catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)
Main RocketGit repo
Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 v0.71 v0.72 v0.73 v0.77 v0.78 v0.79 v0.80 group1/branch1 group2/subgroup1/branch2 main master release

/tests/http_totp.php (2eb88aae8a0f33995bea485eda4f5cebc80960cb) (5527 bytes) (mode 100644) (type blob)

<?php
//
// Will test the login by TOTP
//

error_reporting(E_ALL | E_STRICT);
ini_set("track_errors", "On");

$INC = dirname(__FILE__) . "/../inc";
require_once(dirname(__FILE__) . "/config.php");
require_once($INC . "/init.inc.php");
require_once($INC . "/util.inc.php");
require_once("helpers.inc.php");
require_once("http.inc.php");

rg_log_set_file("http_totp.log");

$rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
$rg_no_db = TRUE;
require_once("common.php");

$_testns = 'http_totp';
$rg_cache_enable = TRUE;
$rg_cache_debug = TRUE;

$rg_user_max_len = 60;

prepare_http();

rg_test_create_user($db, $rg_ui);

// Add an totp token to this account
$key = 'ACHCBCCVQ7AK4RGM';

$r = rg_totp_enroll($db, $rg_ui['uid'], 'test', $key, '127.0.0.1', 't');
if ($r !== TRUE) {
	rg_log('cannot enroll!');
	exit(1);
}

// Now test the login without and with login_token
$lt = rg_totp_compute($key, time() / 30, 6);

// First we need to load the form so we can get the token
// We provide an old cookie to test if we generate a new pre-login one
rg_log('');
rg_log_enter('Loading login form...');
$r = do_req($test_url . "/op/login", $data, $headers);
if ($r === FALSE) {
	rg_log("Cannot load login form.");
	exit(1);
}
$good_token = $r['tokens']['login'];
rg_log_exit();


rg_log('');
rg_log_enter("Do the login without login token (must fail)...");
$data = array(
	"doit" => 1,
	"token" => $good_token,
	"user" => $rg_ui['username'],
	"pass" => $rg_ui['pass'],
	"login_token" => '',
	"lock_ip" => 0);
$headers = array();
$r = do_req($test_url . "/op/login", $data, $headers);
if ($r === FALSE) {
	rg_log_ml('r=' . print_r($r, TRUE));
	rg_log("Cannot login!");
	exit(1);
}
if (!strstr($r['body'], "invalid user")) {
	rg_log_ml('r=' . print_r($r, TRUE));
	rg_log("Seems we can login without token!");
	exit(1);
}
$good_token = $r['tokens']['login'];
rg_log_exit();


rg_log('');
rg_log_enter("Do the login (token=$good_token login_token=$lt) (must work)...");
$data = array(
	"doit" => 1,
	"token" => $good_token,
	"user" => $rg_ui['username'],
	"pass" => $rg_ui['pass'],
	"login_token" => $lt,
	"lock_ip" => 0);
$headers = array();
$r = do_req($test_url . "/op/login", $data, $headers);
if ($r === FALSE) {
	rg_log_ml('r=' . print_r($r, TRUE));
	rg_log("Cannot login!");
	exit(1);
}
if (strstr($r['body'], "invalid user")) {
	rg_log_ml('r=' . print_r($r, TRUE));
	rg_log("Login invalid!");
	exit(1);
}
rg_log_exit();


$r = totp_enroll($db);
if ($r['ok'] !== 1)
	exit(1);


rg_log('');
rg_log_enter('Testing the deletion of scratch codes');
$sc1 = rg_test_sc_generate($db, $rg_ui);
sleep(1); // to not have the same itime; TODO: we will add uids to scratch_codes table
$sc2 = rg_test_sc_generate($db, $rg_ui);
$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];
$res = rg_sql_query($db, $sql);
$list = array();
while (($row = rg_sql_fetch_array($res))) {
	$list[] = $row['itime'];
}
rg_sql_free_result($res);
rg_log_ml('list=' . print_r($list, TRUE));

$r = totp_scratch_delete($list);
if ($r['ok'] !== 1)
	exit(1);
$sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];
$res = rg_sql_query($db, $sql);
$rows = rg_sql_num_rows($res);
rg_sql_free_result($res);
if ($rows != 0) {
	rg_log("Cannot delete scratch codes - sql still returns data!");
	exit(1);
}
$key = 'user::' . $rg_ui['uid'] . '::login_tokens::sc';
rg_cache_core_unset($key); // else we will get data from local mem!
$r = rg_cache_get($key);
if (count($r) != 0) {
	rg_log_ml('cache: ' . print_r($r, TRUE));
	rg_log('Deleted scratch codes are still in cache!');
	exit(1);
}
rg_log_exit();


rg_log('');
rg_log_enter('Testing the deletion of a device');
$key = 'ACHCBCCVQ7AK4RGM';
$r = rg_totp_enroll($db, $rg_ui['uid'], 'test1', $key, 'A', 't');
if ($r !== TRUE) {
	rg_log('cannot enroll!');
	exit(1);
}
$key = 'ACHCBCCVQ7AK4RGX';
$r = rg_totp_enroll($db, $rg_ui['uid'], 'test2', $key, 'A', 't');
if ($r !== TRUE) {
	rg_log('cannot enroll!');
	exit(1);
}
rg_log('Getting ids from database...');
$sql = "SELECT id FROM login_tokens WHERE uid = " . $rg_ui['uid'];
$res = rg_sql_query($db, $sql);
$list = array();
while (($row = rg_sql_fetch_array($res))) {
	$list[] = $row['id'];
}
rg_sql_free_result($res);
if (count($list) < 2) {
	rg_log_ml('list: ' . print_r($list, TRUE));
	rg_log('I cannot find the enrollments in database!');
	exit(1);
}
rg_log('Loading list devices form...');
$data = array();
$r = do_req($test_url . "/op/settings/totp/list", $data, $headers);
if ($r === FALSE) {
	rg_log("Cannot load list devices form.");
	exit(1);
}
$good_token = $r['tokens']['login_tokens_list'];
$data = array( 'delete' => 1, 'token' => $good_token);
foreach ($list as $id)
	$data['delete_list[' . $id . ']'] = 'on';
$headers = array();
$r = do_req($test_url . "/op/settings/totp/list", $data, $headers);
if (!strstr($r['body'], 'success')) {
	rg_log("Cannot delete login tokens!");
	exit(1);
}
$sql = "SELECT DISTINCT id FROM login_tokens WHERE uid = " . $rg_ui['uid'];
$res = rg_sql_query($db, $sql);
$rows = rg_sql_num_rows($res);
rg_sql_free_result($res);
if ($rows != 0) {
	rg_log("Cannot delete device codes - sql still returns data!");
	exit(1);
}
$key = 'user::' . $rg_ui['uid'] . '::login_tokens::device';
rg_cache_core_unset($key); // else we will get data from local mem!
$r = rg_cache_get($key);
if (count($r) != 0) {
	rg_log_ml($key . ': ' . print_r($r, TRUE));
	rg_log('Deleted device codes are still in cache!');
	exit(1);
}
rg_log_exit();


rg_prof_log();
rg_log("OK!");
?>

Mode Type Size Ref File
100644 blob 9 f3c7a7c5da68804a1bdf391127ba34aed33c3cca .exclude
100644 blob 102 eaeb7d777062c60a55cdd4b5734902cdf6e1790c .gitignore
100644 blob 289 fabbff669e768c05d6cfab4d9aeb651bf623e174 AUTHORS
100644 blob 1132 dd65951315f3de6d52d52a82fca59889d1d95187 Certs.txt
100644 blob 1133 f2d3e450d46e4f55fd21d2b3b46fc4926a396738 History.txt
100644 blob 34520 dba13ed2ddf783ee8118c6a581dbf75305f816a3 LICENSE
100644 blob 3398 cf75b360b8a3e6ef86bc4a42648e353bd58c2a80 Makefile.in
100644 blob 5774 4a18249bf06d04d1e27d97623f12a7a2d51f83c0 README
100644 blob 134375 09a528c88d096c0fa432ccca534f1b00454e8345 TODO
100644 blob 1294 f22911eb777f0695fcf81ad686eac133eb11fcc4 TODO-plans
100644 blob 203 a2863c67c3da44126b61a15a6f09738c25e0fbe0 TODO.perf
100644 blob 1044 9bb3652b3937eb624dba0f2d8efff7ce6c0ce0e2 TODO.vm
040000 tree - 21928e906ad2907a55c2e81c2a8b0502b586b8a0 artwork
100644 blob 4707 0da219f933a61fe4d34eb59e1a3829e19e3d246e compare.csv
100755 blob 30 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 configure
040000 tree - 69114e8648f8e0e7173c76e30ca6bbfcece7df31 debian
040000 tree - e1f903261de934d6a656f07278d8c99446eaf9e9 docker
040000 tree - f67d3605efbd6422a8acdd953578991139266391 docs
100755 blob 16720 52405deef0d3708e7553022e1e9db73faa28d05c duilder
100644 blob 536 96c75f943c5bf93b54dbddf678e8a99d7ba4ff93 duilder.conf
040000 tree - 89c3888f4a2c2bae1b56615209de87aa009b1933 hooks
040000 tree - fdb1f06e5c25b5963bc0a3851efc13350e762616 inc
040000 tree - c070ac2ad296b44903e5e3495d81a905802a3d78 misc
100644 blob 3752 8b4e6c6aa563552bd7ec4f19633d5c35afebbf4e rocketgit.spec.in
040000 tree - d0119e3a198c8fd5fd0bcd825dcaf61c6a8da2a8 root
040000 tree - f5b93a8234710140b4030158ab991a8069a8c2e8 samples
040000 tree - 9c784f23ae0f15fae0c45fb69245d1aaef01a119 scripts
040000 tree - 7456b4c661715981201fc09aed79979bc28391de selinux
100755 blob 256 462ccd108c431f54e380cdac2329129875a318b5 spell_check.sh
040000 tree - cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7 techdocs
040000 tree - cd505f8547d44c9c0dc31dff236f61982d3ddc6c tests
040000 tree - 63f68e921ac8d6a62ea9c3d180e072c7c4725b7d tools
Hints:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main