Removed one more utils reference in the README and fixed directory name

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2025-12-22 00:11:16 -05:00 · 2024-05-16 10:41:49 -04:00
parent 99edc88197
commit ac4ebacfeb
40 changed files with 0 additions and 1 deletions
--- a/tests/notifications_utils/clients/encryption/test_encryption_client.py
+++ b/tests/notifications_utils/clients/encryption/test_encryption_client.py
@@ -0,0 +1,88 @@
+import pytest
+
+from notifications_utils.clients.encryption.encryption_client import (
+    Encryption,
+    EncryptionError,
+)
+
+
+@pytest.fixture()
+def encryption_client(app):
+    client = Encryption()
+
+    app.config["SECRET_KEY"] = "test-notify-secret-key"
+    app.config["DANGEROUS_SALT"] = "test-notify-salt"
+
+    client.init_app(app)
+
+    return client
+
+
+def test_should_ensure_shared_salt_security(app):
+    client = Encryption()
+    app.config["SECRET_KEY"] = "test-notify-secret-key"
+    app.config["DANGEROUS_SALT"] = "too-short"
+    with pytest.raises(EncryptionError):
+        client.init_app(app)
+
+
+def test_should_ensure_custom_salt_security(encryption_client):
+    with pytest.raises(EncryptionError):
+        encryption_client.encrypt("this", salt="too-short")
+
+
+def test_should_encrypt_strings(encryption_client):
+    encrypted = encryption_client.encrypt("this")
+    assert encrypted != "this"
+    assert isinstance(encrypted, str)
+
+
+def test_should_encrypt_dicts(encryption_client):
+    to_encrypt = {"hello": "world"}
+    encrypted = encryption_client.encrypt(to_encrypt)
+    assert encrypted != to_encrypt
+    assert encryption_client.decrypt(encrypted) == to_encrypt
+
+
+def test_encryption_is_nondeterministic(encryption_client):
+    first_run = encryption_client.encrypt("this")
+    second_run = encryption_client.encrypt("this")
+    assert first_run != second_run
+
+
+def test_should_decrypt_content(encryption_client):
+    encrypted = encryption_client.encrypt("this")
+    assert encryption_client.decrypt(encrypted) == "this"
+
+
+def test_should_decrypt_content_with_custom_salt(encryption_client):
+    salt = "different-salt-value"
+    encrypted = encryption_client.encrypt("this", salt=salt)
+    assert encryption_client.decrypt(encrypted, salt=salt) == "this"
+
+
+def test_should_verify_decryption(encryption_client):
+    encrypted = encryption_client.encrypt("this")
+    with pytest.raises(EncryptionError):
+        encryption_client.decrypt(encrypted, salt="different-salt-value")
+
+
+def test_should_sign_and_serialize_string(encryption_client):
+    signed = encryption_client.sign("this")
+    assert signed != "this"
+
+
+def test_should_verify_signature_and_deserialize_string(encryption_client):
+    signed = encryption_client.sign("this")
+    assert encryption_client.verify_signature(signed) == "this"
+
+
+def test_should_raise_encryption_error_on_bad_salt(encryption_client):
+    signed = encryption_client.sign("this")
+    with pytest.raises(EncryptionError):
+        encryption_client.verify_signature(signed, salt="different-salt-value")
+
+
+def test_should_sign_and_serialize_json(encryption_client):
+    signed = encryption_client.sign({"this": "that"})
+    assert encryption_client.verify_signature(signed) == {"this": "that"}