porchlight/tests/test_authn/test_sign_count.py

from porchlight.authn.routes import _is_sign_count_rollback


def test_increasing_counter_is_not_rollback() -> None:
    assert _is_sign_count_rollback(stored=5, presented=6) is False


def test_equal_counter_is_rollback() -> None:
    assert _is_sign_count_rollback(stored=5, presented=5) is True


def test_lower_counter_is_rollback() -> None:
    assert _is_sign_count_rollback(stored=5, presented=3) is True


def test_both_zero_sync_passkey_is_allowed() -> None:
    # Sync passkeys (and counter-less authenticators) always report 0.
    assert _is_sign_count_rollback(stored=0, presented=0) is False


def test_first_increment_from_zero_is_allowed() -> None:
    assert _is_sign_count_rollback(stored=0, presented=1) is False