search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tests: Adapt utf8locale to musl
[libisds.git] / test / simline / totp_isds_change_password.c
blob525678c7a61ea36de682b9375470855b053da303
1 #ifndef _POSIX_SOURCE
2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
3 #endif
4
5 #ifndef _BSD_SOURCE
6 #define _BSD_SOURCE /* For NI_MAXHOST up to glibc-2.19 */
7 #endif
8 #ifndef _DEFAULT_SOURCE
9 #define _DEFAULT_SOURCE /* For NI_MAXHOST since glibc-2.20 */
10 #endif
11
12 #ifndef _XOPEN_SOURCE
13 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
14 #endif
15
16 #include "../test.h"
17 #include "server.h"
18 #include "isds.h"
19
20 static const char *username = "Doug1as$";
21 static const char *password = "42aA#bc8";
22 static const char *otp_code = "314";
23
24
25 static int test_login(const isds_error error,
26 const isds_otp_resolution resolution, struct isds_ctx *context,
27 const char *url, const char *username, const char *password,
28 const struct isds_pki_credentials *pki_credentials,
29 struct isds_otp *otp) {
30 isds_error err;
31
32 err = isds_login(context, url, username, password, pki_credentials, otp);
33 if (error != err)
34 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
35 isds_strerror(error), isds_strerror(err),
36 isds_long_message(context));
37 if (otp != NULL && resolution != otp->resolution)
38 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
39 resolution, otp->resolution, isds_long_message(context));
40
41
42 PASS_TEST;
43 }
44
45
46 static int test_isds_change_password(const isds_error error,
47 const isds_otp_resolution resolution, const char *reference_number,
48 struct isds_ctx *context, const char *old_password,
49 const char *new_password, struct isds_otp *otp, char **refnum) {
50 isds_error err;
51
52 err = isds_change_password(context, old_password, new_password, otp,
53 refnum);
54 if (error != err)
55 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
56 isds_strerror(error), isds_strerror(err),
57 isds_long_message(context));
58 if (otp != NULL && resolution != otp->resolution)
59 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
60 resolution, otp->resolution, isds_long_message(context));
61 if (NULL != refnum)
62 TEST_STRING_DUPLICITY(reference_number, *refnum);
63
64 PASS_TEST;
65 }
66
67 int main(void) {
68 int error;
69 pid_t server_process;
70 struct isds_ctx *context = NULL;
71 char *url = NULL;
72 char *refnum = NULL;
73 struct isds_otp otp_credentials = {
74 .method = OTP_TIME
75 };
76 const struct arguments_asws_changePassword_ChangePasswordOTP
77 passwd_arguments = {
78 .username = username,
79 .current_password = password,
80 .method = AUTH_OTP_TIME,
81 .reference_number = "42"
82 };
83 struct arguments_asws_changePassword_SendSMSCode
84 sendsmscode_arguments = {
85 .status_code = "0000",
86 .status_message = "One-time password sent via SMS gateway",
87 .reference_number = "43"
88 };
89 const struct service_configuration services[] = {
90 { SERVICE_DS_Dz_DummyOperation, NULL },
91 { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
92 { SERVICE_asws_changePassword_SendSMSCode, &sendsmscode_arguments },
93 { SERVICE_END, NULL }
94 };
95 const struct arguments_otp_authentication server_arguments = {
96 .method = AUTH_OTP_TIME,
97 .username = username,
98 .password = password,
99 .otp = (char *) otp_code,
100 .isds_deviations = 1,
101 .services = services
102 };
103
104
105 INIT_TEST("isds_change_password with TOTP");
106
107 if (unsetenv("http_proxy")) {
108 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
109 }
110 if (isds_init()) {
111 isds_cleanup();
112 ABORT_UNIT("isds_init() failed\n");
113 }
114 context = isds_ctx_create();
115 if (!context) {
116 isds_cleanup();
117 ABORT_UNIT("isds_ctx_create() failed\n");
118 }
119
120 {
121 sendsmscode_arguments.status_code = "0000";
122 sendsmscode_arguments.status_message =
123 "One-time password sent via SMS gateway";
124 error = start_server(&server_process, &url,
125 server_otp_authentication, &server_arguments, NULL);
126 if (error == -1) {
127 isds_ctx_free(&context);
128 isds_cleanup();
129 ABORT_UNIT(server_error);
130 }
131
132 otp_credentials.otp_code = (char *) otp_code;
133 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
134 context, url, username, password, NULL, &otp_credentials);
135
136 /* First phase of authentication */
137 otp_credentials.otp_code = NULL;
138 TEST("First phase with invalid password", test_isds_change_password,
139 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
140 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
141 otp_credentials.otp_code = NULL;
142 TEST("First phase with valid password", test_isds_change_password,
143 IE_PARTIAL_SUCCESS, OTP_RESOLUTION_TOTP_SENT, "43",
144 context, password, "h2k$Aana", &otp_credentials, &refnum);
145
146 /* Second phase of authentication */
147 otp_credentials.otp_code = (char *) otp_code;
148 TEST("Second phase with invalid password", test_isds_change_password,
149 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
150 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
151 /* XXX: There is bug in curl < 7.28.0 when authorization header is not
152 * sent on second attempt after 401 response. Fixed by upstream commit
153 * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
154 * to use new CURL handle. */
155 TEST("Second phase with invalid password 2", test_isds_change_password,
156 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
157 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
158 otp_credentials.otp_code = "666";
159 TEST("Second phase with valid password but invalid OTP code",
160 test_isds_change_password,
161 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
162 context, password, "h2k$Aana", &otp_credentials, &refnum);
163
164 /* Checks for new password */
165 otp_credentials.otp_code = (char *) otp_code;
166 TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
167 OTP_RESOLUTION_SUCCESS, "42",
168 context, password, "aB34567", &otp_credentials, &refnum);
169 TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
170 OTP_RESOLUTION_SUCCESS, "42",
171 context, password, "aB3456789112345678921234567893123",
172 &otp_credentials, &refnum);
173 TEST("no upper case letter", test_isds_change_password, IE_INVAL,
174 OTP_RESOLUTION_SUCCESS, "42",
175 context, password, "1bcdefgh", &otp_credentials, &refnum);
176 TEST("no lower case letter", test_isds_change_password, IE_INVAL,
177 OTP_RESOLUTION_SUCCESS, "42",
178 context, password, "1BCDEFGH", &otp_credentials, &refnum);
179 TEST("no digit", test_isds_change_password, IE_INVAL,
180 OTP_RESOLUTION_SUCCESS, "42",
181 context, password, "aBCDEFGH", &otp_credentials, &refnum);
182 TEST("forbidden space", test_isds_change_password, IE_INVAL,
183 OTP_RESOLUTION_SUCCESS, "42",
184 context, password, " h2k$Aan", &otp_credentials, &refnum);
185 TEST("reused password", test_isds_change_password, IE_INVAL,
186 OTP_RESOLUTION_SUCCESS, "42",
187 context, password, password, &otp_credentials, &refnum);
188 TEST("password contains user ID", test_isds_change_password, IE_INVAL,
189 OTP_RESOLUTION_SUCCESS, "42",
190 context, password, username, &otp_credentials, &refnum);
191 TEST("sequence of the same characters", test_isds_change_password,
192 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
193 context, password, "h222k$Aa", &otp_credentials, &refnum);
194 TEST("forbiden prefix qwert", test_isds_change_password,
195 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
196 context, password, "qwert$A8", &otp_credentials, &refnum);
197 TEST("forbiden prefix asdgf", test_isds_change_password,
198 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
199 context, password, "asdgf$A8", &otp_credentials, &refnum);
200 TEST("forbiden prefix 12345", test_isds_change_password,
201 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
202 context, password, "12345$Aa", &otp_credentials, &refnum);
203 TEST("valid request", test_isds_change_password, IE_SUCCESS,
204 OTP_RESOLUTION_SUCCESS, "42",
205 context, password, "h2k$Aana", &otp_credentials, &refnum);
206
207 free(refnum);
208 refnum = NULL;
209 isds_logout(context);
210 if (stop_server(server_process)) {
211 isds_ctx_free(&context);
212 isds_cleanup();
213 ABORT_UNIT(server_error);
214 }
215
216 free(url);
217 url = NULL;
218 }
219
220 {
221 sendsmscode_arguments.status_code = "2301";
222 sendsmscode_arguments.status_message =
223 "One-time code cannot be re-send faster than once a 30 seconds";
224 error = start_server(&server_process, &url,
225 server_otp_authentication, &server_arguments, NULL);
226 if (error == -1) {
227 isds_ctx_free(&context);
228 isds_cleanup();
229 ABORT_UNIT(server_error);
230 }
231
232 otp_credentials.otp_code = (char *) otp_code;
233 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
234 context, url, username, password, NULL, &otp_credentials);
235
236 /* First phase of authentication */
237 otp_credentials.otp_code = NULL;
238 TEST("SendSMSCode cannot send so fast", test_isds_change_password,
239 IE_ISDS, OTP_RESOLUTION_TO_FAST, "43",
240 context, password, "h2k$Aana", &otp_credentials, &refnum);
241
242 free(refnum);
243 refnum = NULL;
244 isds_logout(context);
245 if (stop_server(server_process)) {
246 isds_ctx_free(&context);
247 isds_cleanup();
248 ABORT_UNIT(server_error);
249 }
250 free(url);
251 url = NULL;
252 }
253
254 {
255 sendsmscode_arguments.status_code = "2302";
256 sendsmscode_arguments.status_message =
257 "One-time code could not been sent. Try later again.";
258 error = start_server(&server_process, &url,
259 server_otp_authentication, &server_arguments, NULL);
260 if (error == -1) {
261 isds_ctx_free(&context);
262 isds_cleanup();
263 ABORT_UNIT(server_error);
264 }
265
266 otp_credentials.otp_code = (char *) otp_code;
267 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
268 context, url, username, password, NULL, &otp_credentials);
269
270 /* First phase of authentication */
271 otp_credentials.otp_code = NULL;
272 TEST("SendSMSCode cannot send", test_isds_change_password,
273 IE_ISDS, OTP_RESOLUTION_TOTP_NOT_SENT, "43",
274 context, password, "h2k$Aana", &otp_credentials, &refnum);
275
276 free(refnum);
277 refnum = NULL;
278 isds_logout(context);
279 if (stop_server(server_process)) {
280 isds_ctx_free(&context);
281 isds_cleanup();
282 ABORT_UNIT(server_error);
283 }
284 free(url);
285 url = NULL;
286 }
287
288 isds_logout(context);
289 isds_ctx_free(&context);
290 isds_cleanup();
291 SUM_TEST();
292 }
Client library for ISDS