Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solution randomly not valid #10

Closed
nijel opened this issue Dec 18, 2024 · 1 comment
Closed

Solution randomly not valid #10

nijel opened this issue Dec 18, 2024 · 1 comment

Comments

@nijel
Copy link
Contributor

nijel commented Dec 18, 2024

While writing tests for altcha based form validation, I've noticed that the tests randomly fail.

This is code extracted from our testcase:

import base64
import json

from altcha import ChallengeOptions, create_challenge, solve_challenge, verify_solution


def test():
    secret = "x" * 16
    challenge_options = ChallengeOptions(
        hmac_key=secret,
        max_number=100,
    )
    challenge = create_challenge(challenge_options)
    solution = solve_challenge(
        challenge=challenge.challenge,
        salt=challenge.salt,
        algorithm=challenge.algorithm,
        max_number=challenge.maxnumber,
        start=0,
    )

    response = base64.b64encode(
        json.dumps(
            {
                "algorithm": challenge.algorithm,
                "challenge": challenge.challenge,
                "number": solution.number,
                "salt": challenge.salt,
                "signature": challenge.signature,
            }
        ).encode("utf-8")
    ).decode("utf-8")
    result = verify_solution(response, secret, check_expires=False)
    if not result[0]:
        raise ValueError("Invalid solution")


if __name__ == "__main__":
    for i in range(1000):
        test()

Is there something wrong in the tests? Why do we get randomly invalid solutions?
@nijel nijel mentioned this issue Dec 18, 2024
Closed
2 tasks
nijel added a commit to nijel/altcha-lib-py that referenced this issue Dec 19, 2024
@nijel
fix: avoid using 0 as a solution
c4953da 
This is a regression I've introduced in altcha-org#3.

Fixes altcha-org#10
@nijel nijel mentioned this issue Dec 19, 2024
Closed
nijel added a commit to nijel/altcha-lib-py that referenced this issue Dec 19, 2024
@nijel
fix: avoid using 0 as a solution
ae4ce3a 
This is a regression I've introduced in altcha-org#3.

Fixes altcha-org#10
ovx added a commit that referenced this issue Dec 21, 2024
@ovx
fix: create_challenge options.number [#10]
320b5de
@ovx
Copy link
Contributor

ovx commented Dec 21, 2024

Hi, this was a bug on this line in create_challenge, which generates a random one when options.number=0:

number = options.number or secrets.randbelow(max_number)

The number parameter is in the range of 0...max_number inclusive -> it must support zero as a valid solution. Also since secrets.randbelow generates number exclusive of the max_number, added +1 for the upper limit.

Fixes in version 0.1.7.

@ovx ovx closed this as completed Dec 21, 2024
nijel added a commit to WeblateOrg/weblate that referenced this issue Dec 22, 2024
@nijel
fix: update minimal altcha
4c9f32c 
We need a fix for altcha-org/altcha-lib-py#10.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: avoid using 0 as a solution nijel/altcha-lib-py
2 participants
@nijel @ovx