public/docs
1
0
Fork 0
mirror of https://github.com/sismics/docs.git synced 2025-12-16 11:15:07 +00:00
Code Issues Releases Wiki Activity

#84: TOTP key generation and validation code checking on login

Browse Source
This commit is contained in:
jendib
2016-03-22 23:08:49 +01:00
parent 5f84da61c8
commit fb0bb62eaf
11 changed files with 118 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
View File

@@ -1,5 +1,6 @@
package com.sismics.docs.rest;
import java.util.Date;
import java.util.Locale;
import javax.json.JsonArray;
@@ -13,6 +14,7 @@ import org.junit.Assert;
import org.junit.Test;
import com.sismics.util.filter.TokenBasedSecurityFilter;
import com.sismics.util.totp.GoogleAuthenticator;
/**
* Exhaustive test of the user resource.
@@ -299,5 +301,27 @@ public class TestUserResource extends BaseJerseyTest {
.post(Entity.form(new Form()), JsonObject.class);
String secret = json.getString("secret");
Assert.assertNotNull(secret);
// Try to login with totp1 without a validation code
Response response = target().path("/user/login").request()
.post(Entity.form(new Form()
.param("username", "totp1")
.param("password", "12345678")
.param("remember", "false")));
Assert.assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
json = response.readEntity(JsonObject.class);
Assert.assertEquals("ValidationCodeRequired", json.getString("type"));
// Generate a OTP
GoogleAuthenticator googleAuthenticator = new GoogleAuthenticator();
int validationCode = googleAuthenticator.calculateCode(secret, new Date().getTime() / 30000);
// Login with totp1 with a validation code
json = target().path("/user/login").request()
.post(Entity.form(new Form()
.param("username", "totp1")
.param("password", "12345678")
.param("code", Integer.toString(validationCode))
.param("remember", "false")), JsonObject.class);
}
}