def test_17_update_token(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) # Failed update: genkey wrong self.assertRaises(Exception, token.update, {"description": "new desc", "genkey": "17"}) # Failed update: genkey and otpkey used at the same time self.assertRaises(Exception, token.update, {"otpkey": "123456", "genkey": "1"}) token.update({"otpkey": "123456", "pin": "654321", "otplen": 6}) self.assertTrue(token.check_pin("654321")) self.assertTrue(token.token.otplen == 6) # save pin encrypted token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"}) # check if the PIN is encrypted self.assertTrue(token.token.pin_hash.startswith("@@"), token.token.pin_hash) # update token without otpkey token.update({"description": "test"})
def authenticate(self, passw, user=None, options=None): """ do the authentication on base of password / otp and user and options, the request parameters. Here we contact the other privacyIDEA server to validate the OtpVal. :param passw: the password / otp :param user: the requesting user :param options: the additional request parameters :return: tuple of (success, otp_count - 0 or -1, reply) """ res = False otp_counter = -1 reply = None otpval = passw # should we check the pin localy? if self.check_pin_local: (_res, pin, otpval) = self.split_pin_pass(passw, user, options=options) if not TokenClass.check_pin(self, pin): return False, otp_counter, {"message": "Wrong PIN"} otp_count = self.check_otp(otpval, options=options) if otp_count >= 0: res = True reply = {"message": "matching 1 tokens", "serial": self.get_serial(), "type": self.get_tokentype()} else: reply = {"message": "remote side denied access"} return res, otp_count, reply
def test_19_pin_otp_functions(self): db_token = Token.query.filter_by(serial=self.serial1).first() db_token.set_pin("test") token = TokenClass(db_token) self.assertTrue(db_token.otplen == 6, 6) (res, pin, otp) = token.split_pin_pass("test123456") self.assertTrue(pin == "test", pin) self.assertTrue(otp == "123456", otp) self.assertTrue(token.check_pin(pin), pin) self.assertTrue(token.check_otp("123456") == -1) res = token.authenticate("test123456") self.assertTrue(res == (True, -1, None), res)
def authenticate(self, passw, user=None, options=None): """ do the authentication on base of password / otp and user and options, the request parameters. Here we contact the other privacyIDEA server to validate the OtpVal. :param passw: the password / otp :param user: the requesting user :param options: the additional request parameters :return: tuple of (success, otp_count - 0 or -1, reply) """ res = False otp_counter = -1 reply = None otpval = passw # should we check the pin localy? if self.check_pin_local: (_res, pin, otpval) = self.split_pin_pass(passw, user, options=options) if not TokenClass.check_pin(self, pin): return False, otp_counter, {'message': "Wrong PIN"} otp_count = self.check_otp(otpval, options=options) if otp_count >= 0: res = True reply = { 'message': 'matching 1 tokens', 'serial': self.get_serial(), 'type': self.get_tokentype() } else: reply = {'message': 'remote side denied access'} return res, otp_count, reply
def test_15_check_pin(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.set_pin("test") self.assertTrue(token.check_pin("test")) self.assertFalse(token.check_pin("wrong pin"))