django-mfa3 icon indicating copy to clipboard operation
django-mfa3 copied to clipboard

Published 20 hours ago verified publisher icon xi

Better test concept

Open xi opened this issue 3 years ago • 2 comments

Currently there are no tests for this library. This is because it is complicated:

  • I want to test the glue code, not the pieces that are glued together.
  • FIDO2 keys are hardware device with a physical button which are intentionally hard to automate.
  • The most important issue is security, which typically manifests in non-obvious request patterns.

Integration tests for TOTP would be relatively simple. But that would only address the first issue. The third issue could maybe be addressed by fuzzing. But overall I do not have a good idea yet.

xi avatar Jun 21 '21 07:06 xi