add fake-juniper-server.py and tests/juniper-auth (!179) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge juniper-auth-tests into master Mar 31, 2021

Flask-based tests of Juniper authentication forms handling. Currently tested cases are:

Standard (not SSO) login:

frmLogin with username/password
frmLogin with username/password/authgroup
frmLogin with username/password/token-as-2nd-password
frmLogin with username/password → frmTotpToken
frmLogin with username/password → frmDefender → frmConfirmation
frmLogin with username/password → frmNextToken
frmLogin with username/password → frmSelectRoles → frmConfirmation

SSO login (thanks entirely to @jkuebart's contributions):

loginForm with username/password → TOTP-generated VerificationCode → fake TNCC

Unlike fake-{f5,fortinet}-server.py (added in !169 (closed)), the fake-juniper-server.py here doesn't try to actually send mock IP/DNS configuration information to the client. It only handles the authentication phase, because that's the only part that actually happens over HTTPS.

In addition to adding the test content, the base code's handling of several of these authentication options is improved, so that the tests fully pass:

Allow --authgroup to fill either the realm form field or the role ("pseudo-form-field") for Juniper.
Fix handling of token-field detection for Juniper SSO loginForm.
Make CLI autofill username in any field matching /^user/ case-insensitively (thus include the UserName field of Juniper SSO).

Edited Apr 05, 2021 by Daniel Lenski

add fake-juniper-server.py and tests/juniper-auth

Merge request reports