def test_verify_password_success_with_update(password_authenticator): user_id, password = fake.pystr(), fake.pystr() expected_hash = fake.sha256() new_hash = fake.sha256() password_authenticator.authentication_persistence.get_password_hash = MagicMock( return_value=Ok(expected_hash)) password_authenticator.authentication_persistence.update_password_hash = MagicMock( return_value=Ok(None)) password_authenticator.crypto_context.verify_and_update = MagicMock( return_value=(True, new_hash)) assert password_authenticator.verify_password(user_id, password).unwrap() is None password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with( user_id) password_authenticator.authentication_persistence.update_password_hash.assert_called_once_with( user_id, new_hash) password_authenticator.crypto_context.verify_and_update.assert_called_once_with( password, expected_hash)
def test_verify_token_fail(instructor_api, token_decode_result): token = fake.sha256() instructor_api.get_instructor = MagicMock() instructor_api.jwt_authenticator.verify_token.return_value = token_decode_result result = instructor_api.verify_instructor_by_token(token) if token_decode_result.is_err: assert result == token_decode_result else: assert result == Err("Invalid token") instructor_api.jwt_authenticator.verify_token.assert_called_once_with( token) instructor_api.get_instructor.assert_not_called()
def test_update_password(password_authenticator): user_id, password = fake.pystr(), fake.pystr() expected_hash = fake.sha256() password_authenticator.authentication_presistence.update_password_hash = MagicMock( return_value=Ok(None) ) password_authenticator.crypto_context.hash = MagicMock(return_value=expected_hash) assert password_authenticator.update_password(user_id, password).unwrap() is None password_authenticator.crypto_context.hash.assert_called_once_with(password) password_authenticator.authentication_presistence.update_password_hash.assert_called_once_with( user_id, expected_hash )
def test_update_password_fail(password_authenticator): user_id, password = fake.pystr(), fake.pystr() expected_hash = fake.sha256() error = Err(fake.pystr()) password_authenticator.authentication_persistence.update_password_hash = MagicMock( return_value=error) password_authenticator.crypto_context.hash = MagicMock( return_value=expected_hash) assert password_authenticator.update_password(user_id, password) == error password_authenticator.crypto_context.hash.assert_called_once_with( password) password_authenticator.authentication_persistence.update_password_hash.assert_called_once_with( user_id, expected_hash)
def test_verify_token(instructor_api, instructor_found): token = fake.sha256() instructor = fake_instructor() instructor_api.jwt_authenticator.verify_token.return_value = Ok( {"id": instructor.user_name}) if instructor_found: instructor_api.get_instructor = MagicMock( return_value=Some(instructor)) assert instructor_api.verify_instructor_by_token(token) == Ok( instructor) else: instructor_api.get_instructor = MagicMock(return_value=NONE) assert instructor_api.verify_instructor_by_token(token) == Err( "UNAUTHORIZED - Could not get instructor") instructor_api.jwt_authenticator.verify_token.assert_called_once_with( token) instructor_api.get_instructor.assert_called_once_with(instructor.user_name)
def test_verify_password_fail_wrong_password(password_authenticator, new_hash): user_id, password = fake.pystr(), fake.pystr() expected_hash = fake.sha256() password_authenticator.authentication_persistence.get_password_hash = MagicMock( return_value=Ok(expected_hash)) password_authenticator.crypto_context.verify_and_update = MagicMock( return_value=(False, new_hash)) assert (password_authenticator.verify_password( user_id, password).unwrap_err() == f"Incorrect password " f"for user: {user_id}") password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with( user_id) password_authenticator.authentication_persistence.update_password_hash.assert_not_called( ) password_authenticator.crypto_context.verify_and_update.assert_called_once_with( password, expected_hash)
def test_get_token(instructor_api, success): error = Err(fake.pystr()) password = fake.pystr() token = fake.sha256() user_name = fake.pystr() instructor_api.password_authenticator.verify_password.return_value = ( Ok(None) if success else error) instructor_api.jwt_authenticator.generate_token.return_value = token result = instructor_api.get_token(user_name, password) if success: assert result == Ok(token) instructor_api.jwt_authenticator.generate_token.assert_called_once_with( user_name) else: assert result == error instructor_api.jwt_authenticator.generate_token.assert_not_called() instructor_api.password_authenticator.verify_password.assert_called_once_with( user_name, password)
def test_create_instructor(instructor_api, success): instructor = fake_instructor() password = fake.pystr() password_hash = fake.sha256() error = Err(fake.pystr()) instructor_api.password_authenticator.crypto_context.hash = MagicMock( return_value=password_hash) instructor_api.instructor_persistence.create_instructor.return_value = ( Ok(instructor) if success else error) result = instructor_api.create_instructor(instructor.first_name, instructor.last_name, instructor.user_name, password) if success: assert result == Ok(instructor) else: assert result == error instructor_api.password_authenticator.crypto_context.hash.assert_called_once_with( password) instructor_api.instructor_persistence.create_instructor.assert_called_once_with( instructor, password_hash)
password_authenticator.crypto_context.verify_and_update.assert_called_once_with( password, expected_hash) def test_verify_password_fail_at_persistence(password_authenticator): user_id, password = fake.pystr(), fake.pystr() error = Err(fake.pystr()) password_authenticator.authentication_persistence.get_password_hash = MagicMock( return_value=error) assert password_authenticator.verify_password(user_id, password) == error password_authenticator.crypto_context.verify_and_update.assert_not_called() password_authenticator.authentication_persistence.update_password_hash.assert_not_called( ) @pytest.mark.parametrize("new_hash", [None, fake.sha256()]) def test_verify_password_fail_wrong_password(password_authenticator, new_hash): user_id, password = fake.pystr(), fake.pystr() expected_hash = fake.sha256() password_authenticator.authentication_persistence.get_password_hash = MagicMock( return_value=Ok(expected_hash)) password_authenticator.crypto_context.verify_and_update = MagicMock( return_value=(False, new_hash)) assert (password_authenticator.verify_password( user_id, password).unwrap_err() == f"Incorrect password " f"for user: {user_id}") password_authenticator.authentication_persistence.get_password_hash.assert_called_once_with( user_id)