feat: Use secure random tokens for authentication and password handling in tests

2025-11-12 11:36:19 +01:00
parent 3988171b46
commit 5d6592d657
3 changed files with 35 additions and 26 deletions
--- a/tests/test_user_model.py
+++ b/tests/test_user_model.py
@@ -1,5 +1,6 @@
 from __future__ import annotations

+import secrets
 from collections.abc import Iterator

 import pytest
@@ -32,16 +33,17 @@ def session(engine) -> Iterator[Session]:


 def test_user_password_helpers() -> None:
+    new_password = secrets.token_urlsafe(16)
    user = User(
        email="user@example.com",
        username="example",
        password_hash=User.hash_password("initial"),
    )

-    user.set_password("new-secret")
+    user.set_password(new_password)

-    assert user.password_hash != "new-secret"
-    assert user.verify_password("new-secret")
+    assert user.password_hash != new_password
+    assert user.verify_password(new_password)
    assert not user.verify_password("wrong")