1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
import pytest
from pwdlib import PasswordHash, exceptions
from pwdlib.hashers.argon2 import Argon2Hasher
from pwdlib.hashers.bcrypt import BcryptHasher
_PASSWORD = "herminetincture"
_ARGON2_HASHER = Argon2Hasher()
_ARGON2_HASH_STR = _ARGON2_HASHER.hash(_PASSWORD)
_BCRYPT_HASHER = BcryptHasher()
_BCRYPT_HASH_STR = _BCRYPT_HASHER.hash(_PASSWORD)
@pytest.fixture
def password_hash() -> PasswordHash:
return PasswordHash((Argon2Hasher(), BcryptHasher()))
def test_recommended() -> None:
password_hash = PasswordHash.recommended()
assert len(password_hash.hashers) == 1
assert isinstance(password_hash.current_hasher, Argon2Hasher)
def test_hash(password_hash: PasswordHash) -> None:
hash = password_hash.hash("herminetincture")
assert isinstance(hash, str)
assert password_hash.current_hasher.identify(hash)
@pytest.mark.parametrize(
"hash,password,result",
[
(_ARGON2_HASH_STR, _PASSWORD, True),
(_ARGON2_HASH_STR, "INVALID_PASSWORD", False),
(_BCRYPT_HASH_STR, _PASSWORD, True),
(_BCRYPT_HASH_STR, "INVALID_PASSWORD", False),
],
)
def test_verify(
hash: str | bytes,
password: str,
result: bool,
password_hash: PasswordHash,
) -> None:
assert password_hash.verify(password, hash) == result
def test_verify_unknown_hash(password_hash: PasswordHash) -> None:
with pytest.raises(exceptions.UnknownHashError):
password_hash.verify("INVALID_HASH", _PASSWORD)
@pytest.mark.parametrize(
"hash,password,result,has_updated_hash",
[
(_ARGON2_HASH_STR, _PASSWORD, True, False),
(_ARGON2_HASH_STR, "INVALID_PASSWORD", False, False),
(_BCRYPT_HASH_STR, _PASSWORD, True, True),
(_BCRYPT_HASH_STR, "INVALID_PASSWORD", False, False),
],
)
def test_verify_and_update(
hash: str | bytes,
password: str,
result: bool,
has_updated_hash: bool,
password_hash: PasswordHash,
) -> None:
valid, updated_hash = password_hash.verify_and_update(password, hash)
assert valid == result
assert updated_hash is not None if has_updated_hash else updated_hash is None
if updated_hash is not None:
assert password_hash.current_hasher.identify(updated_hash)
def test_verify_and_update_unknown_hash(password_hash: PasswordHash) -> None:
with pytest.raises(exceptions.UnknownHashError):
password_hash.verify_and_update(_PASSWORD, "INVALID_HASH")
@pytest.mark.parametrize(
"invalid_value",
[
pytest.param(123, id="int"),
pytest.param(None, id="None"),
pytest.param([], id="list"),
pytest.param({}, id="dict"),
],
)
def test_invalid_type(invalid_value: object, password_hash: PasswordHash) -> None:
with pytest.raises(TypeError, match="password must be str or bytes"):
password_hash.hash(invalid_value) # type: ignore[arg-type]
with pytest.raises(TypeError, match="password must be str or bytes"):
password_hash.verify(invalid_value, _ARGON2_HASH_STR) # type: ignore[arg-type]
with pytest.raises(TypeError, match="hash must be str or bytes"):
password_hash.verify(_PASSWORD, invalid_value) # type: ignore[arg-type]
with pytest.raises(TypeError, match="password must be str or bytes"):
password_hash.verify_and_update(invalid_value, _ARGON2_HASH_STR) # type: ignore[arg-type]
with pytest.raises(TypeError, match="hash must be str or bytes"):
password_hash.verify_and_update(_PASSWORD, invalid_value) # type: ignore[arg-type]
|
