60 lines
1.5 KiB
Python
60 lines
1.5 KiB
Python
import pytest
|
|
|
|
from src.server.services.auth_service import AuthError, AuthService, LockedOutError
|
|
|
|
|
|
def test_setup_and_validate_success():
|
|
svc = AuthService()
|
|
password = "Str0ng!Pass"
|
|
svc.setup_master_password(password)
|
|
assert svc.is_configured()
|
|
|
|
assert svc.validate_master_password(password) is True
|
|
|
|
resp = svc.create_access_token(subject="tester", remember=False)
|
|
assert resp.token_type == "bearer"
|
|
assert resp.access_token
|
|
|
|
sess = svc.create_session_model(resp.access_token)
|
|
assert sess.expires_at is not None
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"bad",
|
|
[
|
|
"short",
|
|
"lowercaseonly",
|
|
"UPPERCASEONLY",
|
|
"NoSpecial1",
|
|
],
|
|
)
|
|
def test_setup_weak_passwords(bad):
|
|
svc = AuthService()
|
|
with pytest.raises(ValueError):
|
|
svc.setup_master_password(bad)
|
|
|
|
|
|
def test_failed_attempts_and_lockout():
|
|
svc = AuthService()
|
|
password = "An0ther$Good1"
|
|
svc.setup_master_password(password)
|
|
|
|
identifier = "test-ip"
|
|
# fail max_attempts times
|
|
for _ in range(svc.max_attempts):
|
|
assert (
|
|
svc.validate_master_password("wrongpassword", identifier=identifier)
|
|
is False
|
|
)
|
|
|
|
# Next attempt must raise LockedOutError
|
|
with pytest.raises(LockedOutError):
|
|
svc.validate_master_password(password, identifier=identifier)
|
|
|
|
|
|
def test_token_decode_invalid():
|
|
svc = AuthService()
|
|
# invalid token should raise AuthError
|
|
with pytest.raises(AuthError):
|
|
svc.decode_token("not-a-jwt")
|