def test_02_get_auth_item(self):
serial = "OATH1"
# create realm
self.setUp_user_realms()
user = User("cornelius", realm=self.realm1)
# create ssh token
init_token({
"serial": serial,
"type": "hotp",
"otpkey": OTPKEY
},
user=user)
# authenticate online initially
tok = get_tokens(serial=serial)[0]
res = tok.check_otp("359152") # count = 2
self.assertEqual(res, 2)
# check intermediate counter value
self.assertEqual(tok.token.count, 3)
auth_item = OfflineApplication.get_authentication_item("hotp", serial)
refilltoken = auth_item.get("refilltoken")
self.assertEqual(len(refilltoken), REFILLTOKEN_LENGTH * 2)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("969429", # count = 3
auth_item.get("response").get(3)))
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("399871", # count = 8
auth_item.get("response").get(8)))
# The token now contains the refill token information:
self.assertEqual(refilltoken, tok.get_tokeninfo("refilltoken"))
# After calling auth_item the token counter should be increased
# 3, because we used the otp value with count = 2 initially
# 100, because we obtained 100 offline OTPs
self.assertEqual(tok.token.count, 3 + 100)
# Assert that we cannot authenticate with the last offline OTP we got
self.assertEqual(len(auth_item.get("response")), 100)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("629694", # count = 102
auth_item.get("response").get(102)))
res = tok.check_otp("629694") # count = 102
self.assertEqual(res, -1)
res = tok.check_otp("378717") # count = 103
self.assertEqual(res, 103)
# check illegal API usage
self.assertRaises(ParameterError, OfflineApplication.get_offline_otps,
tok, 'foo', -1)
self.assertEqual(OfflineApplication.get_offline_otps(tok, 'foo', 0),
{})
def test_02_get_auth_item(self):
serial = "OATH1"
# create realm
self.setUp_user_realms()
user = User("cornelius", realm=self.realm1)
# create ssh token
init_token({"serial": serial, "type": "hotp", "otpkey": OTPKEY},
user=user)
# authenticate online initially
tok = get_tokens(serial=serial)[0]
res = tok.check_otp("359152") # count = 2
self.assertEqual(res, 2)
# check intermediate counter value
self.assertEqual(tok.token.count, 3)
auth_item = OfflineApplication.get_authentication_item("hotp", serial)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("969429", # count = 3
auth_item.get("response").get(0)))
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("399871", # count = 8
auth_item.get("response").get(5)))
# After calling auth_item the token counter should be increased
# 3, because we used the otp value with count = 2 initially
# 100, because we obtained 100 offline OTPs
self.assertEqual(tok.token.count, 3 + 100)
# Assert that we cannot authenticate with the last offline OTP we got
self.assertEqual(len(auth_item.get("response")), 100)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("629694", # count = 102
auth_item.get("response").get(99)))
res = tok.check_otp("629694") # count = 102
self.assertEqual(res, -1)
res = tok.check_otp("378717") # count = 103
self.assertEqual(res, 103)
def offlinerefill():
"""
This endpoint allows to fetch new offline OTP values for a token,
that is already offline.
According to the definition it will send the missing OTP values, so that
the client will have as much otp values as defined.
:param serial: The serial number of the token, that should be refilled.
:param refilltoken: The authorization token, that allows refilling.
:param pass: the last password (maybe password+OTP) entered by the user
:return:
"""
serial = getParam(request.all_data, "serial", required)
refilltoken = getParam(request.all_data, "refilltoken", required)
password = getParam(request.all_data, "pass", required)
tokenobj_list = get_tokens(serial=serial)
if len(tokenobj_list) != 1:
raise ParameterError("The token does not exist")
else:
tokenobj = tokenobj_list[0]
tokenattachments = list_machine_tokens(serial=serial,
application="offline")
if tokenattachments:
# TODO: Currently we do not distinguish, if a token had more than one offline attachment
# We need the options to pass the count and the rounds for the next offline OTP values,
# which could have changed in the meantime.
options = tokenattachments[0].get("options")
# check refill token:
if tokenobj.get_tokeninfo("refilltoken") == refilltoken:
# refill
otps = MachineApplication.get_refill(tokenobj, password,
options)
refilltoken = MachineApplication.generate_new_refilltoken(
tokenobj)
response = send_result(True)
content = response.json
content["auth_items"] = {
"offline": [{
"refilltoken": refilltoken,
"response": otps
}]
}
response.set_data(json.dumps(content))
return response
raise ParameterError(
"Token is not an offline token or refill token is incorrect")
def offlinerefill():
"""
This endpoint allows to fetch new offline OTP values for a token,
that is already offline.
According to the definition it will send the missing OTP values, so that
the client will have as much otp values as defined.
:param serial: The serial number of the token, that should be refilled.
:param refilltoken: The authorization token, that allows refilling.
:param pass: the last password (maybe password+OTP) entered by the user
:return:
"""
result = False
otps = {}
serial = getParam(request.all_data, "serial", required)
refilltoken = getParam(request.all_data, "refilltoken", required)
password = getParam(request.all_data, "pass", required)
tokenobj_list = get_tokens(serial=serial)
if len(tokenobj_list) != 1:
raise ParameterError("The token does not exist")
else:
tokenobj = tokenobj_list[0]
machine_defs = list_token_machines(serial)
# check if is still an offline token:
for mdef in machine_defs:
if mdef.get("application") == "offline":
# check refill token:
if tokenobj.get_tokeninfo("refilltoken") == refilltoken:
# refill
otps = MachineApplication.get_refill(
tokenobj, password, mdef.get("options"))
refilltoken = MachineApplication.generate_new_refilltoken(
tokenobj)
response = send_result(True)
content = json.loads(response.data)
content["auth_items"] = {
"offline": [{
"refilltoken": refilltoken,
"response": otps
}]
}
response.data = json.dumps(content)
return response
raise ParameterError(
"Token is not an offline token or refill token is incorrect")
def test_02_get_auth_item(self):
serial = "OATH1"
# create realm
self.setUp_user_realms()
user = User("cornelius", realm=self.realm1)
# create ssh token
init_token({"serial": serial, "type": "hotp", "otpkey": OTPKEY},
user=user)
# authenticate online initially
tok = get_tokens(serial=serial)[0]
res = tok.check_otp("359152") # count = 2
self.assertEqual(res, 2)
# check intermediate counter value
self.assertEqual(tok.token.count, 3)
auth_item = OfflineApplication.get_authentication_item("hotp", serial)
refilltoken = auth_item.get("refilltoken")
self.assertEqual(len(refilltoken), REFILLTOKEN_LENGTH * 2)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("969429", # count = 3
auth_item.get("response").get(3)))
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("399871", # count = 8
auth_item.get("response").get(8)))
# The token now contains the refill token information:
self.assertEqual(refilltoken, tok.get_tokeninfo("refilltoken"))
# After calling auth_item the token counter should be increased
# 3, because we used the otp value with count = 2 initially
# 100, because we obtained 100 offline OTPs
self.assertEqual(tok.token.count, 3 + 100)
# Assert that we cannot authenticate with the last offline OTP we got
self.assertEqual(len(auth_item.get("response")), 100)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("629694", # count = 102
auth_item.get("response").get(102)))
res = tok.check_otp("629694") # count = 102
self.assertEqual(res, -1)
res = tok.check_otp("378717") # count = 103
self.assertEqual(res, 103)
# check illegal API usage
self.assertRaises(ParameterError,
OfflineApplication.get_offline_otps, tok, 'foo', -1)
self.assertEqual(OfflineApplication.get_offline_otps(tok, 'foo', 0), {})
def offlinerefill():
"""
This endpoint allows to fetch new offline OTP values for a token,
that is already offline.
According to the definition it will send the missing OTP values, so that
the client will have as much otp values as defined.
:param serial: The serial number of the token, that should be refilled.
:param refilltoken: The authorization token, that allows refilling.
:param pass: the last password (maybe password+OTP) entered by the user
:return:
"""
result = False
otps = {}
serial = getParam(request.all_data, "serial", required)
refilltoken = getParam(request.all_data, "refilltoken", required)
password = getParam(request.all_data, "pass", required)
tokenobj_list = get_tokens(serial=serial)
if len(tokenobj_list) != 1:
raise ParameterError("The token does not exist")
else:
tokenobj = tokenobj_list[0]
machine_defs = list_token_machines(serial)
# check if is still an offline token:
for mdef in machine_defs:
if mdef.get("application") == "offline":
# check refill token:
if tokenobj.get_tokeninfo("refilltoken") == refilltoken:
# refill
otps = MachineApplication.get_refill(tokenobj, password, mdef.get("options"))
refilltoken = MachineApplication.generate_new_refilltoken(tokenobj)
response = send_result(True)
content = json.loads(response.data)
content["auth_items"] = {"offline": [{"refilltoken": refilltoken,
"response": otps}]}
response.data = json.dumps(content)
return response
raise ParameterError("Token is not an offline token or refill token is incorrect")
def test_02_get_auth_item(self):
serial = "OATH1"
# create realm
self.setUp_user_realms()
user = User("cornelius", realm=self.realm1)
# create ssh token
init_token({"serial": serial, "type": "hotp", "otpkey": OTPKEY},
user=user)
auth_item = OfflineApplication.get_authentication_item("hotp", serial)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("755224",
auth_item.get("response").get(0)))
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("254676",
auth_item.get("response").get(5)))
# After calling auth_item the token counter should be increased
tok = get_tokens(serial=serial)[0]
self.assertEqual(tok.token.count, 101)
def test_02_get_auth_item(self):
serial = "OATH1"
# create realm
self.setUp_user_realms()
user = User("cornelius", realm=self.realm1)
# create ssh token
init_token({
"serial": serial,
"type": "hotp",
"otpkey": OTPKEY
},
user=user)
auth_item = OfflineApplication.get_authentication_item("hotp", serial)
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("755224",
auth_item.get("response").get(0)))
self.assertTrue(passlib.hash.\
pbkdf2_sha512.verify("254676",
auth_item.get("response").get(5)))
# After calling auth_item the token counter should be increased
tok = get_tokens(serial=serial)[0]
self.assertEqual(tok.token.count, 101)
def test_03_get_auth_item_unsupported(self):
# unsupported token type
auth_item = OfflineApplication.get_authentication_item("unsupported",
"s")
self.assertEqual(auth_item, {})
def test_01_get_options(self):
# Can run as class
options = OfflineApplication.get_options()
self.assertEqual(options["required"], [])
self.assertEqual(options["optional"], ['user', 'count', 'rounds'])