Spaces:
Paused
Paused
File size: 1,353 Bytes
4ae946d | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | from jose import jwt
from core.config import settings
from core.security.hashing import hash_password, verify_password
def test_password_hashing():
"""Verify password hashing works and is irreversible (basic check)."""
password = "securePassword123!"
hashed = hash_password(password)
assert hashed != password
assert verify_password(password, hashed)
assert not verify_password("wrongPassword", hashed)
def test_jwt_token_generation():
"""Verify JWT token contains expected claims and structure."""
user_data = {"sub": "testuser", "role": "admin"}
# Use mock or real auth service with test settings
# expires_delta = None
# We can use the low level jose function or the service if easy to init
# Let's inspect manual token creation simulation based on AuthService logic
to_encode = user_data.copy()
encoded_jwt = jwt.encode(to_encode, settings.JWT_SECRET_KEY, algorithm=settings.JWT_ALGORITHM)
decoded = jwt.decode(encoded_jwt, settings.JWT_SECRET_KEY, algorithms=[settings.JWT_ALGORITHM])
assert decoded["sub"] == "testuser"
assert decoded["role"] == "admin"
def test_config_security_defaults():
"""Verify critical security settings are not set to weak defaults in Test environment."""
# Ensure DEBUG is managed (might be True in test, but check awareness)
pass
|