summaryrefslogtreecommitdiff
path: root/unittest
diff options
context:
space:
mode:
Diffstat (limited to 'unittest')
-rw-r--r--unittest/conftest.py2
-rw-r--r--unittest/test_offline.cc10
-rw-r--r--unittest/test_pro.py49
3 files changed, 60 insertions, 1 deletions
diff --git a/unittest/conftest.py b/unittest/conftest.py
index 9af67ac..35cc714 100644
--- a/unittest/conftest.py
+++ b/unittest/conftest.py
@@ -86,7 +86,7 @@ def C(request=None):
assert nk_login != 0 # returns 0 if not connected or wrong model or 1 when connected
global device_type
firmware_version = C.NK_get_minor_firmware_version()
- model = 'P' if firmware_version in [7,8] else 'S'
+ model = 'P' if firmware_version < 20 else 'S'
device_type = (model, firmware_version)
print('Connected device: {} {}'.format(model, firmware_version))
diff --git a/unittest/test_offline.cc b/unittest/test_offline.cc
index e34eeb4..9d2f195 100644
--- a/unittest/test_offline.cc
+++ b/unittest/test_offline.cc
@@ -161,6 +161,16 @@ TEST_CASE("Test device commands ids", "[fast]") {
}
+#include "version.h"
+TEST_CASE("Test version getter", "[fast]") {
+ REQUIRE(nitrokey::get_major_library_version() >= 3u);
+ REQUIRE(nitrokey::get_minor_library_version() >= 3u);
+ const char *library_version = nitrokey::get_library_version();
+ REQUIRE(library_version != nullptr);
+ std::string s = library_version;
+ REQUIRE(s.length() >= 8);
+ REQUIRE(s.find("g") != std::string::npos);
+}
TEST_CASE("Connect should not return true after the second attempt", "[fast]") {
int result = 0;
diff --git a/unittest/test_pro.py b/unittest/test_pro.py
index 53588f6..fb936f8 100644
--- a/unittest/test_pro.py
+++ b/unittest/test_pro.py
@@ -577,6 +577,55 @@ def test_get_code_user_authorize(C):
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+@pytest.mark.otp
+def test_authorize_issue_admin(C):
+ skip_if_device_version_lower_than({'S': 43, 'P': 9})
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD
+ assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+
+@pytest.mark.otp
+def test_authorize_issue_user(C):
+ skip_if_device_version_lower_than({'S': 43, 'P': 9}) # issue fixed in Pro v0.9, Storage version chosen arbitrary
+
+ assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'',
+ DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ # enable PIN protection of OTP codes with write_config
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+ assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+ gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+ assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD
+ gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+
+ assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
+ gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP))
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
+ # disable PIN protection with write_config
+ assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ code = gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert code != b''
+ assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+
def cast_pointer_to_tuple(obj, typen, len):
# usage:
# config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5)