diff options
| -rw-r--r-- | .guix/modules/gn-auth.scm | 1 | ||||
| -rw-r--r-- | gn_auth/auth/authentication/__init__.py | 23 | ||||
| -rw-r--r-- | tests/unit/auth/test_credentials.py | 100 |
3 files changed, 0 insertions, 124 deletions
diff --git a/.guix/modules/gn-auth.scm b/.guix/modules/gn-auth.scm index fc89597..ec91df0 100644 --- a/.guix/modules/gn-auth.scm +++ b/.guix/modules/gn-auth.scm @@ -60,7 +60,6 @@ ("python-authlib" ,python-authlib) ("python-pymonad" ,python-pymonad) ("yoyo-migrations" ,yoyo-migrations) - ("python-bcrypt" ,python-bcrypt) ;; remove after removing all references ("python-mysqlclient" ,python-mysqlclient) ("python-argon2-cffi" ,python-argon2-cffi) ("python-email-validator" ,python-email-validator))) diff --git a/gn_auth/auth/authentication/__init__.py b/gn_auth/auth/authentication/__init__.py index 42ceacb..919611e 100644 --- a/gn_auth/auth/authentication/__init__.py +++ b/gn_auth/auth/authentication/__init__.py @@ -1,24 +1 @@ """Handle authentication requests""" - -import bcrypt - -def credentials_in_database(cursor, email: str, password: str) -> bool: - """Check whether credentials are in the database.""" - if len(email.strip()) == 0 or len(password.strip()) == 0: - return False - - cursor.execute( - ("SELECT " - "users.email, user_credentials.password " - "FROM users LEFT JOIN user_credentials " - "ON users.user_id = user_credentials.user_id " - "WHERE users.email = :email"), - {"email": email}) - results = cursor.fetchall() - if len(results) == 0: - return False - - assert len(results) == 1, "Expected one row." - row = results[0] - return (email == row[0] and - bcrypt.checkpw(password.encode("utf-8"), row[1])) diff --git a/tests/unit/auth/test_credentials.py b/tests/unit/auth/test_credentials.py deleted file mode 100644 index 1953228..0000000 --- a/tests/unit/auth/test_credentials.py +++ /dev/null @@ -1,100 +0,0 @@ -"""Test the credentials checks""" -import pytest -from yoyo.migrations import MigrationList -from hypothesis import given, settings, strategies, HealthCheck - -from gn_auth.auth.db import sqlite3 as db -from gn_auth.auth.authentication import credentials_in_database -from gn_auth.migrations import get_migration, apply_migrations, rollback_migrations - -from tests.unit.auth.conftest import migrations_up_to - -@pytest.fixture -def with_credentials_table(backend, auth_testdb_path): - """ - Fixture: Yield a connection object with the 'user_credentials' table - created. - """ - migrations_dir = "migrations/auth" - migration = f"{migrations_dir}/20221103_02_sGrIs-create-user-credentials-table.py" - migrations = (migrations_up_to(migration, migrations_dir) + - MigrationList([get_migration(migration)])) - apply_migrations(backend, migrations) - with db.connection(auth_testdb_path) as conn: - yield conn - - rollback_migrations(backend, migrations) - -@pytest.fixture -def with_credentials(with_credentials_table):# pylint: disable=redefined-outer-name - """ - Fixture: Initialise the database with some user credentials. - """ - with db.cursor(with_credentials_table) as cursor: - cursor.executemany( - "INSERT INTO users VALUES (:user_id, :email, :name)", - ({"user_id": "82552014-21ee-4321-b96a-b8788b97b862", - "email": "first@test.user", - "name": "First Test User" - }, - {"user_id": "bdd5cb7a-072d-4c2b-9872-d0cecb718523", - "email": "second@test.user", - "name": "Second Test User" - })) - cursor.executemany( - "INSERT INTO user_credentials VALUES (:user_id, :password)", - ({"user_id": "82552014-21ee-4321-b96a-b8788b97b862", - "password": b'$2b$12$LAh1PYtUgAFK7d5fA0EfL.4AdTZuYEAfzwO.p.jXVboxcP8bXNj7a' - }, - {"user_id": "bdd5cb7a-072d-4c2b-9872-d0cecb718523", - "password": b'$2b$12$zX77QCFSJuwIjAZGc0Jq5.rCWMHEMKD9Zf3Ay4C0AzwsiZ7SSPdKO' - })) - - yield with_credentials_table - - cursor.executemany("DELETE FROM user_credentials WHERE user_id=?", - (("82552014-21ee-4321-b96a-b8788b97b862",), - ("bdd5cb7a-072d-4c2b-9872-d0cecb718523",))) - cursor.executemany("DELETE FROM users WHERE user_id=?", - (("82552014-21ee-4321-b96a-b8788b97b862",), - ("bdd5cb7a-072d-4c2b-9872-d0cecb718523",))) - -@pytest.mark.unit_test -@given(strategies.emails(), strategies.text()) -@settings(suppress_health_check=[HealthCheck.function_scoped_fixture]) -def test_credentials_not_in_database(with_credentials, email, password):# pylint: disable=redefined-outer-name - """ - GIVEN: credentials that do not exist in the database - WHEN: the `credentials_in_database` function is run against the credentials - THEN: check that the function returns false in all cases. - """ - with db.cursor(with_credentials) as cursor: - assert credentials_in_database(cursor, email, password) is False - -@pytest.mark.unit_test -@pytest.mark.parametrize( - "email,password", - (("first@test.user", "wrongpassword"), - ("first@tes.user", "testuser01"))) -def test_partially_wrong_credentials(with_credentials, email, password):# pylint: disable=redefined-outer-name - """ - GIVEN: credentials that exist in the database - WHEN: the credentials are checked with partially wrong values - THEN: the check fails since the credentials are not correct - """ - with db.cursor(with_credentials) as cursor: - assert credentials_in_database(cursor, email, password) is False - -@pytest.mark.unit_test -@pytest.mark.parametrize( - "email,password", - (("first@test.user", "testuser01"), - ("second@test.user", "testuser02"))) -def test_partially_correct_credentials(with_credentials, email, password):# pylint: disable=redefined-outer-name - """ - GIVEN: credentials that exist in the database - WHEN: the credentials are checked with correct values - THEN: the check passes - """ - with db.cursor(with_credentials) as cursor: - assert credentials_in_database(cursor, email, password) is True |