Skip to content

Commit

Permalink
Add integration tests interpunction in passwords
Browse files Browse the repository at this point in the history
  • Loading branch information
stsnel committed Oct 18, 2023
1 parent cadef20 commit 3fe8f6b
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 13 deletions.
15 changes: 8 additions & 7 deletions yoda_eus/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -126,20 +126,21 @@ def csrf_exempt(f):
with app.app_context():
now = datetime.now()
hashed_password = bcrypt.hashpw("Test123456!!!".encode("utf-8"), bcrypt.gensalt())
unactivated_user = User(username="unactivateduser",
creator_time=now,
creator_user="creator",
creator_zone="testZone",
hash="goodhash",
hash_time=now)
for n in range(1, 5):
unactivated_user = User(username="unactivateduser" + str(n),
creator_time=now,
creator_user="creator",
creator_zone="testZone",
hash="goodhash" + str(n),
hash_time=now)
db.session.add(unactivated_user)
activated_user = User(username="activateduser",
creator_time=now,
creator_user="creator",
creator_zone="testZone",
hash="resethash",
hash_time=now,
password=hashed_password.decode('utf-8'))
db.session.add(unactivated_user)
db.session.add(activated_user)
db.session.commit()
for user in [activated_user, unactivated_user]:
Expand Down
21 changes: 15 additions & 6 deletions yoda_eus/tests/test_integration.py
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ def test_activate_wrong_hash(self, test_client):
assert response.status_code == 403

def test_activate_wrong_form_input(self, test_client):
activate_url = '/user/activate/goodhash'
activate_url = '/user/activate/goodhash1'
mismatched_passwords_params = {"username": "unactivatedusername",
"password": "Test1234567!!!",
"password_again": "Test7654321!!!",
Expand Down Expand Up @@ -154,9 +154,7 @@ def test_activate_wrong_form_input(self, test_client):
response5 = c.post(activate_url, data=missing_field_params)
assert response5.status_code == 422

def test_activate_and_check_auth(self, test_client):
username = "unactivateduser"
password = "Test1234567!!!"
def _test_activate_and_check_auth(self, test_client, password, username, hashname):
good_credentials = username + ":" + password
bad_credentials = username + ":wrongpassword"
good_credentials_base64 = base64.b64encode(good_credentials.encode('utf-8')).decode('utf-8')
Expand All @@ -166,8 +164,7 @@ def test_activate_and_check_auth(self, test_client):
auth_headers_wrong_password = {'X-Yoda-External-User-Secret': 'dummy_api_secret',
'Authorization': 'Basic ' + bad_credentials_base64}

activate_url = '/user/activate/goodhash'
password = "Test1234567!!!"
activate_url = '/user/activate/' + hashname
good_params = {"username": username,
"password": password,
"password_again": password,
Expand All @@ -180,6 +177,18 @@ def test_activate_and_check_auth(self, test_client):
response3 = c.post('/api/user/auth-check', headers=auth_headers_wrong_password)
assert response3.status_code == 401

def test_activate_and_check_auth(self, test_client):
self._test_activate_and_check_auth(test_client, "Test1234567!!!", "unactivateduser1", "goodhash1")

def test_activate_and_check_auth_interpunction1(self, test_client):
self._test_activate_and_check_auth(test_client, "Test1!@#$%^&*()", "unactivateduser2", "goodhash2")

def test_activate_and_check_auth_interpunction2(self, test_client):
self._test_activate_and_check_auth(test_client, "Test1_-+={}[]\\|", "unactivateduser3", "goodhash3")

def test_activate_and_check_auth_interpunction3(self, test_client):
self._test_activate_and_check_auth(test_client, "Test1;:\"',./<>?", "unactivateduser4", "goodhash4")

def test_auth_check_user_does_not_exist(self, test_client):
bad_credentials = "userdoesnotexist:somepassword"
bad_credentials_base64 = base64.b64encode(bad_credentials.encode('utf-8')).decode('utf-8')
Expand Down

0 comments on commit 3fe8f6b

Please sign in to comment.