mirror of https://github.com/MISP/MISP
new: [test] Security test for OTP disabled
parent
97e6224755
commit
9ea64750bc
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
App::uses('AppController', 'Controller', 'OTPHP\TOTP');
|
App::uses('AppController', 'Controller');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @property User $User
|
* @property User $User
|
||||||
|
@ -1883,7 +1883,7 @@ class UsersController extends AppController
|
||||||
|
|
||||||
public function totp_delete($id)
|
public function totp_delete($id)
|
||||||
{
|
{
|
||||||
if ($this->request->is('post') || $this->request->is('delete')) {
|
if ($this->request->is(['post', 'delete'])) {
|
||||||
$user = $this->User->find('first', array(
|
$user = $this->User->find('first', array(
|
||||||
'conditions' => $this->__adminFetchConditions($id),
|
'conditions' => $this->__adminFetchConditions($id),
|
||||||
'recursive' => -1,
|
'recursive' => -1,
|
||||||
|
|
|
@ -799,6 +799,20 @@ class TestSecurity(unittest.TestCase):
|
||||||
with self.assertRaises(Exception):
|
with self.assertRaises(Exception):
|
||||||
send(logged_in, "GET", f"/users/password_reset/abcd")
|
send(logged_in, "GET", f"/users/password_reset/abcd")
|
||||||
|
|
||||||
|
def test_otp_disabled(self):
|
||||||
|
with self.__setting("Security.otp_disabled", True):
|
||||||
|
logged_in = PyMISP(url, self.test_usr.authkey)
|
||||||
|
logged_in.global_pythonify = True
|
||||||
|
|
||||||
|
with self.assertRaises(Exception):
|
||||||
|
send(logged_in, "GET", f"/users/email_otp")
|
||||||
|
|
||||||
|
with self.assertRaises(Exception):
|
||||||
|
send(logged_in, "GET", f"/users/totp_new")
|
||||||
|
|
||||||
|
with self.assertRaises(Exception):
|
||||||
|
send(logged_in, "GET", f"/users/totp_delete/1")
|
||||||
|
|
||||||
def test_add_user_by_org_admin(self):
|
def test_add_user_by_org_admin(self):
|
||||||
user = MISPUser()
|
user = MISPUser()
|
||||||
user.email = 'testusr@user' + random() + '.local' # make name always unique
|
user.email = 'testusr@user' + random() + '.local' # make name always unique
|
||||||
|
|
Loading…
Reference in New Issue