feat(totp): algorithm and digits config (#2634)

Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226.
author: James Elliott <james-d-elliott@users.noreply.github.com> 2021-12-01 23:11:29 +1100
committer: GitHub <noreply@github.com> 2021-12-01 23:11:29 +1100
commit: ad8e844af648650be2de59d846ef74d5756d2ae3 (patch)
tree: 5c2faeb14a010b5cb3957785a4c237a770215691 /internal/handlers/handler_configuration_test.go
parent: 01b77384f965fb2172bbf7c5ac00d086e437efa1 (diff)
1 files changed, 5 insertions, 33 deletions
diff --git a/internal/handlers/handler_configuration_test.go b/internal/handlers/handler_configuration_test.go
index 24978f233..ab69e87fd 100644
--- a/internal/handlers/handler_configuration_test.go
+++ b/internal/handlers/handler_configuration_test.go
@@ -29,15 +29,9 @@ func (s *SecondFactorAvailableMethodsFixture) TearDownTest() {
 }
 
 func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethods() {
-	s.mock.Ctx.Configuration = schema.Configuration{
-		TOTP: &schema.TOTPConfiguration{
-			Period: schema.DefaultTOTPConfiguration.Period,
-		},
-	}
-	expectedBody := ConfigurationBody{
+	expectedBody := configurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
 		SecondFactorEnabled: false,
-		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
 	}
 
 	ConfigurationGet(s.mock.Ctx)
@@ -47,14 +41,10 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethods() {
 func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethodsAndMobilePush() {
 	s.mock.Ctx.Configuration = schema.Configuration{
 		DuoAPI: &schema.DuoAPIConfiguration{},
-		TOTP: &schema.TOTPConfiguration{
-			Period: schema.DefaultTOTPConfiguration.Period,
-		},
 	}
-	expectedBody := ConfigurationBody{
+	expectedBody := configurationBody{
 		AvailableMethods:    []string{"totp", "u2f", "mobile_push"},
 		SecondFactorEnabled: false,
-		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
 	}
 
 	ConfigurationGet(s.mock.Ctx)
@@ -62,11 +52,6 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldServeDefaultMethodsAndMo
 }
 
 func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisabledWhenNoRuleIsSetToTwoFactor() {
-	s.mock.Ctx.Configuration = schema.Configuration{
-		TOTP: &schema.TOTPConfiguration{
-			Period: schema.DefaultTOTPConfiguration.Period,
-		},
-	}
 	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(
 		&schema.Configuration{
 			AccessControl: schema.AccessControlConfiguration{
@@ -87,19 +72,13 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsDisab
 				},
 			}})
 	ConfigurationGet(s.mock.Ctx)
-	s.mock.Assert200OK(s.T(), ConfigurationBody{
+	s.mock.Assert200OK(s.T(), configurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
 		SecondFactorEnabled: false,
-		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
 	})
 }
 
 func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenDefaultPolicySetToTwoFactor() {
-	s.mock.Ctx.Configuration = schema.Configuration{
-		TOTP: &schema.TOTPConfiguration{
-			Period: schema.DefaultTOTPConfiguration.Period,
-		},
-	}
 	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(&schema.Configuration{
 		AccessControl: schema.AccessControlConfiguration{
 			DefaultPolicy: "two_factor",
@@ -119,19 +98,13 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabl
 			},
 		}})
 	ConfigurationGet(s.mock.Ctx)
-	s.mock.Assert200OK(s.T(), ConfigurationBody{
+	s.mock.Assert200OK(s.T(), configurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
 		SecondFactorEnabled: true,
-		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
 	})
 }
 
 func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabledWhenSomePolicySetToTwoFactor() {
-	s.mock.Ctx.Configuration = schema.Configuration{
-		TOTP: &schema.TOTPConfiguration{
-			Period: schema.DefaultTOTPConfiguration.Period,
-		},
-	}
 	s.mock.Ctx.Providers.Authorizer = authorization.NewAuthorizer(
 		&schema.Configuration{
 			AccessControl: schema.AccessControlConfiguration{
@@ -152,10 +125,9 @@ func (s *SecondFactorAvailableMethodsFixture) TestShouldCheckSecondFactorIsEnabl
 				},
 			}})
 	ConfigurationGet(s.mock.Ctx)
-	s.mock.Assert200OK(s.T(), ConfigurationBody{
+	s.mock.Assert200OK(s.T(), configurationBody{
 		AvailableMethods:    []string{"totp", "u2f"},
 		SecondFactorEnabled: true,
-		TOTPPeriod:          schema.DefaultTOTPConfiguration.Period,
 	})
 }
author	James Elliott <james-d-elliott@users.noreply.github.com>	2021-12-01 23:11:29 +1100
committer	GitHub <noreply@github.com>	2021-12-01 23:11:29 +1100
commit	ad8e844af648650be2de59d846ef74d5756d2ae3 (patch)
tree	5c2faeb14a010b5cb3957785a4c237a770215691 /internal/handlers/handler_configuration_test.go
parent	01b77384f965fb2172bbf7c5ac00d086e437efa1 (diff)