diff --git a/sssd_test_framework/utils/authentication.py b/sssd_test_framework/utils/authentication.py index 9d5f01a..4090a20 100644 --- a/sssd_test_framework/utils/authentication.py +++ b/sssd_test_framework/utils/authentication.py @@ -22,6 +22,12 @@ DEFAULT_AUTHENTICATION_TIMEOUT: int = 60 """Default timeout for authentication failure.""" +class PasskeyAuthenticationUseCases(Enum): + PASSKEY_WITH_PIN = 0, + PASSKEY_WITH_PIN_AND_TOUCH = 1, + PASSKEY_WITHOUT_PIN = 2, + PASSKEY_FALLBACK_TO_PASSWORD = 3, + class AuthenticationUtils(MultihostUtility[MultihostHost]): """ @@ -342,7 +348,8 @@ def password_expired(self, username: str, password: str, new_password: str) -> b def passkey_with_output( self, username: str, *, device: str, ioctl: str, script: str, pin: str | int | None = None, - interactive_prompt: str | None = None, touch_prompt: str | None = None, command: str = "exit 0" + interactive_prompt: str = "Insert your passkey device, then press ENTER", touch_prompt: str = "Touch the device", command: str = "exit 0", + auth_method: PasskeyAuthenticationUseCases = PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN ) -> tuple[int, int, str, str]: """ Call ``su - $username`` and authenticate the user with passkey. @@ -369,6 +376,14 @@ def passkey_with_output( ioctl_path = self.fs.upload_to_tmp(ioctl, mode="a=r") script_path = self.fs.upload_to_tmp(script, mode="a=r") + match auth_method: + case (PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN, PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN_AND_TOUCH): + if pin is None: + raise ValueError(f"PIN is required for {str(auth_method)}") + case (PasskeyAuthenticationUseCases.PASSKEY_WITHOUT_PIN, PasskeyAuthenticationUseCases.PASSKEY_FALLBACK_TO_PASSWORD): + if pin is not None: + raise ValueError("...") + run_su = self.fs.mktmp( rf""" #!/bin/bash @@ -422,37 +437,33 @@ def passkey_with_output( set timeout {DEFAULT_AUTHENTICATION_TIMEOUT} set prompt "\n.*\[#\$>\] $" set command "{command}" - if {{"{pin}" == "None"}} {{ - set pin "{pin}" - }} + set auth_method "{auth_method}" - if {{"{interactive_prompt}" != "None"}} {{ - set interactive_prompt "{interactive_prompt}" - }} - - if {{"{touch_prompt}" != "None"}} {{ - set touch_prompt "{touch_prompt}" - }} - spawn "{playback_umockdev}" - if {{$interactive_prompt ne "None"}} {{ - expect {{ - "{interactive_prompt}*" {{ send -- "\n"}} - timeout {{exitmsg "Unexpected output" 201}} - eof {{exitmsg "Unexpected end of file" 202}} - }} - }} else {{ - expect {{ - "Insert your passkey device, then press ENTER*" {{send -- "\n"}} - timeout {{exitmsg "Unexpected output" 201}} - eof {{exitmsg "Unexpected end of file" 202}} - }} + expect {{ + "{interactive_prompt}*" {{ send -- "\n"}} + timeout {{exitmsg "Unexpected output" 201}} + eof {{exitmsg "Unexpected end of file" 202}} }} - if {{$pin eq "\n\r"}} {{ + if {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN}" || $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN_AND_TOUCH}"}} {{ expect {{ "Enter PIN:*" {{send -- "{pin}\r"}} + timeout {{exitmsg "Unexpected output" 401}} + eof {{exitmsg "Unexpected end of file" 402}} + }} + + if {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITH_PIN_AND_TOUCH}" }} {{ + expect {{ + "{touch_prompt}*" {{ send -- "\n"}} + eof {{exitmsg "Password authentication successful" 0}} + timeout {{exitmsg "Unexpected output" 501}} + }} + }} + }} elseif {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_FALLBACK_TO_PASSWORD}" }} {{ + expect {{ + "Enter PIN:*" {{send -- "\r"}} timeout {{exitmsg "Unexpected output" 201}} eof {{exitmsg "Unexpected end of file" 202}} }} @@ -461,34 +472,21 @@ def passkey_with_output( timeout {{exitmsg "Unexpected output" 301}} eof {{exitmsg "Unexpected end of file" 302}} }} - }} elseif {{$pin ne "None"}} {{ - expect {{ - "Enter PIN:*" {{send -- "{pin}\r"}} - timeout {{exitmsg "Unexpected output" 401}} - eof {{exitmsg "Unexpected end of file" 402}} - }} - }} elseif {{ "{touch_prompt}" ne "None" }} + }} elseif {{ $auth_method eq "{PasskeyAuthenticationUseCases.PASSKEY_WITHOUT_PIN}" }} {{ expect {{ "{touch_prompt}*" {{ send -- "\n"}} eof {{exitmsg "Password authentication successful" 0}} timeout {{exitmsg "Unexpected output" 501}} }} - }} else {{ - expect {{ - "Authentication failure" {{exitmsg "Authentication failure" 1}} - eof {{exitmsg "Password authentication successful" 0}} - timeout {{exitmsg "Unexpected output" 601}} - }} }} expect {{ "Authentication failure" {{exitmsg "Authentication failure" 1}} eof {{exitmsg "Password authentication successful" 0}} - timeout {{exitmsg "Unexpected output" 701}} + timeout {{exitmsg "Unexpected output" 601}} }} exitmsg "Unexpected code path" 803 - """, verbose=False, )