import json
from dateutil import parser
from django.conf import settings
from django.contrib.auth import get_user_model
from django.urls import reverse
from django.utils.timezone import now
from freezegun import freeze_time
from rest_framework import status
from django_freeradius import settings as app_settings
START_DATE = '2019-04-20T22:14:09+01:00'
User = get_user_model()
class BaseTestApi(object):
def test_invalid_token(self):
options = dict(username='molly', password='barbar')
self._create_user(**options)
auth_header = self.auth_header.replace(' ', '') # removes spaces in token
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'molly', 'password': 'barbar'},
HTTP_AUTHORIZATION=auth_header)
self.assertEqual(response.status_code, 400)
def test_disabled_user_login(self):
options = dict(username='barbar', password='molly', is_active=False)
self._create_user(**options)
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'barbar', 'password': 'molly'},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
def test_authorize_no_token_403(self):
options = dict(username='molly', password='barbar')
self._create_user(**options)
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'molly', 'password': 'barbar'})
self.assertEqual(response.status_code, 403)
self.assertEqual(response.data, {'detail': 'Token authentication failed'})
def test_authorize_200(self):
options = dict(username='molly', password='barbar')
self._create_user(**options)
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'molly', 'password': 'barbar'},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, {'control:Auth-Type': 'Accept'})
def test_authorize_200_querystring(self):
options = dict(username='molly', password='barbar')
self._create_user(**options)
post_url = "{}{}".format(reverse('freeradius:authorize'), self.token_querystring)
response = self.client.post(post_url,
{'username': 'molly', 'password': 'barbar'})
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, {'control:Auth-Type': 'Accept'})
def test_authorize_failed(self):
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'baldo', 'password': 'ugo'},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
def test_authorize_wrong_password(self):
self._create_user(username='tester', password='tester123')
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'tester', 'password': 'wrong'},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
def test_postauth_accept_201(self):
self.assertEqual(self.radius_postauth_model.objects.all().count(), 0)
params = self._get_postauth_params()
response = self.client.post(reverse('freeradius:postauth'),
params,
HTTP_AUTHORIZATION=self.auth_header)
params['password'] = ''
self.assertEqual(self.radius_postauth_model.objects.filter(**params).count(), 1)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
def test_postauth_accept_201_querystring(self):
self.assertEqual(self.radius_postauth_model.objects.all().count(), 0)
params = self._get_postauth_params()
post_url = "{}{}".format(reverse('freeradius:postauth'), self.token_querystring)
response = self.client.post(post_url, params)
params['password'] = ''
self.assertEqual(self.radius_postauth_model.objects.filter(**params).count(), 1)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
def test_postauth_reject_201(self):
self.assertEqual(self.radius_postauth_model.objects.all().count(), 0)
params = {'username': 'molly', 'password': 'barba', 'reply': 'Access-Reject'}
params = self._get_postauth_params(**params)
response = self.client.post(reverse('freeradius:postauth'),
params,
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_postauth_model.objects.filter(username='molly',
password='barba').count(), 1)
def test_postauth_reject_201_empty_fields(self):
params = {'reply': 'Access-Reject',
'called_station_id': '',
'calling_station_id': ''}
params = self._get_postauth_params(**params)
response = self.client.post(reverse('freeradius:postauth'),
params,
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(self.radius_postauth_model.objects.filter(**params).count(), 1)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
def test_postauth_400(self):
response = self.client.post(reverse('freeradius:postauth'), {},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(self.radius_postauth_model.objects.all().count(), 0)
self.assertEqual(response.status_code, 400)
def test_postauth_no_token_403(self):
response = self.client.post(reverse('freeradius:postauth'), {})
self.assertEqual(response.status_code, 403)
self.assertEqual(response.data, {'detail': 'Token authentication failed'})
_acct_url = reverse('freeradius:accounting')
_acct_initial_data = {
'unique_id': '75058e50',
'session_id': '35000006',
'nas_ip_address': '172.16.64.91',
'session_time': 0,
'input_octets': 0,
'output_octets': 0,
}
_acct_post_data = {
'username': 'admin',
'realm': '',
'nas_port_id': '1',
'nas_port_type': 'Async',
'session_time': '261',
'authentication': 'RADIUS',
'input_octets': '1111909',
'output_octets': '1511074444',
'called_station_id': '00-27-22-F3-FA-F1:hostname',
'calling_station_id': '5c:7d:c1:72:a7:3b',
'terminate_cause': 'User_Request',
'service_type': 'Login-User',
'framed_protocol': 'test',
'framed_ip_address': '127.0.0.1',
'framed_ipv6_address': '::1',
'framed_ipv6_prefix': '0::/64',
'framed_interface_id': '0000:0000:0000:0001',
'delegated_ipv6_prefix': '0::/64'
}
@property
def acct_post_data(self):
""" returns a copy of self._acct_data """
data = self._acct_initial_data.copy()
data.update(self._acct_post_data.copy())
return data
def post_json(self, data):
"""
performs a post using application/json as content type
emulating the exact behaviour of freeradius 3
"""
return self.client.post(self._acct_url,
data=json.dumps(data),
HTTP_AUTHORIZATION=self.auth_header,
content_type='application/json')
def assertAcctData(self, ra, data):
"""
compares the values in data (dict)
with the values of a RadiusAccounting instance
to ensure they match
"""
for key, value in data.items():
if key in ('status_type', 'framed_ipv6_address'):
continue
ra_value = getattr(ra, key)
data_value = data[key]
_type = type(ra_value)
if _type != type(data_value):
data_value = _type(data_value)
self.assertEqual(ra_value, data_value, msg=key)
def test_accounting_no_token_403(self):
response = self.client.post(self._acct_url, {})
self.assertEqual(response.status_code, 403)
self.assertEqual(response.data, {'detail': 'Token authentication failed'})
@freeze_time(START_DATE)
def test_accounting_start_200(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
ra = self._create_radius_accounting(**self._acct_initial_data)
data = self.acct_post_data
data['status_type'] = 'Start'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra.refresh_from_db()
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_start_200_querystring(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
ra = self._create_radius_accounting(**self._acct_initial_data)
data = self.acct_post_data
data['status_type'] = 'Start'
data = self._get_accounting_params(**data)
post_url = "{}{}".format(self._acct_url, self.token_querystring)
response = self.client.post(post_url, json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra.refresh_from_db()
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_start_coova_chilli(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
data = {
'status_type': 'Start',
'session_id': '5a4f59aa00000001',
'unique_id': 'd11a8069e261040d8b01b9135bdb8dc9',
'username': 'username',
'realm': '',
'nas_ip_address': '192.168.182.1',
'nas_port_id': '1',
'nas_port_type': 'Wireless-802.11',
'session_time': '',
'authentication': '',
'input_octets': '',
'output_octets': '',
'called_station_id': 'C0-4A-00-EE-D1-0D',
'calling_station_id': 'A4-02-B9-D3-FD-29',
'terminate_cause': '',
'service_type': '',
'framed_protocol': '',
'framed_ip_address': '192.168.182.3',
'framed_ipv6_address': '::ffff:c0a8:b603',
'framed_ipv6_prefix': '0::/64',
'framed_interface_id': '0000:ffff:c0a8:b603',
'delegated_ipv6_prefix': '0::/64'
}
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra = self.radius_accounting_model.objects.last()
ra.refresh_from_db()
data['session_time'] = 0
data['input_octets'] = 0
data['output_octets'] = 0
self.assertEqual(ra.session_time, 0)
self.assertEqual(ra.input_octets, 0)
self.assertEqual(ra.output_octets, 0)
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_start_201(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
data = self.acct_post_data
data['status_type'] = 'Start'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
self.assertAcctData(self.radius_accounting_model.objects.first(), data)
@freeze_time(START_DATE)
def test_accounting_update_200(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
ra = self._create_radius_accounting(**self._acct_initial_data)
data = self.acct_post_data
data['status_type'] = 'Interim-Update'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra.refresh_from_db()
self.assertEqual(ra.update_time.timetuple(), now().timetuple())
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_update_201(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
data = self.acct_post_data
data['status_type'] = 'Interim-Update'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra = self.radius_accounting_model.objects.first()
self.assertEqual(ra.update_time.timetuple(), now().timetuple())
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_stop_200(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
ra = self._create_radius_accounting(**self._acct_initial_data)
# reload date object in order to store ra.start_time
ra.refresh_from_db()
start_time = ra.start_time
data = self.acct_post_data
data['status_type'] = 'Stop'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra.refresh_from_db()
self.assertEqual(ra.update_time.timetuple(), now().timetuple())
self.assertEqual(ra.stop_time.timetuple(), now().timetuple())
self.assertEqual(ra.start_time, start_time)
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_stop_201(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
data = self.acct_post_data
data['status_type'] = 'Stop'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 1)
ra = self.radius_accounting_model.objects.first()
self.assertEqual(ra.update_time.timetuple(), now().timetuple())
self.assertEqual(ra.stop_time.timetuple(), now().timetuple())
self.assertEqual(ra.start_time.timetuple(), now().timetuple())
self.assertAcctData(ra, data)
@freeze_time(START_DATE)
def test_accounting_400_missing_status_type(self):
data = self._get_accounting_params(**self.acct_post_data)
response = self.post_json(data)
self.assertEqual(response.status_code, 400)
self.assertIn('status_type', response.data)
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
@freeze_time(START_DATE)
def test_accounting_400_invalid_status_type(self):
data = self.acct_post_data
data['status_type'] = 'INVALID'
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 400)
self.assertIn('status_type', response.data)
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
@freeze_time(START_DATE)
def test_accounting_400_validation_error(self):
data = self.acct_post_data
data['status_type'] = 'Start'
del data['nas_ip_address']
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 400)
self.assertIn('nas_ip_address', response.data)
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
def test_accounting_list_200(self):
data1 = self.acct_post_data
data1.update(dict(session_id='35000006',
unique_id='75058e50',
input_octets=9900909,
output_octets=1513075509))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
data2.update(dict(session_id='40111116',
unique_id='12234f69',
input_octets=3000909,
output_octets=1613176609))
self._create_radius_accounting(**data2)
data3 = self.acct_post_data
data3.update(dict(session_id='89897654',
unique_id='99144d60',
input_octets=4440909,
output_octets=1119074409))
self._create_radius_accounting(**data3)
response = self.client.get('{0}?page_size=1&page=1'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['output_octets'], data3['output_octets'])
self.assertEqual(item['input_octets'], data3['input_octets'])
self.assertEqual(item['nas_ip_address'], '172.16.64.91')
self.assertEqual(item['calling_station_id'], '5c:7d:c1:72:a7:3b')
response = self.client.get('{0}?page_size=1&page=2'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['output_octets'], data2['output_octets'])
self.assertEqual(item['nas_ip_address'], '172.16.64.91')
self.assertEqual(item['input_octets'], data2['input_octets'])
self.assertEqual(item['called_station_id'], '00-27-22-F3-FA-F1:hostname')
response = self.client.get('{0}?page_size=1&page=3'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['username'], 'admin')
self.assertEqual(item['calling_station_id'], '5c:7d:c1:72:a7:3b')
self.assertEqual(item['output_octets'], data1['output_octets'])
self.assertEqual(item['input_octets'], data1['input_octets'])
def test_accounting_filter_username(self):
data1 = self.acct_post_data
data1.update(dict(username='test_user',
unique_id='75058e50'))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
data2.update(dict(username='admin',
unique_id='99144d60'))
self._create_radius_accounting(**data2)
response = self.client.get('{0}?username=test_user'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['username'], 'test_user')
def test_accounting_filter_called_station_id(self):
data1 = self.acct_post_data
data1.update(dict(called_station_id='E0-CA-40-EE-D1-0D',
unique_id='99144d60'))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
data2.update(dict(called_station_id='C0-CA-40-FE-E1-9D',
unique_id='85144d60'))
self._create_radius_accounting(**data2)
response = self.client.get('{0}?called_station_id=E0-CA-40-EE-D1-0D'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['called_station_id'], 'E0-CA-40-EE-D1-0D')
def test_accounting_filter_calling_station_id(self):
data1 = self.acct_post_data
data1.update(dict(calling_station_id='4c:8d:c2:80:a7:4c',
unique_id='99144d60'))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
data2.update(dict(calling_station_id='5c:6d:c2:80:a7:4c',
unique_id='85144d60'))
self._create_radius_accounting(**data2)
response = self.client.get('{0}?calling_station_id=4c:8d:c2:80:a7:4c'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['calling_station_id'], '4c:8d:c2:80:a7:4c')
@freeze_time(START_DATE)
def test_accounting_filter_start_time(self):
data1 = self.acct_post_data
data1.update(dict(unique_id='99144d60'))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
data2.update(dict(start_time='2018-03-02T00:43:24.020460+01:00',
unique_id='85144d60'))
ra = self._create_radius_accounting(**data2)
response = self.client.get('{0}?start_time={1}'.format(self._acct_url, '2018-03-01'),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 2)
self.assertEqual(response.status_code, 200)
item = response.data[-1]
self.assertEqual(parser.parse(item['start_time']), ra.start_time)
@freeze_time(START_DATE)
def test_accounting_filter_stop_time(self):
data1 = self.acct_post_data
data1.update(dict(start_time=START_DATE,
stop_time=START_DATE.replace('04-20', '04-21'),
unique_id='99144d60'))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
stop_time = '2018-03-02T11:43:24.020460+01:00'
data2.update(dict(start_time='2018-03-02T10:43:24.020460+01:00',
stop_time=stop_time,
unique_id='85144d60'))
ra = self._create_radius_accounting(**data2)
response = self.client.get('{0}?stop_time={1}'.format(self._acct_url, '2018-03-02 21:43:25'),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(parser.parse(item['stop_time']), ra.stop_time)
def test_accounting_filter_is_open(self):
data1 = self.acct_post_data
data1.update(dict(stop_time=None,
unique_id='99144d60'))
self._create_radius_accounting(**data1)
data2 = self.acct_post_data
data2.update(dict(stop_time='2018-03-02T00:43:24.020460+01:00',
unique_id='85144d60'))
ra = self._create_radius_accounting(**data2)
response = self.client.get('{0}?is_open=true'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(item['stop_time'], None)
response = self.client.get('{0}?is_open=false'.format(self._acct_url),
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(len(response.json()), 1)
self.assertEqual(response.status_code, 200)
item = response.data[0]
self.assertEqual(parser.parse(item['stop_time']), ra.stop_time)
@freeze_time(START_DATE)
def test_coova_accounting_on_200(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
data = {
'status_type': 'Accounting-On',
'session_id': '',
'unique_id': '569533dad629d47d8b122826d3ed7f3d',
'username': '',
'realm': '',
'nas_ip_address': '192.168.182.1',
'nas_port_id': '',
'nas_port_type': 'Wireless-802.11',
'session_time': '',
'authentication': '',
'input_octets': '',
'output_octets': '',
'called_station_id': 'C0-4A-00-EE-D1-0D',
'calling_station_id': '00-00-00-00-00-00',
'terminate_cause': '',
'service_type': '',
'framed_protocol': '',
'framed_ip_address': '',
'framed_ipv6_address': '',
'framed_ipv6_prefix': '',
'framed_interface_id': '',
'delegated_ipv6_prefix': ''
}
data = self._get_accounting_params(**data)
response = self.post_json(data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
@freeze_time(START_DATE)
def test_coova_accounting_off_200(self):
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
data = {
'status_type': 'Accounting-Off',
'session_id': '',
'unique_id': '569533dad629d47d8b122826d3ed7f3d',
'username': '',
'realm': '',
'nas_ip_address': '192.168.182.1',
'nas_port_id': '',
'nas_port_type': 'Wireless-802.11',
'session_time': '',
'authentication': '',
'input_octets': '',
'output_octets': '',
'called_station_id': 'C0-4A-00-EE-D1-0D',
'calling_station_id': '00-00-00-00-00-00',
'terminate_cause': '0',
'service_type': '',
'framed_protocol': '',
'framed_ip_address': '',
'framed_ipv6_address': '',
'framed_ipv6_prefix': '',
'framed_interface_id': '',
'delegated_ipv6_prefix': ''
}
response = self.post_json(data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, None)
self.assertEqual(self.radius_accounting_model.objects.count(), 0)
def test_batch_bad_request_400(self):
self.assertEqual(self.radius_batch_model.objects.count(), 0)
data = {
"name": "",
"strategy": "prefix",
"number_of_users": -1,
"prefix": "",
}
response = self.client.post(reverse('freeradius:batch'), data,
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(self.radius_batch_model.objects.count(), 0)
def test_batch_csv_201(self):
self.assertEqual(self.radius_batch_model.objects.count(), 0)
self.assertEqual(User.objects.count(), 0)
text = 'user,cleartext$abcd,email@gmail.com,firstname,lastname'
with open('{}/test.csv'.format(settings.MEDIA_ROOT), 'wb') as file:
text2 = text.encode('utf-8')
file.write(text2)
with open('{}/test.csv'.format(settings.MEDIA_ROOT), 'rb') as file:
data = self._get_post_defaults({
"name": "test",
"strategy": "csv",
"csvfile": file,
})
response = self.client.post(reverse('freeradius:batch'), data,
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 201)
self.assertEqual(self.radius_batch_model.objects.count(), 1)
self.assertEqual(User.objects.count(), 1)
def test_batch_prefix_201(self):
self.assertEqual(self.radius_batch_model.objects.count(), 0)
self.assertEqual(User.objects.count(), 0)
data = self._get_post_defaults({
"name": "test",
"strategy": "prefix",
"prefix": "prefix",
"number_of_users": 1,
})
response = self.client.post(reverse('freeradius:batch'), data,
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 201)
self.assertEqual(self.radius_batch_model.objects.count(), 1)
self.assertEqual(User.objects.count(), 1)
def test_api_batch_user_creation_no_users(self):
data = {
'strategy': 'prefix',
'prefix': 'test',
'name': 'test_name',
'csvfile': '',
'number_of_users': '',
'modified': '',
}
response = self.client.post(
reverse('freeradius:batch'),
data,
HTTP_AUTHORIZATION=self.auth_header
)
self.assertEqual(response.status_code, 400)
def test_get_authorize_view(self):
url = '{}{}'.format(reverse('freeradius:authorize'), self.token_querystring)
r = self.client.get(url, HTTP_ACCEPT='text/html')
self.assertEqual(r.status_code, 405)
expected = '<form action="{}'.format(reverse('freeradius:authorize'))
self.assertIn(expected, r.content.decode())
class BaseTestApiReject(object):
@classmethod
def setUpClass(cls):
app_settings.API_AUTHORIZE_REJECT = True
@classmethod
def tearDownClass(cls):
app_settings.API_AUTHORIZE_REJECT = False
def test_disabled_user_login(self):
User.objects.create_user(username='barbar',
password='molly',
is_active=False)
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'barbar', 'password': 'molly'},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.data, {'control:Auth-Type': 'Reject'})
def test_authorize_401(self):
response = self.client.post(reverse('freeradius:authorize'),
{'username': 'baldo', 'password': 'ugo'},
HTTP_AUTHORIZATION=self.auth_header)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.data, {'control:Auth-Type': 'Reject'})
class BaseTestAutoGroupname(object):
@classmethod
def setUpClass(cls):
super().setUpClass()
app_settings.API_ACCOUNTING_AUTO_GROUP = True
def test_automatic_groupname_account_enabled(self):
user = self.user_model.objects.create_superuser(
username='username1', email='admin@admin.com', password='qwertyuiop'
)
usergroup1 = self._create_radius_usergroup(groupname='group1', priority=2, username='testgroup1')
usergroup2 = self._create_radius_usergroup(groupname='group2', priority=1, username='testgroup2')
user.radiususergroup_set.set([usergroup1, usergroup2])
self.client.post('/api/v1/accounting/{}'.format(self.token_querystring), {
'status_type': 'Start',
'session_time': '',
'input_octets': '',
'output_octets': '',
'nas_ip_address': '127.0.0.1',
'session_id': '48484',
'unique_id': '1515151',
'username': 'username1',
})
accounting_created = self.radius_accounting_model.objects.get(username='username1')
self.assertEqual(accounting_created.groupname, 'group2')
user.delete()
class BaseTestAutoGroupnameDisabled(object):
@classmethod
def setUpClass(cls):
super().setUpClass()
app_settings.API_ACCOUNTING_AUTO_GROUP = False
def test_account_creation_api_automatic_groupname_disabled(self):
user = self.user_model.objects.create_superuser(
username='username1',
email='admin@admin.com',
password='qwertyuiop'
)
usergroup1 = self._create_radius_usergroup(groupname='group1',
priority=2,
username='testgroup1')
usergroup2 = self._create_radius_usergroup(groupname='group2',
priority=1,
username='testgroup2')
user.radiususergroup_set.set([usergroup1, usergroup2])
url = '{}{}'.format(reverse('freeradius:accounting'),
self.token_querystring)
self.client.post(url, {
'status_type': 'Start',
'session_time': '',
'input_octets': '',
'output_octets': '',
'nas_ip_address': '127.0.0.1',
'session_id': '48484',
'unique_id': '1515151',
'username': 'username1',
})
accounting_created = self.radius_accounting_model \
.objects.get(username='username1')
self.assertIsNone(accounting_created.groupname)
user.delete()
if app_settings.REST_USER_TOKEN_ENABLED:
from rest_framework.authtoken.models import Token
class BaseTestApiUserToken(object):
def _get_url(self):
return reverse('freeradius:user_auth_token')
def test_user_auth_token_200(self):
url = self._get_url()
opts = dict(username='tester',
password='tester')
self._create_user(**opts)
response = self.client.post(url, opts)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['key'],
Token.objects.first().key)
self.assertEqual(response.data['radius_user_token'],
self.radius_token_model.objects.first().key)
def test_user_auth_token_400_credentials(self):
url = self._get_url()
opts = dict(username='tester',
password='tester')
r = self.client.post(url, opts)
self.assertEqual(r.status_code, 400)
self.assertIn('Unable to log in',
r.json()['non_field_errors'][0])
class BaseTestApiValidateToken:
def _get_url(self):
return reverse('freeradius:validate_auth_token')
def get_user(self):
opts = dict(username='tester',
password='tester')
user = self._create_user(**opts)
return user
def test_validate_auth_token(self):
url = self._get_url()
user = self.get_user()
token = Token.objects.create(user=user)
# empty payload
response = self.client.post(url)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.data['response_code'],
'BLANK_OR_INVALID_TOKEN')
# invalid token
payload = dict(token="some-random-string")
response = self.client.post(url, payload)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.data['response_code'],
'BLANK_OR_INVALID_TOKEN')
# valid token
payload = dict(token=token.key)
response = self.client.post(url, payload)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['response_code'],
'AUTH_TOKEN_VALIDATION_SUCCESSFUL')
self.assertEqual(response.data['auth_token'],
token.key)
self.assertEqual(response.data['radius_user_token'],
self.radius_token_model.objects.first().key)
