From: Daniel Lenski Date: Sat, 13 Nov 2021 18:35:36 +0000 (-0800) Subject: Fix/update comments in fake-*-server.py scripts X-Git-Tag: v8.20~46 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=651b3d0b171c0e34b9a507a4d1f458799c42f431;p=users%2Fdwmw2%2Fopenconnect.git Fix/update comments in fake-*-server.py scripts Also adds a stub to make sure that 'fake-juniper-server.py' rejects attempts to start speaking the Junos/Pulse protocol, rather than the Juniper/oNCP protocol. Signed-off-by: Daniel Lenski --- diff --git a/tests/fake-fortinet-server.py b/tests/fake-fortinet-server.py index ce0558f3..505eebfb 100755 --- a/tests/fake-fortinet-server.py +++ b/tests/fake-fortinet-server.py @@ -27,7 +27,7 @@ # POST /remote/logincheck (with username and credential fields) # No 2FA) Completes the login # With 2FA) Returns a 2FA challenge -# POST /remote/logincheck (with username, code, and challenge response fields) +# POST /remote/logincheck (with username and 2FA response fields) # # It does not actually validate the credentials in any way, but attempts to # verify their consistency from one request to the next, by saving their diff --git a/tests/fake-gp-server.py b/tests/fake-gp-server.py index a5e5ece3..1e6b6ead 100755 --- a/tests/fake-gp-server.py +++ b/tests/fake-gp-server.py @@ -245,7 +245,7 @@ def getconfig(): return '''{}/ssl-tunnel-connect.sslvpn'''.format(addrs) -# Respond to gateway getconfig request +# Respond to gateway hipreportcheck request @app.route('/ssl-vpn/hipreportcheck.esp', methods=('POST',)) @check_form_against_session('user', 'portal', 'domain', 'authcookie', 'computer') def hipcheck(): diff --git a/tests/fake-juniper-server.py b/tests/fake-juniper-server.py index a8b77e31..224b9c0a 100755 --- a/tests/fake-juniper-server.py +++ b/tests/fake-juniper-server.py @@ -76,6 +76,10 @@ def check_form_against_session(*fields, use_query=False): # token/2FA form name (can be frmLogin, for 2-password-in-one-form option)] @app.route('/') def root(): + # We don't support the Junos/Pulse protocol (which starts with this request) + if request.headers.get('Upgrade') == 'IF-T/TLS 1.0' and request.headers.get('Content-Type') == 'EAP': + return abort(501) + realms = request.args.get('realms') roles = request.args.get('roles') confirm = bool(request.args.get('confirm'))