Better test concept

[xi]

Currently there are no tests for this library. This is because it is complicated:

• I want to test the glue code, not the pieces that are glued together.
• FIDO2 keys are hardware device with a physical button which are intentionally hard to automate.
• The most important issue is security, which typically manifests in non-obvious request patterns.

Integration tests for TOTP would be relatively simple. But that would only address the first issue. The third issue could maybe be addressed by fuzzing. But overall I do not have a good idea yet.

[xi]

Some tests were added in 7116e76. However, the conceptual issues remain.

[rugk]

I want to test the glue code, not the pieces that are glued together.'

Well… if that is unrealistic or not useful, integration tests are also a good way/thing to go, especially if they are easier to implement.
In general, even if you have unit tests, integration tests and so on are still a good thing that may catch bugs when everything works together or just quickly finds common "breaks all" stuff… Here a JS example, but it applies more general of course - I could not quickly find anything better..

FIDO2 keys are hardware device with a physical button which are intentionally hard to automate.

And you can't have at least one last abstraction layer or so to mock away? Or so? Links to random stuff, I found online.

The most important issue is security, which typically manifests in non-obvious request patterns.

Sure, that's hard to test for, but wel… generally unit testing is a good first step.

Disclaimer: just random bubbleing, I have no idea of this project code-wise and I am no Python dev.