Re: [privacyidea/privacyidea] fix check_max_active_token on enabling token (#2259)

From: notifications@github.com
Domain: IP info github.com
MX-server: IP info out-23.smtp.github.com
Size: 2788 Bytes
Create: 2020-07-02
Update: 2020-07-02
Score: 0
Safe: Yes

Outbound domains: github.com |

@cornelinux requested changes on this pull request.


In tests/test_api_lib_policy.py:

> @@ -370,9 +370,31 @@ def test_04a_check_max_active_token_user(self):
                         "type": "totp"}
         self.assertTrue(check_max_token_user(req))
 
+        # Now, we disable the token NEW001, so the user again has NO active token
+        enable_token("NEW001", enable=False)
+        # we enroll a new HOTP token, this would now succeed
+        init_token({"serial": "NEW002", "type": "hotp",
+                    "otpkey": "1234567890123456"},
+                   user=User(login="cornelius",
+                             realm=self.realm1))
+        tokenobject_list = get_tokens(user=User(login="cornelius",
+                                                realm=self.realm1))
+        self.assertTrue(len(tokenobject_list) == 2)
+        # now we enable the first hotp token again, which fails due to the policy

This is not a valid test for enabling the token.
Enabling the token is simply:

POST /token/enable
serial=<serial>

So there is no user object in the request. However, you have a user in lines 384 and 385. Your line 698 in lib/prepolicy.py will not be covered.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

Want to protect your real email from messages like this? Use TempM email and be more secure on the internet.