName[0]

	//	initAListOfUsers(t, usersName)
	cookieStr, _ := app.GenerateToken(userName, am.UserPermission, false, clientIP, stRestful.SignKey)
	cr.TestSetCookie(cookieStr)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, userName, pwdPath)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	pwd, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "1"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(pwd), okURLJ)

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
	okURLJ = cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, defs.RootUserName)}
	pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "2"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusMethodNotAllowed, string(pwd), cr.Error{Code: http.StatusMethodNotAllowed})

	cookieStr, _ = app.GenerateToken(defs.RootUserName, am.SuperUserPermission, false, clientIP, stRestful.SignKey)
	cr.TestSetCookie(cookieStr)
	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserPwdCommand]), usersPath, defs.RootUserName, pwdPath)
	okURLJ = cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, defs.RootUserName)}
	pwd, _ = json.Marshal(cr.UpdateSecret{OldPassword: rootPwd, NewPassword: secretCode + "1"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(pwd), okURLJ)
}
コード例 #17
0
func TestMutualChallengeResponse(t *testing.T) {
	var OcraData ocraData
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	OcraData.ClientQuestion = "The client 1"
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep1Token)
	data, _ := json.Marshal(cr.StringMessage{Str: OcraData.ClientQuestion})
	res := exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), cr.StringMessage{Str: cr.GetMessageStr})
	err := json.Unmarshal([]byte(res), &OcraData)
	if err != nil {
		t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
			url, res, err)
		t.FailNow()
	}
	clientOtp, err := ocra.GenerateOCRAAdvance(ocraUserDataInfo.OcraSuite, secretCode,
		OcraData.Counter, OcraData.ServerQuestion+OcraData.ClientQuestion, OcraData.Password, OcraData.SessionID, OcraData.TimeStamp)
	serverOtp, _ := ocra.GenerateOCRAAdvance(ocraUserDataInfo.OcraSuite, secretCode,
		OcraData.Counter, OcraData.ClientQuestion+OcraData.ServerQuestion, OcraData.Password, OcraData.SessionID, OcraData.TimeStamp)
	logger.Info.Println("The calculated client OTP for ocra data:", res, "and client question:", OcraData.ClientQuestion, "is:", clientOtp, "the server otp:", serverOtp)
	if err != nil {
		t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
		t.FailNow()
	}

	if OcraData.Otp != serverOtp {
		t.Errorf("Test fail: The calculated server OTP: %v is not as the received OTP: %v", serverOtp, OcraData.Otp)
		t.FailNow()
	}

	url = listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep2Token)
	OcraData.Otp = clientOtp
	data, _ = json.Marshal(OcraData)
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
コード例 #18
0
// 2. Check that an update ocraSuite is working as expected
func TestVerifyUpdateOcraSuite(t *testing.T) {
	userName := usersName[0]
	newOcra := "OCRA-1:HOTP-SHA512-8:C-QH08-T1M-S064-PSHA256"

	initAListOfUsers(t, usersName)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleUserUpdateCommand]), usersPath, userName, ocraSuiteToken)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	str, _ := json.Marshal(cr.StringMessage{Str: newOcra})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(str), okURLJ)

	OcraData, _ := ocra.NewOcraUser([]byte(secretCode), newOcra)
	url = resourcePath + "/" + userName
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", OcraData)
}
// 1. Verify that secure storage with simple password cannot be created
// 2. Verify that get of undefined secure storage return an error
// 3. Verify that delete of undefined secure storage return an error
// 4. VErify that add/get/delete item to secure storage with the wrong secret cannot be done
func TestErrors(t *testing.T) {
	headerInfo := make(headerMapT)
	headerInfo[secretIDParam] = "1234"
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleStorageCommand]), storagePath)
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusBadRequest, "", headerInfo, cr.StringMessage{Str: cr.GetMessageStr})

	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, cr.GetMessageStr, headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
	exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNotFound, cr.GetMessageStr, headerInfo, cr.StringMessage{Str: cr.GetMessageStr})

	url = itemPath
	item, _ := json.Marshal(itemData{"123", "1"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusNotFound, string(item), headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, string(item), headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
	exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNotFound, string(item), headerInfo, cr.StringMessage{Str: cr.GetMessageStr})
}
コード例 #20
0
// Add a permission to resource for a given user and verify that it have it
// Remove the permission for the resource from the user and verify it doesn't have it
func Test_addCheckDeletePermission(t *testing.T) {
	initState()
	strFmt := "%v/%v"
	permission := en.Permission(perRead)

	stRestful.UsersList.AddPermission(en.Permission(permission))
	baseURL := fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handlePermissionCommand]),
		entityToken, userName1, resourceToken, resourceName1, permissionsToken, permission)
	okURLJ := cr.URL{URL: fmt.Sprintf(strFmt, servicePath, baseURL)}
	url := fmt.Sprintf(strFmt, resourcePath, baseURL)
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusCreated, "", okURLJ)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusOK, "", cr.Match{Match: true, Message: ""})
	exeCommandCheckRes(t, cr.HTTPDeleteStr, url, http.StatusNoContent, "", cr.StringMessage{Str: ""})
	str := fmt.Sprintf("Permission '%v' doesn't allowed", permission)
	exeCommandCheckRes(t, cr.HTTPGetStr, url, http.StatusNotFound, "", cr.Error{Code: 0, Message: str})
}
コード例 #21
0
// 1. Check with match password, verify the results
// 2. Check with not matched password, verify the results
// 3. Update user password and verify that the new password matched
// 4. Verify that the old password not matched
func TestVerifyPassword(t *testing.T) {
	userName := usersName[0]

	secret := initAListOfUsers(t, usersName)

	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserPasswordCommand]), usersPath, userName)
	okURLJ := cr.URL{URL: fmt.Sprintf("%v/%v", servicePath, userName)}
	exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, secret, cr.Match{Match: true, Message: cr.NoMessageStr})

	secret1, _ := json.Marshal(secretData{secretCode + "a"})
	exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret1), cr.Match{Match: false, Message: cr.NoMessageStr})

	secret2, _ := json.Marshal(cr.UpdateSecret{OldPassword: secretCode, NewPassword: secretCode + "a"})
	exeCommandCheckRes(t, cr.HTTPPatchStr, url, http.StatusCreated, string(secret2), okURLJ)
	exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, string(secret1), cr.Match{Match: true, Message: cr.NoMessageStr})
	exeCommandCheckRes(t, cr.HTTPPostStr, url, http.StatusOK, secret, cr.Match{Match: false, Message: cr.NoMessageStr})
}
コード例 #22
0
func loginRoot(t *testing.T) {
	url := listener + servicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[handleAuthenticateCommand]), userPath)
	userLogin, _ := json.Marshal(pUserData{defs.RootUserName, rootPwd})
	exeCommandCheckRes(t, cr.HTTPPutStr, url, http.StatusOK, string(userLogin), cr.Match{Match: true})
}