def test_17_update_token(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        # Failed update: genkey wrong
        self.assertRaises(Exception, token.update, {
            "description": "new desc",
            "genkey": "17"
        })
        # genkey and otpkey used at the same time
        token.update({"otpkey": self.otpkey, "genkey": "1"})
        self.assertTrue(token.token.otplen == 6)

        token.update({"otpkey": self.otpkey, "pin": "654321", "otplen": 6})
        self.assertTrue(token.check_pin("654321"))
        self.assertTrue(token.token.otplen == 6)
        # update hashlib
        token.update({"otpkey": self.otpkey, "hashlib": "sha1"})
        self.assertTrue(
            token.get_tokeninfo("hashlib") == "sha1", token.get_tokeninfo())

        # save pin encrypted
        token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"})
        # check if the PIN is encrypted
        self.assertTrue(token.token.pin_hash.startswith("@@"),
                        token.token.pin_hash)

        # update token without otpkey raises an error
        self.assertRaises(Exception, token.update, {"description": "test"})
    def test_17_update_token(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        # Failed update: genkey wrong
        self.assertRaises(Exception,
                          token.update,
                          {"description": "new desc",
                           "genkey": "17"})
        # genkey and otpkey used at the same time
        token.update({"otpkey": self.otpkey,
                      "genkey": "1"})
        self.assertTrue(token.token.otplen == 6)

        token.update({"otpkey": self.otpkey,
                      "pin": "654321",
                      "otplen": 6})
        self.assertTrue(token.check_pin("654321"))
        self.assertTrue(token.token.otplen == 6)
        # update hashlib
        token.update({"otpkey": self.otpkey,
                      "hashlib": "sha1"})
        self.assertTrue(token.get_tokeninfo("hashlib") == "sha1",
                        token.get_tokeninfo())

        # save pin encrypted
        token.update({"genkey": 1,
                      "pin": "secret",
                      "encryptpin": "true"})
        # check if the PIN is encrypted
        self.assertTrue(token.token.pin_hash.startswith("@@"),
                        token.token.pin_hash)

        # update token without otpkey raises an error
        self.assertRaises(Exception, token.update, {"description": "test"})
 def test_30_2step_otpkeyformat(self):
     serial = "2step3"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.update({
         "2stepinit": "1",
         "2step_clientsize": "12",
         "hashlib": "sha512",
     })
     self.assertEqual(token.token.rollout_state, "clientwait")
     self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
     # fetch the server component for later tests
     server_component = binascii.unhexlify(
         token.token.get_otpkey().getKey())
     # generate a 12-byte client component
     client_component = b'abcdefghijkl'
     checksum = hashlib.sha1(client_component).digest()[:4]
     # wrong checksum
     with warnings.catch_warnings():
         warnings.simplefilter('ignore', category=DeprecationWarning)
         self.assertRaisesRegexp(
             ParameterError, "Incorrect checksum", token.update, {
                 "otpkey":
                 b32encode_and_unicode(b"\x37" + checksum[1:] +
                                       client_component).strip("="),
                 "otpkeyformat":
                 "base32check",
             })
     # construct a secret
     token.update({
         "otpkey":
         b32encode_and_unicode(checksum + client_component).strip("="),
         "otpkeyformat":
         "base32check",
         # the following values are ignored
         "2step_serversize":
         "23",
         "2step_difficulty":
         "666666",
         "2step_clientsize":
         "13"
     })
     # check the generated secret
     secret = binascii.unhexlify(token.token.get_otpkey().getKey())
     # check the correct lengths
     self.assertEqual(len(server_component), 64)  # because of SHA-512
     self.assertEqual(len(client_component), 12)
     self.assertEqual(len(secret), 64)  # because of SHA-512
     # check the secret has been generated according to the specification
     expected_secret = pbkdf2_hmac('sha1',
                                   binascii.hexlify(server_component),
                                   client_component, 10000, len(secret))
     self.assertEqual(secret, expected_secret)
     self.assertTrue(token.token.active)
 def test_30_2step_otpkeyformat(self):
     serial = "2step3"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.update({
         "2stepinit": "1",
         "2step_clientsize": "12",
         "hashlib": "sha512",
     })
     self.assertEqual(token.token.rollout_state, "clientwait")
     self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
     # fetch the server component for later tests
     server_component = binascii.unhexlify(token.token.get_otpkey().getKey())
     # generate a 12-byte client component
     client_component = b'abcdefghijkl'
     checksum = hashlib.sha1(client_component).digest()[:4]
     # wrong checksum
     self.assertRaisesRegexp(
         ParameterError,
         "Incorrect checksum",
         token.update,
         {
             "otpkey": base64.b32encode("\x37" + checksum[1:] + client_component).strip("="),
             "otpkeyformat": "base32check",
         })
     # construct a secret
     token.update({
         "otpkey": base64.b32encode(checksum + client_component).strip("="),
         "otpkeyformat": "base32check",
         # the following values are ignored
         "2step_serversize": "23",
         "2step_difficulty": "666666",
         "2step_clientsize": "13"
         })
     # check the generated secret
     secret = binascii.unhexlify(token.token.get_otpkey().getKey())
     # check the correct lengths
     self.assertEqual(len(server_component), 64) # because of SHA-512
     self.assertEqual(len(client_component), 12)
     self.assertEqual(len(secret), 64) # because of SHA-512
     # check the secret has been generated according to the specification
     expected_secret = pbkdf2(binascii.hexlify(server_component), client_component, 10000, len(secret))
     self.assertEqual(secret, expected_secret)
     self.assertTrue(token.token.active)
 def test_29_2step_generation_custom(self):
     serial = "2step2"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.update({
         "2stepinit": "1",
         "2step_serversize": "40",
         "2step_difficulty": "12345",
         "2step_clientsize": "12",
         "hashlib": "sha512",
     })
     self.assertEqual(token.token.rollout_state, "clientwait")
     self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
     self.assertEqual(token.get_tokeninfo("2step_difficulty"), "12345")
     # fetch the server component for later tests
     server_component = binascii.unhexlify(
         token.token.get_otpkey().getKey())
     # too short
     self.assertRaises(ParameterError, token.update,
                       {"otpkey": binascii.hexlify(b"=" * 8)})
     # generate a 12-byte client component
     client_component = b'abcdefghijkl'
     # construct a secret
     token.update({
         "otpkey": binascii.hexlify(client_component),
         # the following values are ignored
         "2step_serversize": "23",
         "2step_difficulty": "666666",
         "2step_clientsize": "13"
     })
     # check the generated secret
     secret = binascii.unhexlify(token.token.get_otpkey().getKey())
     # check the correct lengths
     self.assertEqual(len(server_component), 40)
     self.assertEqual(len(client_component), 12)
     self.assertEqual(len(secret), 64)  # because of SHA-512
     # check the secret has been generated according to the specification
     expected_secret = pbkdf2_hmac('sha1',
                                   binascii.hexlify(server_component),
                                   client_component, 12345, len(secret))
     self.assertEqual(secret, expected_secret)
     self.assertTrue(token.token.active)
 def test_29_2step_generation_custom(self):
     serial = "2step2"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.update({
         "2stepinit": "1",
         "2step_serversize": "40",
         "2step_difficulty": "12345",
         "2step_clientsize": "12",
         "hashlib": "sha512",
     })
     self.assertEqual(token.token.rollout_state, "clientwait")
     self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
     self.assertEqual(token.get_tokeninfo("2step_difficulty"), "12345")
     # fetch the server component for later tests
     server_component = binascii.unhexlify(token.token.get_otpkey().getKey())
     # too short
     self.assertRaises(ParameterError, token.update, {
         "otpkey": binascii.hexlify("="*8)
     })
     # generate a 12-byte client component
     client_component = b'abcdefghijkl'
     # construct a secret
     token.update({
         "otpkey": binascii.hexlify(client_component),
         # the following values are ignored
         "2step_serversize": "23",
         "2step_difficulty": "666666",
         "2step_clientsize": "13"
         })
     # check the generated secret
     secret = binascii.unhexlify(token.token.get_otpkey().getKey())
     # check the correct lengths
     self.assertEqual(len(server_component), 40)
     self.assertEqual(len(client_component), 12)
     self.assertEqual(len(secret), 64) # because of SHA-512
     # check the secret has been generated according to the specification
     expected_secret = pbkdf2(binascii.hexlify(server_component), client_component, 12345, len(secret))
     self.assertEqual(secret, expected_secret)
     self.assertTrue(token.token.active)
    def test_11_tokeninfo(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        token.add_tokeninfo("key1", "value2")
        info1 = token.get_tokeninfo()
        self.assertTrue("key1" in info1, info1)
        token.add_tokeninfo("key2", "value3")
        info2 = token.get_tokeninfo()
        self.assertTrue("key2" in info2, info2)
        token.set_tokeninfo(info1)
        info2 = token.get_tokeninfo()
        self.assertTrue("key2" not in info2, info2)
        self.assertTrue(token.get_tokeninfo("key1") == "value2", info2)

        # auth counter
        token.set_count_auth_success_max(200)
        token.set_count_auth_max(1000)
        token.set_count_auth_success(100)
        token.inc_count_auth_success()
        token.set_count_auth(200)
        token.inc_count_auth()
        self.assertTrue(token.get_count_auth_success_max() == 200)
        self.assertTrue(token.get_count_auth_success() == 101)
        self.assertTrue(token.get_count_auth_max() == 1000)
        self.assertTrue(token.get_count_auth() == 201)

        self.assertTrue(token.check_auth_counter())
        token.set_count_auth_max(10)
        self.assertFalse(token.check_auth_counter())
        token.set_count_auth_max(1000)
        token.set_count_auth_success_max(10)
        self.assertFalse(token.check_auth_counter())

        # handle validity end date
        token.set_validity_period_end("2014-12-30T16:00+0200")
        end = token.get_validity_period_end()
        self.assertTrue(end == "2014-12-30T16:00+0200", end)
        self.assertRaises(Exception, token.set_validity_period_end,
                          "wrong date")
        # handle validity start date
        token.set_validity_period_start("2013-12-30T16:00+0200")
        start = token.get_validity_period_start()
        self.assertTrue(start == "2013-12-30T16:00+0200", start)
        self.assertRaises(Exception, token.set_validity_period_start,
                          "wrong date")

        self.assertFalse(token.check_validity_period())

        # check validity period
        # +5 days
        end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5)
        end = end_date.strftime(DATE_FORMAT)
        token.set_validity_period_end(end)
        # - 5 days
        start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(5)
        start = start_date.strftime(DATE_FORMAT)
        token.set_validity_period_start(start)
        self.assertTrue(token.check_validity_period())

        # check before start date
        # +5 days
        end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5)
        end = end_date.strftime(DATE_FORMAT)
        token.set_validity_period_end(end)
        # + 2 days
        start_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(2)
        start = start_date.strftime(DATE_FORMAT)
        token.set_validity_period_start(start)
        self.assertFalse(token.check_validity_period())

        # check after enddate
        # -1 day
        end_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(1)
        end = end_date.strftime(DATE_FORMAT)
        token.set_validity_period_end(end)
        # - 10 days
        start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(10)
        start = start_date.strftime(DATE_FORMAT)
        token.set_validity_period_start(start)
        self.assertFalse(token.check_validity_period())
 def test_08_info(self):
     db_token = Token.query.filter_by(serial=self.serial1).first()
     token = HotpTokenClass(db_token)
     token.set_hashlib("sha1")
     ti = token.get_tokeninfo()
     self.assertTrue("hashlib" in ti, ti)
    def test_11_tokeninfo(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        token.add_tokeninfo("key1", "value2")
        info1 = token.get_tokeninfo()
        self.assertTrue("key1" in info1, info1)
        token.add_tokeninfo("key2", "value3")
        info2 = token.get_tokeninfo()
        self.assertTrue("key2" in info2, info2)
        token.set_tokeninfo(info1)
        info2 = token.get_tokeninfo()
        self.assertTrue("key2" not in info2, info2)
        self.assertTrue(token.get_tokeninfo("key1") == "value2",
                        info2)

        # auth counter
        token.set_count_auth_success_max(200)
        token.set_count_auth_max(1000)
        token.set_count_auth_success(100)
        token.inc_count_auth_success()
        token.set_count_auth(200)
        token.inc_count_auth()
        self.assertTrue(token.get_count_auth_success_max() == 200)
        self.assertTrue(token.get_count_auth_success() == 101)
        self.assertTrue(token.get_count_auth_max() == 1000)
        self.assertTrue(token.get_count_auth() == 201)

        self.assertTrue(token.check_auth_counter())
        token.set_count_auth_max(10)
        self.assertFalse(token.check_auth_counter())
        token.set_count_auth_max(1000)
        token.set_count_auth_success_max(10)
        self.assertFalse(token.check_auth_counter())

        # handle validity end date
        token.set_validity_period_end("30/12/14 16:00")
        end = token.get_validity_period_end()
        self.assertTrue(end == "30/12/14 16:00", end)
        self.assertRaises(Exception,
                          token.set_validity_period_end, "wrong date")
        # handle validity start date
        token.set_validity_period_start("30/12/13 16:00")
        start = token.get_validity_period_start()
        self.assertTrue(start == "30/12/13 16:00", start)
        self.assertRaises(Exception,
                          token.set_validity_period_start, "wrong date")

        self.assertFalse(token.check_validity_period())

        # check validity period
        # +5 days
        end_date = datetime.datetime.now() + datetime.timedelta(5)
        end = end_date.strftime(DATE_FORMAT)
        token.set_validity_period_end(end)
        # - 5 days
        start_date = datetime.datetime.now() - datetime.timedelta(5)
        start = start_date.strftime(DATE_FORMAT)
        token.set_validity_period_start(start)
        self.assertTrue(token.check_validity_period())

        # check before start date
        # +5 days
        end_date = datetime.datetime.now() + datetime.timedelta(5)
        end = end_date.strftime(DATE_FORMAT)
        token.set_validity_period_end(end)
        # + 2 days
        start_date = datetime.datetime.now() + datetime.timedelta(2)
        start = start_date.strftime(DATE_FORMAT)
        token.set_validity_period_start(start)
        self.assertFalse(token.check_validity_period())

        # check after enddate
        # -1 day
        end_date = datetime.datetime.now() - datetime.timedelta(1)
        end = end_date.strftime(DATE_FORMAT)
        token.set_validity_period_end(end)
        # - 10 days
        start_date = datetime.datetime.now() - datetime.timedelta(10)
        start = start_date.strftime(DATE_FORMAT)
        token.set_validity_period_start(start)
        self.assertFalse(token.check_validity_period())
 def test_08_info(self):
     db_token = Token.query.filter_by(serial=self.serial1).first()
     token = HotpTokenClass(db_token)
     token.set_hashlib("sha1")
     ti = token.get_tokeninfo()
     self.assertTrue("hashlib" in ti, ti)