olly/mcma-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c72d19599a85ca7abe636e2e30eb33b1325722fc
mcma-backend/tests/test_subsonic_security.py
T
Senko-san b975164fc2 feat(subsonic): response envelope, id scheme, and error mapping 
- envelope: one serializer emitting the <subsonic-response> wrapper in XML
  (default) and JSON (f=json), carrying status/version/type/serverVersion
- ids: stable, reversible type-prefixed ids (tr-/al-/ar-/pl-) ↔ UUIDs
- errors: /rest requests render the Subsonic error envelope (always HTTP 200)
  with standard codes (10 missing param, 40 wrong creds, 50, 70 not found)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 18:23:30 +03:00

71 lines
2.3 KiB
Python
Raw Blame History

"""Unit tests for Subsonic crypto + id helpers (no DB, no network)."""
import hashlib
import uuid
import pytest
from app.api.rest import ids
from app.api.rest.ids import IdKind
from app.core.security import SubsonicPasswordCipher, generate_subsonic_password
from app.domain.errors import AuthenticationError, NotFoundError
def test_generate_subsonic_password_is_long_and_unique() -> None:
a = generate_subsonic_password()
b = generate_subsonic_password()
assert a != b
assert len(a) >= 20
def test_cipher_roundtrip() -> None:
cipher = SubsonicPasswordCipher("a-secret-key")
plaintext = generate_subsonic_password()
token = cipher.encrypt(plaintext)
assert token != plaintext
assert cipher.decrypt(token) == plaintext
def test_cipher_token_then_md5_matches() -> None:
"""The decrypted app-password must reproduce a client's t=md5(password+salt)."""
cipher = SubsonicPasswordCipher("a-secret-key")
password = generate_subsonic_password()
enc = cipher.encrypt(password)
salt = "c19b2d"
decrypted = cipher.decrypt(enc)
expected = hashlib.md5((decrypted + salt).encode(), usedforsecurity=False).hexdigest()
client_token = hashlib.md5((password + salt).encode(), usedforsecurity=False).hexdigest()
assert expected == client_token
def test_cipher_wrong_key_fails() -> None:
token = SubsonicPasswordCipher("key-one").encrypt("hunter2")
with pytest.raises(AuthenticationError):
SubsonicPasswordCipher("key-two").decrypt(token)
def test_id_encode_decode_roundtrip() -> None:
value = uuid.uuid4()
assert ids.decode_track(ids.encode_track(value)) == value
assert ids.decode_album(ids.encode_album(value)) == value
assert ids.decode_artist(ids.encode_artist(value)) == value
assert ids.decode_playlist(ids.encode_playlist(value)) == value
def test_id_parse_returns_kind() -> None:
value = uuid.uuid4()
kind, parsed = ids.parse(ids.encode_album(value))
assert kind is IdKind.ALBUM
assert parsed == value
def test_id_wrong_prefix_rejected() -> None:
track = ids.encode_track(uuid.uuid4())
with pytest.raises(NotFoundError):
ids.decode_album(track)
def test_id_malformed_rejected() -> None:
with pytest.raises(NotFoundError):
ids.parse("not-a-real-id")
Reference in New Issue View Git Blame Copy Permalink