def test_invalid_api_url(self):
"""Test that request can fail with invalid API URL."""
with pytest.raises(RequestException, message="API request failed."):
password = Password(self.passwords["weak"])
password.API_URL = self.BAD_URL
password.is_pwned()
def test_request_timeout(self, mock_get):
"""Test that request can fail when timed out."""
mock_get.side_effect = requests.exceptions.Timeout
with pytest.raises(RequestException, match="API request timed out."):
password = Password(self.passwords["weak"])
password.is_pwned()
def test_request_timeout(self):
"""Test that request can fail with
very little timeout value."""
with pytest.raises(RequestException, message="API request timed out."):
password = Password(self.passwords["weak"], read_timeout=0.001)
password.is_pwned()
def test_pwned_password(self):
"""Test against weak password
which should be pwned at least once"""
password = Password(self.passwords["weak"])
assert password.is_pwned()
assert password.pwned_count > 0
def test_export_as(tempfile):
# set up a match response for each password to be scanned
for word in PASSWORDS:
password = Password(word)
responses.add(
responses.GET,
url=Password.API_URL + password.hashed_password_prefix(),
body="{}:1\r\n".format(password.hashed_password_suffix()),
status=200,
)
scanner = Scanner()
results = scanner.scan(tempfile).data
# three matches found
assert results.height == 3
# password and count
assert results.width == 2
export_file = "test.json"
scanner.export_as(export_file)
data = json.load(open(export_file))
for d in data:
assert d[scanner.get_headers()[0]] in PASSWORDS
assert d[scanner.get_headers()[1]] > 0
os.remove(export_file)
def test_invalid_api_url(self):
"""Test that request can fail with invalid API URL."""
responses.add(
responses.GET,
self.BAD_URL,
status=404,
)
with pytest.raises(RequestException, match="API request failed."):
password = Password(self.passwords["weak"])
password.API_URL = self.BAD_URL
password.is_pwned()
def test_non_pwned_password(self):
"""Test random strong password."""
password = Password(self.passwords["strong"])
url = Password.API_URL + password.hashed_password_prefix()
# no matches in API response
responses.add(
responses.GET,
url,
body="some_other_hash:0\r\n",
status=200,
)
assert not password.is_pwned()
assert password.pwned_count == 0
def test_pwned_password(self):
"""Test against weak password
which should be pwned at least once"""
password = Password(self.passwords["weak"])
url = Password.API_URL + password.hashed_password_prefix()
# define a match in the API response
responses.add(
responses.GET,
url,
body="{}:1\r\n".format(password.hashed_password_suffix()),
status=200,
)
assert password.is_pwned()
assert password.pwned_count > 0
def scan(self, filename: str, sleep_time: float = 0.2):
"""Scans password data from file.
WARNING: Depending on the size of the file
this might take a *long* time depending on the
HIBP API performance. Parameter sleep_time is provided for
avoiding throttled API responses."""
lines = [line.rstrip("\n") for line in open(filename)]
for line in lines:
password = Password(line)
if password.is_pwned():
self.data.append([password.get_value(), password.pwned_count])
sleep(sleep_time)
return self
def test_invalid_api_response(self):
"""HIBP API returns something unexpected."""
password = Password(self.passwords["weak"])
url = Password.API_URL + password.hashed_password_prefix()
# an empty body with an OK status
responses.add(
responses.GET,
url,
body="",
status=200,
)
# an unexpected status with a match in the body, just to test status
responses.add(
responses.GET,
url,
body="{}:1\r\n".format(password.hashed_password_suffix()),
status=500,
)
with pytest.raises(RequestException, match="API request failed."):
password.is_pwned()
with pytest.raises(RequestException, match="API request failed."):
password.is_pwned()
def test_non_pwned_password(self):
"""Test random strong password."""
password = Password(self.passwords["strong"])
assert not password.is_pwned()
assert password.pwned_count == 0
def test_non_str_password(self):
"""Test against a non-string password."""
with pytest.raises(PasswordException,
message="Password must be a string."):
Password(self.passwords["integers"])