mirror of
https://github.com/Monadical-SAS/reflector.git
synced 2026-03-21 22:56:47 +00:00
59 lines
1.6 KiB
Python
59 lines
1.6 KiB
Python
"""Tests for password hashing utilities."""
|
|
|
|
from reflector.auth.password_utils import hash_password, verify_password
|
|
|
|
|
|
def test_hash_and_verify():
|
|
pw = "my-secret-password"
|
|
h = hash_password(pw)
|
|
assert verify_password(pw, h) is True
|
|
|
|
|
|
def test_wrong_password():
|
|
h = hash_password("correct")
|
|
assert verify_password("wrong", h) is False
|
|
|
|
|
|
def test_hash_format():
|
|
h = hash_password("test")
|
|
parts = h.split("$")
|
|
assert len(parts) == 3
|
|
assert parts[0] == "pbkdf2:sha256:100000"
|
|
assert len(parts[1]) == 32 # 16 bytes hex = 32 chars
|
|
assert len(parts[2]) == 64 # sha256 hex = 64 chars
|
|
|
|
|
|
def test_different_salts():
|
|
h1 = hash_password("same")
|
|
h2 = hash_password("same")
|
|
assert h1 != h2 # different salts produce different hashes
|
|
assert verify_password("same", h1) is True
|
|
assert verify_password("same", h2) is True
|
|
|
|
|
|
def test_malformed_hash():
|
|
assert verify_password("test", "garbage") is False
|
|
assert verify_password("test", "") is False
|
|
assert verify_password("test", "pbkdf2:sha256:100000$short") is False
|
|
|
|
|
|
def test_empty_password():
|
|
h = hash_password("")
|
|
assert verify_password("", h) is True
|
|
assert verify_password("notempty", h) is False
|
|
|
|
|
|
def test_unicode_password():
|
|
pw = "p\u00e4ssw\u00f6rd\U0001f512"
|
|
h = hash_password(pw)
|
|
assert verify_password(pw, h) is True
|
|
assert verify_password("password", h) is False
|
|
|
|
|
|
def test_constant_time_comparison():
|
|
"""Verify that hmac.compare_digest is used (structural test)."""
|
|
import inspect
|
|
|
|
source = inspect.getsource(verify_password)
|
|
assert "hmac.compare_digest" in source
|