def test_26_is_previous_otp(self): # check if the OTP was used prebiously serial = "previous" db_token = Token(serial, tokentype="hotp") db_token.save() token = HotpTokenClass(db_token) token.set_otpkey(self.otpkey) token.set_otplen(6) token.save() """ Truncated Count Hexadecimal Decimal HOTP 0 4c93cf18 1284755224 755224 1 41397eea 1094287082 287082 2 82fef30 137359152 359152 3 66ef7655 1726969429 969429 4 61c5938a 1640338314 338314 5 33c083d4 868254676 254676 6 7256c032 1918287922 287922 7 4e5b397 82162583 162583 8 2823443f 673399871 399871 9 2679dc69 645520489 520489 10 403154 """ r = token.check_otp("969429") self.assertEqual(r, 3) r = token.is_previous_otp("755224") self.assertEqual(r, True) r = token.is_previous_otp("254676") self.assertEqual(r, False) r = token.check_otp("254676") self.assertEqual(r, 5)
def check_otp(self, anOtpVal, counter=None, window=None, options=None): """ check the otpval of a token against a given counter and the window :param passw: the to be verified passw/pin :type passw: string :return: counter if found, -1 if not found :rtype: int """ options = options or {} ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options) if ret < 0 and is_true(get_from_config("sms.concurrent_challenges")): if options.get("data") == anOtpVal: # We authenticate from the saved challenge ret = 1 if ret >= 0 and self._get_auto_sms(options): message = self._get_sms_text(options) self.inc_otp_counter(ret, reset=False) success, message = self._send_sms(message=message) log.debug("AutoSMS: send new SMS: {0!s}".format(success)) log.debug("AutoSMS: {0!r}".format(message)) return ret
def test_22_autosync(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) set_privacyidea_config("AutoResync", True) token.update({"otpkey": self.otpkey, "otplen": 6}) token.token.count = 0 token.set_sync_window(10) token.set_count_window(5) # counter = 8, is out of sync r = token.check_otp(anOtpVal="399871") self.assertTrue(r == -1, r) # counter = 9, will be autosynced. r = token.check_otp(anOtpVal="520489") self.assertTrue(r == 9, r) # counter = 10, has also to authenticate! The counter of the token is # set. r = token.check_otp(anOtpVal="403154") self.assertTrue(r == 10, r) self.assertEqual(token.token.count, 11) # Autosync with a gap in the next otp value will fail token.token.count = 0 # Just try some bullshit config value set_privacyidea_config("AutoResyncTimeout", "totally not a number") # counter = 7, is out of sync r = token.check_otp(anOtpVal="162583") self.assertTrue(r == -1, r) # counter = 9, will NOT _autosync r = token.check_otp(anOtpVal="520489") self.assertTrue(r == -1, r) # Autosync fails, if dueDate is over token.token.count = 0 set_privacyidea_config("AutoResyncTimeout", 0) # counter = 8, is out of sync r = token.check_otp(anOtpVal="399871") self.assertTrue(r == -1, r) # counter = 9, is the next value, but duedate is over. r = token.check_otp(anOtpVal="520489") self.assertTrue(r == -1, r) # No _autosync set_privacyidea_config("AutoResync", False) token.token.count = 0 # counter = 8, is out of sync r = token.check_otp(anOtpVal="399871") self.assertTrue(r == -1, r) # counter = 9, will not be autosynced r = token.check_otp(anOtpVal="520489") self.assertTrue(r == -1, r)
def test_25_sha256_token(self): # taken from https://tools.ietf.org/html/rfc6238#appendix-B serial = "sha25T" db_token = Token(serial, tokentype="hotp") db_token.save() token = HotpTokenClass(db_token) token.set_otpkey(binascii.hexlify("12345678901234567890")) token.set_hashlib("sha256") token.set_otplen(8) token.save() # get it from the database again # 59 | 1970-01-01 | 0000000000000001 | 46119246 | SHA256 | db_token = Token.query.filter_by(serial=serial).first() token = HotpTokenClass(db_token) r = token.check_otp("46119246") self.assertTrue(r) # 00000000023523ED | 67062674 | SHA256 | token.set_otp_count(0x00000000023523ED - 1) token.save() token.check_otp("67062674")
def check_otp(self, anOtpVal, counter=None, window=None, options=None): """ checkOtp - validate the token otp against a given otpvalue :param anOtpVal: the otpvalue to be verified :type anOtpVal: string, format: efekeiebekeh :param counter: the counter state, that should be verified :type counter: int :param window: the counter +window, which should be checked :type window: int :param options: the dict, which could contain token specific info :type options: dict :return: the counter state or -1 :rtype: int """ # convert OTP value otp = _daplug2digit(anOtpVal) res = HotpTokenClass.check_otp(self, otp, counter, window, options) return res
def check_otp(self, anOtpVal, counter=None, window=None, options=None): """ check the otpval of a token against a given counter and the window :param passw: the to be verified passw/pin :type passw: string :return: counter if found, -1 if not found :rtype: int """ options = options or {} ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options) if ret >= 0 and self._get_auto_sms(options): message = self._get_sms_text(options) self.inc_otp_counter(ret, reset=False) success, message = self._send_sms(message=message) log.debug("AutoSMS: send new SMS: {0!s}".format(success)) log.debug("AutoSMS: {0!r}".format(message)) return ret
def check_otp(self, anOtpVal, counter=None, window=None, options=None): """ check the otpval of a token against a given counter and the window :param passw: the to be verified passw/pin :type passw: string :return: counter if found, -1 if not found :rtype: int """ options = options or {} ret = HotpTokenClass.check_otp(self, anOtpVal, counter, window, options) if ret >= 0 and self._get_auto_sms(options): message = self._get_sms_text(options) self.inc_otp_counter(ret, reset=False) success, message = self._send_sms(message=message) log.debug("AutoSMS: send new SMS: {0!s}".format(success)) log.debug("AutoSMS: {0!s}".format(message)) return ret
def test_19_pin_otp_functions(self): db_token = Token.query.filter_by(serial=self.serial1).first() db_token.set_pin("test") token = HotpTokenClass(db_token) # check OTP according to RFC 4226 """ Truncated Count Hexadecimal Decimal HOTP 0 4c93cf18 1284755224 755224 1 41397eea 1094287082 287082 2 82fef30 137359152 359152 3 66ef7655 1726969429 969429 4 61c5938a 1640338314 338314 5 33c083d4 868254676 254676 6 7256c032 1918287922 287922 7 4e5b397 82162583 162583 8 2823443f 673399871 399871 9 2679dc69 645520489 520489 """ token.update({"otpkey": self.otpkey}) self.assertTrue(db_token.otplen == 6, 6) set_prepend_pin() res, pin, otp = token.split_pin_pass("test123456") self.assertTrue(pin == "test", pin) self.assertTrue(otp == "123456", otp) self.assertTrue(token.check_pin(pin), pin) check = token.check_otp("755224", counter=0, window=10) self.assertTrue(check == 0, check) self.assertTrue(token.check_otp("287082", counter=1, window=10) == 1) # The 6th counter: self.assertTrue(token.check_otp("287922", counter=2, window=10) == 6) # The tokenclass itself saves the counter to the database self.assertTrue(token.token.count == 7, token.token.count) # successful authentication res = token.authenticate("test399871") # This is the OTP value of the counter=8 self.assertTrue(res == (True, 8, None), res) # try the same otp value again, will fail! res = token.authenticate("test399871") # This is the OTP value of the counter=8 self.assertTrue(res == (True, -1, None), res) token.set_otp_count(0) # get the OTP value for counter 0 res = token.get_otp() self.assertTrue(res[0] == 1, res) self.assertTrue(res[1] == -1, res) self.assertTrue(res[2] == "755224", res) res = token.get_multi_otp() self.assertTrue(res[0] is False, res) token.update({"otpkey": self.otpkey, "otplen": 6}) token.token.count = 0 res = token.get_multi_otp(count=5) self.assertTrue(res[0], res) self.assertTrue(res[1] == "OK", res) self.assertTrue(res[2].get("otp").get(1) == "287082", res) self.assertTrue(res[2].get("type") == "hotp", res) # do some failing otp checks token.token.otplen = "invalid otp counter" self.assertRaises(Exception, token.check_otp, "123456") token.token.otplen = 0
def test_04_base_methods(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) self.assertTrue(token.check_otp("123456", 1, 10) == -1) c = token.create_challenge("transactionid") self.assertTrue(c[0], c) self.assertTrue("transactionid" in c[2], c) # set the description token.set_description("something new") self.assertTrue(token.token.description == "something new", token.token) # set defaults token.set_defaults() self.assertTrue(token.token.otplen == 6) self.assertTrue(token.token.sync_window == 1000) token.resync("1234", "3456") token.token.count_window = 17 self.assertTrue(token.get_otp_count_window() == 17) token.token.count = 18 self.assertTrue(token.get_otp_count() == 18) token.token.active = False self.assertTrue(token.is_active() is False) token.token.failcount = 7 self.assertTrue(token.get_failcount() == 7) token.set_failcount(8) self.assertTrue(token.token.failcount == 8) token.token.maxfail = 12 self.assertTrue(token.get_max_failcount() == 12) self.assertTrue(token.get_user_id() == token.token.user_id) self.assertTrue(token.get_serial() == "SE123456", token.token.serial) self.assertTrue(token.get_tokentype() == "hotp", token.token.tokentype) token.set_so_pin("sopin") token.set_user_pin("userpin") token.set_otpkey(self.otpkey) token.set_otplen(8) token.set_otp_count(1000) self.assertTrue(len(token.token.so_pin) == 32, token.token.so_pin) self.assertTrue(len(token.token.user_pin) == 32, token.token.user_pin) self.assertTrue(len(token.token.key_enc) == 192, token.token.key_enc) self.assertTrue(token.get_otplen() == 8) self.assertTrue(token.token.count == 1000, token.token.count) token.set_maxfail(1000) self.assertTrue(token.token.maxfail == 1000) token.set_count_window(52) self.assertTrue(token.get_count_window() == 52) token.set_sync_window(53) self.assertTrue(token.get_sync_window() == 53)