fc65e591b3
- Unit tests: password hashing, notification providers, webhook field parsing - Integration tests: auth routes (register/login/confirm-email/logout), invite flow, Evotor webhooks (/user/create, /user/verify, /user/token), admin panel (access control, activate/suspend/delete/reset-password) - conftest: SQLite in-memory engine, transactional sessions, factory-boy factories (UserFactory with UserRoleEnum variants) - Fix bcrypt: replace passlib (broken on Python 3.14 + bcrypt 5.x) with direct bcrypt calls; drop passlib from requirements.txt - Fix datetime.utcnow() deprecation across routes and tests - Fix Jinja2 TemplateResponse signature (request as first positional arg) - Add coverage config to pyproject.toml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
27 lines
698 B
Python
27 lines
698 B
Python
from web.auth.password import hash_password, verify_password
|
|
|
|
|
|
def test_hash_is_not_plaintext():
|
|
h = hash_password("secret123")
|
|
assert h != "secret123"
|
|
assert len(h) > 20
|
|
|
|
|
|
def test_verify_correct_password():
|
|
h = hash_password("mysecret")
|
|
assert verify_password("mysecret", h) is True
|
|
|
|
|
|
def test_verify_wrong_password():
|
|
h = hash_password("mysecret")
|
|
assert verify_password("wrongpassword", h) is False
|
|
|
|
|
|
def test_two_hashes_differ():
|
|
# bcrypt uses random salt — same plaintext produces different hashes
|
|
h1 = hash_password("same")
|
|
h2 = hash_password("same")
|
|
assert h1 != h2
|
|
assert verify_password("same", h1)
|
|
assert verify_password("same", h2)
|