Skip to content

Commit

Permalink
SNOW-1526628 implemented passcode MFA authentication (#739)
Browse files Browse the repository at this point in the history
  • Loading branch information
sfc-gh-ext-simba-jy authored Sep 12, 2024
1 parent 526ac94 commit f907edb
Show file tree
Hide file tree
Showing 4 changed files with 227 additions and 0 deletions.
14 changes: 14 additions & 0 deletions lib/connection.c
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,20 @@ cJSON *STDCALL create_auth_json_body(SF_CONNECT *sf,
// Add password if one exists
if (sf->password && *(sf->password)) {
snowflake_cJSON_AddStringToObject(data, "PASSWORD", sf->password);

if (sf->passcode_in_password) {
snowflake_cJSON_AddStringToObject(data, "EXT_AUTHN_DUO_METHOD", "passcode");
snowflake_cJSON_AddBoolToObject(data, "passcodeInPassword", SF_BOOLEAN_TRUE);
}
else if (sf->passcode && *(sf->passcode))
{
snowflake_cJSON_AddStringToObject(data, "EXT_AUTHN_DUO_METHOD", "passcode");
snowflake_cJSON_AddStringToObject(data, "PASSCODE", sf->passcode);
}
else
{
snowflake_cJSON_AddStringToObject(data, "EXT_AUTHN_DUO_METHOD", "push");
}
}
snowflake_cJSON_AddItemToObject(data, "CLIENT_ENVIRONMENT", client_env);
snowflake_cJSON_AddItemToObject(data, "SESSION_PARAMETERS",
Expand Down
3 changes: 3 additions & 0 deletions tests/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,13 @@ SET(TESTS_C
test_get_query_result_response
test_get_describe_only_query_result
test_stmt_functions
test_unit_mfa_auth
# FEATURE_INCREASED_MAX_LOB_SIZE_IN_MEMORY is internal switch
# will enable lob test when the change on server side will be published
# test_lob
# test_stats
# MFA connection is only able to run testing manually.
test_mfa_connect
)

SET(TESTS_CXX
Expand Down
132 changes: 132 additions & 0 deletions tests/test_mfa_connect.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
/*
* Copyright (c) 2018-2024 Snowflake Computing, Inc. All rights reserved.
*/

#include "utils/test_setup.h"

void test_connect_with_duo_push(void **unused)
{
SF_CONNECT *sf = snowflake_init();
snowflake_set_attribute(sf, SF_CON_ACCOUNT,
getenv("SNOWFLAKE_TEST_ACCOUNT"));
snowflake_set_attribute(sf, SF_CON_USER, getenv("SNOWFLAKE_TEST_USER"));
snowflake_set_attribute(sf, SF_CON_PASSWORD,
getenv("SNOWFLAKE_TEST_PASSWORD"));
char *host, *port, *protocol;
host = getenv("SNOWFLAKE_TEST_HOST");
if (host)
{
snowflake_set_attribute(sf, SF_CON_HOST, host);
}
port = getenv("SNOWFLAKE_TEST_PORT");
if (port)
{
snowflake_set_attribute(sf, SF_CON_PORT, port);
}
protocol = getenv("SNOWFLAKE_TEST_PROTOCOL");
if (protocol)
{
snowflake_set_attribute(sf, SF_CON_PROTOCOL, protocol);
}

SF_STATUS status = snowflake_connect(sf);
if (status != SF_STATUS_SUCCESS)
{
dump_error(&(sf->error));
}
assert_int_equal(status, SF_STATUS_SUCCESS);
snowflake_term(sf);
}

void test_connect_with_duo_passcode(void **unused)
{
SF_CONNECT *sf = snowflake_init();
snowflake_set_attribute(sf, SF_CON_ACCOUNT,
getenv("SNOWFLAKE_TEST_ACCOUNT"));
snowflake_set_attribute(sf, SF_CON_USER, getenv("SNOWFLAKE_TEST_USER"));
snowflake_set_attribute(sf, SF_CON_PASSWORD,
getenv("SNOWFLAKE_TEST_PASSWORD"));
char *host, *port, *protocol, *passcode;
host = getenv("SNOWFLAKE_TEST_HOST");
if (host)
{
snowflake_set_attribute(sf, SF_CON_HOST, host);
}
port = getenv("SNOWFLAKE_TEST_PORT");
if (port)
{
snowflake_set_attribute(sf, SF_CON_PORT, port);
}
protocol = getenv("SNOWFLAKE_TEST_PROTOCOL");
if (protocol)
{
snowflake_set_attribute(sf, SF_CON_PROTOCOL, protocol);
}
passcode = getenv("SNOWFLAKE_TEST_PASSCODE");
if (passcode)
{
snowflake_set_attribute(sf, SF_CON_PASSCODE, passcode);
}
else {
dump_error(&(sf->error));
}

SF_STATUS status = snowflake_connect(sf);
if (status != SF_STATUS_SUCCESS)
{
dump_error(&(sf->error));
}
assert_int_equal(status, SF_STATUS_SUCCESS);
snowflake_term(sf);
}

void test_connect_with_duo_passcodeInPassword(void** unused)
{
SF_CONNECT* sf = snowflake_init();
snowflake_set_attribute(sf, SF_CON_ACCOUNT,
getenv("SNOWFLAKE_TEST_ACCOUNT"));
snowflake_set_attribute(sf, SF_CON_USER, getenv("SNOWFLAKE_TEST_USER"));
snowflake_set_attribute(sf, SF_CON_PASSWORD,
getenv("SNOWFLAKE_TEST_PASSWORD"));
sf_bool passcode_in_password = SF_BOOLEAN_TRUE;
snowflake_set_attribute(sf, SF_CON_PASSCODE_IN_PASSWORD, &passcode_in_password);

char* host, * port, * protocol;
host = getenv("SNOWFLAKE_TEST_HOST");
if (host)
{
snowflake_set_attribute(sf, SF_CON_HOST, host);
}
port = getenv("SNOWFLAKE_TEST_PORT");
if (port)
{
snowflake_set_attribute(sf, SF_CON_PORT, port);
}
protocol = getenv("SNOWFLAKE_TEST_PROTOCOL");
if (protocol)
{
snowflake_set_attribute(sf, SF_CON_PROTOCOL, protocol);
}

SF_STATUS status = snowflake_connect(sf);
if (status != SF_STATUS_SUCCESS)
{
dump_error(&(sf->error));
}
assert_int_equal(status, SF_STATUS_SUCCESS);
snowflake_term(sf);
}

int main(void)
{
initialize_test(SF_BOOLEAN_FALSE);
const struct CMUnitTest tests[] = {
cmocka_unit_test(test_connect_with_duo_push),
cmocka_unit_test(test_connect_with_duo_passcode),
//Need to run this testing separately.
//cmocka_unit_test(test_connect_with_duo_passcodeInPassword),
};
int ret = cmocka_run_group_tests(tests, NULL, NULL);
snowflake_global_term();
return ret;
}
78 changes: 78 additions & 0 deletions tests/test_unit_mfa_auth.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
/*
* Copyright (c) 2018-2024 Snowflake Computing, Inc. All rights reserved.
*/

#include <string.h>
#include "utils/test_setup.h"
#include "connection.h"
#include "memory.h"

/**
* Test json body is properly updated.
*/
void test_json_data_in_MFA_Auth(void **unused)
{
SF_CONNECT* sf = (SF_CONNECT*)SF_CALLOC(1, sizeof(SF_CONNECT));
sf->account = "testaccount";
sf->host = "testaccount.snowflakecomputing.com";
sf->user = "testuser";
sf->password = "testpassword";
sf->authenticator = SF_AUTHENTICATOR_DEFAULT;
sf->application_name = SF_API_NAME;
sf->application_version = SF_API_VERSION;

cJSON *body = create_auth_json_body(
sf,
sf->application,
sf->application_name,
sf->application_version,
sf->timezone,
sf->autocommit);
cJSON* data = snowflake_cJSON_GetObjectItem(body, "data");

assert_string_equal(snowflake_cJSON_GetStringValue(snowflake_cJSON_GetObjectItem(data, "EXT_AUTHN_DUO_METHOD")), "push");

sf->passcode = "123456";
body = create_auth_json_body(
sf,
sf->application,
sf->application_name,
sf->application_version,
sf->timezone,
sf->autocommit);
data = snowflake_cJSON_GetObjectItem(body, "data");

assert_string_equal(snowflake_cJSON_GetStringValue(snowflake_cJSON_GetObjectItem(data, "EXT_AUTHN_DUO_METHOD")), "passcode");
assert_string_equal(snowflake_cJSON_GetStringValue(snowflake_cJSON_GetObjectItem(data, "passcode")), "123456");

sf->passcode_in_password = SF_BOOLEAN_TRUE;

body = create_auth_json_body(
sf,
sf->application,
sf->application_name,
sf->application_version,
sf->timezone,
sf->autocommit);
data = snowflake_cJSON_GetObjectItem(body, "data");

assert_string_equal(snowflake_cJSON_GetStringValue(snowflake_cJSON_GetObjectItem(data, "EXT_AUTHN_DUO_METHOD")), "passcode");
assert_int_equal(snowflake_cJSON_GetStringValue(snowflake_cJSON_GetObjectItem(data, "passcode")), NULL);

sf_bool passcodeInPassword;
json_copy_bool(&passcodeInPassword, data, "passcodeInPassword");
assert_int_equal(passcodeInPassword, SF_BOOLEAN_TRUE);

SF_FREE(sf);
}

int main(void)
{
initialize_test(SF_BOOLEAN_FALSE);
const struct CMUnitTest tests[] = {
cmocka_unit_test(test_json_data_in_MFA_Auth),
};
int ret = cmocka_run_group_tests(tests, NULL, NULL);
snowflake_global_term();
return ret;
}

0 comments on commit f907edb

Please sign in to comment.