From 3fe8f6b2f63b7da2559d12177b1eb194b24fd5f3 Mon Sep 17 00:00:00 2001 From: Sietse Snel Date: Wed, 18 Oct 2023 14:38:05 +0200 Subject: [PATCH] Add integration tests interpunction in passwords --- yoda_eus/app.py | 15 ++++++++------- yoda_eus/tests/test_integration.py | 21 +++++++++++++++------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/yoda_eus/app.py b/yoda_eus/app.py index 9e0dae5..933ba71 100644 --- a/yoda_eus/app.py +++ b/yoda_eus/app.py @@ -126,12 +126,14 @@ def csrf_exempt(f): with app.app_context(): now = datetime.now() hashed_password = bcrypt.hashpw("Test123456!!!".encode("utf-8"), bcrypt.gensalt()) - unactivated_user = User(username="unactivateduser", - creator_time=now, - creator_user="creator", - creator_zone="testZone", - hash="goodhash", - hash_time=now) + for n in range(1, 5): + unactivated_user = User(username="unactivateduser" + str(n), + creator_time=now, + creator_user="creator", + creator_zone="testZone", + hash="goodhash" + str(n), + hash_time=now) + db.session.add(unactivated_user) activated_user = User(username="activateduser", creator_time=now, creator_user="creator", @@ -139,7 +141,6 @@ def csrf_exempt(f): hash="resethash", hash_time=now, password=hashed_password.decode('utf-8')) - db.session.add(unactivated_user) db.session.add(activated_user) db.session.commit() for user in [activated_user, unactivated_user]: diff --git a/yoda_eus/tests/test_integration.py b/yoda_eus/tests/test_integration.py index 6533c8a..9c2ef6c 100644 --- a/yoda_eus/tests/test_integration.py +++ b/yoda_eus/tests/test_integration.py @@ -124,7 +124,7 @@ def test_activate_wrong_hash(self, test_client): assert response.status_code == 403 def test_activate_wrong_form_input(self, test_client): - activate_url = '/user/activate/goodhash' + activate_url = '/user/activate/goodhash1' mismatched_passwords_params = {"username": "unactivatedusername", "password": "Test1234567!!!", "password_again": "Test7654321!!!", @@ -154,9 +154,7 @@ def test_activate_wrong_form_input(self, test_client): response5 = c.post(activate_url, data=missing_field_params) assert response5.status_code == 422 - def test_activate_and_check_auth(self, test_client): - username = "unactivateduser" - password = "Test1234567!!!" + def _test_activate_and_check_auth(self, test_client, password, username, hashname): good_credentials = username + ":" + password bad_credentials = username + ":wrongpassword" good_credentials_base64 = base64.b64encode(good_credentials.encode('utf-8')).decode('utf-8') @@ -166,8 +164,7 @@ def test_activate_and_check_auth(self, test_client): auth_headers_wrong_password = {'X-Yoda-External-User-Secret': 'dummy_api_secret', 'Authorization': 'Basic ' + bad_credentials_base64} - activate_url = '/user/activate/goodhash' - password = "Test1234567!!!" + activate_url = '/user/activate/' + hashname good_params = {"username": username, "password": password, "password_again": password, @@ -180,6 +177,18 @@ def test_activate_and_check_auth(self, test_client): response3 = c.post('/api/user/auth-check', headers=auth_headers_wrong_password) assert response3.status_code == 401 + def test_activate_and_check_auth(self, test_client): + self._test_activate_and_check_auth(test_client, "Test1234567!!!", "unactivateduser1", "goodhash1") + + def test_activate_and_check_auth_interpunction1(self, test_client): + self._test_activate_and_check_auth(test_client, "Test1!@#$%^&*()", "unactivateduser2", "goodhash2") + + def test_activate_and_check_auth_interpunction2(self, test_client): + self._test_activate_and_check_auth(test_client, "Test1_-+={}[]\\|", "unactivateduser3", "goodhash3") + + def test_activate_and_check_auth_interpunction3(self, test_client): + self._test_activate_and_check_auth(test_client, "Test1;:\"',./<>?", "unactivateduser4", "goodhash4") + def test_auth_check_user_does_not_exist(self, test_client): bad_credentials = "userdoesnotexist:somepassword" bad_credentials_base64 = base64.b64encode(bad_credentials.encode('utf-8')).decode('utf-8')