Mercurial > p > roundup > code

view test/test_hypothesis.py @ 8412:0663a7bcef6c reauth-confirm_id

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
feat: finish reauth docs, enhance code. Decided to keep name Reauth for now. admin_guide.txt: add reference mark to roundup admin help. Used for template command reference in upgrading.txt. customizing.txt: added worked example of adding a reauth auditor for address and password. Also links to OWASP recommendations. Added link to example code in design.doc on detectors. glossary.txt: reference using roundup-admin template command in def for tracker templates. pydoc.txt: Added methods for Client class. Added class and methods for (cgi) Action, LoginAction and ReauthAction. reference.txt Edited and restructured detector section. Added section on registering a detector and priority use/execution order. (reference to design doc was used before). Added/enhanced description of exception an auditor can raise (includes Reauth). Added section on Reauth implementation and use (Confirming the User). Also has paragraph on future ideas. upgrading.txt Stripped down the original section. Moved a lot to reference.txt. Referenced customizing example, mention installation of _generic.reauth.html and reference reference.txt. cgi/actions.py: fixed bad ReST that was breaking pydoc.txt processing changed doc on limitations of Reauth code. added docstring for Reauth::verifyPassword cgi/client.py: fix ReST for a method breaking pydoc.py processing cgi/templating.py: fix docstring on embed_form_fields templates/*/html/_generic.reauth.html disable spelling for password field add timing info to the javascript function that processes file data. reformat javascript IIFE templates/jinja2/html/_generic.reauth.html create a valid jinja2 template. Looks like my original jinja template got overwritten and committed. feature parity with the other reauth templates. test/test_liveserver.py add test case for Reauth workflow. Makefile add doc.
author John Rouillard <rouilj@ieee.org>
date Wed, 13 Aug 2025 23:52:49 -0400
parents 2c6d66819475
children
line wrap: on
line source

import unittest

import pytest

pytest.importorskip("hypothesis")

# ruff: noqa: E402
from hypothesis import example, given, settings
from hypothesis.strategies import binary, none, one_of, sampled_from, text

from roundup.anypy.strings import b2s, s2b, s2u, u2s
# ruff: noqa: I001  - yes I know I am using \ to continue the line...
from roundup.password import PasswordValueError, encodePassword, \
     h64decode, h64encode
from roundup.password import crypt as crypt_method

def Identity(x):
    return x


_max_examples = 1000


class HypoTestStrings(unittest.TestCase):

    @given(text())
    @settings(max_examples=_max_examples)
    def test_b2s(self, utf8_bytes):
        self.assertEqual(b2s(utf8_bytes.encode("utf-8")), utf8_bytes)

    @given(text())
    @settings(max_examples=_max_examples)
    def test_s2b(self, s):
        self.assertTrue(isinstance(s2b(s), bytes))

    @given(text())
    @settings(max_examples=_max_examples)
    @example("\U0001F600 hi there")  # smiley face emoji
    def test_s2u_u2s_invertable(self, s):
        self.assertEqual(u2s(s2u(s)), s)


class HypoTestPassword(unittest.TestCase):

    @given(binary())
    @example(b"")
    @settings(max_examples=_max_examples)
    def test_h64encode_h64decode(self, s):

        self.assertEqual(h64decode(h64encode(s)), s)

    crypt_modes = ["PBKDF2S5", "PBKDF2", "SSHA", "SHA", "MD5",
                   "plaintext", "zot"]
    if crypt_method:
        crypt_modes.append("crypt")

    @given(one_of(none(), text()),
           sampled_from(crypt_modes))
    @example("asd\x00df", "crypt")
    @settings(max_examples=_max_examples)  # deadline=None for debugging
    def test_encodePassword(self, password, scheme):

        if scheme == "crypt" and password and "\x00" in password:
            with self.assertRaises(ValueError) as e:
                encodePassword(password, scheme)
            if crypt_method:
                self.assertEqual(e.exception.args[0],
                                 "embedded null character")
            else:
                self.assertEqual(e.exception.args[0],
                                 "Unsupported encryption scheme 'crypt'")
        elif scheme == "plaintext":
            if password is not None:
                self.assertEqual(encodePassword(password, scheme), password)
            else:
                self.assertEqual(encodePassword(password, scheme), "")
        elif scheme == "zot":
            with self.assertRaises(PasswordValueError) as e:
                encodePassword(password, scheme)
            self.assertEqual(e.exception.args[0],
                             "Unknown encryption scheme 'zot'")
        else:
            # it shouldn't throw anything.
            pw = encodePassword(password, scheme)

            # verify format
            if scheme in ["PBKDF2S5", "PBKDF2"]:
                # 1000$XbSsijELEQbZZb1LlD7CFuotF/8$DdtssSlm.e
                self.assertRegex(pw, r"^\d{4,8}\$.{27}\$.*")
            elif scheme == "SSHA":
                # vqDbjvs8rhrS1AJxHYEGGXQW3x7STAPgo7uCtnw4GYgU7FN5VYbZxccQYCC0eXOxSipLbtgBudH1vDRMNlG0uw==
                self.assertRegex(pw, r"^[^=]*={0,3}$")
            elif scheme == "SHA":
                # da39a3ee5e6b4b0d3255bfef95601890afd80709'
                self.assertRegex(pw, r"^[a-z0-9]{40}$")
            elif scheme == "MD5":
                # d41d8cd98f00b204e9800998ecf8427e'
                self.assertRegex(pw, r"^[a-z0-9]{32}$")
            elif scheme == "crypt":
                # crypt_method is None if crypt is unknown
                if crypt_method:
                    # WqzFDzhi8MmoU
                    self.assertRegex(pw, r"^[A-Za-z0-9./]{13}$")
            else:
                self.assertFalse("Unknown scheme: %s, val: %s" % (scheme, pw))
Roundup Issue Tracker: http://roundup-tracker.org/