authentik.policies.password.tests.test_hibp

Password Policy HIBP tests

 1"""Password Policy HIBP tests"""
 2
 3from django.test import TestCase
 4from guardian.shortcuts import get_anonymous_user
 5
 6from authentik.lib.generators import generate_key
 7from authentik.policies.password.models import PasswordPolicy
 8from authentik.policies.types import PolicyRequest, PolicyResult
 9from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
10
11
12class TestPasswordPolicyHIBP(TestCase):
13    """Test Password Policy (haveibeenpwned)"""
14
15    def test_invalid(self):
16        """Test without password"""
17        policy = PasswordPolicy.objects.create(
18            check_have_i_been_pwned=True,
19            check_static_rules=False,
20            name="test_invalid",
21        )
22        request = PolicyRequest(get_anonymous_user())
23        result: PolicyResult = policy.passes(request)
24        self.assertFalse(result.passing)
25        self.assertEqual(result.messages[0], "Password not set in context")
26
27    def test_false(self):
28        """Failing password case"""
29        policy = PasswordPolicy.objects.create(
30            check_have_i_been_pwned=True,
31            check_static_rules=False,
32            name="test_false",
33        )
34        request = PolicyRequest(get_anonymous_user())
35        request.context[PLAN_CONTEXT_PROMPT] = {"password": "password"}  # nosec
36        result: PolicyResult = policy.passes(request)
37        self.assertFalse(result.passing)
38        self.assertTrue(result.messages[0].startswith("Password exists on "))
39
40    def test_true(self):
41        """Positive password case"""
42        policy = PasswordPolicy.objects.create(
43            check_have_i_been_pwned=True,
44            check_static_rules=False,
45            name="test_true",
46        )
47        request = PolicyRequest(get_anonymous_user())
48        request.context[PLAN_CONTEXT_PROMPT] = {"password": generate_key()}
49        result: PolicyResult = policy.passes(request)
50        self.assertTrue(result.passing)
51        self.assertEqual(result.messages, tuple())
class TestPasswordPolicyHIBP(django.test.testcases.TestCase): 
13class TestPasswordPolicyHIBP(TestCase):
14    """Test Password Policy (haveibeenpwned)"""
15
16    def test_invalid(self):
17        """Test without password"""
18        policy = PasswordPolicy.objects.create(
19            check_have_i_been_pwned=True,
20            check_static_rules=False,
21            name="test_invalid",
22        )
23        request = PolicyRequest(get_anonymous_user())
24        result: PolicyResult = policy.passes(request)
25        self.assertFalse(result.passing)
26        self.assertEqual(result.messages[0], "Password not set in context")
27
28    def test_false(self):
29        """Failing password case"""
30        policy = PasswordPolicy.objects.create(
31            check_have_i_been_pwned=True,
32            check_static_rules=False,
33            name="test_false",
34        )
35        request = PolicyRequest(get_anonymous_user())
36        request.context[PLAN_CONTEXT_PROMPT] = {"password": "password"}  # nosec
37        result: PolicyResult = policy.passes(request)
38        self.assertFalse(result.passing)
39        self.assertTrue(result.messages[0].startswith("Password exists on "))
40
41    def test_true(self):
42        """Positive password case"""
43        policy = PasswordPolicy.objects.create(
44            check_have_i_been_pwned=True,
45            check_static_rules=False,
46            name="test_true",
47        )
48        request = PolicyRequest(get_anonymous_user())
49        request.context[PLAN_CONTEXT_PROMPT] = {"password": generate_key()}
50        result: PolicyResult = policy.passes(request)
51        self.assertTrue(result.passing)
52        self.assertEqual(result.messages, tuple())

Test Password Policy (haveibeenpwned)

def test_invalid(self): 
16    def test_invalid(self):
17        """Test without password"""
18        policy = PasswordPolicy.objects.create(
19            check_have_i_been_pwned=True,
20            check_static_rules=False,
21            name="test_invalid",
22        )
23        request = PolicyRequest(get_anonymous_user())
24        result: PolicyResult = policy.passes(request)
25        self.assertFalse(result.passing)
26        self.assertEqual(result.messages[0], "Password not set in context")

Test without password

def test_false(self): 
28    def test_false(self):
29        """Failing password case"""
30        policy = PasswordPolicy.objects.create(
31            check_have_i_been_pwned=True,
32            check_static_rules=False,
33            name="test_false",
34        )
35        request = PolicyRequest(get_anonymous_user())
36        request.context[PLAN_CONTEXT_PROMPT] = {"password": "password"}  # nosec
37        result: PolicyResult = policy.passes(request)
38        self.assertFalse(result.passing)
39        self.assertTrue(result.messages[0].startswith("Password exists on "))

Failing password case

def test_true(self): 
41    def test_true(self):
42        """Positive password case"""
43        policy = PasswordPolicy.objects.create(
44            check_have_i_been_pwned=True,
45            check_static_rules=False,
46            name="test_true",
47        )
48        request = PolicyRequest(get_anonymous_user())
49        request.context[PLAN_CONTEXT_PROMPT] = {"password": generate_key()}
50        result: PolicyResult = policy.passes(request)
51        self.assertTrue(result.passing)
52        self.assertEqual(result.messages, tuple())

Positive password case