From b5f10c780b0921a4cbfbc2646281a4aa7c6cad5b Mon Sep 17 00:00:00 2001 From: Nora Date: Mon, 22 Jun 2026 14:24:55 -0600 Subject: [PATCH] test(auth): tighten duplicate-username test + add update_password test --- backend/tests/test_auth_users.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/backend/tests/test_auth_users.py b/backend/tests/test_auth_users.py index b6ce096..35803e4 100644 --- a/backend/tests/test_auth_users.py +++ b/backend/tests/test_auth_users.py @@ -4,6 +4,7 @@ from __future__ import annotations import pytest from sqlalchemy import delete +from sqlalchemy.exc import IntegrityError from cyclone.auth import users from cyclone.db import SessionLocal, User @@ -56,7 +57,7 @@ def test_create_user_rejects_duplicate_username(): with SessionLocal()() as db: users.create(db, username="bob", password="hunter2hunter2", role="user") with SessionLocal()() as db: - with pytest.raises(Exception): + with pytest.raises(IntegrityError): users.create(db, username="bob", password="anotherone", role="user") @@ -90,4 +91,16 @@ def test_to_public_shape_omits_password_hash(): assert "password_hash" not in shape assert shape["username"] == "eve" assert shape["role"] == "admin" - assert "id" in shape and "createdAt" in shape \ No newline at end of file + assert "id" in shape and "createdAt" in shape + + +def test_update_password_actually_rehashes_and_verifies(): + with SessionLocal()() as db: + u = users.create(db, username="frank", password="hunter2hunter2", role="user") + with SessionLocal()() as db: + users.update_password(db, u.id, "newpassword1") + # Old password no longer verifies. + with SessionLocal()() as db: + refreshed = users.get_by_username(db, "frank") + assert not users.verify_password("hunter2hunter2", refreshed.password_hash) + assert users.verify_password("newpassword1", refreshed.password_hash) \ No newline at end of file