OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1748 Commits
13 Branches
0 Tags
45 MiB
Tree: e28dc91f9b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e28dc91f9b'
${ noResults }
server-tools/auth_totp/tests/test_res_users_authenticato...

151 lines
5.8 KiB
Raw Normal View History

[ADD] auth_totp: MFA Support * Add relevant fields and methods to the res.users model * Overload check_credentials in res.users to allow for logins using an MFA login token rather than a password * Add the res.users.authenticator and res.users.device models, along with appropriate ACLs and record rules * Add the res.users.authenticator.create wizard model and an associated view to facilitate creation of res.users.authenticator records * Extend base.view_users_form_simple_modif with fields needed to manage the new functionality * Add an AuthTotp controller that inherits from Home in the web module and an associated view to introduce MFA logic to the login process * Add several new exception classes that inherit from AccessDenied
8 years ago
[MIG] auth_totp: Upgrade to v10 * Rename manifest * Change openerp references to odoo * Bump version * Add pyotp back to requirements
8 years ago
[ADD] auth_totp: MFA Support * Add relevant fields and methods to the res.users model * Overload check_credentials in res.users to allow for logins using an MFA login token rather than a password * Add the res.users.authenticator and res.users.device models, along with appropriate ACLs and record rules * Add the res.users.authenticator.create wizard model and an associated view to facilitate creation of res.users.authenticator records * Extend base.view_users_form_simple_modif with fields needed to manage the new functionality * Add an AuthTotp controller that inherits from Home in the web module and an associated view to introduce MFA logic to the login process * Add several new exception classes that inherit from AccessDenied
8 years ago
[MIG] auth_totp: Upgrade to v10 * Rename manifest * Change openerp references to odoo * Bump version * Add pyotp back to requirements
8 years ago
[ADD] auth_totp: MFA Support * Add relevant fields and methods to the res.users model * Overload check_credentials in res.users to allow for logins using an MFA login token rather than a password * Add the res.users.authenticator and res.users.device models, along with appropriate ACLs and record rules * Add the res.users.authenticator.create wizard model and an associated view to facilitate creation of res.users.authenticator records * Extend base.view_users_form_simple_modif with fields needed to manage the new functionality * Add an AuthTotp controller that inherits from Home in the web module and an associated view to introduce MFA logic to the login process * Add several new exception classes that inherit from AccessDenied
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016-2017 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import mock
  6. from odoo.exceptions import ValidationError
  7. from odoo.tests.common import TransactionCase
  10. @mock.patch(
  11. 'odoo.addons.auth_totp.wizards.res_users_authenticator_create.pyotp'
  12. )
  13. class TestResUsersAuthenticatorCreate(TransactionCase):
  15. def setUp(self):
  16. super(TestResUsersAuthenticatorCreate, self).setUp()
  18. self.test_user = self.env.ref('base.user_root')
  20. def _new_wizard(self, extra_values=None):
  21. base_values = {
  22. 'name': 'Test Authenticator',
  23. 'confirmation_code': 'Test',
  24. 'user_id': self.test_user.id,
  25. }
  26. if extra_values is not None:
  27. base_values.update(extra_values)
  29. return self.env['res.users.authenticator.create'].create(base_values)
  31. def test_secret_key_default(self, pyotp_mock):
  32. '''Should default to random string generated by PyOTP'''
  33. pyotp_mock.random_base32.return_value = test_random = 'Test'
  34. test_wiz = self.env['res.users.authenticator.create']
  35. test_key = test_wiz.default_get(['secret_key'])['secret_key']
  37. self.assertEqual(test_key, test_random)
  39. def test_default_user_id_no_uid_in_context(self, pyotp_mock):
  40. '''Should return empty user recordset when no uid in context'''
  41. test_wiz = self.env['res.users.authenticator.create'].with_context(
  42. uid=None,
  43. )
  45. self.assertFalse(test_wiz._default_user_id())
  46. self.assertEqual(test_wiz._default_user_id()._name, 'res.users')
  48. def test_default_user_id_uid_in_context(self, pyotp_mock):
  49. '''Should return correct user record when there is a uid in context'''
  50. test_wiz = self.env['res.users.authenticator.create'].with_context(
  51. uid=self.test_user.id,
  52. )
  54. self.assertEqual(test_wiz._default_user_id(), self.test_user)
  56. def test_compute_qr_code_tag_no_user_id(self, pyotp_mock):
  57. '''Should not call PyOTP or set field if no user_id present'''
  58. test_wiz = self.env['res.users.authenticator.create'].with_context(
  59. uid=None,
  60. ).new()
  61. pyotp_mock.reset_mock()
  63. self.assertFalse(test_wiz.qr_code_tag)
  64. pyotp_mock.assert_not_called()
  66. def test_compute_qr_code_tag_user_id(self, pyotp_mock):
  67. '''Should set field to image with encoded PyOTP URI if user present'''
  68. pyotp_mock.TOTP().provisioning_uri.return_value = 'test:uri'
  69. test_wiz = self._new_wizard()
  71. self.assertEqual(
  72. test_wiz.qr_code_tag,
  73. '<img src="/report/barcode/?type=QR&amp;value='
  74. '%s&amp;width=300&amp;height=300">' % 'test%3Auri',
  75. )
  77. def test_compute_qr_code_tag_pyotp_use(self, pyotp_mock):
  78. '''Should call PyOTP twice with correct arguments if user_id present'''
  79. test_wiz = self._new_wizard()
  80. pyotp_mock.reset_mock()
  81. test_wiz._compute_qr_code_tag()
  83. pyotp_mock.TOTP.assert_called_once_with(test_wiz.secret_key)
  84. pyotp_mock.TOTP().provisioning_uri.assert_called_once_with(
  85. self.test_user.display_name,
  86. issuer_name=self.test_user.company_id.display_name,
  87. )
  89. def test_perform_validations_wrong_confirmation(self, pyotp_mock):
  90. '''Should raise correct error if PyOTP cannot verify code'''
  91. test_wiz = self._new_wizard()
  92. pyotp_mock.TOTP().verify.return_value = False
  94. with self.assertRaisesRegexp(ValidationError, 'confirmation code'):
  95. test_wiz._perform_validations()
  97. def test_perform_validations_right_confirmation(self, pyotp_mock):
  98. '''Should not raise error if PyOTP can verify code'''
  99. test_wiz = self._new_wizard()
  100. pyotp_mock.TOTP().verify.return_value = True
  102. try:
  103. test_wiz._perform_validations()
  104. except ValidationError:
  105. self.fail('A ValidationError was raised and should not have been.')
  107. def test_perform_validations_pyotp_use(self, pyotp_mock):
  108. '''Should call PyOTP twice with correct arguments'''
  109. test_wiz = self._new_wizard()
  110. pyotp_mock.reset_mock()
  111. test_wiz._perform_validations()
  113. pyotp_mock.TOTP.assert_called_once_with(test_wiz.secret_key)
  114. pyotp_mock.TOTP().verify.assert_called_once_with(
  115. test_wiz.confirmation_code,
  116. )
  118. def test_create_authenticator(self, pyotp_mock):
  119. '''Should create single authenticator record with correct info'''
  120. test_wiz = self._new_wizard()
  121. auth_model = self.env['res.users.authenticator']
  122. auth_model.search([('id', '>', 0)]).unlink()
  123. test_wiz._create_authenticator()
  124. test_auth = auth_model.search([('id', '>', 0)])
  126. self.assertEqual(len(test_auth), 1)
  127. self.assertEqual(
  128. (test_auth.name, test_auth.secret_key, test_auth.user_id),
  129. (test_wiz.name, test_wiz.secret_key, test_wiz.user_id),
  130. )
  132. def test_action_create_return_info(self, pyotp_mock):
  133. '''Should return info of user preferences action with user_id added'''
  134. test_wiz = self._new_wizard()
  135. test_info = self.env.ref('base.action_res_users_my').read()[0]
  136. test_info.update({'res_id': test_wiz.user_id.id})
  138. self.assertEqual(test_wiz.action_create(), test_info)
  140. def test_action_create_helper_use(self, pyotp_mock):
  141. '''Should call correct helper methods with proper arguments'''
  142. test_wiz = self._new_wizard()
  144. with mock.patch.multiple(
  145. test_wiz,
  146. _perform_validations=mock.DEFAULT,
  147. _create_authenticator=mock.DEFAULT,
  148. ):
  149. test_wiz.action_create()
  150. test_wiz._perform_validations.assert_called_once_with()
  151. test_wiz._create_authenticator.assert_called_once_with()