From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 29 Apr 2024 17:10:31 +0000 (+0100)
Subject: Add test of rlm_totp
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41462a2bcda04de0f6a6003d4e361ba06d395069;p=thirdparty%2Ffreeradius-server.git

Add test of rlm_totp
---

diff --git a/.github/actions/ci-tests/action.yml b/.github/actions/ci-tests/action.yml
index 02d71d5447b..57d13502117 100644
--- a/.github/actions/ci-tests/action.yml
+++ b/.github/actions/ci-tests/action.yml
@@ -123,6 +123,7 @@ runs:
         sudo apt-get install -y --no-install-recommends \
           apparmor-utils \
           redis-tools \
+          oathtool \
           ldap-utils
 
     - name: Install test clients (containers)
diff --git a/src/tests/modules/totp/all.mk b/src/tests/modules/totp/all.mk
new file mode 100644
index 00000000000..4c81981a4db
--- /dev/null
+++ b/src/tests/modules/totp/all.mk
@@ -0,0 +1,3 @@
+#
+#  Test the "totp" module
+#
diff --git a/src/tests/modules/totp/auth.attrs b/src/tests/modules/totp/auth.attrs
new file mode 100644
index 00000000000..24fef056dc8
--- /dev/null
+++ b/src/tests/modules/totp/auth.attrs
@@ -0,0 +1,11 @@
+#
+#  Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "hello"
+
+#
+#  Expected answer
+#
+Packet-Type == Access-Accept
diff --git a/src/tests/modules/totp/auth.unlang b/src/tests/modules/totp/auth.unlang
new file mode 100644
index 00000000000..115a7a68978
--- /dev/null
+++ b/src/tests/modules/totp/auth.unlang
@@ -0,0 +1,52 @@
+string otp
+
+&control.TOTP.Secret := 'ONSWG4TFOQYTEMZUGU3DOOBZ'
+
+#
+#  With no OTP from the user, the module does nothing
+#
+totp.authenticate
+
+if (!noop) {
+	test_fail
+}
+
+
+#
+#  Use oathtool to calculate OTP
+#
+&TOTP.From-User := %exec('/usr/bin/oathtool', '--base32', '--totp', 'ONSWG4TFOQYTEMZUGU3DOOBZ')
+
+totp.authenticate
+
+if (!ok) {
+	test_fail
+}
+
+#
+#  Now set an incorrect OTP and check for reject
+#
+&TOTP.From-User := 'ABCDEF'
+
+totp.authenticate {
+	reject = 1
+}
+
+if !(reject) {
+	test_fail
+}
+
+#
+#  And an invalid length OTP
+#
+&TOTP.From-User := '12345'
+
+totp.authenticate {
+	fail = 1
+}
+
+if !(fail) {
+	test_fail
+}
+
+test_pass
diff --git a/src/tests/modules/totp/module.conf b/src/tests/modules/totp/module.conf
new file mode 100644
index 00000000000..a6f27232cd4
--- /dev/null
+++ b/src/tests/modules/totp/module.conf
@@ -0,0 +1,5 @@
+totp {
+}
+
+exec {
+}