Squashed 'receiptwitness/' content from commit e8d374a

git-subtree-dir: receiptwitness git-subtree-split: e8d374a89ed8978f429598e02d31b1c5963efe22
2026-03-28 02:24:22 +00:00
commit 342906c9d1
53 changed files with 7300 additions and 0 deletions
@@ -0,0 +1,61 @@
+"""Tests for session encryption/decryption."""
+
+from unittest.mock import patch
+
+import pytest
+from cryptography.fernet import Fernet, InvalidToken
+
+from receiptwitness.session.encryption import decrypt_session_data, encrypt_session_data
+
+TEST_KEY = Fernet.generate_key().decode()
+
+
+@pytest.fixture(autouse=True)
+def _mock_encryption_key():
+    with patch("receiptwitness.session.encryption.settings") as mock_settings:
+        mock_settings.session_encryption_key = TEST_KEY
+        yield
+
+
+class TestEncryptDecrypt:
+    def test_roundtrip(self):
+        data = {
+            "cookies": [{"name": "session", "value": "abc123", "domain": ".meijer.com"}],
+            "user_agent": "Mozilla/5.0",
+        }
+        encrypted = encrypt_session_data(data)
+        assert isinstance(encrypted, str)
+        assert encrypted != str(data)
+
+        decrypted = decrypt_session_data(encrypted)
+        assert decrypted == data
+
+    def test_different_data_different_ciphertext(self):
+        data1 = {"key": "value1"}
+        data2 = {"key": "value2"}
+        enc1 = encrypt_session_data(data1)
+        enc2 = encrypt_session_data(data2)
+        assert enc1 != enc2
+
+    def test_decrypt_with_wrong_key_fails(self):
+        data = {"cookies": []}
+        encrypted = encrypt_session_data(data)
+
+        wrong_key = Fernet.generate_key().decode()
+        with patch("receiptwitness.session.encryption.settings") as mock_settings:
+            mock_settings.session_encryption_key = wrong_key
+            with pytest.raises(InvalidToken):
+                decrypt_session_data(encrypted)
+
+    def test_decrypt_tampered_data_fails(self):
+        data = {"cookies": []}
+        encrypted = encrypt_session_data(data)
+        tampered = encrypted[:-5] + "XXXXX"
+        with pytest.raises(Exception):
+            decrypt_session_data(tampered)
+
+    def test_no_key_raises_error(self):
+        with patch("receiptwitness.session.encryption.settings") as mock_settings:
+            mock_settings.session_encryption_key = ""
+            with pytest.raises(ValueError, match="RW_SESSION_ENCRYPTION_KEY"):
+                encrypt_session_data({"test": True})