def test_01_enroll_yubikey_and_auth(self): db_token = Token(self.serial1, tokentype="yubikey") db_token.save() token = YubikeyTokenClass(db_token) token.set_otpkey(self.otpkey) token.set_otplen(48) token.set_pin(self.pin) token.save() self.assertTrue(token.token.serial == self.serial1, token) self.assertTrue(token.token.tokentype == "yubikey", token.token) self.assertTrue(token.type == "yubikey", token) class_prefix = token.get_class_prefix() self.assertTrue(class_prefix == "UBAM", class_prefix) self.assertTrue(token.get_class_type() == "yubikey", token) # Test a bunch of otp values old_r = 0 for otp in self.valid_otps: r = token.check_otp(otp) # check if the newly returned counter is bigger than the old one self.assertTrue(r > old_r, (r, old_r)) old_r = r # test otp_exist r = token.check_otp_exist(self.further_otps[0]) self.assertTrue(r > old_r, (r, old_r))
def test_04_check_yubikey_pass(self): # Check_yubikey_pass only works without pin! db_token = Token.query.filter(Token.serial == self.serial1).first() token = YubikeyTokenClass(db_token) token.set_pin("") token.save() r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1]) self.assertTrue(r) self.assertTrue(opt.get("message") == "matching 1 tokens", opt) # check failcounter self.assertEqual(db_token.failcount, 0) # the same otp value must not be usable again r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1]) self.assertFalse(r) self.assertTrue(opt.get("message") == "wrong otp value", opt) # check failcounter self.assertEqual(db_token.failcount, 1) # check an otp value, that does not match a token r, opt = YubikeyTokenClass.check_yubikey_pass( "fcebeeejedecebegfcniufvgvjturjgvinhebbbertjnihit") self.assertFalse(r) self.assertTrue(opt.get("action_detail") == "The serial UBAM@1382015 could not be found!", opt) # check for an invalid OTP r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[0]) self.assertFalse(r) self.assertTrue(opt.get("message") == "wrong otp value", opt) # check failcounter self.assertEqual(db_token.failcount, 2)
def test_05_check_maxfail(self): # Check_yubikey_pass only works without pin! db_token = Token.query.filter(Token.serial == self.serial1).first() token = YubikeyTokenClass(db_token) token.set_pin("") token.save() token.set_maxfail(5) old_failcounter = token.get_failcount() token.set_failcount(5) # Failcount equals maxfail, so an authentication with a valid OTP # will fail r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[2]) self.assertFalse(r) self.assertTrue(opt.get("message") == "matching 1 tokens, " "Failcounter exceeded", opt) # check failcounter self.assertEqual(db_token.failcount, 5) token.set_failcount(old_failcounter)
def test_04_check_yubikey_pass(self): # Check_yubikey_pass only works without pin! db_token = Token.query.filter(Token.serial == self.serial1).first() token = YubikeyTokenClass(db_token) token.set_pin("") token.save() r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1]) self.assertTrue(r) self.assertTrue(opt.get("message") == "matching 1 tokens", opt) # check failcounter self.assertEqual(db_token.failcount, 0) # the same otp value must not be usable again r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[1]) self.assertFalse(r) self.assertTrue(opt.get("message") == "wrong otp value", opt) # check failcounter self.assertEqual(db_token.failcount, 1) # check an otp value, that does not match a token r, opt = YubikeyTokenClass.check_yubikey_pass( "fcebeeejedecebegfcniufvgvjturjgvinhebbbertjnihit") self.assertFalse(r) #self.assertTrue(opt.get("action_detail") == # "The serial UBAM@1382015 could not be found!", opt) self.assertTrue(opt.get("action_detail") == "The prefix fcebeeejedecebeg could not be found!", opt) # check for an invalid OTP r, opt = YubikeyTokenClass.check_yubikey_pass(self.further_otps[0]) self.assertFalse(r) self.assertTrue(opt.get("message") == "wrong otp value", opt) # check failcounter self.assertEqual(db_token.failcount, 2)