Skip to content

Commit

Permalink
fix: avoid using 0 as a solution
Browse files Browse the repository at this point in the history 
This is a regression I've introduced in #3.

Fixes #10
  • Loading branch information
@nijel
nijel committed Dec 19, 2024
1 parent c130c4c commit ae4ce3a
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 1 deletion.
2 changes: 1 addition & 1 deletion altcha/altcha.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ def create_challenge(options):
options.salt
or base64.b16encode(secrets.token_bytes(salt_length)).decode("utf-8").lower()
)
number = options.number or secrets.randbelow(max_number)
number = options.number or (secrets.randbelow(max_number - 1) + 1)

salt_params = {}
if "?" in salt:
Expand Down
29 changes: 29 additions & 0 deletions tests/test_altcha.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,35 @@ def test_hmac_hex(self):
).hexdigest()
self.assertEqual(result, expected)

def test_verify_random(self):
for _i in range(1000):
secret = "xxxxxxxxxx"
challenge_options = ChallengeOptions(
hmac_key=secret,
max_number=100,
)
challenge = create_challenge(challenge_options)
solution = solve_challenge(
challenge=challenge.challenge,
salt=challenge.salt,
algorithm=challenge.algorithm,
max_number=challenge.maxnumber,
start=0,
)
response = base64.b64encode(
json.dumps(
{
"algorithm": challenge.algorithm,
"challenge": challenge.challenge,
"number": solution.number,
"salt": challenge.salt,
"signature": challenge.signature,
}
).encode("utf-8")
).decode("utf-8")
result = verify_solution(response, secret, check_expires=False)
self.assertTrue(result[0])


if __name__ == "__main__":
unittest.main()

0 comments on commit ae4ce3a

Please sign in to comment.