Fix round check/settings in needs_migration

rouilj · rouilj · commit 5cccd73a2fe3 · 2023-02-26T16:17:37.000-05:00
Support test rounds in needs_migration

Two test were missing os.environ seting to have them use config
setting.
diff --git a/roundup/password.py b/roundup/password.py
@@ -379,6 +379,13 @@ def needs_migration(self, config):
             return True
         if (self.scheme == "PBKDF2"):
             new_rounds = config.PASSWORD_PBKDF2_DEFAULT_ROUNDS
+            if ("pytest" in sys.modules and 
+                "PYTEST_CURRENT_TEST" in os.environ):
+                if ("PYTEST_USE_CONFIG" in os.environ):
+                    new_rounds = config.PASSWORD_PBKDF2_DEFAULT_ROUNDS
+                else:
+                    # for testing
+                    new_rounds = 1000
             if rounds < int(new_rounds):
                 return True
         return False
diff --git a/test/test_cgi.py b/test/test_cgi.py
@@ -593,13 +593,16 @@ def testPasswordMigration(self):
         # below will be 100000
         cl.db.Otk = self.db.Otk
         pw1 = pw
+        # do not use the production number of PBKDF2
+        os.environ["PYTEST_USE_CONFIG"] = "True"
         cl.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 100000
         self.assertEqual(pw1.needs_migration(config=cl.db.config), True)
         scheme = password.Password.known_schemes[0]
         self.assertEqual(scheme, pw1.scheme)
         actions.LoginAction(cl).handle()
         pw = cl.db.user.get(chef, 'password')
         self.assertEqual(pw, 'foo')
+        del(os.environ["PYTEST_USE_CONFIG"])
         # do not assert self.assertEqual(pw, pw1) as pw is a 100,000
         # cycle while pw1 is only 10,000. They won't compare equally.
 
diff --git a/test/test_security.py b/test/test_security.py
@@ -423,14 +423,20 @@ def test_password(self):
         roundup.password.crypt = orig_crypt
 
     def test_pbkdf2_migrate_rounds(self):
-        self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 10000
+        '''Check that migration happens when number of rounds in
+           config is larger than number of rounds in current password.
+        '''
+
 
         p = roundup.password.Password('sekrit', 'PBKDF2',
                                       config=self.db.config)
 
         self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000000
 
+        os.environ["PYTEST_USE_CONFIG"] = "True"
         self.assertEqual(p.needs_migration(config=self.db.config), True)
+        del(os.environ["PYTEST_USE_CONFIG"])
+
 
     def test_encodePasswordNoConfig(self):
         # should run cleanly as we are in a test.
