def test_hand_shake_verify_password_return_true_in_any_cas_if_no_derived_password_and_role_is_server(
):
# Given
allowed_authentication_methods = ["password"]
passwords_to_verify = [b"", b"incorrect_password", b"test_password"]
derived_password = None
expected_result = True
role = Handshake.SERVER
authentication_information_server = {
"password": {
Handshake.PASSWORD_AUTH_METHOD_DERIVED_PASSWORD_KEY:
derived_password,
Handshake.PASSWORD_AUTH_METHOD_SALT_KEY: None
}
}
server = Handshake(
role=role,
authentication_information=authentication_information_server,
allowed_authentication_methods=allowed_authentication_methods)
# When
results = [
server._verify_password(password_to_verify=password)
for password in passwords_to_verify
]
# Then
for result in results:
assert result == expected_result
def test_hand_shake_verify_password_return_true_if_given_password_is_correct_and_role_is_server(
):
# Given
password_to_verify = b"test_password"
password_to_derive = b"test_password"
password_salt = os.urandom(16)
expected_result = True
# derive
kdf = Scrypt(
salt=password_salt,
length=32,
n=2**14,
r=8,
p=1,
)
derived_password = kdf.derive(password_to_derive)
authentication_information_server = {
"password": {
Handshake.PASSWORD_AUTH_METHOD_DERIVED_PASSWORD_KEY:
derived_password,
Handshake.PASSWORD_AUTH_METHOD_SALT_KEY: password_salt
}
}
allowed_authentication_methods = ["password"]
server = Handshake(
role=Handshake.SERVER,
authentication_information=authentication_information_server,
allowed_authentication_methods=allowed_authentication_methods)
# When
result = server._verify_password(password_to_verify=password_to_verify)
# Then
assert result == expected_result
