@staticmethod def _validate_password_strength(password: str) -> None: """ Validate password meets security requirements Requirements: - Minimum 8 characters - At least 1 uppercase letter - At least 1 lowercase letter - At least 1 digit - At least 1 special character Raises: ValidationError: If password doesn't meet requirements """ if len(password) < 8: raise ValidationError("Password must be at least 8 characters long") if not re.search(r'[A-Z]', password): raise ValidationError("Password must contain at least one uppercase letter") if not re.search(r'[a-z]', password): raise ValidationError("Password must contain at least one lowercase letter") if not re.search(r'\d', password): raise ValidationError("Password must contain at least one digit") if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password): raise ValidationError("Password must contain at least one special character") class TokenManager: """Handles JWT token creation and validation"""
def test_login_success(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") token, user = auth_service.login("test@example.com", "ValidPass123!", "192.168.1.1") assert token is not None assert user.email == "test@example.com" andrei neagoie python
@staticmethod def verify_password(password: str, stored_hash: str) -> bool: """ Verify password against stored hash Args: password: Plain text password to verify stored_hash: Stored hash string (salt:hash) Returns: True if password matches, False otherwise """ try: salt_hex, hash_hex = stored_hash.split(':') salt = bytes.fromhex(salt_hex) # Hash the provided password with the same salt test_hash = hashlib.pbkdf2_hmac( 'sha256', password.encode('utf-8'), salt, 100000 ) # Constant-time comparison to prevent timing attacks return test_hash.hex() == hash_hex except (ValueError, TypeError): return False user = auth_service.login("test@example.com"
def __init__( self, secret_key: str, max_failed_attempts: int = 5, lockout_minutes: int = 15 ): """ Initialize authentication service Args: secret_key: Secret key for JWT max_failed_attempts: Number of failed attempts before lockout lockout_minutes: Lockout duration in minutes """ self.users: Dict[str, User] = {} self.token_manager = TokenManager(secret_key) self.password_hasher = PasswordHasher() self.rate_limiter = RateLimiter() self.max_failed_attempts = max_failed_attempts self.lockout_minutes = lockout_minutes stored_hash: str) ->
class RateLimitExceededError(AuthenticationError): """Raised when too many attempts""" pass
def test_token_validation(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") token, _ = auth_service.login("test@example.com", "ValidPass123!", "10.0.0.1") user = auth_service.verify_token(token) assert user.email == "test@example.com"
def test_rate_limiting(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") ip = "192.168.1.100" # Try wrong password 5 times for _ in range(5): with pytest.raises(InvalidPasswordError): auth_service.login("test@example.com", "wrong", ip) # 6th attempt should trigger rate limit with pytest.raises(RateLimitExceededError): auth_service.login("test@example.com", "wrong", ip)