Add test of rlm_totp

author Nick Porter <nick@portercomputing.co.uk>

Mon, 29 Apr 2024 17:10:31 +0000 (18:10 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Mon, 29 Apr 2024 17:19:03 +0000 (18:19 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Mon, 29 Apr 2024 17:10:31 +0000 (18:10 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Mon, 29 Apr 2024 17:19:03 +0000 (18:19 +0100)
diff --git a/.github/actions/ci-tests/action.yml b/.github/actions/ci-tests/action.yml

index 02d71d5447b7355fb79d16f7812d6ac8876c9345..57d13502117de07dc139f8e460642da76c601653 100644 (file)
--- a/.github/actions/ci-tests/action.yml
+++ b/.github/actions/ci-tests/action.yml
@@ -123,6 +123,7 @@ runs:
          sudo apt-get install -y --no-install-recommends \
            apparmor-utils \
            redis-tools \
+          oathtool \
            ldap-utils
  
      - name: Install test clients (containers)
diff --git a/src/tests/modules/totp/all.mk b/src/tests/modules/totp/all.mk

new file mode 100644 (file)

index 0000000..4c81981
--- /dev/null
+++ b/src/tests/modules/totp/all.mk
@@ -0,0 +1,3 @@
+#
+#  Test the "totp" module
+#
diff --git a/src/tests/modules/totp/auth.attrs b/src/tests/modules/totp/auth.attrs

new file mode 100644 (file)

index 0000000..24fef05
--- /dev/null
+++ b/src/tests/modules/totp/auth.attrs
@@ -0,0 +1,11 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "hello"
+
+#
+#  Expected answer
+#
+Packet-Type == Access-Accept
diff --git a/src/tests/modules/totp/auth.unlang b/src/tests/modules/totp/auth.unlang

new file mode 100644 (file)

index 0000000..115a7a6
--- /dev/null
+++ b/src/tests/modules/totp/auth.unlang
@@ -0,0 +1,52 @@
+string otp
+
+&control.TOTP.Secret := 'ONSWG4TFOQYTEMZUGU3DOOBZ'
+
+#
+#  With no OTP from the user, the module does nothing
+#
+totp.authenticate
+
+if (!noop) {
+       test_fail
+}
+
+
+#
+#  Use oathtool to calculate OTP
+#
+&TOTP.From-User := %exec('/usr/bin/oathtool', '--base32', '--totp', 'ONSWG4TFOQYTEMZUGU3DOOBZ')
+
+totp.authenticate
+
+if (!ok) {
+       test_fail
+}
+
+#
+#  Now set an incorrect OTP and check for reject
+#
+&TOTP.From-User := 'ABCDEF'
+
+totp.authenticate {
+       reject = 1
+}
+
+if !(reject) {
+       test_fail
+}
+
+#
+#  And an invalid length OTP
+#
+&TOTP.From-User := '12345'
+
+totp.authenticate {
+       fail = 1
+}
+
+if !(fail) {
+       test_fail
+}
+
+test_pass
diff --git a/src/tests/modules/totp/module.conf b/src/tests/modules/totp/module.conf

new file mode 100644 (file)

index 0000000..a6f2723
--- /dev/null
+++ b/src/tests/modules/totp/module.conf
@@ -0,0 +1,5 @@
+totp {
+}
+
+exec {
+}
author	Nick Porter <nick@portercomputing.co.uk>
	Mon, 29 Apr 2024 17:10:31 +0000 (18:10 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Mon, 29 Apr 2024 17:19:03 +0000 (18:19 +0100)
.github/actions/ci-tests/action.yml		patch \| blob \| blame \| history
src/tests/modules/totp/all.mk	[new file with mode: 0644]	patch \| blob
src/tests/modules/totp/auth.attrs	[new file with mode: 0644]	patch \| blob
src/tests/modules/totp/auth.unlang	[new file with mode: 0644]	patch \| blob
src/tests/modules/totp/module.conf	[new file with mode: 0644]	patch \| blob