vendor/github.com/dgryski/dgoogauth/googauth_test.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251

package dgoogauth

import (
	"strconv"
	"testing"
	"time"
)

// Test vectors via:
// http://code.google.com/p/google-authenticator/source/browse/libpam/pam_google_authenticator_unittest.c
// https://google-authenticator.googlecode.com/hg/libpam/totp.html

var codeTests = []struct {
	secret string
	value  int64
	code   int
}{
	{"2SH3V3GDW7ZNMGYE", 1, 293240},
	{"2SH3V3GDW7ZNMGYE", 5, 932068},
	{"2SH3V3GDW7ZNMGYE", 10000, 50548},
}

func TestCode(t *testing.T) {

	for _, v := range codeTests {
		c := ComputeCode(v.secret, v.value)

		if c != v.code {
			t.Errorf("computeCode(%s, %d): got %d expected %d\n", v.secret, v.value, c, v.code)
		}

	}
}

func TestScratchCode(t *testing.T) {

	var cotp OTPConfig

	cotp.ScratchCodes = []int{11112222, 22223333}

	var scratchTests = []struct {
		code   int
		result bool
	}{
		{33334444, false},
		{11112222, true},
		{11112222, false},
		{22223333, true},
		{22223333, false},
		{33334444, false},
	}

	for _, s := range scratchTests {
		r := cotp.checkScratchCodes(s.code)
		if r != s.result {
			t.Errorf("scratchcode(%d) failed: got %t expected %t", s.code, r, s.result)
		}
	}
}

func TestHotpCode(t *testing.T) {

	var cotp OTPConfig

	// reuse our test values from above
	// perhaps create more?
	cotp.Secret = "2SH3V3GDW7ZNMGYE"
	cotp.HotpCounter = 1
	cotp.WindowSize = 3

	var counterCodes = []struct {
		code    int
		result  bool
		counter int
	}{
		{ /* 1 */ 293240, true, 2},   // increments on success
		{ /* 1 */ 293240, false, 3},  // and failure
		{ /* 5 */ 932068, true, 6},   // inside of window
		{ /* 10 */ 481725, false, 7}, // outside of window
		{ /* 10 */ 481725, false, 8}, // outside of window
		{ /* 10 */ 481725, true, 11}, // now inside of window
	}

	for i, s := range counterCodes {
		r := cotp.checkHotpCode(s.code)
		if r != s.result {
			t.Errorf("counterCode(%d) (step %d) failed: got %t expected %t", s.code, i, r, s.result)
		}
		if cotp.HotpCounter != s.counter {
			t.Errorf("hotpCounter incremented poorly: got %d expected %d", cotp.HotpCounter, s.counter)
		}
	}
}

func TestTotpCode(t *testing.T) {

	var cotp OTPConfig

	// reuse our test values from above
	cotp.Secret = "2SH3V3GDW7ZNMGYE"
	cotp.WindowSize = 5

	var windowTest = []struct {
		code   int
		t0     int
		result bool
	}{
		{50548, 9997, false},
		{50548, 9998, true},
		{50548, 9999, true},
		{50548, 10000, true},
		{50548, 10001, true},
		{50548, 10002, true},
		{50548, 10003, false},
	}

	for i, s := range windowTest {
		r := cotp.checkTotpCode(s.t0, s.code)
		if r != s.result {
			t.Errorf("counterCode(%d) (step %d) failed: got %t expected %t", s.code, i, r, s.result)
		}
	}

	cotp.DisallowReuse = make([]int, 0)
	var noreuseTest = []struct {
		code       int
		t0         int
		result     bool
		disallowed []int
	}{
		{50548 /* 10000 */, 9997, false, []int{}},
		{50548 /* 10000 */, 9998, true, []int{10000}},
		{50548 /* 10000 */, 9999, false, []int{10000}},
		{478726 /* 10001 */, 10001, true, []int{10000, 10001}},
		{646986 /* 10002 */, 10002, true, []int{10000, 10001, 10002}},
		{842639 /* 10003 */, 10003, true, []int{10001, 10002, 10003}},
	}

	for i, s := range noreuseTest {
		r := cotp.checkTotpCode(s.t0, s.code)
		if r != s.result {
			t.Errorf("timeCode(%d) (step %d) failed: got %t expected %t", s.code, i, r, s.result)
		}
		if len(cotp.DisallowReuse) != len(s.disallowed) {
			t.Errorf("timeCode(%d) (step %d) failed: disallowReuse len mismatch: got %d expected %d", s.code, i, len(cotp.DisallowReuse), len(s.disallowed))
		} else {
			same := true
			for j := range s.disallowed {
				if s.disallowed[j] != cotp.DisallowReuse[j] {
					same = false
				}
			}
			if !same {
				t.Errorf("timeCode(%d) (step %d) failed: disallowReused: got %v expected %v", s.code, i, cotp.DisallowReuse, s.disallowed)
			}
		}
	}
}

func TestAuthenticate(t *testing.T) {

	otpconf := &OTPConfig{
		Secret:       "2SH3V3GDW7ZNMGYE",
		WindowSize:   3,
		HotpCounter:  1,
		ScratchCodes: []int{11112222, 22223333},
	}

	type attempt struct {
		code   string
		result bool
	}

	var attempts = []attempt{
		{"foobar", false},          // not digits
		{"1fooba", false},          // not valid number
		{"1111111", false},         // bad length
		{ /* 1 */ "293240", true},  // hopt increments on success
		{ /* 1 */ "293240", false}, // hopt failure
		{"33334444", false},        // scratch
		{"11112222", true},
		{"11112222", false},
	}

	for _, a := range attempts {
		r, _ := otpconf.Authenticate(a.code)
		if r != a.result {
			t.Errorf("bad result from code=%s: got %t expected %t\n", a.code, r, a.result)
		}
	}

	// let's check some time-based codes
	otpconf.HotpCounter = 0
	// I haven't mocked the clock, so we'll just compute one
	var t0 int64
	if otpconf.UTC {
		t0 = int64(time.Now().UTC().Unix() / 30)
	} else {
		t0 = int64(time.Now().Unix() / 30)
	}
	c := ComputeCode(otpconf.Secret, t0)

	invalid := c + 1
	attempts = []attempt{
		{strconv.Itoa(invalid), false},
		{strconv.Itoa(c), true},
	}

	for _, a := range attempts {
		r, _ := otpconf.Authenticate(a.code)
		if r != a.result {
			t.Errorf("bad result from code=%s: got %t expected %t\n", a.code, r, a.result)
		}

		otpconf.UTC = true
		r, _ = otpconf.Authenticate(a.code)
		if r != a.result {
			t.Errorf("bad result from code=%s: got %t expected %t\n", a.code, r, a.result)
		}
		otpconf.UTC = false
	}

}

func TestProvisionURI(t *testing.T) {
	otpconf := OTPConfig{
		Secret: "x",
	}

	cases := []struct {
		user, iss string
		hotp      bool
		out       string
	}{
		{"test", "", false, "otpauth://totp/test?secret=x"},
		{"test", "", true, "otpauth://hotp/test?counter=1&secret=x"},
		{"test", "Company", true, "otpauth://hotp/Company:test?counter=1&issuer=Company&secret=x"},
		{"test", "Company", false, "otpauth://totp/Company:test?issuer=Company&secret=x"},
	}

	for i, c := range cases {
		otpconf.HotpCounter = 0
		if c.hotp {
			otpconf.HotpCounter = 1
		}
		got := otpconf.ProvisionURIWithIssuer(c.user, c.iss)
		if got != c.out {
			t.Errorf("%d: want %q, got %q", i, c.out, got)
		}
	}
}