| 25 | |
| 26 | |
| 27 | class SecurityConfigTests(unittest.TestCase): |
| 28 | def test_initial_security_config_requires_setup_and_generates_jwt_secret(self): |
| 29 | result = prepare_security_config(DEFAULT_CONFIG) |
| 30 | |
| 31 | self.assertTrue(result.changed) |
| 32 | self.assertTrue(result.setup_required) |
| 33 | self.assertEqual(result.config["admin_token"], "") |
| 34 | self.assertFalse(is_config_initialized(result.config)) |
| 35 | self.assertGreaterEqual(len(result.config["jwt_secret"]), 32) |
| 36 | |
| 37 | def test_legacy_default_password_requires_setup(self): |
| 38 | config = copy.deepcopy(DEFAULT_CONFIG) |
| 39 | config["admin_token"] = hash_password(LEGACY_DEFAULT_ADMIN_TOKEN) |
| 40 | config["jwt_secret"] = "j" * 48 |
| 41 | |
| 42 | result = prepare_security_config(config) |
| 43 | |
| 44 | self.assertTrue(result.setup_required) |
| 45 | self.assertEqual(result.config["admin_token"], "") |
| 46 | self.assertEqual(result.config["jwt_secret"], "j" * 48) |
| 47 | |
| 48 | def test_custom_plaintext_password_is_hashed_and_initialized(self): |
| 49 | config = copy.deepcopy(DEFAULT_CONFIG) |
| 50 | config["admin_token"] = "custom-password" |
| 51 | config["jwt_secret"] = "j" * 48 |
| 52 | |
| 53 | result = prepare_security_config(config) |
| 54 | |
| 55 | self.assertTrue(result.password_hashed) |
| 56 | self.assertTrue(is_config_initialized(result.config)) |
| 57 | self.assertTrue(verify_password("custom-password", result.config["admin_token"])) |
| 58 | |
| 59 | |
| 60 | class SetupOptionTests(unittest.TestCase): |
nothing calls this directly
no outgoing calls
no test coverage detected