mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
Merge pull request #39 from gravitational/alex/ssh-agent
Now HOTP server checks 3 tokens ahead and syncs with client
This commit is contained in:
commit
d110d94ab4
|
@ -232,12 +232,19 @@ func (s *APISuite) TestPasswordCRUD(c *C) {
|
|||
c.Assert(s.clt.CheckPassword("user1", pass, token2), IsNil)
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token1), NotNil)
|
||||
|
||||
token3 := otp.OTP()
|
||||
token4 := otp.OTP()
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token4), NotNil)
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token3), IsNil)
|
||||
_ = otp.OTP()
|
||||
_ = otp.OTP()
|
||||
_ = otp.OTP()
|
||||
token6 := otp.OTP()
|
||||
token7 := otp.OTP()
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token7), NotNil)
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token6), IsNil)
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, "123456"), NotNil)
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token4), IsNil)
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token7), IsNil)
|
||||
|
||||
_ = otp.OTP()
|
||||
token9 := otp.OTP()
|
||||
c.Assert(s.clt.CheckPassword("user1", pass, token9), IsNil)
|
||||
}
|
||||
|
||||
func (s *APISuite) TestSessions(c *C) {
|
||||
|
|
|
@ -363,12 +363,20 @@ func (s *ServicesTestSuite) PasswordCRUD(c *C) {
|
|||
c.Assert(s.WebS.CheckPassword("user1", pass, token2), IsNil)
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token1), FitsTypeOf, &teleport.BadParameterError{})
|
||||
|
||||
token3 := otp.OTP()
|
||||
token4 := otp.OTP()
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token4), FitsTypeOf, &teleport.BadParameterError{})
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token3), IsNil)
|
||||
_ = otp.OTP()
|
||||
_ = otp.OTP()
|
||||
_ = otp.OTP()
|
||||
token6 := otp.OTP()
|
||||
token7 := otp.OTP()
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token7), FitsTypeOf, &teleport.BadParameterError{})
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token6), IsNil)
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, "123456"), FitsTypeOf, &teleport.BadParameterError{})
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token4), IsNil)
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token7), IsNil)
|
||||
|
||||
_ = otp.OTP()
|
||||
token9 := otp.OTP()
|
||||
c.Assert(s.WebS.CheckPassword("user1", pass, token9), IsNil)
|
||||
|
||||
}
|
||||
|
||||
func (s *ServicesTestSuite) PasswordGarbage(c *C) {
|
||||
|
|
|
@ -256,7 +256,7 @@ func (s *WebService) CheckPassword(user string, password []byte, hotpToken strin
|
|||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
if !otp.Check(hotpToken) {
|
||||
if !otp.Scan(hotpToken, 4) {
|
||||
return &teleport.BadParameterError{Err: "tokens do not match"}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue