From 98f0c8515c582dbb0536aaededbcf28904a888d6 Mon Sep 17 00:00:00 2001
From: Markus Meissner <coder@safemailbox.de>
Date: Tue, 19 Sep 2023 14:58:48 +0200
Subject: [PATCH] nk3 test/fido2: early exit if pin not set - fixes #411

---
 pynitrokey/cli/nk3/test.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pynitrokey/cli/nk3/test.py b/pynitrokey/cli/nk3/test.py
index f6b0bad3..9ad66b98 100644
--- a/pynitrokey/cli/nk3/test.py
+++ b/pynitrokey/cli/nk3/test.py
@@ -19,6 +19,7 @@
 
 from pynitrokey.cli.exceptions import CliException
 from pynitrokey.fido2 import device_path_to_str
+from pynitrokey.fido2.client import NKFido2Client
 from pynitrokey.helpers import local_print
 from pynitrokey.nk3.admin_app import AdminApp
 from pynitrokey.nk3.base import Nitrokey3Base
@@ -238,6 +239,13 @@ def test_fido2(ctx: TestContext, device: Nitrokey3Base) -> TestResult:
     if not isinstance(device, Nitrokey3Device):
         return TestResult(TestStatus.SKIPPED)
 
+    # drop out early, if pin is needed, but not provided
+    nk_client = NKFido2Client()
+    nk_client.find_device(device.device)
+
+    if nk_client.has_pin() and not ctx.pin:
+        return TestResult(TestStatus.FAILURE, "FIDO2 pin is set, but not provided")
+
     # Based on https://github.com/Yubico/python-fido2/blob/142587b3e698ca0e253c78d75758fda635cac51a/examples/credential.py
 
     from fido2.client import Fido2Client, PinRequiredError, UserInteraction