werkzeug

1
import os
2
import posixpath
3
import sys
4

5
import pytest
6

7
from werkzeug.security import check_password_hash
8
from werkzeug.security import generate_password_hash
9
from werkzeug.security import safe_join
10

11

12
def test_default_password_method():
13
    value = generate_password_hash("secret")
14
    assert value.startswith("scrypt:")
15

16

17
@pytest.mark.xfail(
18
    sys.implementation.name == "pypy", reason="scrypt unavailable on pypy"
19
)
20
def test_scrypt():
21
    value = generate_password_hash("secret", method="scrypt")
22
    assert check_password_hash(value, "secret")
23
    assert value.startswith("scrypt:32768:8:1$")
24

25

26
def test_pbkdf2():
27
    value = generate_password_hash("secret", method="pbkdf2")
28
    assert check_password_hash(value, "secret")
29
    assert value.startswith("pbkdf2:sha256:600000$")
30

31

32
def test_salted_hashes():
33
    hash1 = generate_password_hash("secret")
34
    hash2 = generate_password_hash("secret")
35
    assert hash1 != hash2
36
    assert check_password_hash(hash1, "secret")
37
    assert check_password_hash(hash2, "secret")
38

39

40
def test_require_salt():
41
    with pytest.raises(ValueError):
42
        generate_password_hash("secret", salt_length=0)
43

44

45
def test_invalid_method():
46
    with pytest.raises(ValueError, match="Invalid hash method"):
47
        generate_password_hash("secret", "sha256")
48

49

50
def test_safe_join():
51
    assert safe_join("foo", "bar/baz") == posixpath.join("foo", "bar/baz")
52
    assert safe_join("foo", "../bar/baz") is None
53
    if os.name == "nt":
54
        assert safe_join("foo", "foo\\bar") is None
55

56

57
def test_safe_join_os_sep():
58
    import werkzeug.security as sec
59

60
    prev_value = sec._os_alt_seps
61
    sec._os_alt_seps = "*"
62
    assert safe_join("foo", "bar/baz*") is None
63
    sec._os_alt_steps = prev_value
64

65

66
def test_safe_join_empty_trusted():
67
    assert safe_join("", "c:test.txt") == "./c:test.txt"
68