github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/engine/nist_test.go (about)

     1  package engine
     2  
     3  import (
     4  	"github.com/keybase/clockwork"
     5  	"github.com/stretchr/testify/require"
     6  	"golang.org/x/net/context"
     7  	"testing"
     8  	"time"
     9  )
    10  
    11  func TestNIST(t *testing.T) {
    12  	tc := SetupEngineTest(t, "nist")
    13  	defer tc.Cleanup()
    14  	fu := CreateAndSignupFakeUser(tc, "nst")
    15  
    16  	fakeClock := clockwork.NewFakeClockAt(time.Now())
    17  	tc.G.SetClock(fakeClock)
    18  
    19  	// Need to set active devices
    20  	Logout(tc)
    21  
    22  	ctx := context.Background()
    23  
    24  	// If you're logged out, it's not an error to grab a NIST,
    25  	// you just won't get one back
    26  	nist, err := tc.G.ActiveDevice.NIST(ctx)
    27  	require.NoError(t, err)
    28  	require.Nil(t, nist)
    29  
    30  	fu.LoginOrBust(tc)
    31  
    32  	// First stab, generate the NIST, and make sure it's a long NIST
    33  	nist, err = tc.G.ActiveDevice.NIST(ctx)
    34  	require.NoError(t, err, "no nist error")
    35  	require.NotNil(t, nist, "nist came back")
    36  	require.False(t, nist.IsExpired(), "nist is not expired")
    37  	longTok := nist.Token().String()
    38  	require.True(t, len(longTok) > 60, "should be a long token")
    39  
    40  	// If we call into the same codepath again, make sure that we get
    41  	// the same NIST back out
    42  	nist, err = tc.G.ActiveDevice.NIST(ctx)
    43  	require.NoError(t, err, "no nist error")
    44  	longTok2 := nist.Token().String()
    45  	require.Equal(t, longTok, longTok2, "same token if done twice")
    46  
    47  	// Once we've "marked success" for the NIST, then we're OK to switch over
    48  	// to a "short NIST"
    49  	nist.MarkSuccess()
    50  	nist, err = tc.G.ActiveDevice.NIST(ctx)
    51  	require.NoError(t, err, "no nist error")
    52  	shortTok1 := nist.Token().String()
    53  	require.True(t, len(shortTok1) < 60, "should be a short token")
    54  	require.NotEqual(t, longTok2, shortTok1, "and yes, it's a different token")
    55  
    56  	// After 100 hours, it should be an expired token
    57  	fakeClock.Advance(100 * time.Hour)
    58  	require.True(t, nist.IsExpired(), "nist should be expired now")
    59  	nist, err = tc.G.ActiveDevice.NIST(ctx)
    60  	require.NoError(t, err, "no nist error")
    61  
    62  	// Easy to make a new token, but we have to make sure that it's
    63  	// a different one.
    64  	longTok3 := nist.Token().String()
    65  	require.True(t, len(longTok3) > 60, "should be a long token")
    66  	require.NotEqual(t, longTok, longTok3, "after expiration, should get a new token")
    67  
    68  	// As before, once it's successful, then, as above, we get a short NIST token.
    69  	nist.MarkSuccess()
    70  	nist, err = tc.G.ActiveDevice.NIST(ctx)
    71  	require.NoError(t, err, "no nist error")
    72  	shortTok2 := nist.Token().String()
    73  	require.True(t, len(shortTok2) < 60, "should be a short token")
    74  	require.NotEqual(t, shortTok1, shortTok2, "the short tok changed")
    75  }