github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/engine/nist_test.go (about) 1 package engine 2 3 import ( 4 "github.com/keybase/clockwork" 5 "github.com/stretchr/testify/require" 6 "golang.org/x/net/context" 7 "testing" 8 "time" 9 ) 10 11 func TestNIST(t *testing.T) { 12 tc := SetupEngineTest(t, "nist") 13 defer tc.Cleanup() 14 fu := CreateAndSignupFakeUser(tc, "nst") 15 16 fakeClock := clockwork.NewFakeClockAt(time.Now()) 17 tc.G.SetClock(fakeClock) 18 19 // Need to set active devices 20 Logout(tc) 21 22 ctx := context.Background() 23 24 // If you're logged out, it's not an error to grab a NIST, 25 // you just won't get one back 26 nist, err := tc.G.ActiveDevice.NIST(ctx) 27 require.NoError(t, err) 28 require.Nil(t, nist) 29 30 fu.LoginOrBust(tc) 31 32 // First stab, generate the NIST, and make sure it's a long NIST 33 nist, err = tc.G.ActiveDevice.NIST(ctx) 34 require.NoError(t, err, "no nist error") 35 require.NotNil(t, nist, "nist came back") 36 require.False(t, nist.IsExpired(), "nist is not expired") 37 longTok := nist.Token().String() 38 require.True(t, len(longTok) > 60, "should be a long token") 39 40 // If we call into the same codepath again, make sure that we get 41 // the same NIST back out 42 nist, err = tc.G.ActiveDevice.NIST(ctx) 43 require.NoError(t, err, "no nist error") 44 longTok2 := nist.Token().String() 45 require.Equal(t, longTok, longTok2, "same token if done twice") 46 47 // Once we've "marked success" for the NIST, then we're OK to switch over 48 // to a "short NIST" 49 nist.MarkSuccess() 50 nist, err = tc.G.ActiveDevice.NIST(ctx) 51 require.NoError(t, err, "no nist error") 52 shortTok1 := nist.Token().String() 53 require.True(t, len(shortTok1) < 60, "should be a short token") 54 require.NotEqual(t, longTok2, shortTok1, "and yes, it's a different token") 55 56 // After 100 hours, it should be an expired token 57 fakeClock.Advance(100 * time.Hour) 58 require.True(t, nist.IsExpired(), "nist should be expired now") 59 nist, err = tc.G.ActiveDevice.NIST(ctx) 60 require.NoError(t, err, "no nist error") 61 62 // Easy to make a new token, but we have to make sure that it's 63 // a different one. 64 longTok3 := nist.Token().String() 65 require.True(t, len(longTok3) > 60, "should be a long token") 66 require.NotEqual(t, longTok, longTok3, "after expiration, should get a new token") 67 68 // As before, once it's successful, then, as above, we get a short NIST token. 69 nist.MarkSuccess() 70 nist, err = tc.G.ActiveDevice.NIST(ctx) 71 require.NoError(t, err, "no nist error") 72 shortTok2 := nist.Token().String() 73 require.True(t, len(shortTok2) < 60, "should be a short token") 74 require.NotEqual(t, shortTok1, shortTok2, "the short tok changed") 75 }