def test_17_update_token(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
# Failed update: genkey wrong
self.assertRaises(Exception,
token.update,
{"description": "new desc",
"genkey": "17"})
# Failed update: genkey and otpkey used at the same time
self.assertRaises(Exception,
token.update,
{"otpkey": "123456",
"genkey": "1"})
token.update({"otpkey": "123456",
"pin": "654321",
"otplen": 6})
self.assertTrue(token.check_pin("654321"))
self.assertTrue(token.token.otplen == 6)
# save pin encrypted
token.update({"genkey": 1,
"pin": "secret",
"encryptpin": "true"})
# check if the PIN is encrypted
self.assertTrue(token.token.pin_hash.startswith("@@"),
token.token.pin_hash)
# update token without otpkey
token.update({"description": "test"})
def authenticate(self, passw, user=None, options=None):
"""
do the authentication on base of password / otp and user and
options, the request parameters.
Here we contact the other privacyIDEA server to validate the OtpVal.
:param passw: the password / otp
:param user: the requesting user
:param options: the additional request parameters
:return: tuple of (success, otp_count - 0 or -1, reply)
"""
res = False
otp_counter = -1
reply = None
otpval = passw
# should we check the pin localy?
if self.check_pin_local:
(_res, pin, otpval) = self.split_pin_pass(passw, user, options=options)
if not TokenClass.check_pin(self, pin):
return False, otp_counter, {"message": "Wrong PIN"}
otp_count = self.check_otp(otpval, options=options)
if otp_count >= 0:
res = True
reply = {"message": "matching 1 tokens", "serial": self.get_serial(), "type": self.get_tokentype()}
else:
reply = {"message": "remote side denied access"}
return res, otp_count, reply
def test_19_pin_otp_functions(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = TokenClass(db_token)
self.assertTrue(db_token.otplen == 6, 6)
(res, pin, otp) = token.split_pin_pass("test123456")
self.assertTrue(pin == "test", pin)
self.assertTrue(otp == "123456", otp)
self.assertTrue(token.check_pin(pin), pin)
self.assertTrue(token.check_otp("123456") == -1)
res = token.authenticate("test123456")
self.assertTrue(res == (True, -1, None), res)
def authenticate(self, passw, user=None, options=None):
"""
do the authentication on base of password / otp and user and
options, the request parameters.
Here we contact the other privacyIDEA server to validate the OtpVal.
:param passw: the password / otp
:param user: the requesting user
:param options: the additional request parameters
:return: tuple of (success, otp_count - 0 or -1, reply)
"""
res = False
otp_counter = -1
reply = None
otpval = passw
# should we check the pin localy?
if self.check_pin_local:
(_res, pin, otpval) = self.split_pin_pass(passw,
user,
options=options)
if not TokenClass.check_pin(self, pin):
return False, otp_counter, {'message': "Wrong PIN"}
otp_count = self.check_otp(otpval, options=options)
if otp_count >= 0:
res = True
reply = {
'message': 'matching 1 tokens',
'serial': self.get_serial(),
'type': self.get_tokentype()
}
else:
reply = {'message': 'remote side denied access'}
return res, otp_count, reply
def test_15_check_pin(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.set_pin("test")
self.assertTrue(token.check_pin("test"))
self.assertFalse(token.check_pin("wrong pin"))
