From 41462a2bcda04de0f6a6003d4e361ba06d395069 Mon Sep 17 00:00:00 2001
From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 29 Apr 2024 18:10:31 +0100
Subject: [PATCH] Add test of rlm_totp

---
 .github/actions/ci-tests/action.yml |  1 +
 src/tests/modules/totp/all.mk       |  3 ++
 src/tests/modules/totp/auth.attrs   | 11 ++++++
 src/tests/modules/totp/auth.unlang  | 52 +++++++++++++++++++++++++++++
 src/tests/modules/totp/module.conf  |  5 +++
 5 files changed, 72 insertions(+)
 create mode 100644 src/tests/modules/totp/all.mk
 create mode 100644 src/tests/modules/totp/auth.attrs
 create mode 100644 src/tests/modules/totp/auth.unlang
 create mode 100644 src/tests/modules/totp/module.conf

diff --git a/.github/actions/ci-tests/action.yml b/.github/actions/ci-tests/action.yml
index 02d71d5447..57d1350211 100644
--- a/.github/actions/ci-tests/action.yml
+++ b/.github/actions/ci-tests/action.yml
@@ -123,6 +123,7 @@ runs:
         sudo apt-get install -y --no-install-recommends \
           apparmor-utils \
           redis-tools \
+          oathtool \
           ldap-utils
 
     - name: Install test clients (containers)
diff --git a/src/tests/modules/totp/all.mk b/src/tests/modules/totp/all.mk
new file mode 100644
index 0000000000..4c81981a4d
--- /dev/null
+++ b/src/tests/modules/totp/all.mk
@@ -0,0 +1,3 @@
+#
+#  Test the "totp" module
+#
diff --git a/src/tests/modules/totp/auth.attrs b/src/tests/modules/totp/auth.attrs
new file mode 100644
index 0000000000..24fef056dc
--- /dev/null
+++ b/src/tests/modules/totp/auth.attrs
@@ -0,0 +1,11 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "hello"
+
+#
+#  Expected answer
+#
+Packet-Type == Access-Accept
diff --git a/src/tests/modules/totp/auth.unlang b/src/tests/modules/totp/auth.unlang
new file mode 100644
index 0000000000..115a7a6897
--- /dev/null
+++ b/src/tests/modules/totp/auth.unlang
@@ -0,0 +1,52 @@
+string otp
+
+&control.TOTP.Secret := 'ONSWG4TFOQYTEMZUGU3DOOBZ'
+
+#
+#  With no OTP from the user, the module does nothing
+#
+totp.authenticate
+
+if (!noop) {
+	test_fail
+}
+
+
+#
+#  Use oathtool to calculate OTP
+#
+&TOTP.From-User := %exec('/usr/bin/oathtool', '--base32', '--totp', 'ONSWG4TFOQYTEMZUGU3DOOBZ')
+
+totp.authenticate
+
+if (!ok) {
+	test_fail
+}
+
+#
+#  Now set an incorrect OTP and check for reject
+#
+&TOTP.From-User := 'ABCDEF'
+
+totp.authenticate {
+	reject = 1
+}
+
+if !(reject) {
+	test_fail
+}
+
+#
+#  And an invalid length OTP
+#
+&TOTP.From-User := '12345'
+
+totp.authenticate {
+	fail = 1
+}
+
+if !(fail) {
+	test_fail
+}
+
+test_pass
diff --git a/src/tests/modules/totp/module.conf b/src/tests/modules/totp/module.conf
new file mode 100644
index 0000000000..a6f27232cd
--- /dev/null
+++ b/src/tests/modules/totp/module.conf
@@ -0,0 +1,5 @@
+totp {
+}
+
+exec {
+}
-- 
2.47.3