def test_compare(self):
from passlib.hash import md5_crypt
obj = self.User()
obj.password = Password(md5_crypt.encrypt('b'))
other = self.User()
other.password = Password(md5_crypt.encrypt('b'))
# Not sure what to assert here; the test raised an error before.
assert obj.password != other.password
def test_check_and_update(self):
"""
Should be able to compare the plaintext against a deprecated
encrypted form and have it auto-update to the preferred version.
"""
from passlib.hash import md5_crypt
obj = self.User()
obj.password = Password(md5_crypt.encrypt('b'))
assert obj.password.hash.decode('utf8').startswith('$1$')
assert obj.password == 'b'
assert obj.password.hash.decode('utf8').startswith('$pbkdf2-sha512$')
def test_check_and_update_persist(self):
"""
When a password is compared, the hash should update if needed to
change the algorithm; and, commit to the database.
"""
from passlib.hash import md5_crypt
obj = self.User()
obj.password = Password(md5_crypt.encrypt('b'))
self.session.add(obj)
self.session.commit()
assert obj.password.hash.decode('utf8').startswith('$1$')
assert obj.password == 'b'
self.session.commit()
obj = self.session.query(self.User).get(obj.id)
assert obj.password.hash.decode('utf8').startswith('$pbkdf2-sha512$')
assert obj.password == 'b'
