2019-11-02 21:32:58 +07:00
|
|
|
package suites
|
|
|
|
|
|
|
|
import (
|
2019-11-25 03:27:59 +07:00
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
2019-11-02 21:32:58 +07:00
|
|
|
"testing"
|
2019-11-25 03:27:59 +07:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/suite"
|
2019-11-02 21:32:58 +07:00
|
|
|
)
|
|
|
|
|
|
|
|
type NetworkACLSuite struct {
|
2019-11-25 03:27:59 +07:00
|
|
|
suite.Suite
|
|
|
|
|
|
|
|
clients []*WebDriverSession
|
2019-11-02 21:32:58 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewNetworkACLSuite() *NetworkACLSuite {
|
2019-11-25 03:27:59 +07:00
|
|
|
return &NetworkACLSuite{clients: make([]*WebDriverSession, 3)}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *NetworkACLSuite) createClient(idx int) {
|
|
|
|
wds, err := StartWebDriverWithProxy(fmt.Sprintf("http://proxy-client%d.example.com:3128", idx), 4444+idx)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
s.clients[idx] = wds
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *NetworkACLSuite) teardownClient(idx int) {
|
|
|
|
if err := s.clients[idx].Stop(); err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *NetworkACLSuite) SetupSuite() {
|
|
|
|
wds, err := StartWebDriver()
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
s.clients[0] = wds
|
|
|
|
|
|
|
|
for i := 1; i <= 2; i++ {
|
|
|
|
s.createClient(i)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *NetworkACLSuite) TearDownSuite() {
|
|
|
|
if err := s.clients[0].Stop(); err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
for i := 1; i <= 2; i++ {
|
|
|
|
s.teardownClient(i)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *NetworkACLSuite) TestShouldAccessSecretUpon2FA() {
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
targetURL := fmt.Sprintf("%s/secret.html", SecureBaseURL)
|
|
|
|
secret := s.clients[0].doRegisterThenLogout(ctx, s.T(), "john", "password")
|
|
|
|
|
|
|
|
s.clients[0].doVisit(s.T(), targetURL)
|
|
|
|
s.clients[0].verifyIsFirstFactorPage(ctx, s.T())
|
|
|
|
|
|
|
|
s.clients[0].doLoginOneFactor(ctx, s.T(), "john", "password", false, targetURL)
|
|
|
|
s.clients[0].verifyIsSecondFactorPage(ctx, s.T())
|
|
|
|
s.clients[0].doValidateTOTP(ctx, s.T(), secret)
|
|
|
|
|
|
|
|
s.clients[0].verifySecretAuthorized(ctx, s.T())
|
|
|
|
}
|
|
|
|
|
|
|
|
// from network 192.168.240.201/32
|
|
|
|
func (s *NetworkACLSuite) TestShouldAccessSecretUpon1FA() {
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
targetURL := fmt.Sprintf("%s/secret.html", SecureBaseURL)
|
|
|
|
s.clients[1].doVisit(s.T(), targetURL)
|
|
|
|
s.clients[1].verifyIsFirstFactorPage(ctx, s.T())
|
|
|
|
|
|
|
|
s.clients[1].doLoginOneFactor(ctx, s.T(), "john", "password",
|
|
|
|
false, fmt.Sprintf("%s/secret.html", SecureBaseURL))
|
|
|
|
s.clients[1].verifySecretAuthorized(ctx, s.T())
|
|
|
|
}
|
|
|
|
|
|
|
|
// from network 192.168.240.202/32
|
|
|
|
func (s *NetworkACLSuite) TestShouldAccessSecretUpon0FA() {
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
s.clients[2].doVisit(s.T(), fmt.Sprintf("%s/secret.html", SecureBaseURL))
|
|
|
|
s.clients[2].verifySecretAuthorized(ctx, s.T())
|
2019-11-02 21:32:58 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestNetworkACLSuite(t *testing.T) {
|
2019-11-25 03:27:59 +07:00
|
|
|
suite.Run(t, NewNetworkACLSuite())
|
2019-11-02 21:32:58 +07:00
|
|
|
}
|