search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add forgotten ltmain.sh from libtool-2.4.6
[libisds.git] / test / simline / hotp_isds_change_password.c
blob3958850136bf54505c74997b93cbc75763a9c88f
1 #ifndef _POSIX_SOURCE
2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
3 #endif
4
5 #ifndef _BSD_SOURCE
6 #define _BSD_SOURCE /* For NI_MAXHOST since glibc-2.19 */
7 #endif
8 #ifndef _DEFAULT_SOURCE
9 #define _DEFAULT_SOURCE /* For NI_MAXHOST since glibc-2.20 */
10 #endif
11
12 #ifndef _XOPEN_SOURCE
13 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
14 #endif
15
16 #include "../test.h"
17 #include "server.h"
18 #include "isds.h"
19
20 static const char *username = "Doug1as$";
21 static const char *password = "42aA#bc8";
22 static const char *otp_code = "314";
23
24
25 static int test_login(const isds_error error,
26 const isds_otp_resolution resolution, struct isds_ctx *context,
27 const char *url, const char *username, const char *password,
28 const struct isds_pki_credentials *pki_credentials,
29 struct isds_otp *otp) {
30 isds_error err;
31
32 err = isds_login(context, url, username, password, pki_credentials, otp);
33 if (error != err)
34 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
35 isds_strerror(error), isds_strerror(err),
36 isds_long_message(context));
37 if (otp != NULL && resolution != otp->resolution)
38 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
39 resolution, otp->resolution, isds_long_message(context));
40
41
42 PASS_TEST;
43 }
44
45
46 static int test_isds_change_password(const isds_error error,
47 const isds_otp_resolution resolution, const char *reference_number,
48 struct isds_ctx *context, const char *old_password,
49 const char *new_password, struct isds_otp *otp, char **refnum) {
50 isds_error err;
51
52 err = isds_change_password(context, old_password, new_password, otp,
53 refnum);
54 if (error != err)
55 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
56 isds_strerror(error), isds_strerror(err),
57 isds_long_message(context));
58 if (otp != NULL && resolution != otp->resolution)
59 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
60 resolution, otp->resolution, isds_long_message(context));
61 if (NULL != refnum)
62 TEST_STRING_DUPLICITY(reference_number, *refnum);
63
64 PASS_TEST;
65 }
66
67 int main(void) {
68 int error;
69 pid_t server_process;
70 struct isds_ctx *context = NULL;
71 char *url = NULL;
72 char *refnum = NULL;
73 struct isds_otp otp_credentials = {
74 .method = OTP_HMAC
75 };
76
77
78 INIT_TEST("isds_change_password with HOTP");
79
80 if (unsetenv("http_proxy")) {
81 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
82 }
83 if (isds_init()) {
84 isds_cleanup();
85 ABORT_UNIT("isds_init() failed\n");
86 }
87 context = isds_ctx_create();
88 if (!context) {
89 isds_cleanup();
90 ABORT_UNIT("isds_ctx_create() failed\n");
91 }
92
93 {
94 const struct arguments_asws_changePassword_ChangePasswordOTP
95 passwd_arguments = {
96 .username = username,
97 .current_password = password,
98 .method = AUTH_OTP_HMAC,
99 .reference_number = "42"
100 };
101 const struct service_configuration services[] = {
102 { SERVICE_DS_Dz_DummyOperation, NULL },
103 { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
104 { SERVICE_END, NULL }
105 };
106 const struct arguments_otp_authentication server_arguments = {
107 .method = AUTH_OTP_HMAC,
108 .username = username,
109 .password = password,
110 .otp = (char *) otp_code,
111 .isds_deviations = 1,
112 .services = services
113 };
114 error = start_server(&server_process, &url,
115 server_otp_authentication, &server_arguments, NULL);
116 if (error == -1) {
117 isds_ctx_free(&context);
118 isds_cleanup();
119 ABORT_UNIT(server_error);
120 }
121
122 otp_credentials.otp_code = (char *) otp_code;
123 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
124 context, url, username, password, NULL, &otp_credentials);
125
126 /* Second phase of authentication */
127 otp_credentials.otp_code = (char *) otp_code;
128 TEST("Second phase with invalid password", test_isds_change_password,
129 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
130 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
131 /* XXX: There is bug in curl < 7.28.0 when authorization header is not
132 * sent on second attempt after 401 response. Fixed by upstream commit
133 * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
134 * to use new CURL handle. */
135 TEST("Second phase with invalid password 2", test_isds_change_password,
136 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
137 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
138 otp_credentials.otp_code = "666";
139 TEST("Second phase with valid password but invalid OTP code",
140 test_isds_change_password,
141 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
142 context, password, "h2k$Aana", &otp_credentials, &refnum);
143
144 /* Checks for new password */
145 otp_credentials.otp_code = (char *) otp_code;
146 TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
147 OTP_RESOLUTION_SUCCESS, "42",
148 context, password, "aB34567", &otp_credentials, &refnum);
149 TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
150 OTP_RESOLUTION_SUCCESS, "42",
151 context, password, "aB3456789112345678921234567893123",
152 &otp_credentials, &refnum);
153 TEST("no upper case letter", test_isds_change_password, IE_INVAL,
154 OTP_RESOLUTION_SUCCESS, "42",
155 context, password, "1bcdefgh", &otp_credentials, &refnum);
156 TEST("no lower case letter", test_isds_change_password, IE_INVAL,
157 OTP_RESOLUTION_SUCCESS, "42",
158 context, password, "1BCDEFGH", &otp_credentials, &refnum);
159 TEST("no digit", test_isds_change_password, IE_INVAL,
160 OTP_RESOLUTION_SUCCESS, "42",
161 context, password, "aBCDEFGH", &otp_credentials, &refnum);
162 TEST("forbidden space", test_isds_change_password, IE_INVAL,
163 OTP_RESOLUTION_SUCCESS, "42",
164 context, password, " h2k$Aan", &otp_credentials, &refnum);
165 TEST("reused password", test_isds_change_password, IE_INVAL,
166 OTP_RESOLUTION_SUCCESS, "42",
167 context, password, password, &otp_credentials, &refnum);
168 TEST("password contains user ID", test_isds_change_password, IE_INVAL,
169 OTP_RESOLUTION_SUCCESS, "42",
170 context, password, username, &otp_credentials, &refnum);
171 TEST("sequence of the same characters", test_isds_change_password,
172 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
173 context, password, "h222k$Aa", &otp_credentials, &refnum);
174 TEST("forbiden prefix qwert", test_isds_change_password,
175 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
176 context, password, "qwert$A8", &otp_credentials, &refnum);
177 TEST("forbiden prefix asdgf", test_isds_change_password,
178 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
179 context, password, "asdgf$A8", &otp_credentials, &refnum);
180 TEST("forbiden prefix 12345", test_isds_change_password,
181 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
182 context, password, "12345$Aa", &otp_credentials, &refnum);
183 TEST("valid request", test_isds_change_password, IE_SUCCESS,
184 OTP_RESOLUTION_SUCCESS, "42",
185 context, password, "h2k$Aana", &otp_credentials, &refnum);
186
187 free(refnum);
188 refnum = NULL;
189 isds_logout(context);
190 if (stop_server(server_process)) {
191 isds_ctx_free(&context);
192 isds_cleanup();
193 ABORT_UNIT(server_error);
194 }
195
196 free(url);
197 url = NULL;
198 }
199
200
201 isds_logout(context);
202 isds_ctx_free(&context);
203 isds_cleanup();
204 SUM_TEST();
205 }
Client library for ISDS