Пример #1
0
// 1. Check with match OTP code using HOTP/TOTP, verify the results
// 2. Check with not matched code using HOTP/TOTP, verify the results
func TestVerifyHotpCode(t *testing.T) {
	var exp string
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	secret, _ := json.Marshal(cr.Secret{Secret: secretCode})
	url := resourcePath + "/" + userName
	okUrlJ := cr.Url{Url: fmt.Sprintf("%v/%v", ServicePath, userName)}
	exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusCreated, string(secret), okUrlJ) // TODO fix it
	user, _ := otp.NewSimpleOtpUser([]byte(secretCode))

	for i := 0; i < 2; i++ {
		if i == 0 { // HOTP
			exp, _ = user.BaseHotp.AtCount(user.BaseHotp.Count)
			url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), UsersPath, userName, verifyHotpTypeParam)
		} else {
			exp, _ = user.BaseTotp.Now()
			url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserCodeCommand]), UsersPath, userName, verifyTotpTypeParam)
		}
		secret, _ = json.Marshal(cr.Secret{Secret: exp})
		exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret), cr.Match{Match: true, Message: cr.NoMessageStr})
		// The same code can't be used twice
		exeCommandCheckRes(t, cr.POST_STR, url, http.StatusOK, string(secret), cr.Match{Match: false, Message: cr.NoMessageStr})
	}
}
func GenerateUserData(el *EntityManager, usersName []string, secret []byte, salt []byte) {
	el.AddUser(usersName[0])
	amData, _ := am.NewUserAm(am.SuperUserPermission, secret, salt)
	el.AddPropertyToEntity(usersName[0], stc.AmPropertyName, amData)
	otpData, _ := otp.NewSimpleOtpUser(secret)
	el.AddPropertyToEntity(usersName[0], stc.OtpPropertyName, otpData)
	pwdData, _ := password.NewUserPwd(secret, salt)
	el.AddPropertyToEntity(usersName[0], stc.PwdPropertyName, pwdData)
	ocraData, _ := ocra.NewOcraUser([]byte("ABCD1234"), "OCRA-1:HOTP-SHA512-8:C-QH08-T1M-S064-PSHA256")
	el.AddPropertyToEntity(usersName[0], stc.OcraPropertyName, ocraData)

	el.AddUser(usersName[1])
	el.AddPropertyToEntity(usersName[1], stc.OtpPropertyName, otpData)
}
Пример #3
0
func (u otpRestful) restAddOtp(request *restful.Request, response *restful.Response) {
	var secret cr.Secret
	name := request.PathParameter(userIdParam)

	err := request.ReadEntity(&secret)
	if err != nil {
		u.setError(response, http.StatusBadRequest, err)
		return
	}
	data, err := otp.NewSimpleOtpUser([]byte(secret.Secret))
	if err != nil {
		u.setError(response, http.StatusBadRequest, err)
		return
	}
	u.st.UsersList.AddPropertyToEntity(name, stc.OtpPropertyName, data)
	response.WriteHeader(http.StatusCreated)
	response.WriteEntity(u.getUrlPath(request, name))
}
Пример #4
0
func Test_AddCheckRemoveOtpUserProperty(t *testing.T) {
	moduleData, _ := otp.NewSimpleOtpUser(secret)

	testAddCheckRemoveUserProperty(t, stc.OtpPropertyName, moduleData)
}