Secrets encryption (#4)

Reviewed-on: #4 Co-authored-by: Ivan Golikov <root@ivnglkv.me> Co-committed-by: Ivan Golikov <root@ivnglkv.me>
2025-01-03 15:06:08 +00:00 · 2025-01-03 15:06:08 +00:00 · 7fae1a18b6
commit 7fae1a18b6
parent 759c338657
10 changed files with 220 additions and 6 deletions
--- a/tests/unit/init.py
+++ b/tests/unit/init.py
--- a/tests/unit/test_utils.py
+++ b/tests/unit/test_utils.py
@ -0,0 +1,31 @@
+import pytest
+from cryptography.fernet import Fernet, InvalidToken
+
+from pssecret_server.utils import decrypt_secret, encrypt_secret
+
+from ..factories import SecretFactory
+
+
+def test_encrypte_secret_ok(fernet: Fernet):
+    secret = SecretFactory().build()
+    encrypted_secret = encrypt_secret(secret, fernet)
+
+    assert secret.data != encrypted_secret.data
+
+
+def test_secret_is_decryptable_by_correct_key(fernet: Fernet):
+    secret = SecretFactory().build()
+    encrypted_secret = encrypt_secret(secret, fernet)
+    decrypted_secret = decrypt_secret(encrypted_secret.data.encode(), fernet)
+
+    assert decrypted_secret.decode() == secret.data
+
+
+def test_secret_is_not_decryptable_by_random_key(fernet: Fernet):
+    secret = SecretFactory().build()
+    encrypted_secret = encrypt_secret(secret, fernet)
+
+    random_fernet = Fernet(Fernet.generate_key())
+
+    with pytest.raises(InvalidToken):
+        decrypt_secret(encrypted_secret.data.encode(), random_fernet)