OTP import: support hash names with HMAC- prefix

Refactor convertHashName() method to accept hash names prefixed with HMAC- or any other prefix. Extending the method should be easier in future. Add tests proposed by Rob Crittenden to make sure we don't regress with expected behavior of convertHashName(). Fixes https://pagure.io/freeipa/issue/7146 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-09-14 17:31:57 +03:00
parent 93be966daf
commit 8661611d3e
2 changed files with 40 additions and 2 deletions
--- a/ipatests/test_ipaserver/test_otptoken_import.py
+++ b/ipatests/test_ipaserver/test_otptoken_import.py
@@ -22,6 +22,7 @@ import os
 import pytest

 from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError
+from ipaserver.install.ipa_otptoken_import import convertHashName

 basename = os.path.join(os.path.dirname(__file__), "data")

@@ -129,3 +130,21 @@ class test_otptoken_import(object):
                'ipatokenotpdigits': 8,
                'type': u'hotp',
            })]
+
+    def test_valid_tokens(self):
+        assert convertHashName('sha1') == u'sha1'
+        assert convertHashName('hmac-sha1') == u'sha1'
+        assert convertHashName('sha224') == u'sha224'
+        assert convertHashName('hmac-sha224') == u'sha224'
+        assert convertHashName('sha256') == u'sha256'
+        assert convertHashName('hmac-sha256') == u'sha256'
+        assert convertHashName('sha384') == u'sha384'
+        assert convertHashName('hmac-sha384') == u'sha384'
+        assert convertHashName('sha512') == u'sha512'
+        assert convertHashName('hmac-sha512') == u'sha512'
+
+    def test_invalid_tokens(self):
+        """The conversion defaults to sha1 on unknown hashing"""
+        assert convertHashName('something-sha256') == u'sha1'
+        assert convertHashName('') == u'sha1'
+        assert convertHashName(None) == u'sha1'