def test_26_is_previous_otp(self):
# check if the OTP was used prebiously
serial = "previous"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.set_otpkey(self.otpkey)
token.set_otplen(6)
token.save()
"""
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489
10 403154
"""
r = token.check_otp("969429")
self.assertEqual(r, 3)
r = token.is_previous_otp("755224")
self.assertEqual(r, True)
r = token.is_previous_otp("254676")
self.assertEqual(r, False)
r = token.check_otp("254676")
self.assertEqual(r, 5)
def test_26_is_previous_otp(self):
# check if the OTP was used prebiously
serial = "previous"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.set_otpkey(self.otpkey)
token.set_otplen(6)
token.save()
"""
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489
10 403154
"""
r = token.check_otp("969429")
self.assertEqual(r, 3)
r = token.is_previous_otp("755224")
self.assertEqual(r, True)
r = token.is_previous_otp("254676")
self.assertEqual(r, False)
r = token.check_otp("254676")
self.assertEqual(r, 5)
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
check the otpval of a token against a given counter
and the window
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
"""
options = options or {}
ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window,
options)
if ret < 0 and is_true(get_from_config("sms.concurrent_challenges")):
if options.get("data") == anOtpVal:
# We authenticate from the saved challenge
ret = 1
if ret >= 0 and self._get_auto_sms(options):
message = self._get_sms_text(options)
self.inc_otp_counter(ret, reset=False)
success, message = self._send_sms(message=message)
log.debug("AutoSMS: send new SMS: {0!s}".format(success))
log.debug("AutoSMS: {0!r}".format(message))
return ret
def test_22_autosync(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
set_privacyidea_config("AutoResync", True)
token.update({"otpkey": self.otpkey,
"otplen": 6})
token.token.count = 0
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal="399871")
self.assertTrue(r == -1, r)
# counter = 9, will be autosynced.
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == 9, r)
# counter = 10, has also to authenticate! The counter of the token is
# set.
r = token.check_otp(anOtpVal="403154")
self.assertTrue(r == 10, r)
self.assertEqual(token.token.count, 11)
# Autosync with a gap in the next otp value will fail
token.token.count = 0
# Just try some bullshit config value
set_privacyidea_config("AutoResyncTimeout", "totally not a number")
# counter = 7, is out of sync
r = token.check_otp(anOtpVal="162583")
self.assertTrue(r == -1, r)
# counter = 9, will NOT _autosync
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == -1, r)
# Autosync fails, if dueDate is over
token.token.count = 0
set_privacyidea_config("AutoResyncTimeout", 0)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal="399871")
self.assertTrue(r == -1, r)
# counter = 9, is the next value, but duedate is over.
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == -1, r)
# No _autosync
set_privacyidea_config("AutoResync", False)
token.token.count = 0
# counter = 8, is out of sync
r = token.check_otp(anOtpVal="399871")
self.assertTrue(r == -1, r)
# counter = 9, will not be autosynced
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == -1, r)
def test_22_autosync(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
set_privacyidea_config("AutoResync", True)
token.update({"otpkey": self.otpkey,
"otplen": 6})
token.token.count = 0
token.set_sync_window(10)
token.set_count_window(5)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal="399871")
self.assertTrue(r == -1, r)
# counter = 9, will be autosynced.
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == 9, r)
# counter = 10, has also to authenticate! The counter of the token is
# set.
r = token.check_otp(anOtpVal="403154")
self.assertTrue(r == 10, r)
self.assertEqual(token.token.count, 11)
# Autosync with a gap in the next otp value will fail
token.token.count = 0
# Just try some bullshit config value
set_privacyidea_config("AutoResyncTimeout", "totally not a number")
# counter = 7, is out of sync
r = token.check_otp(anOtpVal="162583")
self.assertTrue(r == -1, r)
# counter = 9, will NOT _autosync
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == -1, r)
# Autosync fails, if dueDate is over
token.token.count = 0
set_privacyidea_config("AutoResyncTimeout", 0)
# counter = 8, is out of sync
r = token.check_otp(anOtpVal="399871")
self.assertTrue(r == -1, r)
# counter = 9, is the next value, but duedate is over.
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == -1, r)
# No _autosync
set_privacyidea_config("AutoResync", False)
token.token.count = 0
# counter = 8, is out of sync
r = token.check_otp(anOtpVal="399871")
self.assertTrue(r == -1, r)
# counter = 9, will not be autosynced
r = token.check_otp(anOtpVal="520489")
self.assertTrue(r == -1, r)
def test_25_sha256_token(self):
# taken from https://tools.ietf.org/html/rfc6238#appendix-B
serial = "sha25T"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.set_otpkey(binascii.hexlify("12345678901234567890"))
token.set_hashlib("sha256")
token.set_otplen(8)
token.save()
# get it from the database again
# 59 | 1970-01-01 | 0000000000000001 | 46119246 | SHA256 |
db_token = Token.query.filter_by(serial=serial).first()
token = HotpTokenClass(db_token)
r = token.check_otp("46119246")
self.assertTrue(r)
# 00000000023523ED | 67062674 | SHA256 |
token.set_otp_count(0x00000000023523ED - 1)
token.save()
token.check_otp("67062674")
def test_25_sha256_token(self):
# taken from https://tools.ietf.org/html/rfc6238#appendix-B
serial = "sha25T"
db_token = Token(serial, tokentype="hotp")
db_token.save()
token = HotpTokenClass(db_token)
token.set_otpkey(binascii.hexlify("12345678901234567890"))
token.set_hashlib("sha256")
token.set_otplen(8)
token.save()
# get it from the database again
# 59 | 1970-01-01 | 0000000000000001 | 46119246 | SHA256 |
db_token = Token.query.filter_by(serial=serial).first()
token = HotpTokenClass(db_token)
r = token.check_otp("46119246")
self.assertTrue(r)
# 00000000023523ED | 67062674 | SHA256 |
token.set_otp_count(0x00000000023523ED - 1)
token.save()
token.check_otp("67062674")
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
checkOtp - validate the token otp against a given otpvalue
:param anOtpVal: the otpvalue to be verified
:type anOtpVal: string, format: efekeiebekeh
:param counter: the counter state, that should be verified
:type counter: int
:param window: the counter +window, which should be checked
:type window: int
:param options: the dict, which could contain token specific info
:type options: dict
:return: the counter state or -1
:rtype: int
"""
# convert OTP value
otp = _daplug2digit(anOtpVal)
res = HotpTokenClass.check_otp(self, otp, counter, window, options)
return res
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
checkOtp - validate the token otp against a given otpvalue
:param anOtpVal: the otpvalue to be verified
:type anOtpVal: string, format: efekeiebekeh
:param counter: the counter state, that should be verified
:type counter: int
:param window: the counter +window, which should be checked
:type window: int
:param options: the dict, which could contain token specific info
:type options: dict
:return: the counter state or -1
:rtype: int
"""
# convert OTP value
otp = _daplug2digit(anOtpVal)
res = HotpTokenClass.check_otp(self, otp, counter, window, options)
return res
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
check the otpval of a token against a given counter
and the window
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
"""
options = options or {}
ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options)
if ret >= 0 and self._get_auto_sms(options):
message = self._get_sms_text(options)
self.inc_otp_counter(ret, reset=False)
success, message = self._send_sms(message=message)
log.debug("AutoSMS: send new SMS: {0!s}".format(success))
log.debug("AutoSMS: {0!r}".format(message))
return ret
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
check the otpval of a token against a given counter
and the window
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
"""
options = options or {}
ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window,
options)
if ret >= 0 and self._get_auto_sms(options):
message = self._get_sms_text(options)
self.inc_otp_counter(ret, reset=False)
success, message = self._send_sms(message=message)
log.debug("AutoSMS: send new SMS: {0!s}".format(success))
log.debug("AutoSMS: {0!s}".format(message))
return ret
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
check the otpval of a token against a given counter
and the window
:param passw: the to be verified passw/pin
:type passw: string
:return: counter if found, -1 if not found
:rtype: int
"""
options = options or {}
ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options)
if ret < 0 and is_true(get_from_config("sms.concurrent_challenges")):
if options.get("data") == anOtpVal:
# We authenticate from the saved challenge
ret = 1
if ret >= 0 and self._get_auto_sms(options):
message = self._get_sms_text(options)
self.inc_otp_counter(ret, reset=False)
success, message = self._send_sms(message=message)
log.debug("AutoSMS: send new SMS: {0!s}".format(success))
log.debug("AutoSMS: {0!r}".format(message))
return ret
def test_19_pin_otp_functions(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = HotpTokenClass(db_token)
# check OTP according to RFC 4226
"""
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489
"""
token.update({"otpkey": self.otpkey})
self.assertTrue(db_token.otplen == 6, 6)
set_prepend_pin()
res, pin, otp = token.split_pin_pass("test123456")
self.assertTrue(pin == "test", pin)
self.assertTrue(otp == "123456", otp)
self.assertTrue(token.check_pin(pin), pin)
check = token.check_otp("755224", counter=0, window=10)
self.assertTrue(check == 0, check)
self.assertTrue(token.check_otp("287082", counter=1, window=10) == 1)
# The 6th counter:
self.assertTrue(token.check_otp("287922", counter=2, window=10) == 6)
# The tokenclass itself saves the counter to the database
self.assertTrue(token.token.count == 7, token.token.count)
# successful authentication
res = token.authenticate("test399871")
# This is the OTP value of the counter=8
self.assertTrue(res == (True, 8, None), res)
# try the same otp value again, will fail!
res = token.authenticate("test399871")
# This is the OTP value of the counter=8
self.assertTrue(res == (True, -1, None), res)
token.set_otp_count(0)
# get the OTP value for counter 0
res = token.get_otp()
self.assertTrue(res[0] == 1, res)
self.assertTrue(res[1] == -1, res)
self.assertTrue(res[2] == "755224", res)
res = token.get_multi_otp()
self.assertTrue(res[0] is False, res)
token.update({"otpkey": self.otpkey, "otplen": 6})
token.token.count = 0
res = token.get_multi_otp(count=5)
self.assertTrue(res[0], res)
self.assertTrue(res[1] == "OK", res)
self.assertTrue(res[2].get("otp").get(1) == "287082", res)
self.assertTrue(res[2].get("type") == "hotp", res)
# do some failing otp checks
token.token.otplen = "invalid otp counter"
self.assertRaises(Exception, token.check_otp, "123456")
token.token.otplen = 0
def test_04_base_methods(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge("transactionid")
self.assertTrue(c[0], c)
self.assertTrue("transactionid" in c[2], c)
# set the description
token.set_description("something new")
self.assertTrue(token.token.description == "something new",
token.token)
# set defaults
token.set_defaults()
self.assertTrue(token.token.otplen == 6)
self.assertTrue(token.token.sync_window == 1000)
token.resync("1234", "3456")
token.token.count_window = 17
self.assertTrue(token.get_otp_count_window() == 17)
token.token.count = 18
self.assertTrue(token.get_otp_count() == 18)
token.token.active = False
self.assertTrue(token.is_active() is False)
token.token.failcount = 7
self.assertTrue(token.get_failcount() == 7)
token.set_failcount(8)
self.assertTrue(token.token.failcount == 8)
token.token.maxfail = 12
self.assertTrue(token.get_max_failcount() == 12)
self.assertTrue(token.get_user_id() == token.token.user_id)
self.assertTrue(token.get_serial() == "SE123456", token.token.serial)
self.assertTrue(token.get_tokentype() == "hotp", token.token.tokentype)
token.set_so_pin("sopin")
token.set_user_pin("userpin")
token.set_otpkey(self.otpkey)
token.set_otplen(8)
token.set_otp_count(1000)
self.assertTrue(len(token.token.so_pin) == 32, token.token.so_pin)
self.assertTrue(len(token.token.user_pin) == 32, token.token.user_pin)
self.assertTrue(len(token.token.key_enc) == 192, token.token.key_enc)
self.assertTrue(token.get_otplen() == 8)
self.assertTrue(token.token.count == 1000, token.token.count)
token.set_maxfail(1000)
self.assertTrue(token.token.maxfail == 1000)
token.set_count_window(52)
self.assertTrue(token.get_count_window() == 52)
token.set_sync_window(53)
self.assertTrue(token.get_sync_window() == 53)
def test_19_pin_otp_functions(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
db_token.set_pin("test")
token = HotpTokenClass(db_token)
# check OTP according to RFC 4226
"""
Truncated
Count Hexadecimal Decimal HOTP
0 4c93cf18 1284755224 755224
1 41397eea 1094287082 287082
2 82fef30 137359152 359152
3 66ef7655 1726969429 969429
4 61c5938a 1640338314 338314
5 33c083d4 868254676 254676
6 7256c032 1918287922 287922
7 4e5b397 82162583 162583
8 2823443f 673399871 399871
9 2679dc69 645520489 520489
"""
token.update({"otpkey": self.otpkey})
self.assertTrue(db_token.otplen == 6, 6)
set_prepend_pin()
res, pin, otp = token.split_pin_pass("test123456")
self.assertTrue(pin == "test", pin)
self.assertTrue(otp == "123456", otp)
self.assertTrue(token.check_pin(pin), pin)
check = token.check_otp("755224", counter=0, window=10)
self.assertTrue(check == 0, check)
self.assertTrue(token.check_otp("287082", counter=1, window=10) == 1)
# The 6th counter:
self.assertTrue(token.check_otp("287922", counter=2, window=10) == 6)
# The tokenclass itself saves the counter to the database
self.assertTrue(token.token.count == 7, token.token.count)
# successful authentication
res = token.authenticate("test399871")
# This is the OTP value of the counter=8
self.assertTrue(res == (True, 8, None), res)
# try the same otp value again, will fail!
res = token.authenticate("test399871")
# This is the OTP value of the counter=8
self.assertTrue(res == (True, -1, None), res)
token.set_otp_count(0)
# get the OTP value for counter 0
res = token.get_otp()
self.assertTrue(res[0] == 1, res)
self.assertTrue(res[1] == -1, res)
self.assertTrue(res[2] == "755224", res)
res = token.get_multi_otp()
self.assertTrue(res[0] is False, res)
token.update({"otpkey": self.otpkey,
"otplen": 6})
token.token.count = 0
res = token.get_multi_otp(count=5)
self.assertTrue(res[0], res)
self.assertTrue(res[1] == "OK", res)
self.assertTrue(res[2].get("otp").get(1) == "287082", res)
self.assertTrue(res[2].get("type") == "hotp", res)
# do some failing otp checks
token.token.otplen = "invalid otp counter"
self.assertRaises(Exception, token.check_otp, "123456")
token.token.otplen = 0
def test_04_base_methods(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = HotpTokenClass(db_token)
self.assertTrue(token.check_otp("123456", 1, 10) == -1)
c = token.create_challenge("transactionid")
self.assertTrue(c[0], c)
self.assertTrue("transactionid" in c[2], c)
# set the description
token.set_description("something new")
self.assertTrue(token.token.description == "something new",
token.token)
# set defaults
token.set_defaults()
self.assertTrue(token.token.otplen == 6)
self.assertTrue(token.token.sync_window == 1000)
token.resync("1234", "3456")
token.token.count_window = 17
self.assertTrue(token.get_otp_count_window() == 17)
token.token.count = 18
self.assertTrue(token.get_otp_count() == 18)
token.token.active = False
self.assertTrue(token.is_active() is False)
token.token.failcount = 7
self.assertTrue(token.get_failcount() == 7)
token.set_failcount(8)
self.assertTrue(token.token.failcount == 8)
token.token.maxfail = 12
self.assertTrue(token.get_max_failcount() == 12)
self.assertTrue(token.get_user_id() == token.token.user_id)
self.assertTrue(token.get_serial() == "SE123456", token.token.serial)
self.assertTrue(token.get_tokentype() == "hotp",
token.token.tokentype)
token.set_so_pin("sopin")
token.set_user_pin("userpin")
token.set_otpkey(self.otpkey)
token.set_otplen(8)
token.set_otp_count(1000)
self.assertTrue(len(token.token.so_pin) == 32,
token.token.so_pin)
self.assertTrue(len(token.token.user_pin) == 32,
token.token.user_pin)
self.assertTrue(len(token.token.key_enc) == 192,
token.token.key_enc)
self.assertTrue(token.get_otplen() == 8)
self.assertTrue(token.token.count == 1000,
token.token.count)
token.set_maxfail(1000)
self.assertTrue(token.token.maxfail == 1000)
token.set_count_window(52)
self.assertTrue(token.get_count_window() == 52)
token.set_sync_window(53)
self.assertTrue(token.get_sync_window() == 53)