def test_02_get_auth_item(self): serial = "OATH1" # create realm self.setUp_user_realms() user = User("cornelius", realm=self.realm1) # create ssh token init_token({ "serial": serial, "type": "hotp", "otpkey": OTPKEY }, user=user) # authenticate online initially tok = get_tokens(serial=serial)[0] res = tok.check_otp("359152") # count = 2 self.assertEqual(res, 2) # check intermediate counter value self.assertEqual(tok.token.count, 3) auth_item = OfflineApplication.get_authentication_item("hotp", serial) refilltoken = auth_item.get("refilltoken") self.assertEqual(len(refilltoken), REFILLTOKEN_LENGTH * 2) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("969429", # count = 3 auth_item.get("response").get(3))) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("399871", # count = 8 auth_item.get("response").get(8))) # The token now contains the refill token information: self.assertEqual(refilltoken, tok.get_tokeninfo("refilltoken")) # After calling auth_item the token counter should be increased # 3, because we used the otp value with count = 2 initially # 100, because we obtained 100 offline OTPs self.assertEqual(tok.token.count, 3 + 100) # Assert that we cannot authenticate with the last offline OTP we got self.assertEqual(len(auth_item.get("response")), 100) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("629694", # count = 102 auth_item.get("response").get(102))) res = tok.check_otp("629694") # count = 102 self.assertEqual(res, -1) res = tok.check_otp("378717") # count = 103 self.assertEqual(res, 103) # check illegal API usage self.assertRaises(ParameterError, OfflineApplication.get_offline_otps, tok, 'foo', -1) self.assertEqual(OfflineApplication.get_offline_otps(tok, 'foo', 0), {})
def test_02_get_auth_item(self): serial = "OATH1" # create realm self.setUp_user_realms() user = User("cornelius", realm=self.realm1) # create ssh token init_token({"serial": serial, "type": "hotp", "otpkey": OTPKEY}, user=user) # authenticate online initially tok = get_tokens(serial=serial)[0] res = tok.check_otp("359152") # count = 2 self.assertEqual(res, 2) # check intermediate counter value self.assertEqual(tok.token.count, 3) auth_item = OfflineApplication.get_authentication_item("hotp", serial) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("969429", # count = 3 auth_item.get("response").get(0))) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("399871", # count = 8 auth_item.get("response").get(5))) # After calling auth_item the token counter should be increased # 3, because we used the otp value with count = 2 initially # 100, because we obtained 100 offline OTPs self.assertEqual(tok.token.count, 3 + 100) # Assert that we cannot authenticate with the last offline OTP we got self.assertEqual(len(auth_item.get("response")), 100) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("629694", # count = 102 auth_item.get("response").get(99))) res = tok.check_otp("629694") # count = 102 self.assertEqual(res, -1) res = tok.check_otp("378717") # count = 103 self.assertEqual(res, 103)
def offlinerefill(): """ This endpoint allows to fetch new offline OTP values for a token, that is already offline. According to the definition it will send the missing OTP values, so that the client will have as much otp values as defined. :param serial: The serial number of the token, that should be refilled. :param refilltoken: The authorization token, that allows refilling. :param pass: the last password (maybe password+OTP) entered by the user :return: """ serial = getParam(request.all_data, "serial", required) refilltoken = getParam(request.all_data, "refilltoken", required) password = getParam(request.all_data, "pass", required) tokenobj_list = get_tokens(serial=serial) if len(tokenobj_list) != 1: raise ParameterError("The token does not exist") else: tokenobj = tokenobj_list[0] tokenattachments = list_machine_tokens(serial=serial, application="offline") if tokenattachments: # TODO: Currently we do not distinguish, if a token had more than one offline attachment # We need the options to pass the count and the rounds for the next offline OTP values, # which could have changed in the meantime. options = tokenattachments[0].get("options") # check refill token: if tokenobj.get_tokeninfo("refilltoken") == refilltoken: # refill otps = MachineApplication.get_refill(tokenobj, password, options) refilltoken = MachineApplication.generate_new_refilltoken( tokenobj) response = send_result(True) content = response.json content["auth_items"] = { "offline": [{ "refilltoken": refilltoken, "response": otps }] } response.set_data(json.dumps(content)) return response raise ParameterError( "Token is not an offline token or refill token is incorrect")
def offlinerefill(): """ This endpoint allows to fetch new offline OTP values for a token, that is already offline. According to the definition it will send the missing OTP values, so that the client will have as much otp values as defined. :param serial: The serial number of the token, that should be refilled. :param refilltoken: The authorization token, that allows refilling. :param pass: the last password (maybe password+OTP) entered by the user :return: """ result = False otps = {} serial = getParam(request.all_data, "serial", required) refilltoken = getParam(request.all_data, "refilltoken", required) password = getParam(request.all_data, "pass", required) tokenobj_list = get_tokens(serial=serial) if len(tokenobj_list) != 1: raise ParameterError("The token does not exist") else: tokenobj = tokenobj_list[0] machine_defs = list_token_machines(serial) # check if is still an offline token: for mdef in machine_defs: if mdef.get("application") == "offline": # check refill token: if tokenobj.get_tokeninfo("refilltoken") == refilltoken: # refill otps = MachineApplication.get_refill( tokenobj, password, mdef.get("options")) refilltoken = MachineApplication.generate_new_refilltoken( tokenobj) response = send_result(True) content = json.loads(response.data) content["auth_items"] = { "offline": [{ "refilltoken": refilltoken, "response": otps }] } response.data = json.dumps(content) return response raise ParameterError( "Token is not an offline token or refill token is incorrect")
def test_02_get_auth_item(self): serial = "OATH1" # create realm self.setUp_user_realms() user = User("cornelius", realm=self.realm1) # create ssh token init_token({"serial": serial, "type": "hotp", "otpkey": OTPKEY}, user=user) # authenticate online initially tok = get_tokens(serial=serial)[0] res = tok.check_otp("359152") # count = 2 self.assertEqual(res, 2) # check intermediate counter value self.assertEqual(tok.token.count, 3) auth_item = OfflineApplication.get_authentication_item("hotp", serial) refilltoken = auth_item.get("refilltoken") self.assertEqual(len(refilltoken), REFILLTOKEN_LENGTH * 2) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("969429", # count = 3 auth_item.get("response").get(3))) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("399871", # count = 8 auth_item.get("response").get(8))) # The token now contains the refill token information: self.assertEqual(refilltoken, tok.get_tokeninfo("refilltoken")) # After calling auth_item the token counter should be increased # 3, because we used the otp value with count = 2 initially # 100, because we obtained 100 offline OTPs self.assertEqual(tok.token.count, 3 + 100) # Assert that we cannot authenticate with the last offline OTP we got self.assertEqual(len(auth_item.get("response")), 100) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("629694", # count = 102 auth_item.get("response").get(102))) res = tok.check_otp("629694") # count = 102 self.assertEqual(res, -1) res = tok.check_otp("378717") # count = 103 self.assertEqual(res, 103) # check illegal API usage self.assertRaises(ParameterError, OfflineApplication.get_offline_otps, tok, 'foo', -1) self.assertEqual(OfflineApplication.get_offline_otps(tok, 'foo', 0), {})
def offlinerefill(): """ This endpoint allows to fetch new offline OTP values for a token, that is already offline. According to the definition it will send the missing OTP values, so that the client will have as much otp values as defined. :param serial: The serial number of the token, that should be refilled. :param refilltoken: The authorization token, that allows refilling. :param pass: the last password (maybe password+OTP) entered by the user :return: """ result = False otps = {} serial = getParam(request.all_data, "serial", required) refilltoken = getParam(request.all_data, "refilltoken", required) password = getParam(request.all_data, "pass", required) tokenobj_list = get_tokens(serial=serial) if len(tokenobj_list) != 1: raise ParameterError("The token does not exist") else: tokenobj = tokenobj_list[0] machine_defs = list_token_machines(serial) # check if is still an offline token: for mdef in machine_defs: if mdef.get("application") == "offline": # check refill token: if tokenobj.get_tokeninfo("refilltoken") == refilltoken: # refill otps = MachineApplication.get_refill(tokenobj, password, mdef.get("options")) refilltoken = MachineApplication.generate_new_refilltoken(tokenobj) response = send_result(True) content = json.loads(response.data) content["auth_items"] = {"offline": [{"refilltoken": refilltoken, "response": otps}]} response.data = json.dumps(content) return response raise ParameterError("Token is not an offline token or refill token is incorrect")
def test_02_get_auth_item(self): serial = "OATH1" # create realm self.setUp_user_realms() user = User("cornelius", realm=self.realm1) # create ssh token init_token({"serial": serial, "type": "hotp", "otpkey": OTPKEY}, user=user) auth_item = OfflineApplication.get_authentication_item("hotp", serial) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("755224", auth_item.get("response").get(0))) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("254676", auth_item.get("response").get(5))) # After calling auth_item the token counter should be increased tok = get_tokens(serial=serial)[0] self.assertEqual(tok.token.count, 101)
def test_02_get_auth_item(self): serial = "OATH1" # create realm self.setUp_user_realms() user = User("cornelius", realm=self.realm1) # create ssh token init_token({ "serial": serial, "type": "hotp", "otpkey": OTPKEY }, user=user) auth_item = OfflineApplication.get_authentication_item("hotp", serial) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("755224", auth_item.get("response").get(0))) self.assertTrue(passlib.hash.\ pbkdf2_sha512.verify("254676", auth_item.get("response").get(5))) # After calling auth_item the token counter should be increased tok = get_tokens(serial=serial)[0] self.assertEqual(tok.token.count, 101)
def test_03_get_auth_item_unsupported(self): # unsupported token type auth_item = OfflineApplication.get_authentication_item("unsupported", "s") self.assertEqual(auth_item, {})
def test_01_get_options(self): # Can run as class options = OfflineApplication.get_options() self.assertEqual(options["required"], []) self.assertEqual(options["optional"], ['user', 'count', 'rounds'])