nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1748 Commits
2 Branches
15 MiB
Tree: f3af13654e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f3af13654e'
${ noResults }
healthchecks/hc/accounts/tests/test_add_totp.py

83 lines
2.9 KiB
Raw Normal View History

Add support for 2FA using TOTP Fixes: #354
3 years ago
 
  1. from unittest.mock import patch
  2. 

  3. from hc.test import BaseTestCase
  4. 

  5. 

  6. class AddTotpTestCase(BaseTestCase):
  7.     def setUp(self):
  8.         super().setUp()
  9. 

  10.         self.url = "/accounts/two_factor/totp/"
  11. 

  12.     def test_it_requires_sudo_mode(self):
  13.         self.client.login(username="[email protected]", password="password")
  14. 

  15.         r = self.client.get(self.url)
  16.         self.assertContains(r, "We have sent a confirmation code")
  17. 

  18.     def test_it_shows_form(self):
  19.         self.client.login(username="[email protected]", password="password")
  20.         self.set_sudo_flag()
  21. 

  22.         r = self.client.get(self.url)
  23.         self.assertContains(r, "Enter the six-digit code")
  24. 

  25.         # It should put a "totp_secret" key in the session:
  26.         self.assertIn("totp_secret", self.client.session)
  27. 

  28.     @patch("hc.accounts.views.pyotp.totp.TOTP")
  29.     def test_it_adds_totp(self, mock_TOTP):
  30.         mock_TOTP.return_value.verify.return_value = True
  31. 

  32.         self.client.login(username="[email protected]", password="password")
  33.         self.set_sudo_flag()
  34. 

  35.         payload = {"code": "000000"}
  36.         r = self.client.post(self.url, payload, follow=True)
  37.         self.assertRedirects(r, "/accounts/profile/")
  38.         self.assertContains(r, "Successfully set up the Authenticator app")
  39. 

  40.         # totp_secret should be gone from the session:
  41.         self.assertNotIn("totp_secret", self.client.session)
  42. 

  43.         self.profile.refresh_from_db()
  44.         self.assertTrue(self.profile.totp)
  45.         self.assertTrue(self.profile.totp_created)
  46. 

  47.     @patch("hc.accounts.views.pyotp.totp.TOTP")
  48.     def test_it_handles_wrong_code(self, mock_TOTP):
  49.         mock_TOTP.return_value.verify.return_value = False
  50.         mock_TOTP.return_value.provisioning_uri.return_value = "test-uri"
  51. 

  52.         self.client.login(username="[email protected]", password="password")
  53.         self.set_sudo_flag()
  54. 

  55.         payload = {"code": "000000"}
  56.         r = self.client.post(self.url, payload, follow=True)
  57.         self.assertContains(r, "The code you entered was incorrect.")
  58. 

  59.         self.profile.refresh_from_db()
  60.         self.assertIsNone(self.profile.totp)
  61.         self.assertIsNone(self.profile.totp_created)
  62. 

  63.     def test_it_checks_if_totp_already_configured(self):
  64.         self.profile.totp = "0" * 32
  65.         self.profile.save()
  66. 

  67.         self.client.login(username="[email protected]", password="password")
  68.         self.set_sudo_flag()
  69. 

  70.         r = self.client.get(self.url)
  71.         self.assertEqual(r.status_code, 400)
  72. 

  73.     @patch("hc.accounts.views.pyotp.totp.TOTP")
  74.     def test_it_handles_non_numeric_code(self, mock_TOTP):
  75.         mock_TOTP.return_value.verify.return_value = False
  76.         mock_TOTP.return_value.provisioning_uri.return_value = "test-uri"
  77. 

  78.         self.client.login(username="[email protected]", password="password")
  79.         self.set_sudo_flag()
  80. 

  81.         payload = {"code": "AAAAAA"}
  82.         r = self.client.post(self.url, payload, follow=True)
  83.         self.assertContains(r, "Enter a valid value")