Ejemplo n.º 1
0
def test_verify_password_success_with_update(password_authenticator):
    user_id, password = fake.pystr(), fake.pystr()
    expected_hash = fake.sha256()
    new_hash = fake.sha256()
    password_authenticator.authentication_persistence.get_password_hash = MagicMock(
        return_value=Ok(expected_hash))
    password_authenticator.authentication_persistence.update_password_hash = MagicMock(
        return_value=Ok(None))
    password_authenticator.crypto_context.verify_and_update = MagicMock(
        return_value=(True, new_hash))
    assert password_authenticator.verify_password(user_id,
                                                  password).unwrap() is None
    password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with(
        user_id)
    password_authenticator.authentication_persistence.update_password_hash.assert_called_once_with(
        user_id, new_hash)
    password_authenticator.crypto_context.verify_and_update.assert_called_once_with(
        password, expected_hash)
Ejemplo n.º 2
0
def test_verify_token_fail(instructor_api, token_decode_result):
    token = fake.sha256()
    instructor_api.get_instructor = MagicMock()
    instructor_api.jwt_authenticator.verify_token.return_value = token_decode_result
    result = instructor_api.verify_instructor_by_token(token)
    if token_decode_result.is_err:
        assert result == token_decode_result
    else:
        assert result == Err("Invalid token")
    instructor_api.jwt_authenticator.verify_token.assert_called_once_with(
        token)
    instructor_api.get_instructor.assert_not_called()
Ejemplo n.º 3
0
def test_update_password(password_authenticator):
    user_id, password = fake.pystr(), fake.pystr()
    expected_hash = fake.sha256()
    password_authenticator.authentication_presistence.update_password_hash = MagicMock(
        return_value=Ok(None)
    )
    password_authenticator.crypto_context.hash = MagicMock(return_value=expected_hash)
    assert password_authenticator.update_password(user_id, password).unwrap() is None
    password_authenticator.crypto_context.hash.assert_called_once_with(password)
    password_authenticator.authentication_presistence.update_password_hash.assert_called_once_with(
        user_id, expected_hash
    )
Ejemplo n.º 4
0
def test_update_password_fail(password_authenticator):
    user_id, password = fake.pystr(), fake.pystr()
    expected_hash = fake.sha256()
    error = Err(fake.pystr())
    password_authenticator.authentication_persistence.update_password_hash = MagicMock(
        return_value=error)
    password_authenticator.crypto_context.hash = MagicMock(
        return_value=expected_hash)
    assert password_authenticator.update_password(user_id, password) == error
    password_authenticator.crypto_context.hash.assert_called_once_with(
        password)
    password_authenticator.authentication_persistence.update_password_hash.assert_called_once_with(
        user_id, expected_hash)
Ejemplo n.º 5
0
def test_verify_token(instructor_api, instructor_found):
    token = fake.sha256()
    instructor = fake_instructor()
    instructor_api.jwt_authenticator.verify_token.return_value = Ok(
        {"id": instructor.user_name})
    if instructor_found:
        instructor_api.get_instructor = MagicMock(
            return_value=Some(instructor))
        assert instructor_api.verify_instructor_by_token(token) == Ok(
            instructor)
    else:
        instructor_api.get_instructor = MagicMock(return_value=NONE)
        assert instructor_api.verify_instructor_by_token(token) == Err(
            "UNAUTHORIZED - Could not get instructor")
    instructor_api.jwt_authenticator.verify_token.assert_called_once_with(
        token)
    instructor_api.get_instructor.assert_called_once_with(instructor.user_name)
Ejemplo n.º 6
0
def test_verify_password_fail_wrong_password(password_authenticator, new_hash):
    user_id, password = fake.pystr(), fake.pystr()
    expected_hash = fake.sha256()

    password_authenticator.authentication_persistence.get_password_hash = MagicMock(
        return_value=Ok(expected_hash))

    password_authenticator.crypto_context.verify_and_update = MagicMock(
        return_value=(False, new_hash))

    assert (password_authenticator.verify_password(
        user_id, password).unwrap_err() == f"Incorrect password "
            f"for user: {user_id}")
    password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with(
        user_id)
    password_authenticator.authentication_persistence.update_password_hash.assert_not_called(
    )
    password_authenticator.crypto_context.verify_and_update.assert_called_once_with(
        password, expected_hash)
Ejemplo n.º 7
0
def test_get_token(instructor_api, success):
    error = Err(fake.pystr())
    password = fake.pystr()
    token = fake.sha256()
    user_name = fake.pystr()
    instructor_api.password_authenticator.verify_password.return_value = (
        Ok(None) if success else error)
    instructor_api.jwt_authenticator.generate_token.return_value = token

    result = instructor_api.get_token(user_name, password)
    if success:
        assert result == Ok(token)
        instructor_api.jwt_authenticator.generate_token.assert_called_once_with(
            user_name)
    else:
        assert result == error
        instructor_api.jwt_authenticator.generate_token.assert_not_called()
    instructor_api.password_authenticator.verify_password.assert_called_once_with(
        user_name, password)
Ejemplo n.º 8
0
def test_create_instructor(instructor_api, success):
    instructor = fake_instructor()
    password = fake.pystr()
    password_hash = fake.sha256()
    error = Err(fake.pystr())

    instructor_api.password_authenticator.crypto_context.hash = MagicMock(
        return_value=password_hash)
    instructor_api.instructor_persistence.create_instructor.return_value = (
        Ok(instructor) if success else error)

    result = instructor_api.create_instructor(instructor.first_name,
                                              instructor.last_name,
                                              instructor.user_name, password)
    if success:
        assert result == Ok(instructor)
    else:
        assert result == error

    instructor_api.password_authenticator.crypto_context.hash.assert_called_once_with(
        password)
    instructor_api.instructor_persistence.create_instructor.assert_called_once_with(
        instructor, password_hash)
Ejemplo n.º 9
0
    password_authenticator.crypto_context.verify_and_update.assert_called_once_with(
        password, expected_hash)


def test_verify_password_fail_at_persistence(password_authenticator):
    user_id, password = fake.pystr(), fake.pystr()
    error = Err(fake.pystr())
    password_authenticator.authentication_persistence.get_password_hash = MagicMock(
        return_value=error)
    assert password_authenticator.verify_password(user_id, password) == error
    password_authenticator.crypto_context.verify_and_update.assert_not_called()
    password_authenticator.authentication_persistence.update_password_hash.assert_not_called(
    )


@pytest.mark.parametrize("new_hash", [None, fake.sha256()])
def test_verify_password_fail_wrong_password(password_authenticator, new_hash):
    user_id, password = fake.pystr(), fake.pystr()
    expected_hash = fake.sha256()

    password_authenticator.authentication_persistence.get_password_hash = MagicMock(
        return_value=Ok(expected_hash))

    password_authenticator.crypto_context.verify_and_update = MagicMock(
        return_value=(False, new_hash))

    assert (password_authenticator.verify_password(
        user_id, password).unwrap_err() == f"Incorrect password "
            f"for user: {user_id}")
    password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with(
        user_id)