def test_11_tokeninfo_encrypt(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("radius.secret", "topSecret",
value_type="password")
info1 = token.get_tokeninfo()
self.assertTrue("radius.secret" in info1, info1)
self.assertTrue("radius.secret.type" in info1, info1)
# get_tokeninfo without parameters does not decrypt!
self.assertTrue(info1.get("radius.secret") != "topSecret",
info1.get("radius.secret"))
# get_tokeninfo with parameter does decrypt!
info = token.get_tokeninfo("radius.secret")
self.assertTrue(info == "topSecret", info)
# THe same with set_tokeninfo
token.set_tokeninfo({"radius.secret": "otherSecret",
"radius.secret.type": "password"})
info1 = token.get_tokeninfo()
self.assertTrue("radius.secret" in info1, info1)
self.assertTrue("radius.secret.type" in info1, info1)
# get_tokeninfo without parameters does not decrypt!
self.assertTrue(info1.get("radius.secret") != "otherSecret",
info1.get("radius.secret"))
# get_tokeninfo with parameter does decrypt!
info = token.get_tokeninfo("radius.secret")
self.assertTrue(info == "otherSecret", info)
def test_16_tokeninfo(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.set_tokeninfo({"something": "else"})
ti = token.get_tokeninfo()
self.assertTrue("something" in ti, ti)
token.add_tokeninfo("nochwas", "Wert")
ti = token.get_tokeninfo()
self.assertTrue("something" in ti, ti)
self.assertTrue("nochwas" in ti, ti)
def test_11_tokeninfo_with_type(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("radius.secret", "secret", value_type="password")
info1 = token.get_tokeninfo()
self.assertTrue("radius.secret" in info1, info1)
self.assertTrue("radius.secret.type" in info1, info1)
info = token.get_tokeninfo("radius.secret")
self.assertTrue(info == "secret")
def test_11_old_validity_time(self):
old_time_1 = "11/04/17 22:00" # April 4th
old_time_2 = "24/04/17 22:00" # April 24th
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("validity_period_start", old_time_1)
token.add_tokeninfo("validity_period_end", old_time_2)
info = token.get_tokeninfo()
self.assertEqual(info.get("validity_period_start"), old_time_1)
self.assertEqual(info.get("validity_period_end"), old_time_2)
e = token.get_validity_period_end()
self.assertTrue(e.startswith("2017-04-24T22:00"), e)
s = token.get_validity_period_start()
self.assertTrue(s.startswith("2017-04-11T22:00"), s)
# old date format has problems with check_validity_date
start_date = datetime.datetime.now() - datetime.timedelta(days=15)
end_date = datetime.datetime.now() + datetime.timedelta(days=15)
start = start_date.strftime("%d/%m/%Y")
end = end_date.strftime("%d/%m/%Y")
# Need to write the old format to the database
token.add_tokeninfo("validity_period_start", start)
token.add_tokeninfo("validity_period_end", end)
r = token.check_validity_period()
self.assertTrue(r)
def test_11_old_validity_time(self):
old_time_1 = "11/04/17 22:00" # April 4th
old_time_2 = "24/04/17 22:00" # April 24th
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("validity_period_start", old_time_1)
token.add_tokeninfo("validity_period_end", old_time_2)
info = token.get_tokeninfo()
self.assertEqual(info.get("validity_period_start"), old_time_1)
self.assertEqual(info.get("validity_period_end"), old_time_2)
e = token.get_validity_period_end()
self.assertTrue(e.startswith("2017-04-24T22:00"), e)
s = token.get_validity_period_start()
self.assertTrue(s.startswith("2017-04-11T22:00"), s)
def test_11_old_validity_time(self):
old_time_1 = "11/04/17 22:00" # April 4th
old_time_2 = "24/04/17 22:00" # April 24th
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("validity_period_start", old_time_1)
token.add_tokeninfo("validity_period_end", old_time_2)
info = token.get_tokeninfo()
self.assertEqual(info.get("validity_period_start"), old_time_1)
self.assertEqual(info.get("validity_period_end"), old_time_2)
e = token.get_validity_period_end()
self.assertTrue(e.startswith("2017-04-24T22:00"), e)
s = token.get_validity_period_start()
self.assertTrue(s.startswith("2017-04-11T22:00"), s)
# old date format has problems with check_validity_date
start_date = datetime.datetime.now() - datetime.timedelta(days=15)
end_date = datetime.datetime.now() + datetime.timedelta(days=15)
start = start_date.strftime("%d/%m/%Y")
end = end_date.strftime("%d/%m/%Y")
# Need to write the old format to the database
token.add_tokeninfo("validity_period_start", start)
token.add_tokeninfo("validity_period_end", end)
r = token.check_validity_period()
self.assertTrue(r)
def test_11_old_validity_time(self):
old_time_1 = "11/04/17 22:00" # April 4th
old_time_2 = "24/04/17 22:00" # April 24th
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("validity_period_start", old_time_1)
token.add_tokeninfo("validity_period_end", old_time_2)
info = token.get_tokeninfo()
self.assertEqual(info.get("validity_period_start"), old_time_1)
self.assertEqual(info.get("validity_period_end"), old_time_2)
e = token.get_validity_period_end()
self.assertTrue(e.startswith("2017-04-24T22:00"), e)
s = token.get_validity_period_start()
self.assertTrue(s.startswith("2017-04-11T22:00"), s)
def test_40_failcounter_exceeded(self):
from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED,
FAILCOUNTER_CLEAR_TIMEOUT)
db_token = Token("failcounter", tokentype="spass")
db_token.save()
token_obj = TokenClass(db_token)
for i in range(0, 11):
token_obj.inc_failcount()
now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT)
# Now the FAILCOUNTER_EXCEEDED is set
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
# We only compare the date
self.assertEqual(ti[:10], now[:10])
# and the timezone
self.assertEqual(ti[-5:], now[-5:])
# reset the failcounter
token_obj.reset()
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
self.assertEqual(ti, None)
# Now check with failcounter clear, with timeout 5 minutes
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5)
token_obj.set_failcount(10)
failed_recently = (datetime.datetime.now(tzlocal()) -
datetime.timedelta(minutes=3)).strftime(DATE_FORMAT)
token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently)
r = token_obj.check_failcount()
# the fail is only 3 minutes ago, so we will not reset and check will
# be false
self.assertFalse(r)
# Set the timeout to a shorter value
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2)
r = token_obj.check_failcount()
# The fail is longer ago.
self.assertTrue(r)
# The tokeninfo of this token is deleted and the failcounter is 0
self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None)
self.assertEqual(token_obj.get_failcount(), 0)
token_obj.delete_token()
def test_40_failcounter_exceeded(self):
from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED,
FAILCOUNTER_CLEAR_TIMEOUT)
db_token = Token("failcounter", tokentype="spass")
db_token.save()
token_obj = TokenClass(db_token)
for i in range(0, 11):
token_obj.inc_failcount()
now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT)
# Now the FAILCOUNTER_EXCEEDED is set
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
# We only compare the date
self.assertEqual(ti[:10], now[:10])
# and the timezone
self.assertEqual(ti[-5:], now[-5:])
# reset the failcounter
token_obj.reset()
ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED)
self.assertEqual(ti, None)
# Now check with failcounter clear, with timeout 5 minutes
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5)
token_obj.set_failcount(10)
failed_recently = (datetime.datetime.now(tzlocal()) -
datetime.timedelta(minutes=3)).strftime(DATE_FORMAT)
token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently)
r = token_obj.check_failcount()
# the fail is only 3 minutes ago, so we will not reset and check will
# be false
self.assertFalse(r)
# Set the timeout to a shorter value
set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2)
r = token_obj.check_failcount()
# The fail is longer ago.
self.assertTrue(r)
# The tokeninfo of this token is deleted and the failcounter is 0
self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None)
self.assertEqual(token_obj.get_failcount(), 0)
token_obj.delete_token()
def test_38_last_auth(self):
db_token = Token("lastauth001", tokentype="spass", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
tdelta = datetime.timedelta(days=1)
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.now(tzlocal())-tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
self.assertTrue(r)
# Old time format
# lastauth_alt = datetime.datetime.utcnow().isoformat()
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.utcnow() - tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
token_obj.delete_token()
def test_38_last_auth(self):
db_token = Token("lastauth001", tokentype="spass", userid=1000)
db_token.save()
token_obj = TokenClass(db_token)
tdelta = datetime.timedelta(days=1)
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.now(tzlocal())-tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
self.assertTrue(r)
# Old time format
# lastauth_alt = datetime.datetime.utcnow().isoformat()
token_obj.add_tokeninfo(ACTION.LASTAUTH,
datetime.datetime.utcnow() - tdelta)
r = token_obj.check_last_auth_newer("10h")
self.assertFalse(r)
r = token_obj.check_last_auth_newer("2d")
token_obj.delete_token()
def test_35_next_pin_change(self):
ndate = (datetime.datetime.now(tzlocal()) + datetime.timedelta(12)).strftime(
DATE_FORMAT)
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.set_next_pin_change("12d")
r = token.get_tokeninfo("next_pin_change")
self.assertEqual(r, ndate)
token.set_next_pin_change("12d", password=True)
r = token.get_tokeninfo("next_password_change")
self.assertEqual(r, ndate)
# The password must not be changed
r = token.is_pin_change(password=True)
self.assertEqual(r, False)
datestring = "03/04/01 10:00"
token.add_tokeninfo("next_pin_change", datestring)
r = token.is_pin_change()
self.assertTrue(r)
def test_35_next_pin_change(self):
ndate = (datetime.datetime.now(tzlocal()) + datetime.timedelta(12)).strftime(
DATE_FORMAT)
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.set_next_pin_change("12d")
r = token.get_tokeninfo("next_pin_change")
self.assertEqual(r, ndate)
token.set_next_pin_change("12d", password=True)
r = token.get_tokeninfo("next_password_change")
self.assertEqual(r, ndate)
# The password must not be changed
r = token.is_pin_change(password=True)
self.assertEqual(r, False)
datestring = "03/04/01 10:00"
token.add_tokeninfo("next_pin_change", datestring)
r = token.is_pin_change()
self.assertTrue(r)
def test_22_store_tokeninfo_longer_than_2000_byte(self):
data = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJy0rLoxqc8SsY8DVAFi" \
"jMsQyCvhBu4K40hdZOacXK4O6OgnacnSKN56MP6pzz2+4svzvDzwvkFsvf3" \
"4pbsgDF67PPSCsimmjEQjf0UfamBKh0cl181CbPYsph3UTBOCgHh3FFDXBd" \
"uPK4DQzEVQpmqe80h+lsvQ81qPYagbRW6fpd0uWn9H7a/qiLQZsiKLL07HGB" \
"+NwWue4os0r9s4qxeG76K6QM7nZKyC0KRAz7CjAf+0X7YzCOu2pzyxVdj/" \
"T+KArFcMmq8Vdz24mhcFFXTzU3wveas1A9rwamYWB+Spuohh/OrK3wDsrry" \
"StKQv7yofgnPMsTdaL7XxyQVPCmh2jVl5ro9BPIjTXsre9EUxZYFVr3EIECR" \
"DNWy3xEnUHk7Rzs734Rp6XxGSzcSLSju8/MBzUVe35iXfXDRcqTcoA0700pI" \
"b1ANYrPUO8Up05v4EjIyBeU61b4ilJ3PNcEVld6FHwP3Z7F068ef4DXEC/d" \
"7pibrp4Up61WYQIXV/utDt3NDg/Zf3iqoYcJNM/zIZx2j1kQQwqtnbGqxJM" \
"rL6LtClmeWteR4420uZxafLE9AtAL4nnMPuubC87L0wJ88un9teza/N02K" \
"JMHy01Yz3iJKt3Ou9eV6kqOei3kvLs5dXmriTHp6g9whtnN6/Liv9SzZPJ" \
"Ts8YfThi34Wccrw== NetKnights GmbH"
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("sshkey", data, value_type="password")
sshkey = token.get_tokeninfo("sshkey")
self.assertTrue(sshkey == data, sshkey)
def test_11_tokeninfo(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("key1", "value2")
info1 = token.get_tokeninfo()
self.assertTrue("key1" in info1, info1)
token.add_tokeninfo("key2", "value3")
info2 = token.get_tokeninfo()
self.assertTrue("key2" in info2, info2)
token.set_tokeninfo(info1)
info2 = token.get_tokeninfo()
self.assertTrue("key2" not in info2, info2)
self.assertTrue(token.get_tokeninfo("key1") == "value2",
info2)
# auth counter
token.set_count_auth_success_max(200)
token.set_count_auth_max(1000)
token.set_count_auth_success(100)
token.inc_count_auth_success()
token.set_count_auth(200)
token.inc_count_auth()
self.assertTrue(token.get_count_auth_success_max() == 200)
self.assertTrue(token.get_count_auth_success() == 101)
self.assertTrue(token.get_count_auth_max() == 1000)
self.assertTrue(token.get_count_auth() == 201)
self.assertTrue(token.check_auth_counter())
token.set_count_auth_max(10)
self.assertFalse(token.check_auth_counter())
token.set_count_auth_max(1000)
token.set_count_auth_success_max(10)
self.assertFalse(token.check_auth_counter())
# set the max counter to 0 means authentication is allowed
# 0 is unlimited
token.set_count_auth_max(0)
token.set_count_auth_success_max(0)
self.assertEqual(token.check_auth_counter(), True)
# handle validity end date
token.set_validity_period_end("30/12/14 16:00")
end = token.get_validity_period_end()
self.assertTrue(end == "30/12/14 16:00", end)
self.assertRaises(Exception,
token.set_validity_period_end, "wrong date")
# handle validity start date
token.set_validity_period_start("30/12/13 16:00")
start = token.get_validity_period_start()
self.assertTrue(start == "30/12/13 16:00", start)
self.assertRaises(Exception,
token.set_validity_period_start, "wrong date")
self.assertFalse(token.check_validity_period())
# THe token is valid till 2021, this should be enough!
token.set_validity_period_end("30/12/21 16:00")
self.assertTrue(token.check_validity_period())
token.set_validity_period_end("2015-05-22T22:00:00.000Z")
end = token.get_validity_period_end()
self.assertEqual(end, "22/05/15 22:00")
token.set_validity_period_start("2015-05-22T22:00:00.000Z")
start = token.get_validity_period_start()
self.assertEqual(start, "22/05/15 22:00")
# check validity period
# +5 days
end_date = datetime.datetime.now() + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 5 days
start_date = datetime.datetime.now() - datetime.timedelta(5)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertTrue(token.check_validity_period())
# check before start date
# +5 days
end_date = datetime.datetime.now() + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# + 2 days
start_date = datetime.datetime.now() + datetime.timedelta(2)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
# check after enddate
# -1 day
end_date = datetime.datetime.now() - datetime.timedelta(1)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 10 days
start_date = datetime.datetime.now() - datetime.timedelta(10)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
def test_11_tokeninfo(self):
db_token = Token.query.filter_by(serial=self.serial1).first()
token = TokenClass(db_token)
token.add_tokeninfo("key1", "value2")
info1 = token.get_tokeninfo()
self.assertTrue("key1" in info1, info1)
token.add_tokeninfo("key2", "value3")
info2 = token.get_tokeninfo()
self.assertTrue("key2" in info2, info2)
token.set_tokeninfo(info1)
info2 = token.get_tokeninfo()
self.assertTrue("key2" not in info2, info2)
self.assertTrue(token.get_tokeninfo("key1") == "value2", info2)
# auth counter
token.set_count_auth_success_max(200)
token.set_count_auth_max(1000)
token.set_count_auth_success(100)
token.inc_count_auth_success()
token.set_count_auth(200)
token.inc_count_auth()
self.assertTrue(token.get_count_auth_success_max() == 200)
self.assertTrue(token.get_count_auth_success() == 101)
self.assertTrue(token.get_count_auth_max() == 1000)
self.assertTrue(token.get_count_auth() == 201)
self.assertTrue(token.check_auth_counter())
token.set_count_auth_max(10)
self.assertFalse(token.check_auth_counter())
token.set_count_auth_max(1000)
token.set_count_auth_success_max(10)
self.assertFalse(token.check_auth_counter())
# set the max counter to 0 means authentication is allowed
# 0 is unlimited
token.set_count_auth_max(0)
token.set_count_auth_success_max(0)
self.assertEqual(token.check_auth_counter(), True)
# handle validity end date
token.set_validity_period_end("2014-12-30T16:00+0400")
end = token.get_validity_period_end()
self.assertTrue(end == "2014-12-30T16:00+0400", end)
self.assertRaises(TokenAdminError, token.set_validity_period_end,
"wrong date")
# handle validity start date
token.set_validity_period_start("2014-12-30T16:00+0400")
start = token.get_validity_period_start()
self.assertTrue(start == "2014-12-30T16:00+0400", start)
self.assertRaises(TokenAdminError, token.set_validity_period_start,
"wrong date")
self.assertFalse(token.check_validity_period())
# delete the validity period end by passing an empty string
token.set_validity_period_end('')
end = token.get_validity_period_end()
self.assertTrue(end == "", end)
self.assertTrue(token.check_validity_period())
# try the same for the validity period start
start_date_5d = datetime.datetime.now(
tzlocal()) + datetime.timedelta(5)
token.set_validity_period_start(start_date_5d.strftime(DATE_FORMAT))
self.assertFalse(token.check_validity_period())
token.set_validity_period_start('')
self.assertTrue(token.check_validity_period())
token.set_validity_period_end("2015-05-22T22:00:00.000Z")
end = token.get_validity_period_end()
self.assertEqual(end, "2015-05-22T22:00+0000")
token.set_validity_period_start("2015-05-22T22:00:00.000Z")
start = token.get_validity_period_start()
self.assertEqual(start, "2015-05-22T22:00+0000")
# check validity period
# +5 days
end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 5 days
start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(5)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertTrue(token.check_validity_period())
# check before start date
# +5 days
end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# + 2 days
start_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(2)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
# check after enddate
# -1 day
end_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(1)
end = end_date.strftime(DATE_FORMAT)
token.set_validity_period_end(end)
# - 10 days
start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(10)
start = start_date.strftime(DATE_FORMAT)
token.set_validity_period_start(start)
self.assertFalse(token.check_validity_period())
