2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
6 #define _BSD_SOURCE /* For NI_MAXHOST */
10 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
17 static const char *username
= "Doug1as$";
18 static const char *password
= "42aA#bc8";
19 static const char *otp_code
= "314";
22 static int test_login(const isds_error error
,
23 const isds_otp_resolution resolution
, struct isds_ctx
*context
,
24 const char *url
, const char *username
, const char *password
,
25 const struct isds_pki_credentials
*pki_credentials
,
26 struct isds_otp
*otp
) {
29 err
= isds_login(context
, url
, username
, password
, pki_credentials
, otp
);
31 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
32 isds_strerror(error
), isds_strerror(err
),
33 isds_long_message(context
));
34 if (otp
!= NULL
&& resolution
!= otp
->resolution
)
35 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
36 resolution
, otp
->resolution
, isds_long_message(context
));
43 static int test_isds_change_password(const isds_error error
,
44 const isds_otp_resolution resolution
, const char *reference_number
,
45 struct isds_ctx
*context
, const char *old_password
,
46 const char *new_password
, struct isds_otp
*otp
, char **refnum
) {
49 err
= isds_change_password(context
, old_password
, new_password
, otp
,
52 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
53 isds_strerror(error
), isds_strerror(err
),
54 isds_long_message(context
));
55 if (otp
!= NULL
&& resolution
!= otp
->resolution
)
56 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
57 resolution
, otp
->resolution
, isds_long_message(context
));
59 TEST_STRING_DUPLICITY(reference_number
, *refnum
);
64 int main(int argc
, char **argv
) {
67 char *server_address
= NULL
;
68 struct isds_ctx
*context
= NULL
;
71 struct isds_otp otp_credentials
= {
74 const struct arguments_asws_changePassword_ChangePasswordOTP
77 .current_password
= password
,
78 .method
= AUTH_OTP_TIME
,
79 .reference_number
= "42"
81 struct arguments_asws_changePassword_SendSMSCode
82 sendsmscode_arguments
= {
83 .status_code
= "0000",
84 .status_message
= "One-time password sent via SMS gateway",
85 .reference_number
= "43"
87 const struct service_configuration services
[] = {
88 { SERVICE_DS_Dz_DummyOperation
, NULL
},
89 { SERVICE_asws_changePassword_ChangePasswordOTP
, &passwd_arguments
},
90 { SERVICE_asws_changePassword_SendSMSCode
, &sendsmscode_arguments
},
93 const struct arguments_otp_authentication server_arguments
= {
94 .method
= AUTH_OTP_TIME
,
97 .otp
= (char *) otp_code
,
103 INIT_TEST("isds_change_password with TOTP");
105 if (unsetenv("http_proxy")) {
106 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
110 ABORT_UNIT("isds_init() failed\n");
112 context
= isds_ctx_create();
115 ABORT_UNIT("isds_ctx_create() failed\n");
119 sendsmscode_arguments
.status_code
= "0000";
120 sendsmscode_arguments
.status_message
=
121 "One-time password sent via SMS gateway";
122 error
= start_server(&server_process
, &server_address
,
123 server_otp_authentication
, &server_arguments
, NULL
);
125 isds_ctx_free(&context
);
127 ABORT_UNIT(server_error
);
129 if (-1 == test_asprintf(&url
, "http://%s/", server_address
)) {
130 free(server_address
);
131 stop_server(server_process
);
132 isds_ctx_free(&context
);
134 ABORT_UNIT("Could not format ISDS URL");
136 free(server_address
);
138 otp_credentials
.otp_code
= (char *) otp_code
;
139 TEST("login", test_login
, IE_SUCCESS
, OTP_RESOLUTION_SUCCESS
,
140 context
, url
, username
, password
, NULL
, &otp_credentials
);
142 /* First phase of authentication */
143 otp_credentials
.otp_code
= NULL
;
144 TEST("First phase with invalid password", test_isds_change_password
,
145 IE_NOT_LOGGED_IN
, OTP_RESOLUTION_BAD_AUTHENTICATION
, NULL
,
146 context
, "nbuusr1", "h2k$Aana", &otp_credentials
, &refnum
);
147 otp_credentials
.otp_code
= NULL
;
148 TEST("First phase with valid password", test_isds_change_password
,
149 IE_PARTIAL_SUCCESS
, OTP_RESOLUTION_TOTP_SENT
, "43",
150 context
, password
, "h2k$Aana", &otp_credentials
, &refnum
);
152 /* Second phase of authentication */
153 otp_credentials
.otp_code
= (char *) otp_code
;
154 TEST("Second phase with invalid password", test_isds_change_password
,
155 IE_NOT_LOGGED_IN
, OTP_RESOLUTION_BAD_AUTHENTICATION
, NULL
,
156 context
, "nbuusr1", "h2k$Aana", &otp_credentials
, &refnum
);
157 /* XXX: There is bug in curl < 7.28.0 when authorization header is not
158 * sent on second attempt after 401 response. Fixed by upstream commit
159 * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
160 * to use new CURL handle. */
161 TEST("Second phase with invalid password 2", test_isds_change_password
,
162 IE_NOT_LOGGED_IN
, OTP_RESOLUTION_BAD_AUTHENTICATION
, NULL
,
163 context
, "nbuusr2", "h2k$Aana", &otp_credentials
, &refnum
);
164 otp_credentials
.otp_code
= "666";
165 TEST("Second phase with valid password but invalid OTP code",
166 test_isds_change_password
,
167 IE_NOT_LOGGED_IN
, OTP_RESOLUTION_BAD_AUTHENTICATION
, NULL
,
168 context
, password
, "h2k$Aana", &otp_credentials
, &refnum
);
170 /* Checks for new password */
171 otp_credentials
.otp_code
= (char *) otp_code
;
172 TEST("too short (7 characters)", test_isds_change_password
, IE_INVAL
,
173 OTP_RESOLUTION_SUCCESS
, "42",
174 context
, password
, "aB34567", &otp_credentials
, &refnum
);
175 TEST("too long (33 characters)", test_isds_change_password
, IE_INVAL
,
176 OTP_RESOLUTION_SUCCESS
, "42",
177 context
, password
, "aB3456789112345678921234567893123",
178 &otp_credentials
, &refnum
);
179 TEST("no upper case letter", test_isds_change_password
, IE_INVAL
,
180 OTP_RESOLUTION_SUCCESS
, "42",
181 context
, password
, "1bcdefgh", &otp_credentials
, &refnum
);
182 TEST("no lower case letter", test_isds_change_password
, IE_INVAL
,
183 OTP_RESOLUTION_SUCCESS
, "42",
184 context
, password
, "1BCDEFGH", &otp_credentials
, &refnum
);
185 TEST("no digit", test_isds_change_password
, IE_INVAL
,
186 OTP_RESOLUTION_SUCCESS
, "42",
187 context
, password
, "aBCDEFGH", &otp_credentials
, &refnum
);
188 TEST("forbidden space", test_isds_change_password
, IE_INVAL
,
189 OTP_RESOLUTION_SUCCESS
, "42",
190 context
, password
, " h2k$Aan", &otp_credentials
, &refnum
);
191 TEST("reused password", test_isds_change_password
, IE_INVAL
,
192 OTP_RESOLUTION_SUCCESS
, "42",
193 context
, password
, password
, &otp_credentials
, &refnum
);
194 TEST("password contains user ID", test_isds_change_password
, IE_INVAL
,
195 OTP_RESOLUTION_SUCCESS
, "42",
196 context
, password
, username
, &otp_credentials
, &refnum
);
197 TEST("sequence of the same characters", test_isds_change_password
,
198 IE_INVAL
, OTP_RESOLUTION_SUCCESS
, "42",
199 context
, password
, "h222k$Aa", &otp_credentials
, &refnum
);
200 TEST("forbiden prefix qwert", test_isds_change_password
,
201 IE_INVAL
, OTP_RESOLUTION_SUCCESS
, "42",
202 context
, password
, "qwert$A8", &otp_credentials
, &refnum
);
203 TEST("forbiden prefix asdgf", test_isds_change_password
,
204 IE_INVAL
, OTP_RESOLUTION_SUCCESS
, "42",
205 context
, password
, "asdgf$A8", &otp_credentials
, &refnum
);
206 TEST("forbiden prefix 12345", test_isds_change_password
,
207 IE_INVAL
, OTP_RESOLUTION_SUCCESS
, "42",
208 context
, password
, "12345$Aa", &otp_credentials
, &refnum
);
209 TEST("valid request", test_isds_change_password
, IE_SUCCESS
,
210 OTP_RESOLUTION_SUCCESS
, "42",
211 context
, password
, "h2k$Aana", &otp_credentials
, &refnum
);
215 isds_logout(context
);
216 if (stop_server(server_process
)) {
217 ABORT_UNIT(server_error
);
225 sendsmscode_arguments
.status_code
= "2301";
226 sendsmscode_arguments
.status_message
=
227 "One-time code cannot be re-send faster than once a 30 seconds";
228 error
= start_server(&server_process
, &server_address
,
229 server_otp_authentication
, &server_arguments
, NULL
);
231 isds_ctx_free(&context
);
233 ABORT_UNIT(server_error
);
235 if (-1 == test_asprintf(&url
, "http://%s/", server_address
)) {
236 free(server_address
);
237 stop_server(server_process
);
238 isds_ctx_free(&context
);
240 ABORT_UNIT("Could not format ISDS URL");
242 free(server_address
);
244 otp_credentials
.otp_code
= (char *) otp_code
;
245 TEST("login", test_login
, IE_SUCCESS
, OTP_RESOLUTION_SUCCESS
,
246 context
, url
, username
, password
, NULL
, &otp_credentials
);
248 /* First phase of authentication */
249 otp_credentials
.otp_code
= NULL
;
250 TEST("SendSMSCode cannot send so fast", test_isds_change_password
,
251 IE_ISDS
, OTP_RESOLUTION_TO_FAST
, "43",
252 context
, password
, "h2k$Aana", &otp_credentials
, &refnum
);
256 isds_logout(context
);
257 if (stop_server(server_process
)) {
258 ABORT_UNIT(server_error
);
265 sendsmscode_arguments
.status_code
= "2302";
266 sendsmscode_arguments
.status_message
=
267 "One-time code could not been sent. Try later again.";
268 error
= start_server(&server_process
, &server_address
,
269 server_otp_authentication
, &server_arguments
, NULL
);
271 isds_ctx_free(&context
);
273 ABORT_UNIT(server_error
);
275 if (-1 == test_asprintf(&url
, "http://%s/", server_address
)) {
276 free(server_address
);
277 stop_server(server_process
);
278 isds_ctx_free(&context
);
280 ABORT_UNIT("Could not format ISDS URL");
282 free(server_address
);
284 otp_credentials
.otp_code
= (char *) otp_code
;
285 TEST("login", test_login
, IE_SUCCESS
, OTP_RESOLUTION_SUCCESS
,
286 context
, url
, username
, password
, NULL
, &otp_credentials
);
288 /* First phase of authentication */
289 otp_credentials
.otp_code
= NULL
;
290 TEST("SendSMSCode cannot send", test_isds_change_password
,
291 IE_ISDS
, OTP_RESOLUTION_TOTP_NOT_SENT
, "43",
292 context
, password
, "h2k$Aana", &otp_credentials
, &refnum
);
296 isds_logout(context
);
297 if (stop_server(server_process
)) {
298 ABORT_UNIT(server_error
);
304 isds_logout(context
);
305 isds_ctx_free(&context
);