test/simline/totp_isds_change_password.c

   1 #ifndef _POSIX_SOURCE
   2 #define _POSIX_SOURCE   /* For getaddrinfo(3) */
   3 #endif
   4
   5 #ifndef _BSD_SOURCE
   6 #define _BSD_SOURCE   /* For NI_MAXHOST */
   7 #endif
   8
   9 #ifndef _XOPEN_SOURCE
  10 #define _XOPEN_SOURCE 600   /* For unsetenv(3) */
  11 #endif
  12
  13 #include "../test.h"
  14 #include "server.h"
  15 #include "isds.h"
  16
  17 static const char *username = "Doug1as$";
  18 static const char *password = "42aA#bc8";
  19 static const char *otp_code = "314";
  20
  21
  22 static int test_login(const isds_error error,
  23         const isds_otp_resolution resolution, struct isds_ctx *context,
  24         const char *url, const char *username, const char *password,
  25         const struct isds_pki_credentials *pki_credentials,
  26         struct isds_otp *otp) {
  27     isds_error err;
  28
  29     err = isds_login(context, url, username, password, pki_credentials, otp);
  30     if (error != err)
  31         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
  32                 isds_strerror(error), isds_strerror(err),
  33                 isds_long_message(context));
  34     if (otp != NULL && resolution != otp->resolution)
  35         FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
  36                 resolution, otp->resolution, isds_long_message(context));
  37
  38
  39     PASS_TEST;
  40 }
  41
  42
  43 static int test_isds_change_password(const isds_error error,
  44         const isds_otp_resolution resolution, const char *reference_number,
  45         struct isds_ctx *context, const char *old_password,
  46         const char *new_password, struct isds_otp *otp, char **refnum) {
  47     isds_error err;
  48
  49     err = isds_change_password(context, old_password, new_password, otp,
  50             refnum);
  51     if (error != err)
  52         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
  53                 isds_strerror(error), isds_strerror(err),
  54                 isds_long_message(context));
  55     if (otp != NULL && resolution != otp->resolution)
  56         FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
  57                 resolution, otp->resolution, isds_long_message(context));
  58     if (NULL != refnum)
  59         TEST_STRING_DUPLICITY(reference_number, *refnum);
  60
  61     PASS_TEST;
  62 }
  63
  64 int main(int argc, char **argv) {
  65     int error;
  66     pid_t server_process;
  67     char *server_address = NULL;
  68     struct isds_ctx *context = NULL;
  69     char *url = NULL;
  70     char *refnum = NULL;
  71     struct isds_otp otp_credentials = {
  72         .method = OTP_TIME
  73     };
  74     const struct arguments_asws_changePassword_ChangePasswordOTP
  75         passwd_arguments = {
  76         .username = username,
  77         .current_password = password,
  78         .method = AUTH_OTP_TIME,
  79         .reference_number = "42"
  80     };
  81     struct arguments_asws_changePassword_SendSMSCode
  82         sendsmscode_arguments = {
  83         .status_code = "0000",
  84         .status_message = "One-time password sent via SMS gateway",
  85         .reference_number = "43"
  86     };
  87     const struct service_configuration services[] = {
  88         { SERVICE_DS_Dz_DummyOperation, NULL },
  89         { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
  90         { SERVICE_asws_changePassword_SendSMSCode, &sendsmscode_arguments },
  91         { SERVICE_END, NULL }
  92     };
  93     const struct arguments_otp_authentication server_arguments = {
  94         .method = AUTH_OTP_TIME,
  95         .username = username,
  96         .password = password,
  97         .otp = (char *) otp_code,
  98         .isds_deviations = 1,
  99         .services = services
 100     };
 101
 102
 103     INIT_TEST("isds_change_password with TOTP");
 104
 105     if (unsetenv("http_proxy")) {
 106         ABORT_UNIT("Could not remove http_proxy variable from environment\n");
 107     }
 108     if (isds_init()) {
 109         isds_cleanup();
 110         ABORT_UNIT("isds_init() failed\n");
 111     }
 112     context = isds_ctx_create();
 113     if (!context) {
 114         isds_cleanup();
 115         ABORT_UNIT("isds_ctx_create() failed\n");
 116     }
 117
 118     {
 119         sendsmscode_arguments.status_code = "0000";
 120         sendsmscode_arguments.status_message =
 121             "One-time password sent via SMS gateway";
 122         error = start_server(&server_process, &server_address,
 123                 server_otp_authentication, &server_arguments, NULL);
 124         if (error == -1) {
 125             isds_ctx_free(&context);
 126             isds_cleanup();
 127             ABORT_UNIT(server_error);
 128         }
 129         if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
 130             free(server_address);
 131             stop_server(server_process);
 132             isds_ctx_free(&context);
 133             isds_cleanup();
 134             ABORT_UNIT("Could not format ISDS URL");
 135         }
 136         free(server_address);
 137
 138         otp_credentials.otp_code = (char *) otp_code;
 139         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 140                 context, url, username, password, NULL, &otp_credentials);
 141
 142         /* First phase of authentication */
 143         otp_credentials.otp_code = NULL;
 144         TEST("First phase with invalid password", test_isds_change_password,
 145                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 146                 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
 147         otp_credentials.otp_code = NULL;
 148         TEST("First phase with valid password", test_isds_change_password,
 149                 IE_PARTIAL_SUCCESS, OTP_RESOLUTION_TOTP_SENT, "43",
 150                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 151
 152         /* Second phase of authentication */
 153         otp_credentials.otp_code = (char *) otp_code;
 154         TEST("Second phase with invalid password", test_isds_change_password,
 155                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 156                 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
 157         /* XXX: There is bug in curl < 7.28.0 when authorization header is not
 158          * sent on second attempt after 401 response. Fixed by upstream commit
 159          * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
 160          * to use new CURL handle. */
 161         TEST("Second phase with invalid password 2", test_isds_change_password,
 162                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 163                 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
 164         otp_credentials.otp_code = "666";
 165         TEST("Second phase with valid password but invalid OTP code",
 166                 test_isds_change_password,
 167                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 168                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 169
 170         /* Checks for new password */
 171         otp_credentials.otp_code = (char *) otp_code;
 172         TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
 173                 OTP_RESOLUTION_SUCCESS, "42",
 174                 context, password, "aB34567", &otp_credentials, &refnum);
 175         TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
 176                 OTP_RESOLUTION_SUCCESS, "42",
 177                 context, password, "aB3456789112345678921234567893123",
 178                 &otp_credentials, &refnum);
 179         TEST("no upper case letter", test_isds_change_password, IE_INVAL,
 180                 OTP_RESOLUTION_SUCCESS, "42",
 181                 context, password, "1bcdefgh", &otp_credentials, &refnum);
 182         TEST("no lower case letter", test_isds_change_password, IE_INVAL,
 183                 OTP_RESOLUTION_SUCCESS, "42",
 184                 context, password, "1BCDEFGH", &otp_credentials, &refnum);
 185         TEST("no digit", test_isds_change_password, IE_INVAL,
 186                 OTP_RESOLUTION_SUCCESS, "42",
 187                 context, password, "aBCDEFGH", &otp_credentials, &refnum);
 188         TEST("forbidden space", test_isds_change_password, IE_INVAL,
 189                 OTP_RESOLUTION_SUCCESS, "42",
 190                 context, password, " h2k$Aan", &otp_credentials, &refnum);
 191         TEST("reused password", test_isds_change_password, IE_INVAL,
 192                 OTP_RESOLUTION_SUCCESS, "42",
 193                 context, password, password, &otp_credentials, &refnum);
 194         TEST("password contains user ID", test_isds_change_password, IE_INVAL,
 195                 OTP_RESOLUTION_SUCCESS, "42",
 196                 context, password, username, &otp_credentials, &refnum);
 197         TEST("sequence of the same characters", test_isds_change_password,
 198                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 199                 context, password, "h222k$Aa", &otp_credentials, &refnum);
 200         TEST("forbiden prefix qwert", test_isds_change_password,
 201                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 202                 context, password, "qwert$A8", &otp_credentials, &refnum);
 203         TEST("forbiden prefix asdgf", test_isds_change_password,
 204                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 205                 context, password, "asdgf$A8", &otp_credentials, &refnum);
 206         TEST("forbiden prefix 12345", test_isds_change_password,
 207                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 208                 context, password, "12345$Aa", &otp_credentials, &refnum);
 209         TEST("valid request", test_isds_change_password, IE_SUCCESS,
 210                 OTP_RESOLUTION_SUCCESS, "42",
 211                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 212
 213         free(refnum);
 214         refnum = NULL;
 215         isds_logout(context);
 216         if (-1 == stop_server(server_process)) {
 217             ABORT_UNIT(server_error);
 218         }
 219
 220         free(url);
 221         url = NULL;
 222     }
 223
 224     {
 225         sendsmscode_arguments.status_code = "2301";
 226         sendsmscode_arguments.status_message =
 227             "One-time code cannot be re-send faster than once a 30 seconds";
 228         error = start_server(&server_process, &server_address,
 229                 server_otp_authentication, &server_arguments, NULL);
 230         if (error == -1) {
 231             isds_ctx_free(&context);
 232             isds_cleanup();
 233             ABORT_UNIT(server_error);
 234         }
 235         if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
 236             free(server_address);
 237             stop_server(server_process);
 238             isds_ctx_free(&context);
 239             isds_cleanup();
 240             ABORT_UNIT("Could not format ISDS URL");
 241         }
 242         free(server_address);
 243
 244         otp_credentials.otp_code = (char *) otp_code;
 245         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 246                 context, url, username, password, NULL, &otp_credentials);
 247
 248         /* First phase of authentication */
 249         otp_credentials.otp_code = NULL;
 250         TEST("SendSMSCode cannot send so fast", test_isds_change_password,
 251                 IE_ISDS, OTP_RESOLUTION_TO_FAST, "43",
 252                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 253
 254         free(refnum);
 255         refnum = NULL;
 256         isds_logout(context);
 257         if (-1 == stop_server(server_process)) {
 258             ABORT_UNIT(server_error);
 259         }
 260         free(url);
 261         url = NULL;
 262     }
 263
 264     {
 265         sendsmscode_arguments.status_code = "2302";
 266         sendsmscode_arguments.status_message =
 267             "One-time code could not been sent. Try later again.";
 268         error = start_server(&server_process, &server_address,
 269                 server_otp_authentication, &server_arguments, NULL);
 270         if (error == -1) {
 271             isds_ctx_free(&context);
 272             isds_cleanup();
 273             ABORT_UNIT(server_error);
 274         }
 275         if (-1 == test_asprintf(&url, "http://%s/", server_address)) {
 276             free(server_address);
 277             stop_server(server_process);
 278             isds_ctx_free(&context);
 279             isds_cleanup();
 280             ABORT_UNIT("Could not format ISDS URL");
 281         }
 282         free(server_address);
 283
 284         otp_credentials.otp_code = (char *) otp_code;
 285         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 286                 context, url, username, password, NULL, &otp_credentials);
 287
 288         /* First phase of authentication */
 289         otp_credentials.otp_code = NULL;
 290         TEST("SendSMSCode cannot send", test_isds_change_password,
 291                 IE_ISDS, OTP_RESOLUTION_TOTP_NOT_SENT, "43",
 292                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 293
 294         free(refnum);
 295         refnum = NULL;
 296         isds_logout(context);
 297         if (-1 == stop_server(server_process)) {
 298             ABORT_UNIT(server_error);
 299         }
 300         free(url);
 301         url = NULL;
 302     }
 303
 304     isds_logout(context);
 305     isds_ctx_free(&context);
 306     isds_cleanup();
 307     SUM_TEST();
 308 }