def test_26_is_previous_otp(self):
     # check if the OTP was used prebiously
     serial = "previous"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.set_otpkey(self.otpkey)
     token.set_otplen(6)
     token.save()
     """
                       Truncated
     Count    Hexadecimal    Decimal        HOTP
     0        4c93cf18       1284755224     755224
     1        41397eea       1094287082     287082
     2         82fef30        137359152     359152
     3        66ef7655       1726969429     969429
     4        61c5938a       1640338314     338314
     5        33c083d4        868254676     254676
     6        7256c032       1918287922     287922
     7         4e5b397         82162583     162583
     8        2823443f        673399871     399871
     9        2679dc69        645520489     520489
     10                                     403154
     """
     r = token.check_otp("969429")
     self.assertEqual(r, 3)
     r = token.is_previous_otp("755224")
     self.assertEqual(r, True)
     r = token.is_previous_otp("254676")
     self.assertEqual(r, False)
     r = token.check_otp("254676")
     self.assertEqual(r, 5)
 def test_26_is_previous_otp(self):
     # check if the OTP was used prebiously
     serial = "previous"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.set_otpkey(self.otpkey)
     token.set_otplen(6)
     token.save()
     """
                       Truncated
     Count    Hexadecimal    Decimal        HOTP
     0        4c93cf18       1284755224     755224
     1        41397eea       1094287082     287082
     2         82fef30        137359152     359152
     3        66ef7655       1726969429     969429
     4        61c5938a       1640338314     338314
     5        33c083d4        868254676     254676
     6        7256c032       1918287922     287922
     7         4e5b397         82162583     162583
     8        2823443f        673399871     399871
     9        2679dc69        645520489     520489
     10                                     403154
     """
     r = token.check_otp("969429")
     self.assertEqual(r, 3)
     r = token.is_previous_otp("755224")
     self.assertEqual(r, True)
     r = token.is_previous_otp("254676")
     self.assertEqual(r, False)
     r = token.check_otp("254676")
     self.assertEqual(r, 5)
Exemple #3
0
    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        check the otpval of a token against a given counter
        and the window

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        """
        options = options or {}
        ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window,
                                       options)
        if ret < 0 and is_true(get_from_config("sms.concurrent_challenges")):
            if options.get("data") == anOtpVal:
                # We authenticate from the saved challenge
                ret = 1
        if ret >= 0 and self._get_auto_sms(options):
            message = self._get_sms_text(options)
            self.inc_otp_counter(ret, reset=False)
            success, message = self._send_sms(message=message)
            log.debug("AutoSMS: send new SMS: {0!s}".format(success))
            log.debug("AutoSMS: {0!r}".format(message))
        return ret
    def test_22_autosync(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        set_privacyidea_config("AutoResync", True)
        token.update({"otpkey": self.otpkey,
                      "otplen": 6})
        token.token.count = 0
        token.set_sync_window(10)
        token.set_count_window(5)
        # counter = 8, is out of sync
        r = token.check_otp(anOtpVal="399871")
        self.assertTrue(r == -1, r)
        # counter = 9, will be autosynced.
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == 9, r)
        # counter = 10, has also to authenticate! The counter of the token is
        #  set.
        r = token.check_otp(anOtpVal="403154")
        self.assertTrue(r == 10, r)
        self.assertEqual(token.token.count, 11)

        # Autosync with a gap in the next otp value will fail
        token.token.count = 0
        # Just try some bullshit config value
        set_privacyidea_config("AutoResyncTimeout", "totally not a number")
        # counter = 7, is out of sync
        r = token.check_otp(anOtpVal="162583")
        self.assertTrue(r == -1, r)
        # counter = 9, will NOT _autosync
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == -1, r)

        # Autosync fails, if dueDate is over
        token.token.count = 0
        set_privacyidea_config("AutoResyncTimeout", 0)
        # counter = 8, is out of sync
        r = token.check_otp(anOtpVal="399871")
        self.assertTrue(r == -1, r)
        # counter = 9, is the next value, but duedate is over.
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == -1, r)

        # No _autosync
        set_privacyidea_config("AutoResync", False)
        token.token.count = 0
        # counter = 8, is out of sync
        r = token.check_otp(anOtpVal="399871")
        self.assertTrue(r == -1, r)
        # counter = 9, will not be autosynced
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == -1, r)
Exemple #5
0
    def test_22_autosync(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        set_privacyidea_config("AutoResync", True)
        token.update({"otpkey": self.otpkey,
                      "otplen": 6})
        token.token.count = 0
        token.set_sync_window(10)
        token.set_count_window(5)
        # counter = 8, is out of sync
        r = token.check_otp(anOtpVal="399871")
        self.assertTrue(r == -1, r)
        # counter = 9, will be autosynced.
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == 9, r)
        # counter = 10, has also to authenticate! The counter of the token is
        #  set.
        r = token.check_otp(anOtpVal="403154")
        self.assertTrue(r == 10, r)
        self.assertEqual(token.token.count, 11)

        # Autosync with a gap in the next otp value will fail
        token.token.count = 0
        # Just try some bullshit config value
        set_privacyidea_config("AutoResyncTimeout", "totally not a number")
        # counter = 7, is out of sync
        r = token.check_otp(anOtpVal="162583")
        self.assertTrue(r == -1, r)
        # counter = 9, will NOT _autosync
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == -1, r)

        # Autosync fails, if dueDate is over
        token.token.count = 0
        set_privacyidea_config("AutoResyncTimeout", 0)
        # counter = 8, is out of sync
        r = token.check_otp(anOtpVal="399871")
        self.assertTrue(r == -1, r)
        # counter = 9, is the next value, but duedate is over.
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == -1, r)

        # No _autosync
        set_privacyidea_config("AutoResync", False)
        token.token.count = 0
        # counter = 8, is out of sync
        r = token.check_otp(anOtpVal="399871")
        self.assertTrue(r == -1, r)
        # counter = 9, will not be autosynced
        r = token.check_otp(anOtpVal="520489")
        self.assertTrue(r == -1, r)
 def test_25_sha256_token(self):
     # taken from https://tools.ietf.org/html/rfc6238#appendix-B
     serial = "sha25T"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.set_otpkey(binascii.hexlify("12345678901234567890"))
     token.set_hashlib("sha256")
     token.set_otplen(8)
     token.save()
     # get it from the database again
     #    59     |  1970-01-01  | 0000000000000001 | 46119246 | SHA256 |
     db_token = Token.query.filter_by(serial=serial).first()
     token = HotpTokenClass(db_token)
     r = token.check_otp("46119246")
     self.assertTrue(r)
     # 00000000023523ED | 67062674 | SHA256 |
     token.set_otp_count(0x00000000023523ED - 1)
     token.save()
     token.check_otp("67062674")
 def test_25_sha256_token(self):
     # taken from https://tools.ietf.org/html/rfc6238#appendix-B
     serial = "sha25T"
     db_token = Token(serial, tokentype="hotp")
     db_token.save()
     token = HotpTokenClass(db_token)
     token.set_otpkey(binascii.hexlify("12345678901234567890"))
     token.set_hashlib("sha256")
     token.set_otplen(8)
     token.save()
     # get it from the database again
     #    59     |  1970-01-01  | 0000000000000001 | 46119246 | SHA256 |
     db_token = Token.query.filter_by(serial=serial).first()
     token = HotpTokenClass(db_token)
     r = token.check_otp("46119246")
     self.assertTrue(r)
     # 00000000023523ED | 67062674 | SHA256 |
     token.set_otp_count(0x00000000023523ED - 1)
     token.save()
     token.check_otp("67062674")
Exemple #8
0
    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        checkOtp - validate the token otp against a given otpvalue

        :param anOtpVal: the otpvalue to be verified
        :type anOtpVal:  string, format: efekeiebekeh
        :param counter: the counter state, that should be verified
        :type counter: int
        :param window: the counter +window, which should be checked
        :type window: int
        :param options: the dict, which could contain token specific info
        :type options: dict
        :return: the counter state or -1
        :rtype: int

        """
        # convert OTP value
        otp = _daplug2digit(anOtpVal)
        res = HotpTokenClass.check_otp(self, otp, counter, window, options)
        return res
    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        checkOtp - validate the token otp against a given otpvalue

        :param anOtpVal: the otpvalue to be verified
        :type anOtpVal:  string, format: efekeiebekeh
        :param counter: the counter state, that should be verified
        :type counter: int
        :param window: the counter +window, which should be checked
        :type window: int
        :param options: the dict, which could contain token specific info
        :type options: dict
        :return: the counter state or -1
        :rtype: int

        """
        # convert OTP value
        otp = _daplug2digit(anOtpVal)
        res = HotpTokenClass.check_otp(self, otp, counter, window, options)
        return res
Exemple #10
0
    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        check the otpval of a token against a given counter
        and the window

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        """
        options = options or {}
        ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options)
        if ret >= 0 and self._get_auto_sms(options):
            message = self._get_sms_text(options)
            self.inc_otp_counter(ret, reset=False)
            success, message = self._send_sms(message=message)
            log.debug("AutoSMS: send new SMS: {0!s}".format(success))
            log.debug("AutoSMS: {0!r}".format(message))
        return ret
Exemple #11
0
    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        check the otpval of a token against a given counter
        and the window

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        """
        options = options or {}
        ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window,
                                       options)
        if ret >= 0 and self._get_auto_sms(options):
            message = self._get_sms_text(options)
            self.inc_otp_counter(ret, reset=False)
            success, message = self._send_sms(message=message)
            log.debug("AutoSMS: send new SMS: {0!s}".format(success))
            log.debug("AutoSMS: {0!s}".format(message))
        return ret
Exemple #12
0
    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        check the otpval of a token against a given counter
        and the window

        :param passw: the to be verified passw/pin
        :type passw: string

        :return: counter if found, -1 if not found
        :rtype: int
        """
        options = options or {}
        ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options)
        if ret < 0 and is_true(get_from_config("sms.concurrent_challenges")):
            if options.get("data") == anOtpVal:
                # We authenticate from the saved challenge
                ret = 1
        if ret >= 0 and self._get_auto_sms(options):
            message = self._get_sms_text(options)
            self.inc_otp_counter(ret, reset=False)
            success, message = self._send_sms(message=message)
            log.debug("AutoSMS: send new SMS: {0!s}".format(success))
            log.debug("AutoSMS: {0!r}".format(message))
        return ret
    def test_19_pin_otp_functions(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        db_token.set_pin("test")
        token = HotpTokenClass(db_token)
        # check OTP according to RFC 4226
        """
                             Truncated
           Count    Hexadecimal    Decimal        HOTP
           0        4c93cf18       1284755224     755224
           1        41397eea       1094287082     287082
           2         82fef30        137359152     359152
           3        66ef7655       1726969429     969429
           4        61c5938a       1640338314     338314
           5        33c083d4        868254676     254676
           6        7256c032       1918287922     287922
           7         4e5b397         82162583     162583
           8        2823443f        673399871     399871
           9        2679dc69        645520489     520489
        """
        token.update({"otpkey": self.otpkey})
        self.assertTrue(db_token.otplen == 6, 6)
        set_prepend_pin()
        res, pin, otp = token.split_pin_pass("test123456")
        self.assertTrue(pin == "test", pin)
        self.assertTrue(otp == "123456", otp)
        self.assertTrue(token.check_pin(pin), pin)
        check = token.check_otp("755224", counter=0, window=10)
        self.assertTrue(check == 0, check)
        self.assertTrue(token.check_otp("287082", counter=1, window=10) == 1)
        # The 6th counter:
        self.assertTrue(token.check_otp("287922", counter=2, window=10) == 6)
        # The tokenclass itself saves the counter to the database
        self.assertTrue(token.token.count == 7, token.token.count)

        # successful authentication
        res = token.authenticate("test399871")
        # This is the OTP value of the counter=8
        self.assertTrue(res == (True, 8, None), res)

        # try the same otp value again, will fail!
        res = token.authenticate("test399871")
        # This is the OTP value of the counter=8
        self.assertTrue(res == (True, -1, None), res)

        token.set_otp_count(0)
        # get the OTP value for counter 0
        res = token.get_otp()
        self.assertTrue(res[0] == 1, res)
        self.assertTrue(res[1] == -1, res)
        self.assertTrue(res[2] == "755224", res)
        res = token.get_multi_otp()
        self.assertTrue(res[0] is False, res)
        token.update({"otpkey": self.otpkey, "otplen": 6})
        token.token.count = 0
        res = token.get_multi_otp(count=5)
        self.assertTrue(res[0], res)
        self.assertTrue(res[1] == "OK", res)
        self.assertTrue(res[2].get("otp").get(1) == "287082", res)
        self.assertTrue(res[2].get("type") == "hotp", res)

        # do some failing otp checks
        token.token.otplen = "invalid otp counter"
        self.assertRaises(Exception, token.check_otp, "123456")
        token.token.otplen = 0
    def test_04_base_methods(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        self.assertTrue(token.check_otp("123456", 1, 10) == -1)

        c = token.create_challenge("transactionid")
        self.assertTrue(c[0], c)
        self.assertTrue("transactionid" in c[2], c)

        # set the description
        token.set_description("something new")
        self.assertTrue(token.token.description == "something new",
                        token.token)

        # set defaults
        token.set_defaults()
        self.assertTrue(token.token.otplen == 6)
        self.assertTrue(token.token.sync_window == 1000)

        token.resync("1234", "3456")

        token.token.count_window = 17
        self.assertTrue(token.get_otp_count_window() == 17)

        token.token.count = 18
        self.assertTrue(token.get_otp_count() == 18)

        token.token.active = False
        self.assertTrue(token.is_active() is False)

        token.token.failcount = 7
        self.assertTrue(token.get_failcount() == 7)
        token.set_failcount(8)
        self.assertTrue(token.token.failcount == 8)

        token.token.maxfail = 12
        self.assertTrue(token.get_max_failcount() == 12)

        self.assertTrue(token.get_user_id() == token.token.user_id)

        self.assertTrue(token.get_serial() == "SE123456", token.token.serial)
        self.assertTrue(token.get_tokentype() == "hotp", token.token.tokentype)

        token.set_so_pin("sopin")
        token.set_user_pin("userpin")
        token.set_otpkey(self.otpkey)
        token.set_otplen(8)
        token.set_otp_count(1000)
        self.assertTrue(len(token.token.so_pin) == 32, token.token.so_pin)
        self.assertTrue(len(token.token.user_pin) == 32, token.token.user_pin)
        self.assertTrue(len(token.token.key_enc) == 192, token.token.key_enc)
        self.assertTrue(token.get_otplen() == 8)
        self.assertTrue(token.token.count == 1000, token.token.count)

        token.set_maxfail(1000)
        self.assertTrue(token.token.maxfail == 1000)

        token.set_count_window(52)
        self.assertTrue(token.get_count_window() == 52)

        token.set_sync_window(53)
        self.assertTrue(token.get_sync_window() == 53)
    def test_19_pin_otp_functions(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        db_token.set_pin("test")
        token = HotpTokenClass(db_token)
        # check OTP according to RFC 4226
        """
                             Truncated
           Count    Hexadecimal    Decimal        HOTP
           0        4c93cf18       1284755224     755224
           1        41397eea       1094287082     287082
           2         82fef30        137359152     359152
           3        66ef7655       1726969429     969429
           4        61c5938a       1640338314     338314
           5        33c083d4        868254676     254676
           6        7256c032       1918287922     287922
           7         4e5b397         82162583     162583
           8        2823443f        673399871     399871
           9        2679dc69        645520489     520489
        """
        token.update({"otpkey": self.otpkey})
        self.assertTrue(db_token.otplen == 6, 6)
        set_prepend_pin()
        res, pin, otp = token.split_pin_pass("test123456")
        self.assertTrue(pin == "test", pin)
        self.assertTrue(otp == "123456", otp)
        self.assertTrue(token.check_pin(pin), pin)
        check = token.check_otp("755224", counter=0, window=10)
        self.assertTrue(check == 0, check)
        self.assertTrue(token.check_otp("287082", counter=1, window=10) == 1)
        # The 6th counter:
        self.assertTrue(token.check_otp("287922", counter=2, window=10) == 6)
        # The tokenclass itself saves the counter to the database
        self.assertTrue(token.token.count == 7, token.token.count)

        # successful authentication
        res = token.authenticate("test399871")
        # This is the OTP value of the counter=8
        self.assertTrue(res == (True, 8, None), res)

        # try the same otp value again, will fail!
        res = token.authenticate("test399871")
        # This is the OTP value of the counter=8
        self.assertTrue(res == (True, -1, None), res)

        token.set_otp_count(0)
        # get the OTP value for counter 0
        res = token.get_otp()
        self.assertTrue(res[0] == 1, res)
        self.assertTrue(res[1] == -1, res)
        self.assertTrue(res[2] == "755224", res)
        res = token.get_multi_otp()
        self.assertTrue(res[0] is False, res)
        token.update({"otpkey": self.otpkey,
                      "otplen": 6})
        token.token.count = 0
        res = token.get_multi_otp(count=5)
        self.assertTrue(res[0], res)
        self.assertTrue(res[1] == "OK", res)
        self.assertTrue(res[2].get("otp").get(1) == "287082", res)
        self.assertTrue(res[2].get("type") == "hotp", res)

        # do some failing otp checks
        token.token.otplen = "invalid otp counter"
        self.assertRaises(Exception, token.check_otp, "123456")
        token.token.otplen = 0
    def test_04_base_methods(self):
        db_token = Token.query.filter_by(serial=self.serial1).first()
        token = HotpTokenClass(db_token)
        self.assertTrue(token.check_otp("123456", 1, 10) == -1)

        c = token.create_challenge("transactionid")
        self.assertTrue(c[0], c)
        self.assertTrue("transactionid" in c[2], c)

        # set the description
        token.set_description("something new")
        self.assertTrue(token.token.description == "something new",
                        token.token)

        # set defaults
        token.set_defaults()
        self.assertTrue(token.token.otplen == 6)
        self.assertTrue(token.token.sync_window == 1000)

        token.resync("1234", "3456")

        token.token.count_window = 17
        self.assertTrue(token.get_otp_count_window() == 17)

        token.token.count = 18
        self.assertTrue(token.get_otp_count() == 18)

        token.token.active = False
        self.assertTrue(token.is_active() is False)

        token.token.failcount = 7
        self.assertTrue(token.get_failcount() == 7)
        token.set_failcount(8)
        self.assertTrue(token.token.failcount == 8)

        token.token.maxfail = 12
        self.assertTrue(token.get_max_failcount() == 12)

        self.assertTrue(token.get_user_id() == token.token.user_id)

        self.assertTrue(token.get_serial() == "SE123456", token.token.serial)
        self.assertTrue(token.get_tokentype() == "hotp",
                        token.token.tokentype)

        token.set_so_pin("sopin")
        token.set_user_pin("userpin")
        token.set_otpkey(self.otpkey)
        token.set_otplen(8)
        token.set_otp_count(1000)
        self.assertTrue(len(token.token.so_pin) == 32,
                        token.token.so_pin)
        self.assertTrue(len(token.token.user_pin) == 32,
                        token.token.user_pin)
        self.assertTrue(len(token.token.key_enc) == 192,
                        token.token.key_enc)
        self.assertTrue(token.get_otplen() == 8)
        self.assertTrue(token.token.count == 1000,
                        token.token.count)

        token.set_maxfail(1000)
        self.assertTrue(token.token.maxfail == 1000)

        token.set_count_window(52)
        self.assertTrue(token.get_count_window() == 52)

        token.set_sync_window(53)
        self.assertTrue(token.get_sync_window() == 53)