def test_15_check_pin(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) # test the encrypted pin token.set_pin("encrypted", encrypt=True) self.assertTrue(token.check_pin("encrypted")) self.assertFalse(token.check_pin("wrong pin")) # test the hashed pin token.set_pin("test") self.assertTrue(token.check_pin("test")) self.assertFalse(token.check_pin("wrong pin"))
def test_17_update_token(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) # Failed update: genkey wrong self.assertRaises(Exception, token.update, { "description": "new desc", "genkey": "17" }) # genkey and otpkey used at the same time token.update({"otpkey": self.otpkey, "genkey": "1"}) self.assertTrue(token.token.otplen == 6) token.update({"otpkey": self.otpkey, "pin": "654321", "otplen": 6}) self.assertTrue(token.check_pin("654321")) self.assertTrue(token.token.otplen == 6) # update hashlib token.update({"otpkey": self.otpkey, "hashlib": "sha1"}) self.assertTrue( token.get_tokeninfo("hashlib") == "sha1", token.get_tokeninfo()) # save pin encrypted token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"}) # check if the PIN is encrypted self.assertTrue(token.token.pin_hash.startswith("@@"), token.token.pin_hash) # update token without otpkey raises an error self.assertRaises(Exception, token.update, {"description": "test"})
def test_17_update_token(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) # Failed update: genkey wrong self.assertRaises(Exception, token.update, {"description": "new desc", "genkey": "17"}) # genkey and otpkey used at the same time token.update({"otpkey": self.otpkey, "genkey": "1"}) self.assertTrue(token.token.otplen == 6) token.update({"otpkey": self.otpkey, "pin": "654321", "otplen": 6}) self.assertTrue(token.check_pin("654321")) self.assertTrue(token.token.otplen == 6) # update hashlib token.update({"otpkey": self.otpkey, "hashlib": "sha1"}) self.assertTrue(token.get_tokeninfo("hashlib") == "sha1", token.get_tokeninfo()) # save pin encrypted token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"}) # check if the PIN is encrypted self.assertTrue(token.token.pin_hash.startswith("@@"), token.token.pin_hash) # update token without otpkey raises an error self.assertRaises(Exception, token.update, {"description": "test"})
def test_19_pin_otp_functions(self): db_token = Token.query.filter_by(serial=self.serial1).first() db_token.set_pin("test") token = HotpTokenClass(db_token) # check OTP according to RFC 4226 """ Truncated Count Hexadecimal Decimal HOTP 0 4c93cf18 1284755224 755224 1 41397eea 1094287082 287082 2 82fef30 137359152 359152 3 66ef7655 1726969429 969429 4 61c5938a 1640338314 338314 5 33c083d4 868254676 254676 6 7256c032 1918287922 287922 7 4e5b397 82162583 162583 8 2823443f 673399871 399871 9 2679dc69 645520489 520489 """ token.update({"otpkey": self.otpkey}) self.assertTrue(db_token.otplen == 6, 6) set_prepend_pin() res, pin, otp = token.split_pin_pass("test123456") self.assertTrue(pin == "test", pin) self.assertTrue(otp == "123456", otp) self.assertTrue(token.check_pin(pin), pin) check = token.check_otp("755224", counter=0, window=10) self.assertTrue(check == 0, check) self.assertTrue(token.check_otp("287082", counter=1, window=10) == 1) # The 6th counter: self.assertTrue(token.check_otp("287922", counter=2, window=10) == 6) # The tokenclass itself saves the counter to the database self.assertTrue(token.token.count == 7, token.token.count) # successful authentication res = token.authenticate("test399871") # This is the OTP value of the counter=8 self.assertTrue(res == (True, 8, None), res) # try the same otp value again, will fail! res = token.authenticate("test399871") # This is the OTP value of the counter=8 self.assertTrue(res == (True, -1, None), res) token.set_otp_count(0) # get the OTP value for counter 0 res = token.get_otp() self.assertTrue(res[0] == 1, res) self.assertTrue(res[1] == -1, res) self.assertTrue(res[2] == "755224", res) res = token.get_multi_otp() self.assertTrue(res[0] is False, res) token.update({"otpkey": self.otpkey, "otplen": 6}) token.token.count = 0 res = token.get_multi_otp(count=5) self.assertTrue(res[0], res) self.assertTrue(res[1] == "OK", res) self.assertTrue(res[2].get("otp").get(1) == "287082", res) self.assertTrue(res[2].get("type") == "hotp", res) # do some failing otp checks token.token.otplen = "invalid otp counter" self.assertRaises(Exception, token.check_otp, "123456") token.token.otplen = 0