2020-09-25 18:39:49 +01:00
|
|
|
"""test flow with otp stages"""
|
|
|
|
from base64 import b32decode
|
|
|
|
from time import sleep
|
|
|
|
from urllib.parse import parse_qs, urlparse
|
|
|
|
|
|
|
|
from selenium.webdriver.common.by import By
|
|
|
|
from selenium.webdriver.common.keys import Keys
|
2020-09-28 17:17:07 +01:00
|
|
|
from selenium.webdriver.support import expected_conditions as ec
|
2021-02-25 21:54:39 +00:00
|
|
|
from selenium.webdriver.support.wait import WebDriverWait
|
2020-09-25 18:39:49 +01:00
|
|
|
|
2022-08-02 23:05:49 +01:00
|
|
|
from authentik.blueprints.tests import apply_blueprint
|
2022-08-01 22:05:58 +01:00
|
|
|
from authentik.flows.models import Flow
|
2023-09-04 10:45:14 +01:00
|
|
|
from authentik.stages.authenticator.oath import TOTP
|
|
|
|
from authentik.stages.authenticator_static.models import (
|
|
|
|
AuthenticatorStaticStage,
|
|
|
|
StaticDevice,
|
|
|
|
StaticToken,
|
|
|
|
)
|
|
|
|
from authentik.stages.authenticator_totp.models import AuthenticatorTOTPStage, TOTPDevice
|
2022-08-01 22:05:58 +01:00
|
|
|
from tests.e2e.utils import SeleniumTestCase, retry
|
2020-09-25 18:39:49 +01:00
|
|
|
|
|
|
|
|
2021-02-17 19:49:58 +00:00
|
|
|
class TestFlowsAuthenticator(SeleniumTestCase):
|
2020-09-25 18:39:49 +01:00
|
|
|
"""test flow with otp stages"""
|
|
|
|
|
2020-10-20 17:42:26 +01:00
|
|
|
@retry()
|
2022-08-01 22:05:58 +01:00
|
|
|
@apply_blueprint(
|
2023-01-24 11:23:22 +00:00
|
|
|
"default/flow-default-authentication-flow.yaml",
|
|
|
|
"default/flow-default-invalidation-flow.yaml",
|
2022-08-01 22:05:58 +01:00
|
|
|
)
|
2021-02-17 19:49:58 +00:00
|
|
|
def test_totp_validate(self):
|
2020-09-25 18:39:49 +01:00
|
|
|
"""test flow with otp stages"""
|
|
|
|
# Setup TOTP Device
|
2021-11-23 20:30:02 +00:00
|
|
|
device = TOTPDevice.objects.create(user=self.user, confirmed=True, digits=6)
|
2020-09-25 18:39:49 +01:00
|
|
|
|
|
|
|
flow: Flow = Flow.objects.get(slug="default-authentication-flow")
|
|
|
|
|
2021-03-22 12:44:17 +00:00
|
|
|
self.driver.get(self.url("authentik_core:if-flow", flow_slug=flow.slug))
|
2021-02-26 15:46:01 +00:00
|
|
|
self.login()
|
2020-09-25 18:39:49 +01:00
|
|
|
|
|
|
|
# Get expected token
|
|
|
|
totp = TOTP(device.bin_key, device.step, device.t0, device.digits, device.drift)
|
2021-02-23 12:50:47 +00:00
|
|
|
|
|
|
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
2021-08-03 16:45:16 +01:00
|
|
|
validation_stage = self.get_shadow_root("ak-stage-authenticator-validate", flow_executor)
|
|
|
|
code_stage = self.get_shadow_root("ak-stage-authenticator-validate-code", validation_stage)
|
|
|
|
code_stage.find_element(By.CSS_SELECTOR, "input[name=code]").send_keys(totp.token())
|
|
|
|
code_stage.find_element(By.CSS_SELECTOR, "input[name=code]").send_keys(Keys.ENTER)
|
2021-09-16 16:30:16 +01:00
|
|
|
self.wait_for_url(self.if_user_url("/library"))
|
2021-11-23 20:30:02 +00:00
|
|
|
self.assert_user(self.user)
|
2020-09-25 18:39:49 +01:00
|
|
|
|
2020-10-20 17:42:26 +01:00
|
|
|
@retry()
|
2022-08-01 22:05:58 +01:00
|
|
|
@apply_blueprint(
|
2023-01-24 11:23:22 +00:00
|
|
|
"default/flow-default-authentication-flow.yaml",
|
|
|
|
"default/flow-default-invalidation-flow.yaml",
|
2022-08-01 22:05:58 +01:00
|
|
|
)
|
2023-01-24 11:23:22 +00:00
|
|
|
@apply_blueprint("default/flow-default-authenticator-totp-setup.yaml")
|
2021-02-17 19:49:58 +00:00
|
|
|
def test_totp_setup(self):
|
2020-09-25 18:39:49 +01:00
|
|
|
"""test TOTP Setup stage"""
|
|
|
|
flow: Flow = Flow.objects.get(slug="default-authentication-flow")
|
|
|
|
|
2021-03-22 12:44:17 +00:00
|
|
|
self.driver.get(self.url("authentik_core:if-flow", flow_slug=flow.slug))
|
2021-02-26 15:46:01 +00:00
|
|
|
self.login()
|
2021-02-25 21:54:39 +00:00
|
|
|
|
2021-09-16 16:30:16 +01:00
|
|
|
self.wait_for_url(self.if_user_url("/library"))
|
2021-11-23 20:30:02 +00:00
|
|
|
self.assert_user(self.user)
|
2020-11-23 13:24:42 +00:00
|
|
|
|
|
|
|
self.driver.get(
|
|
|
|
self.url(
|
2020-12-05 21:08:42 +00:00
|
|
|
"authentik_flows:configure",
|
2021-02-17 19:49:58 +00:00
|
|
|
stage_uuid=AuthenticatorTOTPStage.objects.first().stage_uuid,
|
2020-11-23 13:24:42 +00:00
|
|
|
)
|
2020-09-25 18:39:49 +01:00
|
|
|
)
|
|
|
|
|
2021-02-25 21:54:39 +00:00
|
|
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
|
|
|
totp_stage = self.get_shadow_root("ak-stage-authenticator-totp", flow_executor)
|
|
|
|
wait = WebDriverWait(totp_stage, self.wait_timeout)
|
2020-09-25 18:39:49 +01:00
|
|
|
|
2021-08-03 16:45:16 +01:00
|
|
|
wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "input[name=otp_uri]")))
|
|
|
|
otp_uri = totp_stage.find_element(By.CSS_SELECTOR, "input[name=otp_uri]").get_attribute(
|
|
|
|
"value"
|
2021-02-25 21:54:39 +00:00
|
|
|
)
|
2020-09-25 18:39:49 +01:00
|
|
|
|
|
|
|
# Parse the OTP URI, extract the secret and get the next token
|
|
|
|
otp_args = urlparse(otp_uri)
|
|
|
|
self.assertEqual(otp_args.scheme, "otpauth")
|
|
|
|
otp_qs = parse_qs(otp_args.query)
|
|
|
|
secret_key = b32decode(otp_qs["secret"][0])
|
|
|
|
|
|
|
|
totp = TOTP(secret_key)
|
|
|
|
|
2021-08-03 16:45:16 +01:00
|
|
|
totp_stage.find_element(By.CSS_SELECTOR, "input[name=code]").send_keys(totp.token())
|
|
|
|
totp_stage.find_element(By.CSS_SELECTOR, "input[name=code]").send_keys(Keys.ENTER)
|
2021-02-25 21:54:39 +00:00
|
|
|
sleep(3)
|
2020-09-25 18:39:49 +01:00
|
|
|
|
2021-11-23 20:30:02 +00:00
|
|
|
self.assertTrue(TOTPDevice.objects.filter(user=self.user, confirmed=True).exists())
|
2020-09-25 18:39:49 +01:00
|
|
|
|
2020-10-20 17:42:26 +01:00
|
|
|
@retry()
|
2022-08-01 22:05:58 +01:00
|
|
|
@apply_blueprint(
|
2023-01-24 11:23:22 +00:00
|
|
|
"default/flow-default-authentication-flow.yaml",
|
|
|
|
"default/flow-default-invalidation-flow.yaml",
|
2022-08-01 22:05:58 +01:00
|
|
|
)
|
2023-01-24 11:23:22 +00:00
|
|
|
@apply_blueprint("default/flow-default-authenticator-static-setup.yaml")
|
2021-02-17 19:49:58 +00:00
|
|
|
def test_static_setup(self):
|
2020-09-25 18:39:49 +01:00
|
|
|
"""test Static OTP Setup stage"""
|
|
|
|
flow: Flow = Flow.objects.get(slug="default-authentication-flow")
|
|
|
|
|
2021-03-22 12:44:17 +00:00
|
|
|
self.driver.get(self.url("authentik_core:if-flow", flow_slug=flow.slug))
|
2021-02-26 15:46:01 +00:00
|
|
|
self.login()
|
2021-02-25 21:54:39 +00:00
|
|
|
|
2021-09-16 16:30:16 +01:00
|
|
|
self.wait_for_url(self.if_user_url("/library"))
|
2021-11-23 20:30:02 +00:00
|
|
|
self.assert_user(self.user)
|
2020-11-23 13:24:42 +00:00
|
|
|
|
|
|
|
self.driver.get(
|
|
|
|
self.url(
|
2020-12-05 21:08:42 +00:00
|
|
|
"authentik_flows:configure",
|
2021-02-17 19:49:58 +00:00
|
|
|
stage_uuid=AuthenticatorStaticStage.objects.first().stage_uuid,
|
2020-11-23 13:24:42 +00:00
|
|
|
)
|
2020-09-25 18:39:49 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
# Remember the current URL as we should end up back here
|
|
|
|
destination_url = self.driver.current_url
|
|
|
|
|
2021-02-25 21:54:39 +00:00
|
|
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
2021-08-03 16:45:16 +01:00
|
|
|
authenticator_stage = self.get_shadow_root("ak-stage-authenticator-static", flow_executor)
|
2021-11-04 14:46:44 +00:00
|
|
|
token = authenticator_stage.find_element(By.CSS_SELECTOR, "ul li:nth-child(1)").text
|
2020-09-25 18:39:49 +01:00
|
|
|
|
2021-02-25 21:54:39 +00:00
|
|
|
authenticator_stage.find_element(By.CSS_SELECTOR, "button[type=submit]").click()
|
2020-09-25 18:39:49 +01:00
|
|
|
|
|
|
|
self.wait_for_url(destination_url)
|
|
|
|
sleep(1)
|
|
|
|
|
2021-11-23 20:30:02 +00:00
|
|
|
self.assertTrue(StaticDevice.objects.filter(user=self.user, confirmed=True).exists())
|
|
|
|
device = StaticDevice.objects.filter(user=self.user, confirmed=True).first()
|
2020-09-25 18:39:49 +01:00
|
|
|
self.assertTrue(StaticToken.objects.filter(token=token, device=device).exists())
|