search

Nitrokey / pynitrokey

Python client for Nitrokey devices
Apache License 2.0
93 stars 28 forks source link

Update credential - rename and tests #424

Closed szszszsz closed 10 months ago

szszszsz commented 11 months ago

This PR adds support for credential renaming, and tests for it.

Changes

Checklist

Make sure to run make check and make fix before creating a PR, otherwise the CI will fail.

Test Environment and Execution

Relevant Output Example

(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
Please provide PIN to show PIN-protected entries (if any), or press ENTER to skip
Please touch the device if it blinks
Current PIN (8 attempts left):
Please touch the device if it blinks
01. CRED ID     Hotp/Sha1
02. CRED ID2    Hotp/Sha1
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets
Command line tool to interact with Nitrokey devices 0.4.39
Usage: nitropy nk3 secrets [OPTIONS] COMMAND [ARGS]...

  Nitrokey Secrets App. Manage OTP and Password Safe secrets on the device.
  Use NITROPY_SECRETS_PASSWORD to pass password for the scripted execution.

Options:
  --help  Show this message and exit.

Commands:
  add-challenge-response  Register Challenge-Response Credential.
  add-otp (register)      Register OTP Credential.
  add-password            Register Password Safe Credential.
  get-otp (get)           Generate OTP code from registered credential.
  get-password            Get Password Safe Entry
  list                    List registered OTP credentials.
  remove                  Remove OTP credential.
  reset                   Remove all OTP credentials from the device.
  set-pin                 Set or change the PIN used to authenticate to...
  status                  Show application status
  verify                  Proceed with the incoming OTP code verification...
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
Please provide PIN to show PIN-protected entries (if any), or press ENTER to skip
Please touch the device if it blinks
Current PIN (8 attempts left):
No PIN provided
01. CRED ID     Hotp/Sha1
02. CRED ID2    Hotp/Sha1
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets rename "CRED ID" "blazejewo"
Command line tool to interact with Nitrokey devices 0.4.39
Please touch the device if it blinks
Done
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets list
Command line tool to interact with Nitrokey devices 0.4.39
Please provide PIN to show PIN-protected entries (if any), or press ENTER to skip
Please touch the device if it blinks
Current PIN (8 attempts left):
No PIN provided
01. CRED ID2    Hotp/Sha1
02. blazejewo   Hotp/Sha1
(venv) ~/w/pynitrokey (402-update-credential|✚4) $ nitropy nk3 secrets rename "blazejewo" "CRED ID2"
Command line tool to interact with Nitrokey devices 0.4.39
Please touch the device if it blinks
Critical error:
An unhandled exception occurred
        Exception encountered: SecretsAppException(code=6983/OperationBlocked)

--------------------------------------------------------------------------------
Critical error occurred, exiting now
Unexpected? Is this a bug? Would you like to get support/help?
- You can report issues at: https://support.nitrokey.com/
- Writing an e-mail to support@nitrokey.com is also possible
- Please attach the log: '/tmp/nitropy.log.j95o3l0q' with any support/help request!
- Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting

Connected

robin-nitrokey commented 10 months ago

Does it even make sense to add rename support if we plan to drop the command again in https://github.com/Nitrokey/trussed-secrets-app/pull/99?

szszszsz commented 10 months ago

Does it even make sense to add rename support if we plan to drop the command again in Nitrokey/trussed-secrets-app#99?

https://github.com/Nitrokey/pynitrokey/pull/425 builds upon this one. Most of this PR's content is reused. I can of course squash these, but it feels like a busy work for such a small change.