fix: make TOTP replay protection test more robust
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 3m54s
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Run Tests / Backend Tests (push) Has started running

Ensure auth file is properly initialized before testing replay protection.
Add better error message to diagnose failures.
This commit is contained in:
Gan, Jimmy
2026-04-04 17:45:57 +08:00
parent 63f12d60c1
commit 7fb92ccebf
+11 -1
View File
@@ -245,11 +245,21 @@ class TestTOTP:
def test_verify_totp_replay_protection(self, mock_config, temp_auth_file, sample_totp_secret): def test_verify_totp_replay_protection(self, mock_config, temp_auth_file, sample_totp_secret):
"""Test that same TOTP code cannot be used twice.""" """Test that same TOTP code cannot be used twice."""
save_totp_secret(sample_totp_secret) save_totp_secret(sample_totp_secret)
# Ensure auth file is properly initialized with last_totp_ts
import json
with open(temp_auth_file, 'r') as f:
data = json.load(f)
data['last_totp_ts'] = 0
with open(temp_auth_file, 'w') as f:
json.dump(data, f)
totp = pyotp.TOTP(sample_totp_secret) totp = pyotp.TOTP(sample_totp_secret)
valid_code = totp.now() valid_code = totp.now()
# First use should succeed # First use should succeed
assert verify_totp(valid_code) result = verify_totp(valid_code)
assert result, f"First TOTP verification failed for code {valid_code}"
# Second use of same code should fail (replay protection) # Second use of same code should fail (replay protection)
assert not verify_totp(valid_code) assert not verify_totp(valid_code)