backend/tests/unit/test_soc_token.py

"""SOC opaque token generation / verification."""

from __future__ import annotations

from mimic.auth.soc_token import generate_token, verify_token


def test_generated_token_verifies() -> None:
    material = generate_token(rounds=4)
    assert verify_token(material.plain, material.hashed) is True


def test_different_plain_does_not_verify() -> None:
    material = generate_token(rounds=4)
    assert verify_token("wrong-token", material.hashed) is False


def test_plain_is_url_safe_and_long() -> None:
    material = generate_token(rounds=4)
    # 32 random bytes → ~43 url-safe base64 chars.
    assert len(material.plain) >= 32
    assert all(c.isalnum() or c in "-_" for c in material.plain)


def test_verify_with_empty_values() -> None:
    assert verify_token("", "$2b$04$abc") is False
    assert verify_token("token", "") is False
test(backend): add pytest baseline (B0.8) Unit (SQLite, pure logic): - test_templating.py: Jinja2 sandbox, regex_extract, strict-undefined, sandbox blocks attribute-access escape, output blob 10 MB cap. - test_password.py: bcrypt hash + verify, empty / malformed handling. - test_soc_token.py: 256-bit url-safe token + bcrypt verification. - test_rbac_matrix.py: F11 invariants (lead ⊇ operator, SOC restricted to detection + report-read, audit_read & ttp_promote lead-only). - test_connector_factory.py: register / build / double-register-rejected, TaskStatus terminal helper, Mythic mapping vs empty Home mapping. - test_audit_hash.py: SHA-256 chain helper is deterministic and reacts to prev_hash / metadata changes. Integration scaffold (testcontainers Postgres): - tests/integration/conftest.py spins up postgres:16-alpine, monkeypatches MIMIC_DATABASE_URL, creates a Flask app + db.create_all. - test_healthz.py: end-to-end smoke through the Flask test client. 38 unit tests pass; ruff clean. 2026-05-21 20:34:11 +02:00			`"""SOC opaque token generation / verification."""`

			`from __future__ import annotations`

			`from mimic.auth.soc_token import generate_token, verify_token`


			`def test_generated_token_verifies() -> None:`
			`material = generate_token(rounds=4)`
			`assert verify_token(material.plain, material.hashed) is True`


			`def test_different_plain_does_not_verify() -> None:`
			`material = generate_token(rounds=4)`
			`assert verify_token("wrong-token", material.hashed) is False`


			`def test_plain_is_url_safe_and_long() -> None:`
			`material = generate_token(rounds=4)`
			`# 32 random bytes → ~43 url-safe base64 chars.`
			`assert len(material.plain) >= 32`
			`assert all(c.isalnum() or c in "-_" for c in material.plain)`


			`def test_verify_with_empty_values() -> None:`
			`assert verify_token("", "$2b$04$abc") is False`
			`assert verify_token("token", "") is False`