def test_99_delete_token(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.delete_token() db_token = Token.query.filter_by(serial=self.serial1).first() self.assertTrue(db_token is None, db_token)
def test_38_last_auth(self): db_token = Token("lastauth001", tokentype="spass", userid=1000) db_token.save() token_obj = TokenClass(db_token) tdelta = datetime.timedelta(days=1) token_obj.add_tokeninfo(ACTION.LASTAUTH, datetime.datetime.now(tzlocal()) - tdelta) r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) r = token_obj.check_last_auth_newer("2d") self.assertTrue(r) # Old time format # lastauth_alt = datetime.datetime.utcnow().isoformat() token_obj.add_tokeninfo(ACTION.LASTAUTH, datetime.datetime.utcnow() - tdelta) r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) r = token_obj.check_last_auth_newer("2d") self.assertTrue(r) # Test a fault last_auth entry does not computer to True token_obj.add_tokeninfo(ACTION.LASTAUTH, "faulty format") r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) token_obj.delete_token()
def test_39_generate_sym_key(self): db_token = Token("symkey", tokentype="no_matter", userid=1000) db_token.save() token_obj = TokenClass(db_token) key = token_obj.generate_symmetric_key("1234567890", "abc") self.assertEqual(key, "1234567abc") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "1234") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "12345") # Now run the init/update process # 1. step token_obj.update({"2stepinit": "1", "genkey": "1"}) self.assertEqual(db_token.rollout_state, "clientwait") self.assertEqual(db_token.active, False) serial = db_token.serial details = token_obj.init_details # 2. step client_component = "AAAAAA" token_obj.update({"serial": serial, "otpkey": client_component}) self.assertEqual(db_token.rollout_state, "") self.assertEqual(db_token.active, True) # Given a client component of K bytes, the base algorithm # simply replaces the last K bytes of the server component # with the client component. server_component = details.get("otpkey")[:-len(client_component)] expected_otpkey = server_component + client_component self.assertEqual(db_token.get_otpkey().getKey(), expected_otpkey) token_obj.delete_token()
def test_39_generate_sym_key(self): db_token = Token("symkey", tokentype="no_matter", userid=1000) db_token.save() token_obj = TokenClass(db_token) key = token_obj.generate_symmetric_key("1234567890", "abc") self.assertEqual(key, "1234567abc") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "1234") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "12345") # Now run the init/update process # 1. step token_obj.update({"2stepinit": "1", "genkey": "1" }) self.assertEqual(db_token.rollout_state, "clientwait") self.assertEqual(db_token.active, False) serial = db_token.serial details = token_obj.init_details server_component = details.get("otpkey") # 2. step client_component = "AAAAAA" token_obj.update({"serial": serial, "otpkey": client_component }) self.assertEqual(db_token.rollout_state, "") self.assertEqual(db_token.active, True) token_obj.delete_token()
def test_39_generate_sym_key(self): db_token = Token("symkey", tokentype="no_matter", userid=1000) db_token.save() token_obj = TokenClass(db_token) key = token_obj.generate_symmetric_key("1234567890", "abc") self.assertEqual(key, "1234567abc") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "1234") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "12345") # Now run the init/update process # 1. step token_obj.update({"2stepinit": "1", "genkey": "1" }) self.assertEqual(db_token.rollout_state, "clientwait") self.assertEqual(db_token.active, False) serial = db_token.serial details = token_obj.init_details server_component = details.get("otpkey") # 2. step client_component = "AAAAAA" token_obj.update({"serial": serial, "otpkey": client_component }) self.assertEqual(db_token.rollout_state, "") self.assertEqual(db_token.active, True) token_obj.delete_token()
def test_40_failcounter_exceeded(self): from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED, FAILCOUNTER_CLEAR_TIMEOUT) db_token = Token("failcounter", tokentype="spass") db_token.save() token_obj = TokenClass(db_token) for i in range(0, 11): token_obj.inc_failcount() now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT) # Now the FAILCOUNTER_EXCEEDED is set ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) # We only compare the date self.assertEqual(ti[:10], now[:10]) # and the timezone self.assertEqual(ti[-5:], now[-5:]) # reset the failcounter token_obj.reset() ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) self.assertEqual(ti, None) # Now check with failcounter clear, with timeout 5 minutes set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5) token_obj.set_failcount(10) failed_recently = (datetime.datetime.now(tzlocal()) - datetime.timedelta(minutes=3)).strftime(DATE_FORMAT) token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently) r = token_obj.check_failcount() # the fail is only 3 minutes ago, so we will not reset and check will # be false self.assertFalse(r) # Set the timeout to a shorter value set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2) r = token_obj.check_failcount() # The fail is longer ago. self.assertTrue(r) # The tokeninfo of this token is deleted and the failcounter is 0 self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None) self.assertEqual(token_obj.get_failcount(), 0) token_obj.delete_token()
def test_40_failcounter_exceeded(self): from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED, FAILCOUNTER_CLEAR_TIMEOUT) db_token = Token("failcounter", tokentype="spass") db_token.save() token_obj = TokenClass(db_token) for i in range(0, 11): token_obj.inc_failcount() now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT) # Now the FAILCOUNTER_EXCEEDED is set ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) # We only compare the date self.assertEqual(ti[:10], now[:10]) # and the timezone self.assertEqual(ti[-5:], now[-5:]) # reset the failcounter token_obj.reset() ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) self.assertEqual(ti, None) # Now check with failcounter clear, with timeout 5 minutes set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5) token_obj.set_failcount(10) failed_recently = (datetime.datetime.now(tzlocal()) - datetime.timedelta(minutes=3)).strftime(DATE_FORMAT) token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently) r = token_obj.check_failcount() # the fail is only 3 minutes ago, so we will not reset and check will # be false self.assertFalse(r) # Set the timeout to a shorter value set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2) r = token_obj.check_failcount() # The fail is longer ago. self.assertTrue(r) # The tokeninfo of this token is deleted and the failcounter is 0 self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None) self.assertEqual(token_obj.get_failcount(), 0) token_obj.delete_token()
def test_38_last_auth(self): db_token = Token("lastauth001", tokentype="spass", userid=1000) db_token.save() token_obj = TokenClass(db_token) tdelta = datetime.timedelta(days=1) token_obj.add_tokeninfo(ACTION.LASTAUTH, datetime.datetime.now(tzlocal())-tdelta) r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) r = token_obj.check_last_auth_newer("2d") self.assertTrue(r) # Old time format # lastauth_alt = datetime.datetime.utcnow().isoformat() token_obj.add_tokeninfo(ACTION.LASTAUTH, datetime.datetime.utcnow() - tdelta) r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) r = token_obj.check_last_auth_newer("2d") token_obj.delete_token()
def test_39_generate_sym_key(self): db_token = Token("symkey", tokentype="no_matter", userid=1000) db_token.save() token_obj = TokenClass(db_token) key = token_obj.generate_symmetric_key("1234567890", "abc") self.assertEqual(key, "1234567abc") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "1234") self.assertRaises(Exception, token_obj.generate_symmetric_key, "1234", "12345") # Now run the init/update process # 1. step token_obj.update({"2stepinit": "1", "genkey": "1" }) self.assertEqual(db_token.rollout_state, "clientwait") self.assertEqual(db_token.active, False) serial = db_token.serial details = token_obj.init_details # 2. step client_component = "AAAAAA" token_obj.update({"serial": serial, "otpkey": client_component }) self.assertEqual(db_token.rollout_state, "") self.assertEqual(db_token.active, True) # Given a client component of K bytes, the base algorithm # simply replaces the last K bytes of the server component # with the client component. server_component = details.get("otpkey")[:-len(client_component)] expected_otpkey = server_component + client_component self.assertEqual(to_unicode(db_token.get_otpkey().getKey()), expected_otpkey) token_obj.delete_token()
def test_37_is_orphaned(self): resolver = "orphreso" realm = "orphrealm" rid = save_resolver({"resolver": resolver, "type": "passwdresolver", "fileName": PWFILE}) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(realm, [resolver]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) # Assign token to user "cornelius" "realm1", "resolver1" "uid=1000 db_token = Token("orphaned", tokentype="spass", userid=1000, resolver=resolver, realm=realm) db_token.save() token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertFalse(orph) # clean up token token_obj.delete_token() # Assign a token to a user in a resolver. user_id does not exist db_token = Token("orphaned", tokentype="spass", userid=872812, resolver=resolver, realm=realm) db_token.save() token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertTrue(orph) # clean up token token_obj.delete_token() # A token, which a resolver name, that does not exist anymore db_token = Token("orphaned", tokentype="spass", userid=1000, resolver=resolver, realm=realm) db_token.save() # delete the realm delete_realm(realm) # token is orphaned token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertTrue(orph) # delete the resolver delete_resolver(resolver) # token is orphaned token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertTrue(orph) # clean up token token_obj.delete_token()
def test_37_is_orphaned(self): resolver = "orphreso" realm = "orphrealm" rid = save_resolver({"resolver": resolver, "type": "passwdresolver", "fileName": PWFILE}) self.assertTrue(rid > 0, rid) (added, failed) = set_realm(realm, [resolver]) self.assertTrue(len(failed) == 0) self.assertTrue(len(added) == 1) # Assign token to user "cornelius" "realm1", "resolver1" "uid=1000 db_token = Token("orphaned", tokentype="spass", userid=1000, resolver=resolver, realm=realm) db_token.save() token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertFalse(orph) # clean up token token_obj.delete_token() # Assign a token to a user in a resolver. user_id does not exist db_token = Token("orphaned", tokentype="spass", userid=872812, resolver=resolver, realm=realm) db_token.save() token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertTrue(orph) # clean up token token_obj.delete_token() # A token, which a resolver name, that does not exist anymore db_token = Token("orphaned", tokentype="spass", userid=1000, resolver=resolver, realm=realm) db_token.save() # delete the realm delete_realm(realm) # token is orphaned token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertTrue(orph) # delete the resolver delete_resolver(resolver) # token is orphaned token_obj = TokenClass(db_token) orph = token_obj.is_orphaned() self.assertTrue(orph) # clean up token token_obj.delete_token()
def test_42_has_further_challenge(self): db_token = Token("furhterchallenge", tokentype="spass") db_token.save() token_obj = TokenClass(db_token) self.assertFalse(token_obj.has_further_challenge()) token_obj.delete_token()