| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- from rest_framework import status
- from desecapi.tests.base import DomainOwnerTestCase
- class TOTPFactorTestCase(DomainOwnerTestCase):
- def setUp(self):
- super().setUp()
- # Make the token a log-in token
- self.token.perm_manage_tokens = True
- self.token.save()
- def test_workflow(self):
- # Request setting up TOTP factor
- self.client.post(self.reverse("v1:totp-list"))
- # Factor is not yet created
- self.assertFalse(self.owner.basefactor_set.exists())
- # Retrieve confirmation link
- confirmation_link = self.assertEmailSent(
- subject_contains="deSEC",
- body_contains="request to create a TOTP token",
- recipient=[self.owner.email],
- pattern=r"following link[^:]*:\s+([^\s]*)",
- )
- self.assertConfirmationLinkRedirect(confirmation_link)
- # Redeem confirmation link
- response = self.client.post(confirmation_link)
- self.assertResponse(response, status.HTTP_200_OK)
- totp = response.data
- self.assertEqual(totp.keys(), {"id", "created", "last_used", "name", "secret"})
- self.assertEqual(totp["name"], "")
- self.assertIsNone(totp["last_used"])
- self.assertRegex(totp["secret"], r"^[A-Z0-9]{52}$") # 32 bytes make 52 chars
- self.assertEqual(
- self.owner.basefactor_set.get().totpfactor.last_verified_timestep, 0
- )
- # Can't fetch the secret
- response = self.client.get(self.reverse("v1:totp-detail", pk=totp["id"]))
- self.assertEqual(
- response.data, {k: v for k, v in totp.items() if k != "secret"}
- )
- # Ensure that MFA is not active yet
- response = self.client.get(self.reverse("v1:domain-list"))
- self.assertEqual(len(response.data), 2)
|
