Open xi opened 3 years ago
Some tests were added in 7116e76. However, the conceptual issues remain.
I want to test the glue code, not the pieces that are glued together.'
Well… if that is unrealistic or not useful, integration tests are also a good way/thing to go, especially if they are easier to implement. In general, even if you have unit tests, integration tests and so on are still a good thing that may catch bugs when everything works together or just quickly finds common "breaks all" stuff… Here a JS example, but it applies more general of course - I could not quickly find anything better..
FIDO2 keys are hardware device with a physical button which are intentionally hard to automate.
And you can't have at least one last abstraction layer or so to mock away? Or so? Links to random stuff, I found online.
The most important issue is security, which typically manifests in non-obvious request patterns.
Sure, that's hard to test for, but wel… generally unit testing is a good first step.
Disclaimer: just random bubbleing, I have no idea of this project code-wise and I am no Python dev.
Currently there are no tests for this library. This is because it is complicated:
Integration tests for TOTP would be relatively simple. But that would only address the first issue. The third issue could maybe be addressed by fuzzing. But overall I do not have a good idea yet.