rudimentary support for totp 2fa

[squeep-authentication-module] / test / lib / authenticator.js

diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js
index 6cac48faabc9b73fba373739777ac7fe8daa7751..75761689556c9adda18a7773901037c34bb2b71b 100644 (file)
--- a/test/lib/authenticator.js
+++ b/test/lib/authenticator.js
@@ -6,7 +6,6 @@ const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-requi
 const Authenticator = require('../../lib/authenticator');
 const stubLogger = require('../stub-logger');
 const stubDb = require('../stub-db');
-const Errors = require('../../lib/errors');
 const Enum = require('../../lib/enum');
 const Config = require('../stub-config');
 
@@ -267,6 +266,40 @@ describe('Authenticator', function () {
     });
   }); // isValidCookieAuth
 
+  describe('checkOTP', function () {
+    let state, otp;
+    this.beforeEach(function () {
+      sinon.stub(authenticator.TOTP.prototype, 'validate').returns(true);
+      state = {
+        key: Buffer.from('12345678901234567890'),
+        attempt: 0,
+        epochMs: Date.now(),
+      };
+      otp = '000000';
+    });
+    it('covers valid OTP entry', function () {
+      const result = authenticator.checkOTP(state, otp);
+      assert.strictEqual(result, Enum.OTPResult.Valid);
+    });
+    it('covers invalid OTP entry', function () {
+      authenticator.TOTP.prototype.validate.returns(false);
+      const result = authenticator.checkOTP(state, otp);
+      assert.strictEqual(result, Enum.OTPResult.InvalidSoftFail);
+    });
+    it('covers invalid OTP entry, too many failures', function () {
+      state.attempt = 10;
+      authenticator.TOTP.prototype.validate.returns(false);
+      const result = authenticator.checkOTP(state, otp);
+      assert.strictEqual(result, Enum.OTPResult.InvalidHardFail);
+    });
+    it('covers invalid OTP entry', function () {
+      state.epochMs = 0;
+      authenticator.TOTP.prototype.validate.returns(false);
+      const result = authenticator.checkOTP(state, otp);
+      assert.strictEqual(result, Enum.OTPResult.InvalidHardFail);
+    });
+  }); // checkOTP
+
   describe('sessionCheck', function () {
     let cookie, req, res, loginPath, required, profilesAllowed;
     beforeEach(function () {