mirror of https://github.com/MISP/MISP
new: [test] Security test for OTP disabled
parent
97e6224755
commit
9ea64750bc
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
App::uses('AppController', 'Controller', 'OTPHP\TOTP');
|
||||
App::uses('AppController', 'Controller');
|
||||
|
||||
/**
|
||||
* @property User $User
|
||||
|
@ -1883,7 +1883,7 @@ class UsersController extends AppController
|
|||
|
||||
public function totp_delete($id)
|
||||
{
|
||||
if ($this->request->is('post') || $this->request->is('delete')) {
|
||||
if ($this->request->is(['post', 'delete'])) {
|
||||
$user = $this->User->find('first', array(
|
||||
'conditions' => $this->__adminFetchConditions($id),
|
||||
'recursive' => -1,
|
||||
|
|
|
@ -799,6 +799,20 @@ class TestSecurity(unittest.TestCase):
|
|||
with self.assertRaises(Exception):
|
||||
send(logged_in, "GET", f"/users/password_reset/abcd")
|
||||
|
||||
def test_otp_disabled(self):
|
||||
with self.__setting("Security.otp_disabled", True):
|
||||
logged_in = PyMISP(url, self.test_usr.authkey)
|
||||
logged_in.global_pythonify = True
|
||||
|
||||
with self.assertRaises(Exception):
|
||||
send(logged_in, "GET", f"/users/email_otp")
|
||||
|
||||
with self.assertRaises(Exception):
|
||||
send(logged_in, "GET", f"/users/totp_new")
|
||||
|
||||
with self.assertRaises(Exception):
|
||||
send(logged_in, "GET", f"/users/totp_delete/1")
|
||||
|
||||
def test_add_user_by_org_admin(self):
|
||||
user = MISPUser()
|
||||
user.email = 'testusr@user' + random() + '.local' # make name always unique
|
||||
|
|
Loading…
Reference in New Issue