Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/auth/test_utils.py
| # Copyright (C) 2020 The Software Heritage developers | # Copyright (C) 2020 The Software Heritage developers | ||||
| # See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
| # License: GNU Affero General Public License version 3, or any later version | # License: GNU Affero General Public License version 3, or any later version | ||||
| # See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
| from base64 import urlsafe_b64encode | |||||
| import hashlib | |||||
| import re | |||||
| from cryptography.fernet import InvalidToken | from cryptography.fernet import InvalidToken | ||||
| import pytest | import pytest | ||||
| from swh.web.auth.utils import decrypt_data, encrypt_data, gen_oidc_pkce_codes | from swh.web.auth.utils import decrypt_data, encrypt_data | ||||
| def test_gen_oidc_pkce_codes(): | |||||
| """ | |||||
| Check generated PKCE codes respect the specification | |||||
| (see https://tools.ietf.org/html/rfc7636#section-4.1) | |||||
| """ | |||||
| code_verifier, code_challenge = gen_oidc_pkce_codes() | |||||
| # check the code verifier only contains allowed characters | |||||
| assert re.match(r"[a-zA-Z0-9-\._~]+", code_verifier) | |||||
| # check minimum and maximum authorized length for the | |||||
| # code verifier | |||||
| assert len(code_verifier) >= 43 | |||||
| assert len(code_verifier) <= 128 | |||||
| # compute code challenge from code verifier | |||||
| challenge = hashlib.sha256(code_verifier.encode("ascii")).digest() | |||||
| challenge = urlsafe_b64encode(challenge).decode("ascii") | |||||
| challenge = challenge.replace("=", "") | |||||
| # check base64 padding is not present | |||||
| assert not code_challenge[-1].endswith("=") | |||||
| # check code challenge is valid | |||||
| assert code_challenge == challenge | |||||
| def test_encrypt_decrypt_data_ok(): | def test_encrypt_decrypt_data_ok(): | ||||
| data = b"some-data-to-encrypt" | data = b"some-data-to-encrypt" | ||||
| password = b"secret" | password = b"secret" | ||||
| salt = b"salt-value" | salt = b"salt-value" | ||||
| encrypted_data = encrypt_data(data, password, salt) | encrypted_data = encrypt_data(data, password, salt) | ||||
| Show All 18 Lines | |||||