test/simline/totp_isds_change_password.c

   1 #ifndef _POSIX_SOURCE
   2 #define _POSIX_SOURCE   /* For getaddrinfo(3) */
   3 #endif
   4
   5 #ifndef _BSD_SOURCE
   6 #define _BSD_SOURCE   /* For NI_MAXHOST */
   7 #endif
   8
   9 #ifndef _XOPEN_SOURCE
  10 #define _XOPEN_SOURCE 600   /* For unsetenv(3) */
  11 #endif
  12
  13 #include "../test.h"
  14 #include "server.h"
  15 #include "isds.h"
  16
  17 static const char *username = "Doug1as$";
  18 static const char *password = "42aA#bc8";
  19 static const char *otp_code = "314";
  20
  21
  22 static int test_login(const isds_error error,
  23         const isds_otp_resolution resolution, struct isds_ctx *context,
  24         const char *url, const char *username, const char *password,
  25         const struct isds_pki_credentials *pki_credentials,
  26         struct isds_otp *otp) {
  27     isds_error err;
  28
  29     err = isds_login(context, url, username, password, pki_credentials, otp);
  30     if (error != err)
  31         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
  32                 isds_strerror(error), isds_strerror(err),
  33                 isds_long_message(context));
  34     if (otp != NULL && resolution != otp->resolution)
  35         FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
  36                 resolution, otp->resolution, isds_long_message(context));
  37
  38
  39     PASS_TEST;
  40 }
  41
  42
  43 static int test_isds_change_password(const isds_error error,
  44         const isds_otp_resolution resolution, const char *reference_number,
  45         struct isds_ctx *context, const char *old_password,
  46         const char *new_password, struct isds_otp *otp, char **refnum) {
  47     isds_error err;
  48
  49     err = isds_change_password(context, old_password, new_password, otp,
  50             refnum);
  51     if (error != err)
  52         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
  53                 isds_strerror(error), isds_strerror(err),
  54                 isds_long_message(context));
  55     if (otp != NULL && resolution != otp->resolution)
  56         FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
  57                 resolution, otp->resolution, isds_long_message(context));
  58     if (NULL != refnum)
  59         TEST_STRING_DUPLICITY(reference_number, *refnum);
  60
  61     PASS_TEST;
  62 }
  63
  64 int main(int argc, char **argv) {
  65     int error;
  66     pid_t server_process;
  67     char *server_address = NULL;
  68     struct isds_ctx *context = NULL;
  69     char *url = NULL;
  70     char *refnum = NULL;
  71     struct isds_otp otp_credentials = {
  72         .method = OTP_TIME
  73     };
  74     const struct arguments_asws_changePassword_ChangePasswordOTP
  75         passwd_arguments = {
  76         .username = username,
  77         .current_password = password,
  78         .method = AUTH_OTP_TIME,
  79         .reference_number = "42"
  80     };
  81     struct arguments_asws_changePassword_SendSMSCode
  82         sendsmscode_arguments = {
  83         .status_code = "0000",
  84         .status_message = "One-time password sent via SMS gateway",
  85         .reference_number = "43"
  86     };
  87     const struct service_configuration services[] = {
  88         { SERVICE_DS_Dz_DummyOperation, NULL },
  89         { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
  90         { SERVICE_asws_changePassword_SendSMSCode, &sendsmscode_arguments },
  91         { SERVICE_END, NULL }
  92     };
  93     const struct arguments_otp_authentication server_arguments = {
  94         .tls = NULL,
  95         .method = AUTH_OTP_TIME,
  96         .username = username,
  97         .password = password,
  98         .otp = (char *) otp_code,
  99         .isds_deviations = 1,
 100         .services = services
 101     };
 102
 103
 104     INIT_TEST("isds_change_password with TOTP");
 105
 106     if (unsetenv("http_proxy")) {
 107         ABORT_UNIT("Could not remove http_proxy variable from environment\n");
 108     }
 109     if (isds_init()) {
 110         isds_cleanup();
 111         ABORT_UNIT("isds_init() failed\n");
 112     }
 113     context = isds_ctx_create();
 114     if (!context) {
 115         isds_cleanup();
 116         ABORT_UNIT("isds_ctx_create() failed\n");
 117     }
 118
 119     {
 120         sendsmscode_arguments.status_code = "0000";
 121         sendsmscode_arguments.status_message =
 122             "One-time password sent via SMS gateway";
 123         error = start_server(&server_process, &server_address,
 124                 server_otp_authentication, &server_arguments);
 125         if (error == -1) {
 126             isds_ctx_free(&context);
 127             isds_cleanup();
 128             ABORT_UNIT(server_error);
 129         }
 130         if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
 131             free(server_address);
 132             stop_server(server_process);
 133             isds_ctx_free(&context);
 134             isds_cleanup();
 135             ABORT_UNIT("Could not format ISDS URL");
 136         }
 137         free(server_address);
 138
 139         otp_credentials.otp_code = (char *) otp_code;
 140         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 141                 context, url, username, password, NULL, &otp_credentials);
 142
 143         /* First phase of authentication */
 144         otp_credentials.otp_code = NULL;
 145         TEST("First phase with invalid password", test_isds_change_password,
 146                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 147                 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
 148         otp_credentials.otp_code = NULL;
 149         TEST("First phase with valid password", test_isds_change_password,
 150                 IE_PARTIAL_SUCCESS, OTP_RESOLUTION_TOTP_SENT, "43",
 151                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 152
 153         /* Second phase of authentication */
 154         otp_credentials.otp_code = (char *) otp_code;
 155         TEST("Second phase with invalid password", test_isds_change_password,
 156                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 157                 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
 158         /* XXX: There is bug in curl < 7.28.0 when authorization header is not
 159          * sent on second attempt after 401 response. Fixed by upstream commit
 160          * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
 161          * to use new CURL handle. */
 162         TEST("Second phase with invalid password 2", test_isds_change_password,
 163                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 164                 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
 165         otp_credentials.otp_code = "666";
 166         TEST("Second phase with valid password but invalid OTP code",
 167                 test_isds_change_password,
 168                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 169                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 170
 171         /* Checks for new password */
 172         otp_credentials.otp_code = (char *) otp_code;
 173         TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
 174                 OTP_RESOLUTION_SUCCESS, "42",
 175                 context, password, "aB34567", &otp_credentials, &refnum);
 176         TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
 177                 OTP_RESOLUTION_SUCCESS, "42",
 178                 context, password, "aB3456789112345678921234567893123",
 179                 &otp_credentials, &refnum);
 180         TEST("no upper case letter", test_isds_change_password, IE_INVAL,
 181                 OTP_RESOLUTION_SUCCESS, "42",
 182                 context, password, "1bcdefgh", &otp_credentials, &refnum);
 183         TEST("no lower case letter", test_isds_change_password, IE_INVAL,
 184                 OTP_RESOLUTION_SUCCESS, "42",
 185                 context, password, "1BCDEFGH", &otp_credentials, &refnum);
 186         TEST("no digit", test_isds_change_password, IE_INVAL,
 187                 OTP_RESOLUTION_SUCCESS, "42",
 188                 context, password, "aBCDEFGH", &otp_credentials, &refnum);
 189         TEST("forbidden space", test_isds_change_password, IE_INVAL,
 190                 OTP_RESOLUTION_SUCCESS, "42",
 191                 context, password, " h2k$Aan", &otp_credentials, &refnum);
 192         TEST("reused password", test_isds_change_password, IE_INVAL,
 193                 OTP_RESOLUTION_SUCCESS, "42",
 194                 context, password, password, &otp_credentials, &refnum);
 195         TEST("password contains user ID", test_isds_change_password, IE_INVAL,
 196                 OTP_RESOLUTION_SUCCESS, "42",
 197                 context, password, username, &otp_credentials, &refnum);
 198         TEST("sequence of the same characters", test_isds_change_password,
 199                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 200                 context, password, "h222k$Aa", &otp_credentials, &refnum);
 201         TEST("forbiden prefix qwert", test_isds_change_password,
 202                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 203                 context, password, "qwert$A8", &otp_credentials, &refnum);
 204         TEST("forbiden prefix asdgf", test_isds_change_password,
 205                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 206                 context, password, "asdgf$A8", &otp_credentials, &refnum);
 207         TEST("forbiden prefix 12345", test_isds_change_password,
 208                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 209                 context, password, "12345$Aa", &otp_credentials, &refnum);
 210         TEST("valid request", test_isds_change_password, IE_SUCCESS,
 211                 OTP_RESOLUTION_SUCCESS, "42",
 212                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 213
 214         free(refnum);
 215         refnum = NULL;
 216         isds_logout(context);
 217         if (-1 == stop_server(server_process)) {
 218             ABORT_UNIT(server_error);
 219         }
 220
 221         free(url);
 222         url = NULL;
 223     }
 224
 225     {
 226         sendsmscode_arguments.status_code = "2301";
 227         sendsmscode_arguments.status_message =
 228             "One-time code cannot be re-send faster than once a 30 seconds";
 229         error = start_server(&server_process, &server_address,
 230                 server_otp_authentication, &server_arguments);
 231         if (error == -1) {
 232             isds_ctx_free(&context);
 233             isds_cleanup();
 234             ABORT_UNIT(server_error);
 235         }
 236         if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
 237             free(server_address);
 238             stop_server(server_process);
 239             isds_ctx_free(&context);
 240             isds_cleanup();
 241             ABORT_UNIT("Could not format ISDS URL");
 242         }
 243         free(server_address);
 244
 245         otp_credentials.otp_code = (char *) otp_code;
 246         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 247                 context, url, username, password, NULL, &otp_credentials);
 248
 249         /* First phase of authentication */
 250         otp_credentials.otp_code = NULL;
 251         TEST("SendSMSCode cannot send so fast", test_isds_change_password,
 252                 IE_ISDS, OTP_RESOLUTION_TO_FAST, "43",
 253                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 254
 255         free(refnum);
 256         refnum = NULL;
 257         isds_logout(context);
 258         if (-1 == stop_server(server_process)) {
 259             ABORT_UNIT(server_error);
 260         }
 261         free(url);
 262         url = NULL;
 263     }
 264
 265     {
 266         sendsmscode_arguments.status_code = "2302";
 267         sendsmscode_arguments.status_message =
 268             "One-time code could not been sent. Try later again.";
 269         error = start_server(&server_process, &server_address,
 270                 server_otp_authentication, &server_arguments);
 271         if (error == -1) {
 272             isds_ctx_free(&context);
 273             isds_cleanup();
 274             ABORT_UNIT(server_error);
 275         }
 276         if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
 277             free(server_address);
 278             stop_server(server_process);
 279             isds_ctx_free(&context);
 280             isds_cleanup();
 281             ABORT_UNIT("Could not format ISDS URL");
 282         }
 283         free(server_address);
 284
 285         otp_credentials.otp_code = (char *) otp_code;
 286         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 287                 context, url, username, password, NULL, &otp_credentials);
 288
 289         /* First phase of authentication */
 290         otp_credentials.otp_code = NULL;
 291         TEST("SendSMSCode cannot send", test_isds_change_password,
 292                 IE_ISDS, OTP_RESOLUTION_TOTP_NOT_SENT, "43",
 293                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 294
 295         free(refnum);
 296         refnum = NULL;
 297         isds_logout(context);
 298         if (-1 == stop_server(server_process)) {
 299             ABORT_UNIT(server_error);
 300         }
 301         free(url);
 302         url = NULL;
 303     }
 304
 305     isds_logout(context);
 306     isds_ctx_free(&context);
 307     isds_cleanup();
 308     SUM_TEST();
 309 }