def test_17_update_token(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
# Failed update: genkey wrong
self.assertRaises(Exception, token.update, {
"description": "new desc",
"genkey": "17"
})
# genkey and otpkey used at the same time
token.update({"otpkey": self.otpkey, "genkey": "1"})
self.assertTrue(token.token.otplen == 6)
token.update({"otpkey": self.otpkey, "pin": "654321", "otplen": 6})
self.assertTrue(token.check_pin("654321"))
self.assertTrue(token.token.otplen == 6)
# update hashlib
token.update({"otpkey": self.otpkey, "hashlib": "sha1"})
self.assertTrue(
token.get_tokeninfo("hashlib") == "sha1", token.get_tokeninfo())
# save pin encrypted
token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"})
# check if the PIN is encrypted
self.assertTrue(token.token.pin_hash.startswith("@@"),
token.token.pin_hash)
# update token without otpkey raises an error
self.assertRaises(Exception, token.update, {"description": "test"})
def test_17_update_token(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
# Failed update: genkey wrong
self.assertRaises(Exception,
token.update,
{"description": "new desc",
"genkey": "17"})
# genkey and otpkey used at the same time
token.update({"otpkey": self.otpkey,
"genkey": "1"})
self.assertTrue(token.token.otplen == 6)
token.update({"otpkey": self.otpkey,
"pin": "654321",
"otplen": 6})
self.assertTrue(token.check_pin("654321"))
self.assertTrue(token.token.otplen == 6)
# update hashlib
token.update({"otpkey": self.otpkey,
"hashlib": "sha1"})
self.assertTrue(token.get_tokeninfo("hashlib") == "sha1",
token.get_tokeninfo())
# save pin encrypted
token.update({"genkey": 1,
"pin": "secret",
"encryptpin": "true"})
# check if the PIN is encrypted
self.assertTrue(token.token.pin_hash.startswith("@@"),
token.token.pin_hash)
# update token without otpkey raises an error
self.assertRaises(Exception, token.update, {"description": "test"})
def test_30_2step_otpkeyformat(self):
serial = "2step3"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.update({
"2stepinit": "1",
"2step_clientsize": "12",
"hashlib": "sha512",
})
self.assertEqual(token.token.rollout_state, "clientwait")
self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
# fetch the server component for later tests
server_component = binascii.unhexlify(
token.token.get_otpkey().getKey())
# generate a 12-byte client component
client_component = b'abcdefghijkl'
checksum = hashlib.sha1(client_component).digest()[:4]
# wrong checksum
with warnings.catch_warnings():
warnings.simplefilter('ignore', category=DeprecationWarning)
self.assertRaisesRegexp(
ParameterError, "Incorrect checksum", token.update, {
"otpkey":
b32encode_and_unicode(b"\x37" + checksum[1:] +
client_component).strip("="),
"otpkeyformat":
"base32check",
})
# construct a secret
token.update({
"otpkey":
b32encode_and_unicode(checksum + client_component).strip("="),
"otpkeyformat":
"base32check",
# the following values are ignored
"2step_serversize":
"23",
"2step_difficulty":
"666666",
"2step_clientsize":
"13"
})
# check the generated secret
secret = binascii.unhexlify(token.token.get_otpkey().getKey())
# check the correct lengths
self.assertEqual(len(server_component), 64) # because of SHA-512
self.assertEqual(len(client_component), 12)
self.assertEqual(len(secret), 64) # because of SHA-512
# check the secret has been generated according to the specification
expected_secret = pbkdf2_hmac('sha1',
binascii.hexlify(server_component),
client_component, 10000, len(secret))
self.assertEqual(secret, expected_secret)
self.assertTrue(token.token.active)
def test_30_2step_otpkeyformat(self):
serial = "2step3"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.update({
"2stepinit": "1",
"2step_clientsize": "12",
"hashlib": "sha512",
})
self.assertEqual(token.token.rollout_state, "clientwait")
self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
# fetch the server component for later tests
server_component = binascii.unhexlify(token.token.get_otpkey().getKey())
# generate a 12-byte client component
client_component = b'abcdefghijkl'
checksum = hashlib.sha1(client_component).digest()[:4]
# wrong checksum
self.assertRaisesRegexp(
ParameterError,
"Incorrect checksum",
token.update,
{
"otpkey": base64.b32encode("\x37" + checksum[1:] + client_component).strip("="),
"otpkeyformat": "base32check",
})
# construct a secret
token.update({
"otpkey": base64.b32encode(checksum + client_component).strip("="),
"otpkeyformat": "base32check",
# the following values are ignored
"2step_serversize": "23",
"2step_difficulty": "666666",
"2step_clientsize": "13"
})
# check the generated secret
secret = binascii.unhexlify(token.token.get_otpkey().getKey())
# check the correct lengths
self.assertEqual(len(server_component), 64) # because of SHA-512
self.assertEqual(len(client_component), 12)
self.assertEqual(len(secret), 64) # because of SHA-512
# check the secret has been generated according to the specification
expected_secret = pbkdf2(binascii.hexlify(server_component), client_component, 10000, len(secret))
self.assertEqual(secret, expected_secret)
self.assertTrue(token.token.active)
def test_29_2step_generation_custom(self):
serial = "2step2"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.update({
"2stepinit": "1",
"2step_serversize": "40",
"2step_difficulty": "12345",
"2step_clientsize": "12",
"hashlib": "sha512",
})
self.assertEqual(token.token.rollout_state, "clientwait")
self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
self.assertEqual(token.get_tokeninfo("2step_difficulty"), "12345")
# fetch the server component for later tests
server_component = binascii.unhexlify(
token.token.get_otpkey().getKey())
# too short
self.assertRaises(ParameterError, token.update,
{"otpkey": binascii.hexlify(b"=" * 8)})
# generate a 12-byte client component
client_component = b'abcdefghijkl'
# construct a secret
token.update({
"otpkey": binascii.hexlify(client_component),
# the following values are ignored
"2step_serversize": "23",
"2step_difficulty": "666666",
"2step_clientsize": "13"
})
# check the generated secret
secret = binascii.unhexlify(token.token.get_otpkey().getKey())
# check the correct lengths
self.assertEqual(len(server_component), 40)
self.assertEqual(len(client_component), 12)
self.assertEqual(len(secret), 64) # because of SHA-512
# check the secret has been generated according to the specification
expected_secret = pbkdf2_hmac('sha1',
binascii.hexlify(server_component),
client_component, 12345, len(secret))
self.assertEqual(secret, expected_secret)
self.assertTrue(token.token.active)
def test_29_2step_generation_custom(self):
serial = "2step2"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.update({
"2stepinit": "1",
"2step_serversize": "40",
"2step_difficulty": "12345",
"2step_clientsize": "12",
"hashlib": "sha512",
})
self.assertEqual(token.token.rollout_state, "clientwait")
self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12")
self.assertEqual(token.get_tokeninfo("2step_difficulty"), "12345")
# fetch the server component for later tests
server_component = binascii.unhexlify(token.token.get_otpkey().getKey())
# too short
self.assertRaises(ParameterError, token.update, {
"otpkey": binascii.hexlify("="*8)
})
# generate a 12-byte client component
client_component = b'abcdefghijkl'
# construct a secret
token.update({
"otpkey": binascii.hexlify(client_component),
# the following values are ignored
"2step_serversize": "23",
"2step_difficulty": "666666",
"2step_clientsize": "13"
})
# check the generated secret
secret = binascii.unhexlify(token.token.get_otpkey().getKey())
# check the correct lengths
self.assertEqual(len(server_component), 40)
self.assertEqual(len(client_component), 12)
self.assertEqual(len(secret), 64) # because of SHA-512
# check the secret has been generated according to the specification
expected_secret = pbkdf2(binascii.hexlify(server_component), client_component, 12345, len(secret))
self.assertEqual(secret, expected_secret)
self.assertTrue(token.token.active)
def test_11_tokeninfo(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
token.add_tokeninfo("key1", "value2")
info1 = token.get_tokeninfo()
self.assertTrue("key1" in info1, info1)
token.add_tokeninfo("key2", "value3")
info2 = token.get_tokeninfo()
self.assertTrue("key2" in info2, info2)
token.set_tokeninfo(info1)
info2 = token.get_tokeninfo()
self.assertTrue("key2" not in info2, info2)
self.assertTrue(token.get_tokeninfo("key1") == "value2", info2)
# auth counter
token.set_count_auth_success_max(200)
token.set_count_auth_max(1000)
token.set_count_auth_success(100)
token.inc_count_auth_success()
token.set_count_auth(200)
token.inc_count_auth()
self.assertTrue(token.get_count_auth_success_max() == 200)
self.assertTrue(token.get_count_auth_success() == 101)
self.assertTrue(token.get_count_auth_max() == 1000)
self.assertTrue(token.get_count_auth() == 201)
self.assertTrue(token.check_auth_counter())
token.set_count_auth_max(10)
self.assertFalse(token.check_auth_counter())
token.set_count_auth_max(1000)
token.set_count_auth_success_max(10)
self.assertFalse(token.check_auth_counter())
# handle validity end date
token.set_validity_period_end("2014-12-30T16:00+0200")
end = token.get_validity_period_end()
self.assertTrue(end == "2014-12-30T16:00+0200", end)
self.assertRaises(Exception, token.set_validity_period_end,
"wrong date")
# handle validity start date
token.set_validity_period_start("2013-12-30T16:00+0200")
start = token.get_validity_period_start()
self.assertTrue(start == "2013-12-30T16:00+0200", start)
self.assertRaises(Exception, token.set_validity_period_start,
"wrong date")
self.assertFalse(token.check_validity_period())
# check validity period
# +5 days
end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 5 days
start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(5)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertTrue(token.check_validity_period())
# check before start date
# +5 days
end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# + 2 days
start_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(2)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
# check after enddate
# -1 day
end_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(1)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 10 days
start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(10)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
def test_08_info(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
token.set_hashlib("sha1")
ti = token.get_tokeninfo()
self.assertTrue("hashlib" in ti, ti)
def test_11_tokeninfo(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
token.add_tokeninfo("key1", "value2")
info1 = token.get_tokeninfo()
self.assertTrue("key1" in info1, info1)
token.add_tokeninfo("key2", "value3")
info2 = token.get_tokeninfo()
self.assertTrue("key2" in info2, info2)
token.set_tokeninfo(info1)
info2 = token.get_tokeninfo()
self.assertTrue("key2" not in info2, info2)
self.assertTrue(token.get_tokeninfo("key1") == "value2",
info2)
# auth counter
token.set_count_auth_success_max(200)
token.set_count_auth_max(1000)
token.set_count_auth_success(100)
token.inc_count_auth_success()
token.set_count_auth(200)
token.inc_count_auth()
self.assertTrue(token.get_count_auth_success_max() == 200)
self.assertTrue(token.get_count_auth_success() == 101)
self.assertTrue(token.get_count_auth_max() == 1000)
self.assertTrue(token.get_count_auth() == 201)
self.assertTrue(token.check_auth_counter())
token.set_count_auth_max(10)
self.assertFalse(token.check_auth_counter())
token.set_count_auth_max(1000)
token.set_count_auth_success_max(10)
self.assertFalse(token.check_auth_counter())
# handle validity end date
token.set_validity_period_end("30/12/14 16:00")
end = token.get_validity_period_end()
self.assertTrue(end == "30/12/14 16:00", end)
self.assertRaises(Exception,
token.set_validity_period_end, "wrong date")
# handle validity start date
token.set_validity_period_start("30/12/13 16:00")
start = token.get_validity_period_start()
self.assertTrue(start == "30/12/13 16:00", start)
self.assertRaises(Exception,
token.set_validity_period_start, "wrong date")
self.assertFalse(token.check_validity_period())
# check validity period
# +5 days
end_date = datetime.datetime.now() + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 5 days
start_date = datetime.datetime.now() - datetime.timedelta(5)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertTrue(token.check_validity_period())
# check before start date
# +5 days
end_date = datetime.datetime.now() + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# + 2 days
start_date = datetime.datetime.now() + datetime.timedelta(2)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
# check after enddate
# -1 day
end_date = datetime.datetime.now() - datetime.timedelta(1)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 10 days
start_date = datetime.datetime.now() - datetime.timedelta(10)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
def test_08_info(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
token.set_hashlib("sha1")
ti = token.get_tokeninfo()
self.assertTrue("hashlib" in ti, ti)
