Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TIQR token enhancements #1771

Merged
merged 1 commit into from Aug 9, 2019

Conversation

@basvandervlies
Copy link
Contributor

commented Aug 5, 2019

When we unlock the TIQR token with the App and use the wrong PIN/biometric code. Respond
back how many retries we have left before the token is locked/blocked

the TIQR app can not handle challenges bigger or equal then `2^31 = 2147483648. Check if the
value is bigger if yes adjust it.

Closes #1777

@codecov

This comment has been minimized.

Copy link

commented Aug 6, 2019

Codecov Report

Merging #1771 into master will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1771      +/-   ##
==========================================
+ Coverage   97.05%   97.05%   +<.01%     
==========================================
  Files         149      149              
  Lines       18105    18111       +6     
==========================================
+ Hits        17571    17577       +6     
  Misses        534      534
Impacted Files Coverage Δ
privacyidea/lib/tokens/tiqrtoken.py 98.74% <100%> (+0.04%) ⬆️
privacyidea/lib/tokens/ocra.py 100% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 553113d...a8c229c. Read the comment docs.

@cornelinux
Copy link
Member

left a comment

@fredreichbier Basically looks nice to me.

privacyidea/lib/tokens/tiqrtoken.py Outdated Show resolved Hide resolved
privacyidea/lib/tokens/tiqrtoken.py Outdated Show resolved Hide resolved

@cornelinux cornelinux requested a review from fredreichbier Aug 6, 2019

@basvandervlies

This comment has been minimized.

Copy link
Contributor Author

commented Aug 9, 2019

This check is wrong:

  def test_02_create_challenge(self):
        # test creation of hex challenge
        os = OCRASuite("OCRA-1:HOTP-SHA1-6:QH10-S128")
        c = os.create_challenge()
>       self.assertEqual(len(c), 20)
E       AssertionError: 10 != 20

We ask for length 10 and we get 20. It is QH challenge. The conversion from byte to hex is wrong 1 byte is 2 nibbles. See https://tools.ietf.org/html/rfc6287

o  "OCRA-1:HOTP-SHA1-4:QH8-S512" means version 1 of OCRA with HMAC-
      SHA1 function, truncated to a 4-digit value, using a random
      hexadecimal challenge up to 8 nibbles and a session value of 512
      bytes
privacyidea/lib/crypto.py Outdated Show resolved Hide resolved

@basvandervlies basvandervlies force-pushed the basvandervlies:tiqr_enhancements branch 3 times, most recently from 7440739 to 2cdd71a Aug 9, 2019

TIQR token enhancements
When we unlock the TIQR token with the App and use the wrong PIN/biometric code. Respond
back how many retries we have left before the token is locked/blocked

Fix hexadecimal challenge length for TiQR

Provide the service_displayname in the tiqrauth qrcode. Else we get
unknown identifier in the screen with please unroll first message

@basvandervlies basvandervlies force-pushed the basvandervlies:tiqr_enhancements branch from 2cdd71a to a8c229c Aug 9, 2019

@cornelinux cornelinux merged commit ab58bc7 into privacyidea:master Aug 9, 2019

3 checks passed

codecov/patch 100% of diff hit (target 97.05%)
Details
codecov/project 97.05% (+<.01%) compared to 553113d
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.