use random passwords

Fabien Coelho · Fabien Coelho · commit c4f1d0003c23 · 2024-03-15T09:41:25.000+01:00
diff --git a/README.md b/README.md
@@ -193,6 +193,7 @@ please report any [issues](https://github.com/zx80/flask-tester/issues).
 Improved documentation and tests.
 Raise an error when setting unusable passwords or tokens.
 Add support for `pkg:name` application syntax.
+Use random passwords when testing.
 
 ### 1.1 on 2024-03-13
 
diff --git a/tests/app.py b/tests/app.py
@@ -2,12 +2,11 @@
 
 import FlaskSimpleAuth as fsa
 
-TEST_PASSES: dict[str, str] = {"calvin": "clv-pass", "hobbes": "hbs-pass", "susie": "ss-pass", "moe": "m-pass"}
-
 app = fsa.Flask("app", FSA_MODE="dev", FSA_AUTH=["token", "param", "basic"])
 
-# authentication
-PASSDB = {login: app.hash_password(pwd) for login, pwd in TEST_PASSES.items()}
+# authentication with randomly-generated passwordss
+import secret
+PASSDB = {login: app.hash_password(pwd) for login, pwd in secret.PASSES.items()}
 
 @app.get_user_pass
 def get_user_pass(login: str) -> str|None:
diff --git a/tests/secret.py b/tests/secret.py
@@ -0,0 +1,9 @@
+import random
+import string
+
+LENGTH = 16
+PASSES: dict[str, str] = {}
+CHARS = "".join(string.printable.split(","))
+
+for login in ("calvin", "hobbes", "susie", "moe"):
+    PASSES[login] = "".join(random.choice(CHARS) for _ in range(LENGTH))
diff --git a/tests/test.py b/tests/test.py
@@ -3,7 +3,7 @@
 import FlaskSimpleAuth as fsa
 import FlaskTester as ft
 from FlaskTester import ft_client, ft_authenticator
-import app
+import secret
 import http.server as htsv
 import threading
 import io
@@ -14,7 +14,7 @@
 # set authn for ft_authenticator
 os.environ.update(
     FLASK_TESTER_ALLOW="bearer basic param",
-    FLASK_TESTER_AUTH=",".join(f"{l}:{p}" for l, p in app.TEST_PASSES.items()),
+    FLASK_TESTER_AUTH=",".join(f"{l}:{p}" for l, p in secret.PASSES.items()),
 )
 
 def test_sanity():
@@ -25,8 +25,8 @@ def test_sanity():
 @pytest.fixture
 def app(ft_client):
     # add test passwords for Calvin and Hobbes (must be consistent with app!)
-    ft_client.setPass("calvin", "clv-pass")
-    ft_client.setPass("hobbes", "hbs-pass")
+    ft_client.setPass("calvin", secret.PASSES["calvin"])
+    ft_client.setPass("hobbes", secret.PASSES["hobbes"])
     # get Calvin's token, assume json result {"token": "<token-value>"}
     res = ft_client.get("/token", login="calvin", auth="basic", status=200)
     assert res.is_json
