def test_13_check_otp(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
token.update({"otpkey": self.otpkey, "pin": "test", "otplen": 6})
# OTP does not exist
self.assertTrue(token.check_otp_exist(_digi2daplug("222333")) == -1)
# OTP does exist
res = token.check_otp_exist(_digi2daplug("969429"))
self.assertTrue(res == 3, res)
def test_13_check_otp(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
token.update({"otpkey": self.otpkey, "pin": "test", "otplen": 6})
# OTP does not exist
self.assertEquals(token.check_otp_exist(_digi2daplug("222333")), -1)
# OTP does exist
res = token.check_otp_exist(_digi2daplug("969429"))
self.assertEquals(res, 3, res)
def test_19_pin_otp_functions(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = DaplugTokenClass(db_token)
# check OTP according to RFC 4226
"""
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489
"""
token.update({"otpkey": self.otpkey})
self.assertTrue(db_token.otplen == 6, 6)
set_prepend_pin()
res, pin, otp = token.split_pin_pass("test" + _digi2daplug("123456"))
self.assertTrue(pin == "test", pin)
self.assertTrue(otp == _digi2daplug("123456"), otp)
self.assertTrue(token.check_pin(pin), pin)
check = token.check_otp(_digi2daplug("755224"), counter=0, window=10)
self.assertTrue(check == 0, check)
self.assertTrue(token.check_otp(_digi2daplug("287082"), counter=1, window=10) == 1)
# The 6th counter:
self.assertTrue(token.check_otp(_digi2daplug("287922"), counter=2, window=10) == 6)
# The tokenclass itself saves the counter to the database
self.assertTrue(token.token.count == 7, token.token.count)
# successful authentication
res = token.authenticate("test" + _digi2daplug("399871"))
# This is the OTP value of the counter=8
self.assertTrue(res == (True, 8, None), res)
token.set_otp_count(0)
# get the OTP value for counter 0
res = token.get_otp()
self.assertTrue(res[0] == 1, res)
self.assertTrue(res[1] == -1, res)
self.assertTrue(res[2] == _digi2daplug("755224"), res)
res = token.get_multi_otp()
self.assertTrue(res[0] is False, res)
token.update({"otpkey": self.otpkey, "otplen": 6})
token.token.count = 0
res = token.get_multi_otp(count=5)
self.assertTrue(res[0], res)
self.assertTrue(res[1] == "OK", res)
self.assertTrue(res[2].get("otp").get(1) == _digi2daplug("287082"), res[2])
self.assertTrue(res[2].get("type") == "daplug", res)
# do some failing otp checks
token.token.otplen = "invalid otp counter"
self.assertRaises(Exception, token.check_otp, _digi2daplug("123456"))
token.token.otplen = 0
def test_14_split_pin_pass(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
token.token.otplen = 6
# postpend pin
set_prepend_pin(False)
_res, pin, value = token.split_pin_pass(_digi2daplug("222333")+"test")
self.assertTrue(pin == "test", pin)
self.assertTrue(value == _digi2daplug("222333"), value)
# prepend pin
set_prepend_pin(True)
_res, pin, value = token.split_pin_pass("test"+_digi2daplug("222333"))
self.assertTrue(pin == "test", pin)
self.assertTrue(value == _digi2daplug("222333"), value)
def test_14_split_pin_pass(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
token.token.otplen = 6
# postpend pin
set_prepend_pin(False)
_res, pin, value = token.split_pin_pass(_digi2daplug("222333")+"test")
self.assertTrue(pin == "test", pin)
self.assertTrue(value == _digi2daplug("222333"), value)
# prepend pin
set_prepend_pin(True)
_res, pin, value = token.split_pin_pass("test"+_digi2daplug("222333"))
self.assertTrue(pin == "test", pin)
self.assertTrue(value == _digi2daplug("222333"), value)
def test_20_check_challenge_response(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = DaplugTokenClass(db_token)
r = token.check_challenge_response(user=None, passw=_digi2daplug("123454"))
# check empty challenges
self.assertTrue(r == -1, r)
# create a challenge and match the transaction_id
c = Challenge(self.serial1, transaction_id="mytransaction", challenge="Blah, what now?")
# save challenge to the database
c.save()
r = token.check_challenge_response(user=None, passw=_digi2daplug("123454"), options={"state": "mytransaction"})
# The challenge matches, but the OTP does not match!
self.assertTrue(r == -1, r)
def test_18_challenges(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
resp = token.is_challenge_response(User(login="******",
realm=self.realm1),
"test"+_digi2daplug("123456"))
self.assertFalse(resp, resp)
resp = token.is_challenge_response(User(login="******",
realm=self.realm1),
"test"+_digi2daplug("123456"),
options={"transaction_id":
"123456789"})
self.assertTrue(resp, resp)
# test if challenge is valid
C = Challenge("S123455", transaction_id="tid", challenge="Who are you?")
C.save()
def test_18_challenges(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
resp = token.is_challenge_response(User(login="******",
realm=self.realm1),
"test"+_digi2daplug("123456"))
self.assertFalse(resp, resp)
resp = token.is_challenge_response(User(login="******",
realm=self.realm1),
"test"+_digi2daplug("123456"),
options={"transaction_id":
"123456789"})
self.assertTrue(resp, resp)
# test if challenge is valid
C = Challenge("S123455", transaction_id="tid", challenge="Who are you?")
C.save()
def test_20_check_challenge_response(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = DaplugTokenClass(db_token)
r = token.check_challenge_response(user=None,
passw=_digi2daplug("123454"))
# check empty challenges
self.assertTrue(r == -1, r)
# create a challenge and match the transaction_id
c = Challenge(self.serial1, transaction_id="mytransaction",
challenge="Blah, what now?")
# save challenge to the database
c.save()
r = token.check_challenge_response(user=None,
passw=_digi2daplug("123454"),
options={"state": "mytransaction"})
# The challenge matches, but the OTP does not match!
self.assertTrue(r == -1, r)
def test_22_autosync(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
set_privacyidea_config("AutoResync", True)
token.update({"otpkey": self.otpkey,
"otplen": 6})
token.token.count = 0
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("399871"))
self.assertTrue(r == -1, r)
# counter = 9, will be autosynced.
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == 9, r)
# Autosync with a gap in the next otp value will fail
token.token.count = 0
# Just try some bullshit config value
set_privacyidea_config("AutoResyncTimeout", "totally not a number")
# counter = 7, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("162583"))
self.assertTrue(r == -1, r)
# counter = 9, will NOT _autosync
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == -1, r)
# Autosync fails, if dueDate is over
token.token.count = 0
set_privacyidea_config("AutoResyncTimeout", 0)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("399871"))
self.assertTrue(r == -1, r)
# counter = 9, is the next value, but duedate is over.
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == -1, r)
# No _autosync
set_privacyidea_config("AutoResync", False)
token.token.count = 0
# counter = 8, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("399871"))
self.assertTrue(r == -1, r)
# counter = 9, will not be autosynced
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == -1, r)
def test_22_autosync(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
set_privacyidea_config("AutoResync", True)
token.update({"otpkey": self.otpkey,
"otplen": 6})
token.token.count = 0
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("399871"))
self.assertTrue(r == -1, r)
# counter = 9, will be autosynced.
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == 9, r)
# Autosync with a gap in the next otp value will fail
token.token.count = 0
# Just try some bullshit config value
set_privacyidea_config("AutoResyncTimeout", "totally not a number")
# counter = 7, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("162583"))
self.assertTrue(r == -1, r)
# counter = 9, will NOT _autosync
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == -1, r)
# Autosync fails, if dueDate is over
token.token.count = 0
set_privacyidea_config("AutoResyncTimeout", 0)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("399871"))
self.assertTrue(r == -1, r)
# counter = 9, is the next value, but duedate is over.
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == -1, r)
# No _autosync
set_privacyidea_config("AutoResync", False)
token.token.count = 0
# counter = 8, is out of sync
r = token.check_otp(anOtpVal=_digi2daplug("399871"))
self.assertTrue(r == -1, r)
# counter = 9, will not be autosynced
r = token.check_otp(anOtpVal=_digi2daplug("520489"))
self.assertTrue(r == -1, r)
def test_23_resync(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
token.update({"otpkey": self.otpkey, "otplen": 6})
token.token.count = 0
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8: 399871
# counter = 9: 520489
# Successful resync
r = token.resync(_digi2daplug("399871"), _digi2daplug("520489"))
self.assertTrue(r is True, r)
# resync fails
token.token.count = 0
self.assertFalse(token.resync(_digi2daplug("399871"), _digi2daplug("123456")))
# resync fails, the two correct OTP values are outside of the sync
# window
token.token.count = 0
token.set_sync_window(5)
self.assertFalse(token.resync(_digi2daplug("399871"), _digi2daplug("520489")))
def test_23_resync(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
token.update({"otpkey": self.otpkey, "otplen": 6})
token.token.count = 0
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8: 399871
# counter = 9: 520489
# Successful resync
r = token.resync(_digi2daplug("399871"), _digi2daplug("520489"))
self.assertTrue(r is True, r)
# resync fails
token.token.count = 0
self.assertFalse(
token.resync(_digi2daplug("399871"), _digi2daplug("123456")))
# resync fails, the two correct OTP values are outside of the sync
# window
token.token.count = 0
token.set_sync_window(5)
self.assertFalse(
token.resync(_digi2daplug("399871"), _digi2daplug("520489")))
def test_04_base_methods(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
self.assertTrue(token.check_otp(_digi2daplug("123456"), 1, 10) == -1)
c = token.create_challenge("transactionid")
self.assertTrue(c[0], c)
self.assertTrue("transactionid" in c[2], c)
# set the description
token.set_description("something new")
self.assertTrue(token.token.description == "something new",
token.token)
# set defaults
token.set_defaults()
self.assertTrue(token.token.otplen == 6)
self.assertTrue(token.token.sync_window == 1000)
token.resync(_digi2daplug("1234"), _digi2daplug("3456"))
token.token.count_window = 17
self.assertTrue(token.get_otp_count_window() == 17)
token.token.count = 18
self.assertTrue(token.get_otp_count() == 18)
token.token.active = False
self.assertTrue(token.is_active() is False)
token.token.failcount = 7
self.assertTrue(token.get_failcount() == 7)
token.set_failcount(8)
self.assertTrue(token.token.failcount == 8)
token.token.maxfail = 12
self.assertTrue(token.get_max_failcount() == 12)
self.assertTrue(token.get_user_id() == token.token.user_id)
self.assertTrue(token.get_serial() == "SE123456", token.token.serial)
self.assertTrue(token.get_tokentype() == "daplug",
token.token.tokentype)
token.set_so_pin("sopin")
token.set_user_pin("userpin")
token.set_otpkey(self.otpkey)
token.set_otplen(8)
token.set_otp_count(1000)
self.assertTrue(len(token.token.so_pin) == 32,
token.token.so_pin)
self.assertTrue(len(token.token.user_pin) == 32,
token.token.user_pin)
self.assertTrue(len(token.token.key_enc) == 192,
token.token.key_enc)
self.assertTrue(token.get_otplen() == 8)
self.assertTrue(token.token.count == 1000,
token.token.count)
token.set_maxfail(1000)
self.assertTrue(token.token.maxfail == 1000)
token.set_count_window(52)
self.assertTrue(token.get_count_window() == 52)
token.set_sync_window(53)
self.assertTrue(token.get_sync_window() == 53)
def test_04_base_methods(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = DaplugTokenClass(db_token)
self.assertTrue(token.check_otp(_digi2daplug("123456"), 1, 10) == -1)
c = token.create_challenge("transactionid")
self.assertTrue(c[0], c)
self.assertTrue("transactionid" in c[2], c)
# set the description
token.set_description("something new")
self.assertTrue(token.token.description == "something new",
token.token)
# set defaults
token.set_defaults()
self.assertTrue(token.token.otplen == 6)
self.assertTrue(token.token.sync_window == 1000)
token.resync(_digi2daplug("1234"), _digi2daplug("3456"))
token.token.count_window = 17
self.assertTrue(token.get_otp_count_window() == 17)
token.token.count = 18
self.assertTrue(token.get_otp_count() == 18)
token.token.active = False
self.assertTrue(token.is_active() is False)
token.token.failcount = 7
self.assertTrue(token.get_failcount() == 7)
token.set_failcount(8)
self.assertTrue(token.token.failcount == 8)
token.token.maxfail = 12
self.assertTrue(token.get_max_failcount() == 12)
self.assertEqual(token.get_user_id(),
token.token.owners.first().user_id)
self.assertTrue(token.get_serial() == "SE123456", token.token.serial)
self.assertTrue(token.get_tokentype() == "daplug",
token.token.tokentype)
token.set_so_pin("sopin")
token.set_user_pin("userpin")
token.set_otpkey(self.otpkey)
token.set_otplen(8)
token.set_otp_count(1000)
self.assertTrue(len(token.token.so_pin) == 32, token.token.so_pin)
self.assertTrue(len(token.token.user_pin) == 32, token.token.user_pin)
self.assertTrue(len(token.token.key_enc) == 192, token.token.key_enc)
self.assertTrue(token.get_otplen() == 8)
self.assertTrue(token.token.count == 1000, token.token.count)
token.set_maxfail(1000)
self.assertTrue(token.token.maxfail == 1000)
token.set_count_window(52)
self.assertTrue(token.get_count_window() == 52)
token.set_sync_window(53)
self.assertTrue(token.get_sync_window() == 53)
def test_19_pin_otp_functions(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = DaplugTokenClass(db_token)
# check OTP according to RFC 4226
"""
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489
"""
token.update({"otpkey": self.otpkey})
self.assertTrue(db_token.otplen == 6, 6)
set_prepend_pin()
res, pin, otp = token.split_pin_pass("test" + _digi2daplug("123456"))
self.assertTrue(pin == "test", pin)
self.assertTrue(otp == _digi2daplug("123456"), otp)
self.assertTrue(token.check_pin(pin), pin)
check = token.check_otp(_digi2daplug("755224"), counter=0, window=10)
self.assertTrue(check == 0, check)
self.assertTrue(
token.check_otp(_digi2daplug("287082"), counter=1, window=10) == 1)
# The 6th counter:
self.assertTrue(
token.check_otp(_digi2daplug("287922"), counter=2, window=10) == 6)
# The tokenclass itself saves the counter to the database
self.assertTrue(token.token.count == 7, token.token.count)
# successful authentication
res = token.authenticate("test" + _digi2daplug("399871"))
# This is the OTP value of the counter=8
self.assertTrue(res == (True, 8, None), res)
token.set_otp_count(0)
# get the OTP value for counter 0
res = token.get_otp()
self.assertTrue(res[0] == 1, res)
self.assertTrue(res[1] == -1, res)
self.assertTrue(res[2] == _digi2daplug("755224"), res)
res = token.get_multi_otp()
self.assertTrue(res[0] is False, res)
token.update({"otpkey": self.otpkey, "otplen": 6})
token.token.count = 0
res = token.get_multi_otp(count=5)
self.assertTrue(res[0], res)
self.assertTrue(res[1] == "OK", res)
self.assertTrue(res[2].get("otp").get(1) == _digi2daplug("287082"),
res[2])
self.assertTrue(res[2].get("type") == "daplug", res)
# do some failing otp checks
token.token.otplen = "invalid otp counter"
self.assertRaises(Exception, token.check_otp, _digi2daplug("123456"))
token.token.otplen = 0
