def test_01_enroll_yubikey_and_auth(self):
db_token = Token(self.serial1, tokentype="yubikey")
db_token.save()
token = YubikeyTokenClass(db_token)
token.set_otpkey(self.otpkey)
token.set_otplen(48)
token.set_pin(self.pin)
token.save()
self.assertTrue(token.token.serial == self.serial1, token)
self.assertTrue(token.token.tokentype == "yubikey", token.token)
self.assertTrue(token.type == "yubikey", token)
class_prefix = token.get_class_prefix()
self.assertTrue(class_prefix == "UBAM", class_prefix)
self.assertTrue(token.get_class_type() == "yubikey", token)
# Test a bunch of otp values
old_r = 0
for otp in self.valid_otps:
r = token.check_otp(otp)
# check if the newly returned counter is bigger than the old one
self.assertTrue(r > old_r, (r, old_r))
old_r = r
# test otp_exist
r = token.check_otp_exist(self.further_otps[0])
self.assertTrue(r > old_r, (r, old_r))
def test_04_check_yubikey_pass(self):
# Check_yubikey_pass only works without pin!
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = YubikeyTokenClass(db_token)
token.set_pin("")
token.save()
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1])
self.assertTrue(r)
self.assertTrue(opt.get("message") == "matching 1 tokens", opt)
# check failcounter
self.assertEqual(db_token.failcount, 0)
# the same otp value must not be usable again
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1])
self.assertFalse(r)
self.assertTrue(opt.get("message") == "wrong otp value", opt)
# check failcounter
self.assertEqual(db_token.failcount, 1)
# check an otp value, that does not match a token
r, opt = YubikeyTokenClass.check_yubikey_pass(
"fcebeeejedecebegfcniufvgvjturjgvinhebbbertjnihit")
self.assertFalse(r)
self.assertTrue(opt.get("action_detail") ==
"The serial UBAM@1382015 could not be found!", opt)
# check for an invalid OTP
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[0])
self.assertFalse(r)
self.assertTrue(opt.get("message") == "wrong otp value", opt)
# check failcounter
self.assertEqual(db_token.failcount, 2)
def test_98_wrong_tokenid(self):
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = YubikeyTokenClass(db_token)
token.add_tokeninfo("yubikey.tokenid", "wrongid!")
token.save()
# check an OTP value
r = token.check_otp(self.further_otps[2])
self.assertTrue(r == -2, r)
def test_05_check_maxfail(self):
# Check_yubikey_pass only works without pin!
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = YubikeyTokenClass(db_token)
token.set_pin("")
token.save()
token.set_maxfail(5)
old_failcounter = token.get_failcount()
token.set_failcount(5)
# Failcount equals maxfail, so an authentication with a valid OTP
# will fail
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[2])
self.assertFalse(r)
self.assertTrue(opt.get("message") == "matching 1 tokens, "
"Failcounter exceeded", opt)
# check failcounter
self.assertEqual(db_token.failcount, 5)
token.set_failcount(old_failcounter)
def test_04_check_yubikey_pass(self):
# Check_yubikey_pass only works without pin!
db_token = Token.query.filter(Token.serial == self.serial1).first()
token = YubikeyTokenClass(db_token)
token.set_pin("")
token.save()
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1])
self.assertTrue(r)
self.assertTrue(opt.get("message") == "matching 1 tokens", opt)
# check failcounter
self.assertEqual(db_token.failcount, 0)
# the same otp value must not be usable again
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1])
self.assertFalse(r)
self.assertTrue(opt.get("message") == "wrong otp value", opt)
# check failcounter
self.assertEqual(db_token.failcount, 1)
# check an otp value, that does not match a token
r, opt = YubikeyTokenClass.check_yubikey_pass(
"fcebeeejedecebegfcniufvgvjturjgvinhebbbertjnihit")
self.assertFalse(r)
#self.assertTrue(opt.get("action_detail") ==
# "The serial UBAM@1382015 could not be found!", opt)
self.assertTrue(opt.get("action_detail") ==
"The prefix fcebeeejedecebeg could not be found!", opt)
# check for an invalid OTP
r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[0])
self.assertFalse(r)
self.assertTrue(opt.get("message") == "wrong otp value", opt)
# check failcounter
self.assertEqual(db_token.failcount, 2)
