anti/stealergram
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6849c35ea6d9ea6cd818e2cdf6619fac2d51a01
stealergram/tests/test_web_auth.py
anti 741e6bb0d3 Rename to stealergram, add pyproject.toml, purge em-dashes 
- Rename project to stealergram throughout
- Add pyproject.toml (replaces requirements.txt split, folds pytest.ini)
- Replace all em-dashes with hyphens across all source files

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 10:06:30 -04:00

64 lines
2.1 KiB
Python
Raw Blame History

"""
Tests for web/auth.py - JWT token lifecycle, bcrypt helpers.
"""
import pytest
from datetime import datetime, timedelta, timezone
from web import auth
class TestPasswordHashing:
def test_hash_and_verify(self):
h = auth.hash_password("hunter2")
assert auth.verify_password("hunter2", h)
def test_wrong_password_fails(self):
h = auth.hash_password("hunter2")
assert not auth.verify_password("wrong", h)
class TestAccessToken:
def test_encode_decode_roundtrip(self):
token = auth.create_access_token("user-1", "admin")
payload = auth.decode_access_token(token)
assert payload is not None
assert payload["sub"] == "user-1"
assert payload["role"] == "admin"
assert payload["type"] == "access"
def test_invalid_token_returns_none(self):
assert auth.decode_access_token("not.a.token") is None
def test_tampered_token_returns_none(self):
token = auth.create_access_token("user-1", "admin")
# Flip last character
tampered = token[:-1] + ("A" if token[-1] != "A" else "B")
assert auth.decode_access_token(tampered) is None
def test_refresh_token_rejected_as_access(self):
token, _jti, _exp = auth.create_refresh_token("user-1")
# A refresh token must NOT be accepted as an access token
assert auth.decode_access_token(token) is None
class TestRefreshToken:
def test_encode_decode_roundtrip(self):
token, jti, expires_at = auth.create_refresh_token("user-2")
payload = auth.decode_refresh_token(token)
assert payload is not None
assert payload["sub"] == "user-2"
assert payload["jti"] == jti
assert payload["type"] == "refresh"
def test_expires_at_in_future(self):
_token, _jti, expires_at = auth.create_refresh_token("user-2")
assert expires_at > datetime.now(timezone.utc)
def test_access_token_rejected_as_refresh(self):
token = auth.create_access_token("user-1", "reader")
assert auth.decode_refresh_token(token) is None
def test_invalid_token_returns_none(self):
assert auth.decode_refresh_token("garbage") is None
Reference in New Issue View Git Blame Copy Permalink