summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-02-27 17:49:44 +0100
committervarac <varacanero@zeromail.org>2014-04-02 14:53:52 +0200
commit0d44121d6ad20a85438ecae338f39254b450a2e8 (patch)
tree5291c0ea571e8b8e1d32c38125a86ec1d5e2439a
parent38474e94e3bfaeb40fb87bf2a9b8b1fbe546bc05 (diff)
nagios test for logging into webapp
-rwxr-xr-xtest/nagios/webapp_login.py76
1 files changed, 76 insertions, 0 deletions
diff --git a/test/nagios/webapp_login.py b/test/nagios/webapp_login.py
new file mode 100755
index 0000000..c046750
--- /dev/null
+++ b/test/nagios/webapp_login.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+
+# Test Authentication with the webapp API works.
+
+import requests
+import json
+import string
+import random
+import srp._pysrp as srp
+import binascii
+import yaml
+
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
+def read_config():
+ stream = open("/etc/leap/hiera.yaml", 'r')
+ config = yaml.load(stream)
+ stream.close
+ user = config['webapp']['nagios_test_user']
+ if ( 'username' not in user ):
+ fail('nagios test user lacks username')
+ if ( 'password' not in user ):
+ fail('nagios test user lacks password')
+ api = config['api']
+ api['version'] = config['webapp']['api_version']
+ return {'api': api, 'user': user}
+
+def run_tests(config):
+ user = config['user']
+ api = config['api']
+ usr = srp.User( user['username'], user['password'], srp.SHA256, srp.NG_1024 )
+ try:
+ auth = parse(authenticate(api, usr))
+ except requests.exceptions.ConnectionError:
+ fail('no connection to server')
+ exit(report(auth, usr))
+
+# parse the server responses
+def parse(response):
+ request = response.request
+ try:
+ return json.loads(response.text)
+ except ValueError:
+ return None
+
+def authenticate(api, usr):
+ api_url = 'https://' + api['domain'] + ':' + str(api['port']) + '/' + str(api['version'])
+ session = requests.session()
+ uname, A = usr.start_authentication()
+ params = {
+ 'login': uname,
+ 'A': binascii.hexlify(A)
+ }
+ init = parse(session.post(api_url + '/sessions', data = params, verify=False))
+ if ( 'errors' in init ):
+ fail('test user not found')
+ M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+ return session.put(api_url + '/sessions/' + uname, verify = False,
+ data = {'client_auth': binascii.hexlify(M)})
+
+def report(auth, usr):
+ if ( 'errors' in auth ):
+ fail('srp password auth failed')
+ usr.verify_session( safe_unhexlify(auth["M2"]) )
+ if usr.authenticated():
+ print '0 webapp_login - OK - can login to webapp fine'
+ return 0
+ print '1 webapp_login - WARNING - failed to verify webapp server'
+ return 1
+
+def fail(reason):
+ print '2 webapp_login - CRITICAL - ' + reason
+ exit(2)
+
+run_tests(read_config())