def test_99_delete_token(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.delete_token()
db_token = Token.query.filter_by(serial=self.serial1).first()
self.assertTrue(db_token is None, db_token)
def test_38_last_auth(self):
db_token = Token("lastauth001", tokentype="spass", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
tdelta = datetime.timedelta(days=1)
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.now(tzlocal()) - tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
self.assertTrue(r)
# Old time format
# lastauth_alt = datetime.datetime.utcnow().isoformat()
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.utcnow() - tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
self.assertTrue(r)
# Test a fault last_auth entry does not computer to True
token_obj.add_tokeninfo(ACTION.LASTAUTH, "faulty format")
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
token_obj.delete_token()
def test_39_generate_sym_key(self):
db_token = Token("symkey", tokentype="no_matter", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
key = token_obj.generate_symmetric_key("1234567890", "abc")
self.assertEqual(key, "1234567abc")
self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234",
"1234")
self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234",
"12345")
# Now run the init/update process
# 1. step
token_obj.update({"2stepinit": "1", "genkey": "1"})
self.assertEqual(db_token.rollout_state, "clientwait")
self.assertEqual(db_token.active, False)
serial = db_token.serial
details = token_obj.init_details
# 2. step
client_component = "AAAAAA"
token_obj.update({"serial": serial, "otpkey": client_component})
self.assertEqual(db_token.rollout_state, "")
self.assertEqual(db_token.active, True)
# Given a client component of K bytes, the base algorithm
# simply replaces the last K bytes of the server component
# with the client component.
server_component = details.get("otpkey")[:-len(client_component)]
expected_otpkey = server_component + client_component
self.assertEqual(db_token.get_otpkey().getKey(), expected_otpkey)
token_obj.delete_token()
def test_39_generate_sym_key(self):
db_token = Token("symkey", tokentype="no_matter", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
key = token_obj.generate_symmetric_key("1234567890", "abc")
self.assertEqual(key, "1234567abc")
self.assertRaises(Exception, token_obj.generate_symmetric_key,
"1234", "1234")
self.assertRaises(Exception, token_obj.generate_symmetric_key,
"1234", "12345")
# Now run the init/update process
# 1. step
token_obj.update({"2stepinit": "1",
"genkey": "1"
})
self.assertEqual(db_token.rollout_state, "clientwait")
self.assertEqual(db_token.active, False)
serial = db_token.serial
details = token_obj.init_details
server_component = details.get("otpkey")
# 2. step
client_component = "AAAAAA"
token_obj.update({"serial": serial,
"otpkey": client_component
})
self.assertEqual(db_token.rollout_state, "")
self.assertEqual(db_token.active, True)
token_obj.delete_token()
def test_39_generate_sym_key(self):
db_token = Token("symkey", tokentype="no_matter", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
key = token_obj.generate_symmetric_key("1234567890", "abc")
self.assertEqual(key, "1234567abc")
self.assertRaises(Exception, token_obj.generate_symmetric_key,
"1234", "1234")
self.assertRaises(Exception, token_obj.generate_symmetric_key,
"1234", "12345")
# Now run the init/update process
# 1. step
token_obj.update({"2stepinit": "1",
"genkey": "1"
})
self.assertEqual(db_token.rollout_state, "clientwait")
self.assertEqual(db_token.active, False)
serial = db_token.serial
details = token_obj.init_details
server_component = details.get("otpkey")
# 2. step
client_component = "AAAAAA"
token_obj.update({"serial": serial,
"otpkey": client_component
})
self.assertEqual(db_token.rollout_state, "")
self.assertEqual(db_token.active, True)
token_obj.delete_token()
def test_40_failcounter_exceeded(self):
from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED,
FAILCOUNTER_CLEAR_TIMEOUT)
db_token = Token("failcounter", tokentype="spass")
db_token.save()
token_obj = TokenClass(db_token)
for i in range(0, 11):
token_obj.inc_failcount()
now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT)
# Now the FAILCOUNTER_EXCEEDED is set
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
# We only compare the date
self.assertEqual(ti[:10], now[:10])
# and the timezone
self.assertEqual(ti[-5:], now[-5:])
# reset the failcounter
token_obj.reset()
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
self.assertEqual(ti, None)
# Now check with failcounter clear, with timeout 5 minutes
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5)
token_obj.set_failcount(10)
failed_recently = (datetime.datetime.now(tzlocal()) -
datetime.timedelta(minutes=3)).strftime(DATE_FORMAT)
token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently)
r = token_obj.check_failcount()
# the fail is only 3 minutes ago, so we will not reset and check will
# be false
self.assertFalse(r)
# Set the timeout to a shorter value
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2)
r = token_obj.check_failcount()
# The fail is longer ago.
self.assertTrue(r)
# The tokeninfo of this token is deleted and the failcounter is 0
self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None)
self.assertEqual(token_obj.get_failcount(), 0)
token_obj.delete_token()
def test_40_failcounter_exceeded(self):
from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED,
FAILCOUNTER_CLEAR_TIMEOUT)
db_token = Token("failcounter", tokentype="spass")
db_token.save()
token_obj = TokenClass(db_token)
for i in range(0, 11):
token_obj.inc_failcount()
now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT)
# Now the FAILCOUNTER_EXCEEDED is set
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
# We only compare the date
self.assertEqual(ti[:10], now[:10])
# and the timezone
self.assertEqual(ti[-5:], now[-5:])
# reset the failcounter
token_obj.reset()
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
self.assertEqual(ti, None)
# Now check with failcounter clear, with timeout 5 minutes
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5)
token_obj.set_failcount(10)
failed_recently = (datetime.datetime.now(tzlocal()) -
datetime.timedelta(minutes=3)).strftime(DATE_FORMAT)
token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently)
r = token_obj.check_failcount()
# the fail is only 3 minutes ago, so we will not reset and check will
# be false
self.assertFalse(r)
# Set the timeout to a shorter value
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2)
r = token_obj.check_failcount()
# The fail is longer ago.
self.assertTrue(r)
# The tokeninfo of this token is deleted and the failcounter is 0
self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None)
self.assertEqual(token_obj.get_failcount(), 0)
token_obj.delete_token()
def test_38_last_auth(self):
db_token = Token("lastauth001", tokentype="spass", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
tdelta = datetime.timedelta(days=1)
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.now(tzlocal())-tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
self.assertTrue(r)
# Old time format
# lastauth_alt = datetime.datetime.utcnow().isoformat()
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.utcnow() - tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
token_obj.delete_token()
def test_39_generate_sym_key(self):
db_token = Token("symkey", tokentype="no_matter", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
key = token_obj.generate_symmetric_key("1234567890", "abc")
self.assertEqual(key, "1234567abc")
self.assertRaises(Exception, token_obj.generate_symmetric_key,
"1234", "1234")
self.assertRaises(Exception, token_obj.generate_symmetric_key,
"1234", "12345")
# Now run the init/update process
# 1. step
token_obj.update({"2stepinit": "1",
"genkey": "1"
})
self.assertEqual(db_token.rollout_state, "clientwait")
self.assertEqual(db_token.active, False)
serial = db_token.serial
details = token_obj.init_details
# 2. step
client_component = "AAAAAA"
token_obj.update({"serial": serial,
"otpkey": client_component
})
self.assertEqual(db_token.rollout_state, "")
self.assertEqual(db_token.active, True)
# Given a client component of K bytes, the base algorithm
# simply replaces the last K bytes of the server component
# with the client component.
server_component = details.get("otpkey")[:-len(client_component)]
expected_otpkey = server_component + client_component
self.assertEqual(to_unicode(db_token.get_otpkey().getKey()),
expected_otpkey)
token_obj.delete_token()
def test_37_is_orphaned(self):
resolver = "orphreso"
realm = "orphrealm"
rid = save_resolver({"resolver": resolver,
"type": "passwdresolver",
"fileName": PWFILE})
self.assertTrue(rid > 0, rid)
(added, failed) = set_realm(realm,
[resolver])
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 1)
# Assign token to user "cornelius" "realm1", "resolver1" "uid=1000
db_token = Token("orphaned", tokentype="spass", userid=1000,
resolver=resolver, realm=realm)
db_token.save()
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertFalse(orph)
# clean up token
token_obj.delete_token()
# Assign a token to a user in a resolver. user_id does not exist
db_token = Token("orphaned", tokentype="spass", userid=872812,
resolver=resolver, realm=realm)
db_token.save()
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertTrue(orph)
# clean up token
token_obj.delete_token()
# A token, which a resolver name, that does not exist anymore
db_token = Token("orphaned", tokentype="spass", userid=1000,
resolver=resolver, realm=realm)
db_token.save()
# delete the realm
delete_realm(realm)
# token is orphaned
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertTrue(orph)
# delete the resolver
delete_resolver(resolver)
# token is orphaned
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertTrue(orph)
# clean up token
token_obj.delete_token()
def test_37_is_orphaned(self):
resolver = "orphreso"
realm = "orphrealm"
rid = save_resolver({"resolver": resolver,
"type": "passwdresolver",
"fileName": PWFILE})
self.assertTrue(rid > 0, rid)
(added, failed) = set_realm(realm,
[resolver])
self.assertTrue(len(failed) == 0)
self.assertTrue(len(added) == 1)
# Assign token to user "cornelius" "realm1", "resolver1" "uid=1000
db_token = Token("orphaned", tokentype="spass", userid=1000,
resolver=resolver, realm=realm)
db_token.save()
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertFalse(orph)
# clean up token
token_obj.delete_token()
# Assign a token to a user in a resolver. user_id does not exist
db_token = Token("orphaned", tokentype="spass", userid=872812,
resolver=resolver, realm=realm)
db_token.save()
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertTrue(orph)
# clean up token
token_obj.delete_token()
# A token, which a resolver name, that does not exist anymore
db_token = Token("orphaned", tokentype="spass", userid=1000,
resolver=resolver, realm=realm)
db_token.save()
# delete the realm
delete_realm(realm)
# token is orphaned
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertTrue(orph)
# delete the resolver
delete_resolver(resolver)
# token is orphaned
token_obj = TokenClass(db_token)
orph = token_obj.is_orphaned()
self.assertTrue(orph)
# clean up token
token_obj.delete_token()
def test_42_has_further_challenge(self):
db_token = Token("furhterchallenge", tokentype="spass")
db_token.save()
token_obj = TokenClass(db_token)
self.assertFalse(token_obj.has_further_challenge())
token_obj.delete_token()