def test_11_tokeninfo_encrypt(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("radius.secret", "topSecret", value_type="password") info1 = token.get_tokeninfo() self.assertTrue("radius.secret" in info1, info1) self.assertTrue("radius.secret.type" in info1, info1) # get_tokeninfo without parameters does not decrypt! self.assertTrue(info1.get("radius.secret") != "topSecret", info1.get("radius.secret")) # get_tokeninfo with parameter does decrypt! info = token.get_tokeninfo("radius.secret") self.assertTrue(info == "topSecret", info) # THe same with set_tokeninfo token.set_tokeninfo({"radius.secret": "otherSecret", "radius.secret.type": "password"}) info1 = token.get_tokeninfo() self.assertTrue("radius.secret" in info1, info1) self.assertTrue("radius.secret.type" in info1, info1) # get_tokeninfo without parameters does not decrypt! self.assertTrue(info1.get("radius.secret") != "otherSecret", info1.get("radius.secret")) # get_tokeninfo with parameter does decrypt! info = token.get_tokeninfo("radius.secret") self.assertTrue(info == "otherSecret", info)
def test_16_tokeninfo(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.set_tokeninfo({"something": "else"}) ti = token.get_tokeninfo() self.assertTrue("something" in ti, ti) token.add_tokeninfo("nochwas", "Wert") ti = token.get_tokeninfo() self.assertTrue("something" in ti, ti) self.assertTrue("nochwas" in ti, ti)
def test_11_tokeninfo_with_type(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("radius.secret", "secret", value_type="password") info1 = token.get_tokeninfo() self.assertTrue("radius.secret" in info1, info1) self.assertTrue("radius.secret.type" in info1, info1) info = token.get_tokeninfo("radius.secret") self.assertTrue(info == "secret")
def test_11_old_validity_time(self): old_time_1 = "11/04/17 22:00" # April 4th old_time_2 = "24/04/17 22:00" # April 24th db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("validity_period_start", old_time_1) token.add_tokeninfo("validity_period_end", old_time_2) info = token.get_tokeninfo() self.assertEqual(info.get("validity_period_start"), old_time_1) self.assertEqual(info.get("validity_period_end"), old_time_2) e = token.get_validity_period_end() self.assertTrue(e.startswith("2017-04-24T22:00"), e) s = token.get_validity_period_start() self.assertTrue(s.startswith("2017-04-11T22:00"), s) # old date format has problems with check_validity_date start_date = datetime.datetime.now() - datetime.timedelta(days=15) end_date = datetime.datetime.now() + datetime.timedelta(days=15) start = start_date.strftime("%d/%m/%Y") end = end_date.strftime("%d/%m/%Y") # Need to write the old format to the database token.add_tokeninfo("validity_period_start", start) token.add_tokeninfo("validity_period_end", end) r = token.check_validity_period() self.assertTrue(r)
def test_11_old_validity_time(self): old_time_1 = "11/04/17 22:00" # April 4th old_time_2 = "24/04/17 22:00" # April 24th db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("validity_period_start", old_time_1) token.add_tokeninfo("validity_period_end", old_time_2) info = token.get_tokeninfo() self.assertEqual(info.get("validity_period_start"), old_time_1) self.assertEqual(info.get("validity_period_end"), old_time_2) e = token.get_validity_period_end() self.assertTrue(e.startswith("2017-04-24T22:00"), e) s = token.get_validity_period_start() self.assertTrue(s.startswith("2017-04-11T22:00"), s)
def test_40_failcounter_exceeded(self): from privacyidea.lib.tokenclass import (FAILCOUNTER_EXCEEDED, FAILCOUNTER_CLEAR_TIMEOUT) db_token = Token("failcounter", tokentype="spass") db_token.save() token_obj = TokenClass(db_token) for i in range(0, 11): token_obj.inc_failcount() now = datetime.datetime.now(tzlocal()).strftime(DATE_FORMAT) # Now the FAILCOUNTER_EXCEEDED is set ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) # We only compare the date self.assertEqual(ti[:10], now[:10]) # and the timezone self.assertEqual(ti[-5:], now[-5:]) # reset the failcounter token_obj.reset() ti = token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED) self.assertEqual(ti, None) # Now check with failcounter clear, with timeout 5 minutes set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 5) token_obj.set_failcount(10) failed_recently = (datetime.datetime.now(tzlocal()) - datetime.timedelta(minutes=3)).strftime(DATE_FORMAT) token_obj.add_tokeninfo(FAILCOUNTER_EXCEEDED, failed_recently) r = token_obj.check_failcount() # the fail is only 3 minutes ago, so we will not reset and check will # be false self.assertFalse(r) # Set the timeout to a shorter value set_privacyidea_config(FAILCOUNTER_CLEAR_TIMEOUT, 2) r = token_obj.check_failcount() # The fail is longer ago. self.assertTrue(r) # The tokeninfo of this token is deleted and the failcounter is 0 self.assertEqual(token_obj.get_tokeninfo(FAILCOUNTER_EXCEEDED), None) self.assertEqual(token_obj.get_failcount(), 0) token_obj.delete_token()
def test_38_last_auth(self): db_token = Token("lastauth001", tokentype="spass", userid=1000) db_token.save() token_obj = TokenClass(db_token) tdelta = datetime.timedelta(days=1) token_obj.add_tokeninfo(ACTION.LASTAUTH, datetime.datetime.now(tzlocal())-tdelta) r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) r = token_obj.check_last_auth_newer("2d") self.assertTrue(r) # Old time format # lastauth_alt = datetime.datetime.utcnow().isoformat() token_obj.add_tokeninfo(ACTION.LASTAUTH, datetime.datetime.utcnow() - tdelta) r = token_obj.check_last_auth_newer("10h") self.assertFalse(r) r = token_obj.check_last_auth_newer("2d") token_obj.delete_token()
def test_35_next_pin_change(self): ndate = (datetime.datetime.now(tzlocal()) + datetime.timedelta(12)).strftime( DATE_FORMAT) db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.set_next_pin_change("12d") r = token.get_tokeninfo("next_pin_change") self.assertEqual(r, ndate) token.set_next_pin_change("12d", password=True) r = token.get_tokeninfo("next_password_change") self.assertEqual(r, ndate) # The password must not be changed r = token.is_pin_change(password=True) self.assertEqual(r, False) datestring = "03/04/01 10:00" token.add_tokeninfo("next_pin_change", datestring) r = token.is_pin_change() self.assertTrue(r)
def test_22_store_tokeninfo_longer_than_2000_byte(self): data = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJy0rLoxqc8SsY8DVAFi" \ "jMsQyCvhBu4K40hdZOacXK4O6OgnacnSKN56MP6pzz2+4svzvDzwvkFsvf3" \ "4pbsgDF67PPSCsimmjEQjf0UfamBKh0cl181CbPYsph3UTBOCgHh3FFDXBd" \ "uPK4DQzEVQpmqe80h+lsvQ81qPYagbRW6fpd0uWn9H7a/qiLQZsiKLL07HGB" \ "+NwWue4os0r9s4qxeG76K6QM7nZKyC0KRAz7CjAf+0X7YzCOu2pzyxVdj/" \ "T+KArFcMmq8Vdz24mhcFFXTzU3wveas1A9rwamYWB+Spuohh/OrK3wDsrry" \ "StKQv7yofgnPMsTdaL7XxyQVPCmh2jVl5ro9BPIjTXsre9EUxZYFVr3EIECR" \ "DNWy3xEnUHk7Rzs734Rp6XxGSzcSLSju8/MBzUVe35iXfXDRcqTcoA0700pI" \ "b1ANYrPUO8Up05v4EjIyBeU61b4ilJ3PNcEVld6FHwP3Z7F068ef4DXEC/d" \ "7pibrp4Up61WYQIXV/utDt3NDg/Zf3iqoYcJNM/zIZx2j1kQQwqtnbGqxJM" \ "rL6LtClmeWteR4420uZxafLE9AtAL4nnMPuubC87L0wJ88un9teza/N02K" \ "JMHy01Yz3iJKt3Ou9eV6kqOei3kvLs5dXmriTHp6g9whtnN6/Liv9SzZPJ" \ "Ts8YfThi34Wccrw== NetKnights GmbH" db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("sshkey", data, value_type="password") sshkey = token.get_tokeninfo("sshkey") self.assertTrue(sshkey == data, sshkey)
def test_11_tokeninfo(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("key1", "value2") info1 = token.get_tokeninfo() self.assertTrue("key1" in info1, info1) token.add_tokeninfo("key2", "value3") info2 = token.get_tokeninfo() self.assertTrue("key2" in info2, info2) token.set_tokeninfo(info1) info2 = token.get_tokeninfo() self.assertTrue("key2" not in info2, info2) self.assertTrue(token.get_tokeninfo("key1") == "value2", info2) # auth counter token.set_count_auth_success_max(200) token.set_count_auth_max(1000) token.set_count_auth_success(100) token.inc_count_auth_success() token.set_count_auth(200) token.inc_count_auth() self.assertTrue(token.get_count_auth_success_max() == 200) self.assertTrue(token.get_count_auth_success() == 101) self.assertTrue(token.get_count_auth_max() == 1000) self.assertTrue(token.get_count_auth() == 201) self.assertTrue(token.check_auth_counter()) token.set_count_auth_max(10) self.assertFalse(token.check_auth_counter()) token.set_count_auth_max(1000) token.set_count_auth_success_max(10) self.assertFalse(token.check_auth_counter()) # set the max counter to 0 means authentication is allowed # 0 is unlimited token.set_count_auth_max(0) token.set_count_auth_success_max(0) self.assertEqual(token.check_auth_counter(), True) # handle validity end date token.set_validity_period_end("30/12/14 16:00") end = token.get_validity_period_end() self.assertTrue(end == "30/12/14 16:00", end) self.assertRaises(Exception, token.set_validity_period_end, "wrong date") # handle validity start date token.set_validity_period_start("30/12/13 16:00") start = token.get_validity_period_start() self.assertTrue(start == "30/12/13 16:00", start) self.assertRaises(Exception, token.set_validity_period_start, "wrong date") self.assertFalse(token.check_validity_period()) # THe token is valid till 2021, this should be enough! token.set_validity_period_end("30/12/21 16:00") self.assertTrue(token.check_validity_period()) token.set_validity_period_end("2015-05-22T22:00:00.000Z") end = token.get_validity_period_end() self.assertEqual(end, "22/05/15 22:00") token.set_validity_period_start("2015-05-22T22:00:00.000Z") start = token.get_validity_period_start() self.assertEqual(start, "22/05/15 22:00") # check validity period # +5 days end_date = datetime.datetime.now() + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 5 days start_date = datetime.datetime.now() - datetime.timedelta(5) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertTrue(token.check_validity_period()) # check before start date # +5 days end_date = datetime.datetime.now() + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # + 2 days start_date = datetime.datetime.now() + datetime.timedelta(2) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period()) # check after enddate # -1 day end_date = datetime.datetime.now() - datetime.timedelta(1) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 10 days start_date = datetime.datetime.now() - datetime.timedelta(10) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period())
def test_11_tokeninfo(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = TokenClass(db_token) token.add_tokeninfo("key1", "value2") info1 = token.get_tokeninfo() self.assertTrue("key1" in info1, info1) token.add_tokeninfo("key2", "value3") info2 = token.get_tokeninfo() self.assertTrue("key2" in info2, info2) token.set_tokeninfo(info1) info2 = token.get_tokeninfo() self.assertTrue("key2" not in info2, info2) self.assertTrue(token.get_tokeninfo("key1") == "value2", info2) # auth counter token.set_count_auth_success_max(200) token.set_count_auth_max(1000) token.set_count_auth_success(100) token.inc_count_auth_success() token.set_count_auth(200) token.inc_count_auth() self.assertTrue(token.get_count_auth_success_max() == 200) self.assertTrue(token.get_count_auth_success() == 101) self.assertTrue(token.get_count_auth_max() == 1000) self.assertTrue(token.get_count_auth() == 201) self.assertTrue(token.check_auth_counter()) token.set_count_auth_max(10) self.assertFalse(token.check_auth_counter()) token.set_count_auth_max(1000) token.set_count_auth_success_max(10) self.assertFalse(token.check_auth_counter()) # set the max counter to 0 means authentication is allowed # 0 is unlimited token.set_count_auth_max(0) token.set_count_auth_success_max(0) self.assertEqual(token.check_auth_counter(), True) # handle validity end date token.set_validity_period_end("2014-12-30T16:00+0400") end = token.get_validity_period_end() self.assertTrue(end == "2014-12-30T16:00+0400", end) self.assertRaises(TokenAdminError, token.set_validity_period_end, "wrong date") # handle validity start date token.set_validity_period_start("2014-12-30T16:00+0400") start = token.get_validity_period_start() self.assertTrue(start == "2014-12-30T16:00+0400", start) self.assertRaises(TokenAdminError, token.set_validity_period_start, "wrong date") self.assertFalse(token.check_validity_period()) # delete the validity period end by passing an empty string token.set_validity_period_end('') end = token.get_validity_period_end() self.assertTrue(end == "", end) self.assertTrue(token.check_validity_period()) # try the same for the validity period start start_date_5d = datetime.datetime.now( tzlocal()) + datetime.timedelta(5) token.set_validity_period_start(start_date_5d.strftime(DATE_FORMAT)) self.assertFalse(token.check_validity_period()) token.set_validity_period_start('') self.assertTrue(token.check_validity_period()) token.set_validity_period_end("2015-05-22T22:00:00.000Z") end = token.get_validity_period_end() self.assertEqual(end, "2015-05-22T22:00+0000") token.set_validity_period_start("2015-05-22T22:00:00.000Z") start = token.get_validity_period_start() self.assertEqual(start, "2015-05-22T22:00+0000") # check validity period # +5 days end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 5 days start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(5) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertTrue(token.check_validity_period()) # check before start date # +5 days end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # + 2 days start_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(2) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period()) # check after enddate # -1 day end_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(1) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 10 days start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(10) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period())