search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
test: Add TLS arguments to server
[libisds.git] / test / simline / hotp_isds_change_password.c
blobc22f00d13f3f3f67bed0e5951e8421b64e49aadb
1 #ifndef _POSIX_SOURCE
2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
3 #endif
4
5 #ifndef _BSD_SOURCE
6 #define _BSD_SOURCE /* For NI_MAXHOST */
7 #endif
8
9 #ifndef _XOPEN_SOURCE
10 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
11 #endif
12
13 #include "../test.h"
14 #include "server.h"
15 #include "isds.h"
16
17 static const char *username = "Doug1as$";
18 static const char *password = "42aA#bc8";
19 static const char *otp_code = "314";
20
21
22 static int test_login(const isds_error error,
23 const isds_otp_resolution resolution, struct isds_ctx *context,
24 const char *url, const char *username, const char *password,
25 const struct isds_pki_credentials *pki_credentials,
26 struct isds_otp *otp) {
27 isds_error err;
28
29 err = isds_login(context, url, username, password, pki_credentials, otp);
30 if (error != err)
31 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
32 isds_strerror(error), isds_strerror(err),
33 isds_long_message(context));
34 if (otp != NULL && resolution != otp->resolution)
35 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
36 resolution, otp->resolution, isds_long_message(context));
37
38
39 PASS_TEST;
40 }
41
42
43 static int test_isds_change_password(const isds_error error,
44 const isds_otp_resolution resolution, const char *reference_number,
45 struct isds_ctx *context, const char *old_password,
46 const char *new_password, struct isds_otp *otp, char **refnum) {
47 isds_error err;
48
49 err = isds_change_password(context, old_password, new_password, otp,
50 refnum);
51 if (error != err)
52 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
53 isds_strerror(error), isds_strerror(err),
54 isds_long_message(context));
55 if (otp != NULL && resolution != otp->resolution)
56 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
57 resolution, otp->resolution, isds_long_message(context));
58 if (NULL != refnum)
59 TEST_STRING_DUPLICITY(reference_number, *refnum);
60
61 PASS_TEST;
62 }
63
64 int main(int argc, char **argv) {
65 int error;
66 pid_t server_process;
67 char *server_address = NULL;
68 struct isds_ctx *context = NULL;
69 char *url = NULL;
70 char *refnum = NULL;
71 struct isds_otp otp_credentials = {
72 .method = OTP_HMAC
73 };
74
75
76 INIT_TEST("isds_change_password with HOTP");
77
78 if (unsetenv("http_proxy")) {
79 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
80 }
81 if (isds_init()) {
82 isds_cleanup();
83 ABORT_UNIT("isds_init() failed\n");
84 }
85 context = isds_ctx_create();
86 if (!context) {
87 isds_cleanup();
88 ABORT_UNIT("isds_ctx_create() failed\n");
89 }
90
91 {
92 const struct arguments_asws_changePassword_ChangePasswordOTP
93 passwd_arguments = {
94 .username = username,
95 .current_password = password,
96 .method = AUTH_OTP_HMAC,
97 .reference_number = "42"
98 };
99 const struct service_configuration services[] = {
100 { SERVICE_DS_Dz_DummyOperation, NULL },
101 { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
102 { SERVICE_END, NULL }
103 };
104 const struct arguments_otp_authentication server_arguments = {
105 .tls = NULL,
106 .method = AUTH_OTP_HMAC,
107 .username = username,
108 .password = password,
109 .otp = (char *) otp_code,
110 .isds_deviations = 1,
111 .services = services
112 };
113 error = start_server(&server_process, &server_address,
114 server_otp_authentication, &server_arguments);
115 if (error == -1) {
116 isds_ctx_free(&context);
117 isds_cleanup();
118 ABORT_UNIT(server_error);
119 }
120 if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
121 free(server_address);
122 stop_server(server_process);
123 isds_ctx_free(&context);
124 isds_cleanup();
125 ABORT_UNIT("Could not format ISDS URL");
126 }
127 free(server_address);
128
129 otp_credentials.otp_code = (char *) otp_code;
130 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
131 context, url, username, password, NULL, &otp_credentials);
132
133 /* Second phase of authentication */
134 otp_credentials.otp_code = (char *) otp_code;
135 TEST("Second phase with invalid password", test_isds_change_password,
136 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
137 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
138 /* XXX: There is bug in curl < 7.28.0 when authorization header is not
139 * sent on second attempt after 401 response. Fixed by upstream commit
140 * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
141 * to use new CURL handle. */
142 TEST("Second phase with invalid password 2", test_isds_change_password,
143 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
144 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
145 otp_credentials.otp_code = "666";
146 TEST("Second phase with valid password but invalid OTP code",
147 test_isds_change_password,
148 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
149 context, password, "h2k$Aana", &otp_credentials, &refnum);
150
151 /* Checks for new password */
152 otp_credentials.otp_code = (char *) otp_code;
153 TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
154 OTP_RESOLUTION_SUCCESS, "42",
155 context, password, "aB34567", &otp_credentials, &refnum);
156 TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
157 OTP_RESOLUTION_SUCCESS, "42",
158 context, password, "aB3456789112345678921234567893123",
159 &otp_credentials, &refnum);
160 TEST("no upper case letter", test_isds_change_password, IE_INVAL,
161 OTP_RESOLUTION_SUCCESS, "42",
162 context, password, "1bcdefgh", &otp_credentials, &refnum);
163 TEST("no lower case letter", test_isds_change_password, IE_INVAL,
164 OTP_RESOLUTION_SUCCESS, "42",
165 context, password, "1BCDEFGH", &otp_credentials, &refnum);
166 TEST("no digit", test_isds_change_password, IE_INVAL,
167 OTP_RESOLUTION_SUCCESS, "42",
168 context, password, "aBCDEFGH", &otp_credentials, &refnum);
169 TEST("forbidden space", test_isds_change_password, IE_INVAL,
170 OTP_RESOLUTION_SUCCESS, "42",
171 context, password, " h2k$Aan", &otp_credentials, &refnum);
172 TEST("reused password", test_isds_change_password, IE_INVAL,
173 OTP_RESOLUTION_SUCCESS, "42",
174 context, password, password, &otp_credentials, &refnum);
175 TEST("password contains user ID", test_isds_change_password, IE_INVAL,
176 OTP_RESOLUTION_SUCCESS, "42",
177 context, password, username, &otp_credentials, &refnum);
178 TEST("sequence of the same characters", test_isds_change_password,
179 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
180 context, password, "h222k$Aa", &otp_credentials, &refnum);
181 TEST("forbiden prefix qwert", test_isds_change_password,
182 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
183 context, password, "qwert$A8", &otp_credentials, &refnum);
184 TEST("forbiden prefix asdgf", test_isds_change_password,
185 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
186 context, password, "asdgf$A8", &otp_credentials, &refnum);
187 TEST("forbiden prefix 12345", test_isds_change_password,
188 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
189 context, password, "12345$Aa", &otp_credentials, &refnum);
190 TEST("valid request", test_isds_change_password, IE_SUCCESS,
191 OTP_RESOLUTION_SUCCESS, "42",
192 context, password, "h2k$Aana", &otp_credentials, &refnum);
193
194 free(refnum);
195 refnum = NULL;
196 isds_logout(context);
197 if (-1 == stop_server(server_process)) {
198 ABORT_UNIT(server_error);
199 }
200
201 free(url);
202 url = NULL;
203 }
204
205
206 isds_logout(context);
207 isds_ctx_free(&context);
208 isds_cleanup();
209 SUM_TEST();
210 }
Client library for ISDS