Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update credential - rename and tests #424

Merged
merged 3 commits into from
Aug 17, 2023
Merged

Update credential - rename and tests #424

merged 3 commits into from
Aug 17, 2023

Conversation

szszszsz
Copy link
Member

@szszszsz szszszsz commented Aug 10, 2023
edited
Loading

This PR adds support for credential renaming, and tests for it.

Changes

  • credential renaming support in CLI
  • credential renaming support in API
  • tests for credential renaming support
  • test credential overwrite check during registration

Checklist

Make sure to run make check and make fix before creating a PR, otherwise the CI will fail.

  • tested with Python 3.11.3
  • signed commits
  • updated documentation (e.g. parameter description, inline doc, docs.nitrokey)
  • added labels

Test Environment and Execution

  • OS: Linux Fedora 38
  • device's model: USB/IP Sim Secrets App
  • device's firmware version: v0.12.0-6-gaeb0724a (current 65-update-credential HEAD)

Relevant Output Example

(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
Please provide PIN to show PIN-protected entries (if any), or press ENTER to skip
Please touch the device if it blinks
Current PIN (8 attempts left):
Please touch the device if it blinks
01. CRED ID     Hotp/Sha1
02. CRED ID2    Hotp/Sha1
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets
Command line tool to interact with Nitrokey devices 0.4.39
Usage: nitropy nk3 secrets [OPTIONS] COMMAND [ARGS]...

  Nitrokey Secrets App. Manage OTP and Password Safe secrets on the device.
  Use NITROPY_SECRETS_PASSWORD to pass password for the scripted execution.

Options:
  --help  Show this message and exit.

Commands:
  add-challenge-response  Register Challenge-Response Credential.
  add-otp (register)      Register OTP Credential.
  add-password            Register Password Safe Credential.
  get-otp (get)           Generate OTP code from registered credential.
  get-password            Get Password Safe Entry
  list                    List registered OTP credentials.
  remove                  Remove OTP credential.
  reset                   Remove all OTP credentials from the device.
  set-pin                 Set or change the PIN used to authenticate to...
  status                  Show application status
  verify                  Proceed with the incoming OTP code verification...
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
Please provide PIN to show PIN-protected entries (if any), or press ENTER to skip
Please touch the device if it blinks
Current PIN (8 attempts left):
No PIN provided
01. CRED ID     Hotp/Sha1
02. CRED ID2    Hotp/Sha1
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets rename "CRED ID" "blazejewo"
Command line tool to interact with Nitrokey devices 0.4.39
Please touch the device if it blinks
Done
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
Please provide PIN to show PIN-protected entries (if any), or press ENTER to skip
Please touch the device if it blinks
Current PIN (8 attempts left):
No PIN provided
01. CRED ID2    Hotp/Sha1
02. blazejewo   Hotp/Sha1
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets rename "blazejewo" "CRED ID2"
Command line tool to interact with Nitrokey devices 0.4.39
Please touch the device if it blinks
Critical error:
An unhandled exception occurred
        Exception encountered: SecretsAppException(code=6983/OperationBlocked)

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/nitropy.log.j95o3l0q' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

Connected

@szszszsz szszszsz added enhancement New feature or request device/Nitrokey 3 application:secrets Secrets app: OTP and Password Safe labels Aug 10, 2023
@szszszsz szszszsz force-pushed the 402-update-credential branch from 8f83cf1 to 2fcf1df Compare August 10, 2023 12:12
@szszszsz szszszsz mentioned this pull request Aug 12, 2023
Merged
4 tasks
sosthene-nitrokey
sosthene-nitrokey requested changes Aug 14, 2023
View reviewed changes
Copy link
Contributor

@sosthene-nitrokey sosthene-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this should also test that renaming a protected credential without authenticating fails.

@robin-nitrokey
Copy link
Member

Does it even make sense to add rename support if we plan to drop the command again in Nitrokey/trussed-secrets-app#99?

@szszszsz
Copy link
Member Author

Does it even make sense to add rename support if we plan to drop the command again in Nitrokey/trussed-secrets-app#99?

#425 builds upon this one. Most of this PR's content is reused.
I can of course squash these, but it feels like a busy work for such a small change.

@szszszsz szszszsz merged commit 91c9953 into master Aug 17, 2023
@szszszsz szszszsz deleted the 402-update-credential branch August 17, 2023 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey approved these changes

@sosthene-nitrokey sosthene-nitrokey sosthene-nitrokey approved these changes

@daringer daringer Awaiting requested review from daringer

Assignees
No one assigned
Labels
application:secrets Secrets app: OTP and Password Safe device/Nitrokey 3 enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@szszszsz @robin-nitrokey @sosthene-nitrokey