update dependencies, replace pycrypto with cryptography

2025-04-11 21:44:34 +02:00 · 2025-04-11 21:44:34 +02:00 · 35b4313ad1
commit 35b4313ad1
parent 2623444b11
7 changed files with 109 additions and 45 deletions
--- a/account/tests.py
+++ b/account/tests.py
@ -4,6 +4,8 @@ when you run "manage.py test".

 Replace this with more appropriate tests for your application.
 """
+import base64
+import pytest

 from django.test import TestCase
 from account.password_encryption import encrypt_ldap_password, \
@ -28,3 +30,37 @@ class PasswordEncryptionTest(TestCase):
        message, key = self.encrypt_it()
        decrypted = decrypt_ldap_password(message, key)
        self.assertEqual(self.TEST_LDAP_PASSWD, decrypted)
+
+@pytest.mark.parametrize("password", [
+    "simplePassword123",
+    "pässwörd_mit_üöäß",
+    "",
+    " " * 10,
+    "🔐✨🚀",
+])
+def test_encrypt_decrypt_roundtrip(password):
+    encrypted, key = encrypt_ldap_password(password)
+
+    encrypted_bytes = base64.b64decode(encrypted)
+    key_bytes = base64.b64decode(key)
+
+    assert isinstance(encrypted, str)
+    assert isinstance(key, str)
+    assert len(key_bytes) == 16  # 128-bit AES
+
+    decrypted = decrypt_ldap_password(encrypted, key)
+    assert decrypted == password
+
+
+def test_decryption_with_wrong_key_should_fail():
+    password = "correctPassword"
+    encrypted, key = encrypt_ldap_password(password)
+
+    wrong_key_bytes = base64.b64decode(key)
+    wrong_key_bytes = bytearray(wrong_key_bytes)
+    wrong_key_bytes[0] ^= 0xFF  # Flip first bit
+    wrong_key = base64.b64encode(bytes(wrong_key_bytes)).decode()
+
+    with pytest.raises(Exception):
+        decrypt_ldap_password(encrypted, wrong_key)
+