25 lines
675 B
Python
25 lines
675 B
Python
import pytest
|
|
from backend.auth_passwords import hash_password, verify_password, generate_password
|
|
|
|
|
|
def test_hash_is_not_plaintext_and_verifies():
|
|
h = hash_password("hunter2")
|
|
assert h != "hunter2"
|
|
assert h.startswith("$argon2")
|
|
assert verify_password("hunter2", h) is True
|
|
|
|
|
|
def test_verify_rejects_wrong_password():
|
|
h = hash_password("hunter2")
|
|
assert verify_password("nope", h) is False
|
|
|
|
|
|
def test_verify_is_safe_on_garbage_hash():
|
|
assert verify_password("anything", "not-a-real-hash") is False
|
|
|
|
|
|
def test_generated_password_is_strong_and_unique():
|
|
a, b = generate_password(), generate_password()
|
|
assert a != b
|
|
assert len(a) >= 12
|