test/simline/totp_isds_change_password.c

   1 #ifndef _POSIX_SOURCE
   2 #define _POSIX_SOURCE   /* For getaddrinfo(3) */
   3 #endif
   4
   5 #ifndef _BSD_SOURCE
   6 #define _BSD_SOURCE   /* For NI_MAXHOST */
   7 #endif
   8
   9 #ifndef _XOPEN_SOURCE
  10 #define _XOPEN_SOURCE 600   /* For unsetenv(3) */
  11 #endif
  12
  13 #include "../test.h"
  14 #include "server.h"
  15 #include "isds.h"
  16
  17 static const char *username = "Doug1as$";
  18 static const char *password = "42aA#bc8";
  19 static const char *otp_code = "314";
  20
  21
  22 static int test_login(const isds_error error,
  23         const isds_otp_resolution resolution, struct isds_ctx *context,
  24         const char *url, const char *username, const char *password,
  25         const struct isds_pki_credentials *pki_credentials,
  26         struct isds_otp *otp) {
  27     isds_error err;
  28
  29     err = isds_login(context, url, username, password, pki_credentials, otp);
  30     if (error != err)
  31         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
  32                 isds_strerror(error), isds_strerror(err),
  33                 isds_long_message(context));
  34     if (otp != NULL && resolution != otp->resolution)
  35         FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
  36                 resolution, otp->resolution, isds_long_message(context));
  37
  38
  39     PASS_TEST;
  40 }
  41
  42
  43 static int test_isds_change_password(const isds_error error,
  44         const isds_otp_resolution resolution, const char *reference_number,
  45         struct isds_ctx *context, const char *old_password,
  46         const char *new_password, struct isds_otp *otp, char **refnum) {
  47     isds_error err;
  48
  49     err = isds_change_password(context, old_password, new_password, otp,
  50             refnum);
  51     if (error != err)
  52         FAIL_TEST("Wrong return code: expected=%s, returned=%s (%s)",
  53                 isds_strerror(error), isds_strerror(err),
  54                 isds_long_message(context));
  55     if (otp != NULL && resolution != otp->resolution)
  56         FAIL_TEST("Wrong OTP resolution: expected=%d, returned=%d (%s)",
  57                 resolution, otp->resolution, isds_long_message(context));
  58     if (NULL != refnum)
  59         TEST_STRING_DUPLICITY(reference_number, *refnum);
  60
  61     PASS_TEST;
  62 }
  63
  64 int main(int argc, char **argv) {
  65     int error;
  66     pid_t server_process;
  67     struct isds_ctx *context = NULL;
  68     char *url = NULL;
  69     char *refnum = NULL;
  70     struct isds_otp otp_credentials = {
  71         .method = OTP_TIME
  72     };
  73     const struct arguments_asws_changePassword_ChangePasswordOTP
  74         passwd_arguments = {
  75         .username = username,
  76         .current_password = password,
  77         .method = AUTH_OTP_TIME,
  78         .reference_number = "42"
  79     };
  80     struct arguments_asws_changePassword_SendSMSCode
  81         sendsmscode_arguments = {
  82         .status_code = "0000",
  83         .status_message = "One-time password sent via SMS gateway",
  84         .reference_number = "43"
  85     };
  86     const struct service_configuration services[] = {
  87         { SERVICE_DS_Dz_DummyOperation, NULL },
  88         { SERVICE_asws_changePassword_ChangePasswordOTP, &passwd_arguments },
  89         { SERVICE_asws_changePassword_SendSMSCode, &sendsmscode_arguments },
  90         { SERVICE_END, NULL }
  91     };
  92     const struct arguments_otp_authentication server_arguments = {
  93         .method = AUTH_OTP_TIME,
  94         .username = username,
  95         .password = password,
  96         .otp = (char *) otp_code,
  97         .isds_deviations = 1,
  98         .services = services
  99     };
 100
 101
 102     INIT_TEST("isds_change_password with TOTP");
 103
 104     if (unsetenv("http_proxy")) {
 105         ABORT_UNIT("Could not remove http_proxy variable from environment\n");
 106     }
 107     if (isds_init()) {
 108         isds_cleanup();
 109         ABORT_UNIT("isds_init() failed\n");
 110     }
 111     context = isds_ctx_create();
 112     if (!context) {
 113         isds_cleanup();
 114         ABORT_UNIT("isds_ctx_create() failed\n");
 115     }
 116
 117     {
 118         sendsmscode_arguments.status_code = "0000";
 119         sendsmscode_arguments.status_message =
 120             "One-time password sent via SMS gateway";
 121         error = start_server(&server_process, &url,
 122                 server_otp_authentication, &server_arguments, NULL);
 123         if (error == -1) {
 124             isds_ctx_free(&context);
 125             isds_cleanup();
 126             ABORT_UNIT(server_error);
 127         }
 128
 129         otp_credentials.otp_code = (char *) otp_code;
 130         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 131                 context, url, username, password, NULL, &otp_credentials);
 132
 133         /* First phase of authentication */
 134         otp_credentials.otp_code = NULL;
 135         TEST("First phase with invalid password", test_isds_change_password,
 136                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 137                 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
 138         otp_credentials.otp_code = NULL;
 139         TEST("First phase with valid password", test_isds_change_password,
 140                 IE_PARTIAL_SUCCESS, OTP_RESOLUTION_TOTP_SENT, "43",
 141                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 142
 143         /* Second phase of authentication */
 144         otp_credentials.otp_code = (char *) otp_code;
 145         TEST("Second phase with invalid password", test_isds_change_password,
 146                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 147                 context, "nbuusr1", "h2k$Aana", &otp_credentials, &refnum);
 148         /* XXX: There is bug in curl < 7.28.0 when authorization header is not
 149          * sent on second attempt after 401 response. Fixed by upstream commit
 150          * ce8311c7e49eca93c136b58efa6763853541ec97. The only work-around is
 151          * to use new CURL handle. */
 152         TEST("Second phase with invalid password 2", test_isds_change_password,
 153                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 154                 context, "nbuusr2", "h2k$Aana", &otp_credentials, &refnum);
 155         otp_credentials.otp_code = "666";
 156         TEST("Second phase with valid password but invalid OTP code",
 157                 test_isds_change_password,
 158                 IE_NOT_LOGGED_IN, OTP_RESOLUTION_BAD_AUTHENTICATION, NULL,
 159                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 160
 161         /* Checks for new password */
 162         otp_credentials.otp_code = (char *) otp_code;
 163         TEST("too short (7 characters)", test_isds_change_password, IE_INVAL,
 164                 OTP_RESOLUTION_SUCCESS, "42",
 165                 context, password, "aB34567", &otp_credentials, &refnum);
 166         TEST("too long (33 characters)", test_isds_change_password, IE_INVAL,
 167                 OTP_RESOLUTION_SUCCESS, "42",
 168                 context, password, "aB3456789112345678921234567893123",
 169                 &otp_credentials, &refnum);
 170         TEST("no upper case letter", test_isds_change_password, IE_INVAL,
 171                 OTP_RESOLUTION_SUCCESS, "42",
 172                 context, password, "1bcdefgh", &otp_credentials, &refnum);
 173         TEST("no lower case letter", test_isds_change_password, IE_INVAL,
 174                 OTP_RESOLUTION_SUCCESS, "42",
 175                 context, password, "1BCDEFGH", &otp_credentials, &refnum);
 176         TEST("no digit", test_isds_change_password, IE_INVAL,
 177                 OTP_RESOLUTION_SUCCESS, "42",
 178                 context, password, "aBCDEFGH", &otp_credentials, &refnum);
 179         TEST("forbidden space", test_isds_change_password, IE_INVAL,
 180                 OTP_RESOLUTION_SUCCESS, "42",
 181                 context, password, " h2k$Aan", &otp_credentials, &refnum);
 182         TEST("reused password", test_isds_change_password, IE_INVAL,
 183                 OTP_RESOLUTION_SUCCESS, "42",
 184                 context, password, password, &otp_credentials, &refnum);
 185         TEST("password contains user ID", test_isds_change_password, IE_INVAL,
 186                 OTP_RESOLUTION_SUCCESS, "42",
 187                 context, password, username, &otp_credentials, &refnum);
 188         TEST("sequence of the same characters", test_isds_change_password,
 189                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 190                 context, password, "h222k$Aa", &otp_credentials, &refnum);
 191         TEST("forbiden prefix qwert", test_isds_change_password,
 192                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 193                 context, password, "qwert$A8", &otp_credentials, &refnum);
 194         TEST("forbiden prefix asdgf", test_isds_change_password,
 195                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 196                 context, password, "asdgf$A8", &otp_credentials, &refnum);
 197         TEST("forbiden prefix 12345", test_isds_change_password,
 198                 IE_INVAL, OTP_RESOLUTION_SUCCESS, "42",
 199                 context, password, "12345$Aa", &otp_credentials, &refnum);
 200         TEST("valid request", test_isds_change_password, IE_SUCCESS,
 201                 OTP_RESOLUTION_SUCCESS, "42",
 202                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 203
 204         free(refnum);
 205         refnum = NULL;
 206         isds_logout(context);
 207         if (stop_server(server_process)) {
 208             ABORT_UNIT(server_error);
 209         }
 210
 211         free(url);
 212         url = NULL;
 213     }
 214
 215     {
 216         sendsmscode_arguments.status_code = "2301";
 217         sendsmscode_arguments.status_message =
 218             "One-time code cannot be re-send faster than once a 30 seconds";
 219         error = start_server(&server_process, &url,
 220                 server_otp_authentication, &server_arguments, NULL);
 221         if (error == -1) {
 222             isds_ctx_free(&context);
 223             isds_cleanup();
 224             ABORT_UNIT(server_error);
 225         }
 226
 227         otp_credentials.otp_code = (char *) otp_code;
 228         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 229                 context, url, username, password, NULL, &otp_credentials);
 230
 231         /* First phase of authentication */
 232         otp_credentials.otp_code = NULL;
 233         TEST("SendSMSCode cannot send so fast", test_isds_change_password,
 234                 IE_ISDS, OTP_RESOLUTION_TO_FAST, "43",
 235                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 236
 237         free(refnum);
 238         refnum = NULL;
 239         isds_logout(context);
 240         if (stop_server(server_process)) {
 241             ABORT_UNIT(server_error);
 242         }
 243         free(url);
 244         url = NULL;
 245     }
 246
 247     {
 248         sendsmscode_arguments.status_code = "2302";
 249         sendsmscode_arguments.status_message =
 250             "One-time code could not been sent. Try later again.";
 251         error = start_server(&server_process, &url,
 252                 server_otp_authentication, &server_arguments, NULL);
 253         if (error == -1) {
 254             isds_ctx_free(&context);
 255             isds_cleanup();
 256             ABORT_UNIT(server_error);
 257         }
 258
 259         otp_credentials.otp_code = (char *) otp_code;
 260         TEST("login", test_login, IE_SUCCESS, OTP_RESOLUTION_SUCCESS,
 261                 context, url, username, password, NULL, &otp_credentials);
 262
 263         /* First phase of authentication */
 264         otp_credentials.otp_code = NULL;
 265         TEST("SendSMSCode cannot send", test_isds_change_password,
 266                 IE_ISDS, OTP_RESOLUTION_TOTP_NOT_SENT, "43",
 267                 context, password, "h2k$Aana", &otp_credentials, &refnum);
 268
 269         free(refnum);
 270         refnum = NULL;
 271         isds_logout(context);
 272         if (stop_server(server_process)) {
 273             ABORT_UNIT(server_error);
 274         }
 275         free(url);
 276         url = NULL;
 277     }
 278
 279     isds_logout(context);
 280     isds_ctx_free(&context);
 281     isds_cleanup();
 282     SUM_TEST();
 283 }