Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@pbrezina
pbrezina committed Sep 17, 2024
1 parent 4856bbd commit 2ab59b4
Showing 1 changed file with 38 additions and 40 deletions.
78 changes: 38 additions & 40 deletions sssd_test_framework/utils/authentication.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@
DEFAULT_AUTHENTICATION_TIMEOUT: int = 60
"""Default timeout for authentication failure."""

class PasskeyAuthenticationUseCases(Enum):
PASSKEY_WITH_PIN = 0,
PASSKEY_WITH_PIN_AND_TOUCH = 1,
PASSKEY_WITHOUT_PIN = 2,
PASSKEY_FALLBACK_TO_PASSWORD = 3,


class AuthenticationUtils(MultihostUtility[MultihostHost]):
"""
Expand Down Expand Up @@ -342,7 +348,8 @@ def password_expired(self, username: str, password: str, new_password: str) -> b

def passkey_with_output(
self, username: str, *, device: str, ioctl: str, script: str, pin: str | int | None = None,
interactive_prompt: str | None = None, touch_prompt: str | None = None, command: str = "exit 0"
interactive_prompt: str = "Insert your passkey device, then press ENTER", touch_prompt: str = "Touch the device", command: str = "exit 0",
auth_method: PasskeyAuthenticationUseCases = PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN
) -> tuple[int, int, str, str]:
"""
Call ``su - $username`` and authenticate the user with passkey.
Expand All @@ -369,6 +376,14 @@ def passkey_with_output(
ioctl_path = self.fs.upload_to_tmp(ioctl, mode="a=r")
script_path = self.fs.upload_to_tmp(script, mode="a=r")

match auth_method:
case (PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN, PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN_AND_TOUCH):
if pin is None:
raise ValueError(f"PIN is required for {str(auth_method)}")
case (PasskeyAuthenticationUseCases.PASSKEY_WITHOUT_PIN, PasskeyAuthenticationUseCases.PASSKEY_FALLBACK_TO_PASSWORD):
if pin is not None:
raise ValueError("...")

run_su = self.fs.mktmp(
rf"""
#!/bin/bash
Expand Down Expand Up @@ -422,37 +437,33 @@ def passkey_with_output(
set timeout {DEFAULT_AUTHENTICATION_TIMEOUT}
set prompt "\n.*\[#\$>\] $"
set command "{command}"
if {{"{pin}" == "None"}} {{
set pin "{pin}"
}}
set auth_method "{auth_method}"
if {{"{interactive_prompt}" != "None"}} {{
set interactive_prompt "{interactive_prompt}"
}}
if {{"{touch_prompt}" != "None"}} {{
set touch_prompt "{touch_prompt}"
}}
spawn "{playback_umockdev}"
if {{$interactive_prompt ne "None"}} {{
expect {{
"{interactive_prompt}*" {{ send -- "\n"}}
timeout {{exitmsg "Unexpected output" 201}}
eof {{exitmsg "Unexpected end of file" 202}}
}}
}} else {{
expect {{
"Insert your passkey device, then press ENTER*" {{send -- "\n"}}
timeout {{exitmsg "Unexpected output" 201}}
eof {{exitmsg "Unexpected end of file" 202}}
}}
expect {{
"{interactive_prompt}*" {{ send -- "\n"}}
timeout {{exitmsg "Unexpected output" 201}}
eof {{exitmsg "Unexpected end of file" 202}}
}}
if {{$pin eq "\n\r"}} {{
if {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN}" || $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN_AND_TOUCH}"}} {{
expect {{
"Enter PIN:*" {{send -- "{pin}\r"}}
timeout {{exitmsg "Unexpected output" 401}}
eof {{exitmsg "Unexpected end of file" 402}}
}}
if {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN_AND_TOUCH}" }} {{
expect {{
"{touch_prompt}*" {{ send -- "\n"}}
eof {{exitmsg "Password authentication successful" 0}}
timeout {{exitmsg "Unexpected output" 501}}
}}
}}
}} elseif {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_FALLBACK_TO_PASSWORD}" }} {{
expect {{
"Enter PIN:*" {{send -- "\r"}}
timeout {{exitmsg "Unexpected output" 201}}
eof {{exitmsg "Unexpected end of file" 202}}
}}
Expand All @@ -461,34 +472,21 @@ def passkey_with_output(
timeout {{exitmsg "Unexpected output" 301}}
eof {{exitmsg "Unexpected end of file" 302}}
}}
}} elseif {{$pin ne "None"}} {{
expect {{
"Enter PIN:*" {{send -- "{pin}\r"}}
timeout {{exitmsg "Unexpected output" 401}}
eof {{exitmsg "Unexpected end of file" 402}}
}}
}} elseif {{ "{touch_prompt}" ne "None" }}
}} elseif {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITHOUT_PIN}" }} {{
expect {{
"{touch_prompt}*" {{ send -- "\n"}}
eof {{exitmsg "Password authentication successful" 0}}
timeout {{exitmsg "Unexpected output" 501}}
}}
}} else {{
expect {{
"Authentication failure" {{exitmsg "Authentication failure" 1}}
eof {{exitmsg "Password authentication successful" 0}}
timeout {{exitmsg "Unexpected output" 601}}
}}
}}
expect {{
"Authentication failure" {{exitmsg "Authentication failure" 1}}
eof {{exitmsg "Password authentication successful" 0}}
timeout {{exitmsg "Unexpected output" 701}}
timeout {{exitmsg "Unexpected output" 601}}
}}
exitmsg "Unexpected code path" 803
""",
verbose=False,
)
Expand Down

0 comments on commit 2ab59b4

Please sign in to comment.