TwoFactorAuthTest.java example

Explorer

passopolis-server-master
- java
  - server
    - src
      - co
        mitro
        access
        servlets
        ManageAccessEmailer.java
        MitroAccessEmailer.java
        ShareAccessEmailer.java
        analysis
        AuditLogProcessor.java
        DumpJSONEvents.java
        DumpStateMain.java
        PeriodicStatsGeneratorMain.java
        StatsGenerator.java
        build
        BuildMetadata.java
        core
        accesscontrol
        AuthenticatedDB.java
        alerts
        BackgroundAlertProcessor.java
        BaseAlerter.java
        BaseEmailAlerter.java
        EmailAlertManager.java
        FirstSecretEmailer.java
        NewInactiveUserEmailer.java
        NewUserEmailer.java
        SecretsSharedWithUserEmailer.java
        crypto
        CrappyKeyFactory.java
        GenerateKeysToFile.java
        KeyInterfaces.java
        KeyczarKeyFactory.java
        PrecomputingKeyczarKeyFactory.java
        exceptions
        DoEmailVerificationException.java
        DoLoginException.java
        DoTwoFactorAuthException.java
        InvalidRequestException.java
        MitroServletException.java
        PermissionException.java
        ReadOnlyServerException.java
        RetryTransactionException.java
        SendableException.java
        TooManyAccountsException.java
        UnverifiedUserException.java
        UserExistsException.java
        UserVisibleException.java
        server
        BeforeAfterState.java
        CreateTables.java
        Main.java
        Manager.java
        ManagerFactory.java
        ManagerPool.java
        SecretsBundle.java
        StdoutRequestLog.java
        Templates.java
        data
        DBAcl.java
        DBAudit.java
        DBConcurrencyState.java
        DBDeviceSpecificInfo.java
        DBEmailQueue.java
        DBEmailQueueSent.java
        DBEmailRecord.java
        DBFutureAlert.java
        DBGroup.java
        DBGroupSecret.java
        DBHistoricalOrgState.java
        DBHistoricalUserState.java
        DBIdentity.java
        DBIssue.java
        DBMitroAccessEmail.java
        DBPendingGroup.java
        DBProcessedAudit.java
        DBServerVisibleSecret.java
        DBSignup.java
        DBStripeCustomer.java
        DBUserName.java
        OldJsonData.java
        RPC.java
        RPCLogger.java
        UserListInterface.java
        servlets
        AbstractAddEditGroup.java
        AddGroup.java
        AddIdentity.java
        AddIssue.java
        AddPendingGroupServlet.java
        AddSecret.java
        BeginTransactionServlet.java
        BuildMetadataServlet.java
        CheckTwoFactorRequired.java
        CreateCustomer.java
        CreateOrganization.java
        DeleteGroup.java
        EditEncryptedPrivateKey.java
        EditGroup.java
        EditSecret.java
        EditSecretContent.java
        EndTransactionServlet.java
        GetAuditLog.java
        GetCustomer.java
        GetGroup.java
        GetMyDeviceKey.java
        GetMyPrivateKey.java
        GetOrganizationState.java
        GetPendingGroupApprovals.java
        GetPublicKeyForIdentity.java
        GetSecret.java
        InviteNewUser.java
        ListMySecretsAndGroupKeys.java
        MitroServlet.java
        MitroWebServlet.java
        MutateOrganization.java
        RecordEmail.java
        RemoveAllPendingGroupApprovalsForScope.java
        RemoveSecret.java
        ServerRejectsServlet.java
        SubmitPayment.java
        TestServlet.java
        UpdateSecretFromAgent.java
        Util.java
        VerifyAccountServlet.java
        VerifyDeviceServlet.java
        WebSignupServlet.java
        util
        AddAliasMain.java
        GuavaRequestRateLimiter.java
        NullRequestRateLimiter.java
        ParallelPhantomLoginMain.java
        RPCLogReplayer.java
        Random.java
        RequestRateLimiter.java
        RpcLogReader.java
        keyczar
        JsonWriter.java
        KeyczarJsonReader.java
        KeyczarPBEReader.java
        Util.java
        migration
        CreateUserNamesMain.java
        recordio
        JsonRecordReader.java
        JsonRecordWriter.java
        RecordReader.java
        RecordWriter.java
        twofactor
        CryptoForBackupCodes.java
        NewUser.java
        QRGenerator.java
        ServerSignedTwoFactorServlet.java
        TFAPreferences.java
        TempVerify.java
        TwoFactorAuth.java
        TwoFactorCodeChecker.java
        TwoFactorSecretGenerator.java
        TwoFactorServlet.java
        TwoFactorSigningService.java
        UserSignedTwoFactorServlet.java
        Verify.java
      - com
        codahale
        metrics
        Clock.java
    - test
      - co
        mitro
        access
        servlets
        ManageAccessEmailerTest.java
        ShareAccessEmailerTest.java
        alerts
        BackgroundAlertProcessorTest.java
        analysis
        StatsGeneratorTest.java
        core
        accesscontrol
        AuthenticatedDBTest.java
        alerts
        BaseEmailAlerterTest.java
        crypto
        KeyInterfacesTest.java
        server
        MainTest.java
        ManagerFactoryTest.java
        ManagerTest.java
        SecretsBundleTest.java
        TemplatesTest.java
        data
        DBAclTest.java
        DBEmailQueueTest.java
        DBGroupSecretTest.java
        DBGroupTest.java
        DBIdentityTest.java
        DBProcessedAuditTest.java
        DBServerVisibleSecretTest.java
        RPCLoggerTest.java
        servlets
        AddAndGetPendingGroupsTest.java
        AddIdentityTest.java
        AddSecretTest.java
        CheckTwoFactorRequiredTest.java
        CreateOrganizationTest.java
        DeleteGroupTest.java
        EditEncryptedPrivateKeyTest.java
        EditGroupTest.java
        EditSecretContentTest.java
        GetAuditLogTest.java
        GetGroupTest.java
        GetMyDeviceKeyTest.java
        GetMyPrivateKeyTest.java
        GetOrganizationStateTest.java
        GetPublicKeyForIdentityTest.java
        GetSecretTest.java
        InviteNewUserTest.java
        ListMySecretsAndGroupKeysTest.java
        MemoryDBFixture.java
        MitroServletTest.java
        MutateOrganizationTest.java
        OrganizationsFixture.java
        RecordEmailTest.java
        RemoveSecretTest.java
        ServerRejectsServletTest.java
        UpdateSecretFromAgentTest.java
        UtilTest.java
        VerifyAccountServletTest.java
        VerifyDeviceServletTest.java
        WebSignupServletTest.java
        util
        GuavaRequestRateLimiterTest.java
        RandomTest.java
        keyczar
        JsonWriterTest.java
        KeyczarJsonReaderTest.java
        KeyczarPBEReaderTest.java
        RoundTripper.java
        UtilTest.java
        recordio
        RecordIOTest.java
        test
        Assert.java
        MockHttpServletRequest.java
        MockHttpServletResponse.java
        MockServletInputStream.java
        MockSession.java
        twofactor
        BackupsTest.java
        CryptoForBackupCodesTest.java
        NewUserTest.java
        QRGeneratorTest.java
        TFAPreferencesTest.java
        TempVerifyTest.java
        TwoFactorAuthTest.java
        TwoFactorTests.java
        VerifyTest.java

/*******************************************************************************
 * Copyright (c) 2013, 2014 Lectorius, Inc.
 * Authors:
 * Vijay Pandurangan (vijayp@mitro.co)
 * Evan Jones (ej@mitro.co)
 * Adam Hilss (ahilss@mitro.co)
 *
 *
 *     This program is free software: you can redistribute it and/or modify
 *     it under the terms of the GNU General Public License as published by
 *     the Free Software Foundation, either version 3 of the License, or
 *     (at your option) any later version.
 *
 *     This program is distributed in the hope that it will be useful,
 *     but WITHOUT ANY WARRANTY; without even the implied warranty of
 *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *     GNU General Public License for more details.
 *
 *     You should have received a copy of the GNU General Public License
 *     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *     
 *     You can contact the authors at inbound@mitro.co.
 *******************************************************************************/
package co.mitro.twofactor;

import static org.hamcrest.CoreMatchers.containsString;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;

import org.junit.Before;
import org.junit.Test;

import co.mitro.test.MockHttpServletRequest;
import co.mitro.test.MockHttpServletResponse;

public class TwoFactorAuthTest extends TwoFactorTests {
  TwoFactorAuth servlet;

  @Before
  public void setup() {
    servlet = new TwoFactorAuth(managerFactory, keyFactory);
  }

  public MockHttpServletResponse testDoGet(String token, String signature)
      throws ServletException, IOException {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    request.setParameter("token", token);
    request.setParameter("signature", signature);
    servlet.doGet(request, response);
    return response;
  }

  @Test
  public void testDoGetSuccess() throws ServletException, IOException {
    MockHttpServletResponse response =
        testDoGet(twoFactorData.testToken, twoFactorData.testSignature);
    //should let you sign in if you token/signature is correct
    assertEquals(HttpServletResponse.SC_OK, response.getStatus());
    assertThat(response.getOutput(), containsString("Sign In"));
  }

  @Test(expected=ServletException.class)
  public void testDoGetFailure() throws ServletException, IOException {
    // bad signature (fails validation)
    testDoGet(twoFactorData.testToken, twoFactorData.testSignature + "A");
  }

  @Test
  public void testEmailHarvesting() throws ServletException, IOException {
    doEmailHarvestingTest(servlet);
  }
}