File tests/http_totp.php changed (mode: 100644) (index 0f3e0b2..2eb88aa) |
... |
... |
rg_log_exit(); |
55 |
55 |
|
|
56 |
56 |
|
|
57 |
57 |
rg_log(''); |
rg_log(''); |
58 |
|
rg_log_enter("Do the login without login token (token=$good_token)..."); |
|
|
58 |
|
rg_log_enter("Do the login without login token (must fail)..."); |
59 |
59 |
$data = array( |
$data = array( |
60 |
60 |
"doit" => 1, |
"doit" => 1, |
61 |
61 |
"token" => $good_token, |
"token" => $good_token, |
|
... |
... |
rg_log_exit(); |
80 |
80 |
|
|
81 |
81 |
|
|
82 |
82 |
rg_log(''); |
rg_log(''); |
83 |
|
rg_log_enter("Do the login (token=$good_token login_token=$lt)..."); |
|
|
83 |
|
rg_log_enter("Do the login (token=$good_token login_token=$lt) (must work)..."); |
84 |
84 |
$data = array( |
$data = array( |
85 |
85 |
"doit" => 1, |
"doit" => 1, |
86 |
86 |
"token" => $good_token, |
"token" => $good_token, |
|
... |
... |
if (strstr($r['body'], "invalid user")) { |
103 |
103 |
rg_log_exit(); |
rg_log_exit(); |
104 |
104 |
|
|
105 |
105 |
|
|
106 |
|
rg_log(''); |
|
107 |
|
rg_log_enter('Testing device enrollment...'); |
|
108 |
|
rg_log('Loading enroll form...'); |
|
109 |
|
$data = array(); |
|
110 |
|
$headers = array(); |
|
111 |
|
$r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers); |
|
112 |
|
if ($r === FALSE) { |
|
113 |
|
rg_log("Cannot load enroll page!"); |
|
114 |
|
exit(1); |
|
115 |
|
} |
|
116 |
|
$good_token = $r['tokens']['user_totp_enroll']; |
|
117 |
|
$key = isset($r['totp_secret']) ? $r['totp_secret'] : FALSE; |
|
118 |
|
if ($key === FALSE) { |
|
119 |
|
rg_log_ml('r: ' . print_r($r, TRUE)); |
|
120 |
|
rg_log("Cannot find totp::secret!"); |
|
121 |
|
exit(1); |
|
122 |
|
} |
|
123 |
|
rg_log('Posting the enroll form...'); |
|
124 |
|
$data = array( |
|
125 |
|
'enroll' => 1, |
|
126 |
|
'token' => $good_token, |
|
127 |
|
'totp::name' => 'test', |
|
128 |
|
'totp::secret' => $key, |
|
129 |
|
'totp::ver' => rg_totp_compute($key, time() / 30, 6) |
|
130 |
|
); |
|
131 |
|
$headers = array(); |
|
132 |
|
$r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers); |
|
133 |
|
if (!strstr($r['body'], 'You enrolled your new device with success')) { |
|
134 |
|
rg_log_ml('r: ' . print_r($r, TRUE)); |
|
135 |
|
rg_log("Cannot enroll!"); |
|
136 |
|
exit(1); |
|
137 |
|
} |
|
138 |
|
$sql = "SELECT 1 FROM login_tokens WHERE secret = '" . $key . "'"; |
|
139 |
|
$res = rg_sql_query($db, $sql); |
|
140 |
|
$rows = rg_sql_num_rows($res); |
|
141 |
|
rg_sql_free_result($res); |
|
142 |
|
if ($rows != 1) { |
|
143 |
|
rg_log("Seems the secret is not in the database!"); |
|
|
106 |
|
$r = totp_enroll($db); |
|
107 |
|
if ($r['ok'] !== 1) |
144 |
108 |
exit(1); |
exit(1); |
145 |
|
} |
|
146 |
|
rg_log_exit(); |
|
147 |
109 |
|
|
148 |
110 |
|
|
149 |
111 |
rg_log(''); |
rg_log(''); |
150 |
112 |
rg_log_enter('Testing the deletion of scratch codes'); |
rg_log_enter('Testing the deletion of scratch codes'); |
151 |
113 |
$sc1 = rg_test_sc_generate($db, $rg_ui); |
$sc1 = rg_test_sc_generate($db, $rg_ui); |
152 |
|
sleep(1); // to not have the same itime |
|
|
114 |
|
sleep(1); // to not have the same itime; TODO: we will add uids to scratch_codes table |
153 |
115 |
$sc2 = rg_test_sc_generate($db, $rg_ui); |
$sc2 = rg_test_sc_generate($db, $rg_ui); |
154 |
116 |
$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; |
$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; |
155 |
117 |
$res = rg_sql_query($db, $sql); |
$res = rg_sql_query($db, $sql); |
|
... |
... |
while (($row = rg_sql_fetch_array($res))) { |
160 |
122 |
rg_sql_free_result($res); |
rg_sql_free_result($res); |
161 |
123 |
rg_log_ml('list=' . print_r($list, TRUE)); |
rg_log_ml('list=' . print_r($list, TRUE)); |
162 |
124 |
|
|
163 |
|
$headers = array(); |
|
164 |
|
$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers); |
|
165 |
|
if ($r === FALSE) { |
|
166 |
|
rg_log("Cannot load sc page!"); |
|
|
125 |
|
$r = totp_scratch_delete($list); |
|
126 |
|
if ($r['ok'] !== 1) |
167 |
127 |
exit(1); |
exit(1); |
168 |
|
} |
|
169 |
|
$good_token = $r['tokens']['sc']; |
|
170 |
|
|
|
171 |
|
$data = array( |
|
172 |
|
'delete' => 1, |
|
173 |
|
'token' => $good_token, |
|
174 |
|
'delete_list[' . $list[0] . ']' => 'on', |
|
175 |
|
'delete_list[' . $list[1] . ']' => 'on' |
|
176 |
|
); |
|
177 |
|
$headers = array(); |
|
178 |
|
$r = do_req($test_url . "/op/settings/totp/sc", $data, $headers); |
|
179 |
|
if (!strstr($r['body'], 'success')) { |
|
180 |
|
rg_log("Cannot delete scratch codes!"); |
|
181 |
|
exit(1); |
|
182 |
|
} |
|
183 |
128 |
$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; |
$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; |
184 |
129 |
$res = rg_sql_query($db, $sql); |
$res = rg_sql_query($db, $sql); |
185 |
130 |
$rows = rg_sql_num_rows($res); |
$rows = rg_sql_num_rows($res); |
File tests/totp.inc.php added (mode: 100644) (index 0000000..3fac13e) |
|
1 |
|
<?php |
|
2 |
|
// Here are helpers for 2fa enrollment |
|
3 |
|
|
|
4 |
|
/* |
|
5 |
|
* Do the http 2fa enrollment |
|
6 |
|
* Will return the key. |
|
7 |
|
*/ |
|
8 |
|
function totp_enroll($db) |
|
9 |
|
{ |
|
10 |
|
global $test_url; |
|
11 |
|
|
|
12 |
|
rg_log_enter('test_enroll'); |
|
13 |
|
|
|
14 |
|
$ret = array('ok' => 0); |
|
15 |
|
while (1) { |
|
16 |
|
rg_log('Loading enroll form...'); |
|
17 |
|
$data = array(); $headers = array(); |
|
18 |
|
$r = do_req($test_url . '/op/settings/totp/enroll', $data, $headers); |
|
19 |
|
if ($r === FALSE) { |
|
20 |
|
rg_log('Cannot load enroll page!'); |
|
21 |
|
break; |
|
22 |
|
} |
|
23 |
|
$good_token = $r['tokens']['user_totp_enroll']; |
|
24 |
|
$key = isset($r['totp_secret']) ? $r['totp_secret'] : FALSE; |
|
25 |
|
if ($key === FALSE) { |
|
26 |
|
rg_log_ml('r: ' . print_r($r, TRUE)); |
|
27 |
|
rg_log('Cannot find totp::secret!'); |
|
28 |
|
break; |
|
29 |
|
} |
|
30 |
|
$ret['key'] = $key; // we may need it |
|
31 |
|
|
|
32 |
|
rg_log('Posting the enroll form...'); |
|
33 |
|
$data = array( |
|
34 |
|
'enroll' => 1, |
|
35 |
|
'token' => $good_token, |
|
36 |
|
'totp::name' => 'test', |
|
37 |
|
'totp::secret' => $key, |
|
38 |
|
'totp::ver' => rg_totp_compute($key, time() / 30, 6) |
|
39 |
|
); |
|
40 |
|
$headers = array(); |
|
41 |
|
$r = do_req($test_url . '/op/settings/totp/enroll', $data, $headers); |
|
42 |
|
if (!strstr($r['body'], 'You enrolled your new device with success')) { |
|
43 |
|
rg_log_ml('r: ' . print_r($r, TRUE)); |
|
44 |
|
rg_log('Cannot enroll!'); |
|
45 |
|
break; |
|
46 |
|
} |
|
47 |
|
$sql = "SELECT 1 FROM login_tokens WHERE secret = '" . $key . "'"; |
|
48 |
|
$res = rg_sql_query($db, $sql); |
|
49 |
|
$rows = rg_sql_num_rows($res); |
|
50 |
|
rg_sql_free_result($res); |
|
51 |
|
if ($rows != 1) { |
|
52 |
|
rg_log('Secret not found in the database!'); |
|
53 |
|
break; |
|
54 |
|
} |
|
55 |
|
|
|
56 |
|
$ret['ok'] = 1; |
|
57 |
|
break; |
|
58 |
|
} |
|
59 |
|
|
|
60 |
|
rg_log_exit(); |
|
61 |
|
return $ret; |
|
62 |
|
} |
|
63 |
|
|
|
64 |
|
/* |
|
65 |
|
* Deletes scratch codes |
|
66 |
|
*/ |
|
67 |
|
function totp_scratch_delete($list) |
|
68 |
|
{ |
|
69 |
|
global $test_url; |
|
70 |
|
|
|
71 |
|
rg_log_enter('totp_scratch_delete'); |
|
72 |
|
|
|
73 |
|
$ret = array('ok' => 0); |
|
74 |
|
while (1) { |
|
75 |
|
$headers = array(); |
|
76 |
|
$r = do_req($test_url . '/op/settings/totp/sc', $data, $headers); |
|
77 |
|
if ($r === FALSE) { |
|
78 |
|
rg_log('Cannot load sc page!'); |
|
79 |
|
break; |
|
80 |
|
} |
|
81 |
|
$good_token = $r['tokens']['sc']; |
|
82 |
|
|
|
83 |
|
$data = array( |
|
84 |
|
'delete' => 1, |
|
85 |
|
'token' => $good_token |
|
86 |
|
); |
|
87 |
|
foreach ($list as $id) |
|
88 |
|
$data['delete_list[' . $id . ']'] = 'on'; |
|
89 |
|
$headers = array(); |
|
90 |
|
$r = do_req($test_url . '/op/settings/totp/sc', $data, $headers); |
|
91 |
|
if (!strstr($r['body'], 'success')) { |
|
92 |
|
rg_log('Cannot delete scratch codes!'); |
|
93 |
|
break; |
|
94 |
|
} |
|
95 |
|
|
|
96 |
|
$ret['ok'] = 1; |
|
97 |
|
break; |
|
98 |
|
} |
|
99 |
|
|
|
100 |
|
rg_log_exit(); |
|
101 |
|
return $ret; |
|
102 |
|
} |