Mercurial > p > roundup > code

comparison test/test_security.py @ 7226:5b1b876054ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add test for misc functions; addl. testing check Password.__str__ method. Verify that passwords with under 1000 rounds get upgraded. test bchr, bord, h64encode and h64decode. Add fuzzing for h64* functions.
author John Rouillard <rouilj@ieee.org>
date Sun, 12 Mar 2023 23:51:03 -0400
parents 01c1f357363f
children 98011edc6c60
comparison
equal deleted inserted replaced
7225:a81f3750a14a 7226:5b1b876054ef
460 p == "foo" 460 p == "foo"
461 461
462 self.assertEqual(ctx.exception.args[0], 462 self.assertEqual(ctx.exception.args[0],
463 'Password not set') 463 'Password not set')
464 464
465 p = roundup.password.Password() 465 with self.assertRaises(ValueError) as ctx:
466 p.__str__()
467
468 self.assertEqual(ctx.exception.args[0],
469 'Password not set')
466 470
467 # make sure it uses the default scheme 471 # make sure it uses the default scheme
468 default_scheme = roundup.password.Password.default_scheme 472 default_scheme = roundup.password.Password.default_scheme
469 p.setPassword("sekret", config=self.db.config) 473 p.setPassword("sekret", config=self.db.config)
470 self.assertEqual(p.scheme, default_scheme) 474 self.assertEqual(p.scheme, default_scheme)
481 485
482 os.environ["PYTEST_USE_CONFIG"] = "True" 486 os.environ["PYTEST_USE_CONFIG"] = "True"
483 self.assertEqual(p.needs_migration(config=self.db.config), True) 487 self.assertEqual(p.needs_migration(config=self.db.config), True)
484 del(os.environ["PYTEST_USE_CONFIG"]) 488 del(os.environ["PYTEST_USE_CONFIG"])
485 489
490 # set up p with rounds under 1000. This is usually prevented,
491 # but older software could generate smaller rounds.
492 p.password = p.password.replace('1000$', '900$')
493 self.assertEqual(p.needs_migration(config=self.db.config), True)
494
486 def test_encodePassword_errors(self): 495 def test_encodePassword_errors(self):
487 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 999 496 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 999
488 497
489 os.environ["PYTEST_USE_CONFIG"] = "True" 498 os.environ["PYTEST_USE_CONFIG"] = "True"
490 with self.assertRaises(roundup.password.PasswordValueError) as ctx: 499 with self.assertRaises(roundup.password.PasswordValueError) as ctx:
528 with self.assertRaises(ValueError) as ctx: 537 with self.assertRaises(ValueError) as ctx:
529 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 64) 538 roundup.password.pbkdf2_sha512('sekret', b'saltandpepper', 0, 64)
530 539
531 self.assertEqual(ctx.exception.args[0], 540 self.assertEqual(ctx.exception.args[0],
532 "rounds must be positive number") 541 "rounds must be positive number")
542
543 def test_misc_functions(self):
544 import random # for fuzzing later
545
546 v = roundup.password.bchr(64)
547 if bytes == str:
548 self.assertEqual(v, '@')
549 else:
550 self.assertEqual(v, b'@')
551
552 v = roundup.password.bord(b'@')
553 if bytes == str:
554 self.assertEqual(v, 64)
555 else:
556 self.assertEqual(v, b'@')
557
558 for plain, encode in (
559 (b'tes', 'dGVz'),
560 (b'test', 'dGVzdA'),
561 (b'testb', "dGVzdGI"),
562 ):
563 v = roundup.password.h64encode(plain)
564 self.assertEqual(v, encode)
565 v = roundup.password.h64decode(v)
566 self.assertEqual(v, plain)
567
568 with self.assertRaises(ValueError) as ctx:
569 v = roundup.password.h64decode("dGVzd")
570 self.assertEqual(ctx.exception.args[0], "Invalid base64 input")
571
572 # poor man's fuzzer
573 if bytes == str:
574 # alias range to xrange for python2, more efficient.
575 range_ = xrange # noqa: F821
576 else:
577 range_ = range
578
579 for i in range_(25):
580 plain = bytearray(random.getrandbits(8) for _ in range_(i*4))
581 e = roundup.password.h64encode(plain)
582 self.assertEqual(roundup.password.h64decode(e), plain)
533 583
534 def test_encodePasswordNoConfig(self): 584 def test_encodePasswordNoConfig(self):
535 # should run cleanly as we are in a test. 585 # should run cleanly as we are in a test.
536 # 586 #
537 p = roundup.password.encodePassword('sekrit', 'PBKDF2') 587 p = roundup.password.encodePassword('sekrit', 'PBKDF2')
Roundup Issue Tracker: http://roundup-tracker.org/