add fake-juniper-server.py and tests/juniper-auth
Flask-based tests of Juniper authentication forms handling. Currently tested cases are:
Standard (not SSO) login:
- frmLogin with username/password
- frmLogin with username/password/authgroup
- frmLogin with username/password/token-as-2nd-password
- frmLogin with username/password → frmTotpToken
- frmLogin with username/password → frmDefender → frmConfirmation
- frmLogin with username/password → frmNextToken
- frmLogin with username/password → frmSelectRoles → frmConfirmation
SSO login (thanks entirely to @jkuebart's contributions):
- loginForm with username/password → TOTP-generated VerificationCode → fake TNCC
Unlike fake-{f5,fortinet}-server.py
(added in !169 (closed)), the fake-juniper-server.py
here doesn't try to actually send mock IP/DNS configuration information to the client. It only handles the authentication phase, because that's the only part that actually happens over HTTPS.
--
In addition to adding the test content, the base code's handling of several of these authentication options is improved, so that the tests fully pass:
- Allow
--authgroup
to fill either therealm
form field or therole
("pseudo-form-field") for Juniper. - Fix handling of token-field detection for Juniper SSO
loginForm
. - Make CLI autofill username in any field matching
/^user/
case-insensitively (thus include theUserName
field of Juniper SSO).
Edited by Daniel Lenski