Update library version
[libisds.git] / test / simline / totp_isds_change_password.c
blob2dda1c16de595720778bf066ea21bfad4cc19af2
1 #ifndef _POSIX_SOURCE
2 #define _POSIX_SOURCE /* For getaddrinfo(3) */
3 #endif
5 #ifndef _BSD_SOURCE
6 #define _BSD_SOURCE /* For NI_MAXHOST */
7 #endif
9 #ifndef _XOPEN_SOURCE
10 #define _XOPEN_SOURCE 600 /* For unsetenv(3) */
11 #endif
13 #include "../test.h"
14 #include "server.h"
15 #include "isds.h"
17 static const char *username = "Doug1as$";
18 static const char *password = "42aA#bc8";
19 static const char *otp_code = "314";
22 static int test_login(const isds_error error,
23 const isds_otp_resolution resolution, struct isds_ctx *context,
24 const char *url, const char *username, const char *password,
25 const struct isds_pki_credentials *pki_credentials,
26 struct isds_otp *otp) {
27 isds_error err;
29 err = isds_login(context, url, username, password, pki_credentials, otp);
30 if (error != err)
31 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
32 isds_strerror(error), isds_strerror(err),
33 isds_long_message(context));
34 if (otp != NULL && resolution != otp->resolution)
35 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
36 resolution, otp->resolution, isds_long_message(context));
39 PASS_TEST;
43 static int test_isds_change_password(const isds_error error,
44 const isds_otp_resolution resolution, const char *reference_number,
45 struct isds_ctx *context, const char *old_password,
46 const char *new_password, struct isds_otp *otp, char **refnum) {
47 isds_error err;
49 err = isds_change_password(context, old_password, new_password, otp,
50 refnum);
51 if (error != err)
52 FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
53 isds_strerror(error), isds_strerror(err),
54 isds_long_message(context));
55 if (otp != NULL && resolution != otp->resolution)
56 FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
57 resolution, otp->resolution, isds_long_message(context));
58 if (NULL != refnum)
59 TEST_STRING_DUPLICITY(reference_number, *refnum);
61 PASS_TEST;
64 int main(int argc, char **argv) {
65 int error;
66 pid_t server_process;
67 struct isds_ctx *context = NULL;
68 char *url = NULL;
69 char *refnum = NULL;
70 struct isds_otp otp_credentials = {
71 .method = OTP_TIME
73 const struct arguments_asws_changePassword_ChangePasswordOTP
74 passwd_arguments = {
75 .username = username,
76 .current_password = password,
77 .method = AUTH_OTP_TIME,
78 .reference_number = "42"
80 struct arguments_asws_changePassword_SendSMSCode
81 sendsmscode_arguments = {
82 .status_code = "0000",
83 .status_message = "One-time password sent via SMS gateway",
84 .reference_number = "43"
86 const struct service_configuration services[] = {
87 { SERVICE_DS_Dz_DummyOperation, NULL },
88 { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
89 { SERVICE_asws_changePassword_SendSMSCode, &sendsmscode_arguments },
90 { SERVICE_END, NULL }
92 const struct arguments_otp_authentication server_arguments = {
93 .method = AUTH_OTP_TIME,
94 .username = username,
95 .password = password,
96 .otp = (char *) otp_code,
97 .isds_deviations = 1,
98 .services = services
102 INIT_TEST("isds_change_password with TOTP");
104 if (unsetenv("http_proxy")) {
105 ABORT_UNIT("Could not remove http_proxy variable from environment\n");
107 if (isds_init()) {
108 isds_cleanup();
109 ABORT_UNIT("isds_init() failed\n");
111 context = isds_ctx_create();
112 if (!context) {
113 isds_cleanup();
114 ABORT_UNIT("isds_ctx_create() failed\n");
118 sendsmscode_arguments.status_code = "0000";
119 sendsmscode_arguments.status_message =
120 "One-time password sent via SMS gateway";
121 error = start_server(&server_process, &url,
122 server_otp_authentication, &server_arguments, NULL);
123 if (error == -1) {
124 isds_ctx_free(&context);
125 isds_cleanup();
126 ABORT_UNIT(server_error);
129 otp_credentials.otp_code = (char *) otp_code;
130 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
131 context, url, username, password, NULL, &otp_credentials);
133 /* First phase of authentication */
134 otp_credentials.otp_code = NULL;
135 TEST("First phase with invalid password", test_isds_change_password,
136 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
137 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
138 otp_credentials.otp_code = NULL;
139 TEST("First phase with valid password", test_isds_change_password,
140 IE_PARTIAL_SUCCESS, OTP_RESOLUTION_TOTP_SENT, "43",
141 context, password, "h2k$Aana", &otp_credentials, &refnum);
143 /* Second phase of authentication */
144 otp_credentials.otp_code = (char *) otp_code;
145 TEST("Second phase with invalid password", test_isds_change_password,
146 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
147 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
148 /* XXX: There is bug in curl < 7.28.0 when authorization header is not
149 * sent on second attempt after 401 response. Fixed by upstream commit
150 * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
151 * to use new CURL handle. */
152 TEST("Second phase with invalid password 2", test_isds_change_password,
153 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
154 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
155 otp_credentials.otp_code = "666";
156 TEST("Second phase with valid password but invalid OTP code",
157 test_isds_change_password,
158 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
159 context, password, "h2k$Aana", &otp_credentials, &refnum);
161 /* Checks for new password */
162 otp_credentials.otp_code = (char *) otp_code;
163 TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
164 OTP_RESOLUTION_SUCCESS, "42",
165 context, password, "aB34567", &otp_credentials, &refnum);
166 TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
167 OTP_RESOLUTION_SUCCESS, "42",
168 context, password, "aB3456789112345678921234567893123",
169 &otp_credentials, &refnum);
170 TEST("no upper case letter", test_isds_change_password, IE_INVAL,
171 OTP_RESOLUTION_SUCCESS, "42",
172 context, password, "1bcdefgh", &otp_credentials, &refnum);
173 TEST("no lower case letter", test_isds_change_password, IE_INVAL,
174 OTP_RESOLUTION_SUCCESS, "42",
175 context, password, "1BCDEFGH", &otp_credentials, &refnum);
176 TEST("no digit", test_isds_change_password, IE_INVAL,
177 OTP_RESOLUTION_SUCCESS, "42",
178 context, password, "aBCDEFGH", &otp_credentials, &refnum);
179 TEST("forbidden space", test_isds_change_password, IE_INVAL,
180 OTP_RESOLUTION_SUCCESS, "42",
181 context, password, " h2k$Aan", &otp_credentials, &refnum);
182 TEST("reused password", test_isds_change_password, IE_INVAL,
183 OTP_RESOLUTION_SUCCESS, "42",
184 context, password, password, &otp_credentials, &refnum);
185 TEST("password contains user ID", test_isds_change_password, IE_INVAL,
186 OTP_RESOLUTION_SUCCESS, "42",
187 context, password, username, &otp_credentials, &refnum);
188 TEST("sequence of the same characters", test_isds_change_password,
189 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
190 context, password, "h222k$Aa", &otp_credentials, &refnum);
191 TEST("forbiden prefix qwert", test_isds_change_password,
192 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
193 context, password, "qwert$A8", &otp_credentials, &refnum);
194 TEST("forbiden prefix asdgf", test_isds_change_password,
195 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
196 context, password, "asdgf$A8", &otp_credentials, &refnum);
197 TEST("forbiden prefix 12345", test_isds_change_password,
198 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
199 context, password, "12345$Aa", &otp_credentials, &refnum);
200 TEST("valid request", test_isds_change_password, IE_SUCCESS,
201 OTP_RESOLUTION_SUCCESS, "42",
202 context, password, "h2k$Aana", &otp_credentials, &refnum);
204 free(refnum);
205 refnum = NULL;
206 isds_logout(context);
207 if (stop_server(server_process)) {
208 ABORT_UNIT(server_error);
211 free(url);
212 url = NULL;
216 sendsmscode_arguments.status_code = "2301";
217 sendsmscode_arguments.status_message =
218 "One-time code cannot be re-send faster than once a 30 seconds";
219 error = start_server(&server_process, &url,
220 server_otp_authentication, &server_arguments, NULL);
221 if (error == -1) {
222 isds_ctx_free(&context);
223 isds_cleanup();
224 ABORT_UNIT(server_error);
227 otp_credentials.otp_code = (char *) otp_code;
228 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
229 context, url, username, password, NULL, &otp_credentials);
231 /* First phase of authentication */
232 otp_credentials.otp_code = NULL;
233 TEST("SendSMSCode cannot send so fast", test_isds_change_password,
234 IE_ISDS, OTP_RESOLUTION_TO_FAST, "43",
235 context, password, "h2k$Aana", &otp_credentials, &refnum);
237 free(refnum);
238 refnum = NULL;
239 isds_logout(context);
240 if (stop_server(server_process)) {
241 ABORT_UNIT(server_error);
243 free(url);
244 url = NULL;
248 sendsmscode_arguments.status_code = "2302";
249 sendsmscode_arguments.status_message =
250 "One-time code could not been sent. Try later again.";
251 error = start_server(&server_process, &url,
252 server_otp_authentication, &server_arguments, NULL);
253 if (error == -1) {
254 isds_ctx_free(&context);
255 isds_cleanup();
256 ABORT_UNIT(server_error);
259 otp_credentials.otp_code = (char *) otp_code;
260 TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
261 context, url, username, password, NULL, &otp_credentials);
263 /* First phase of authentication */
264 otp_credentials.otp_code = NULL;
265 TEST("SendSMSCode cannot send", test_isds_change_password,
266 IE_ISDS, OTP_RESOLUTION_TOTP_NOT_SENT, "43",
267 context, password, "h2k$Aana", &otp_credentials, &refnum);
269 free(refnum);
270 refnum = NULL;
271 isds_logout(context);
272 if (stop_server(server_process)) {
273 ABORT_UNIT(server_error);
275 free(url);
276 url = NULL;
279 isds_logout(context);
280 isds_ctx_free(&context);
281 isds_cleanup();
282 SUM_TEST();