Files
superset2/tests/integration_tests/test_database_password_encoding.py
Yuvraj Singh Chauhan 3c6239363b fix(db): preserve percent encoding in database passwords (#36783)
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 13:52:00 -07:00

109 lines
3.8 KiB
Python

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
"""Integration tests for database password encoding."""
from __future__ import annotations
from sqlalchemy.engine.url import make_url
from superset.constants import PASSWORD_MASK
from superset.models.core import Database
from tests.integration_tests.base_tests import SupersetTestCase
class TestDatabasePasswordEncodingIntegration(SupersetTestCase):
"""Integration tests for password encoding in Database model."""
def test_database_with_percent_in_password_roundtrip(self) -> None:
"""Test that database with % in password survives save/load cycle."""
password = "mypass%123" # noqa: S105
base_uri = "postgresql://user@localhost:5432/testdb"
db = Database(
database_name="test_percent_pass",
sqlalchemy_uri=base_uri,
password=password,
)
decrypted_uri = db.sqlalchemy_uri_decrypted
parsed = make_url(decrypted_uri)
assert parsed.password == password
def test_database_with_special_chars_roundtrip(self) -> None:
"""Test database with various special characters in password."""
test_cases = [
("p@ss!word", "postgresql://user@localhost:5432/testdb"), # noqa: S105
("pass#word", "postgresql://user@localhost:5432/testdb"), # noqa: S105
("pass%word", "postgresql://user@localhost:5432/testdb"), # noqa: S105
]
for password, uri in test_cases:
db = Database(
database_name=f"test_special_{password[:5]}",
sqlalchemy_uri=uri,
password=password,
)
decrypted_uri = db.sqlalchemy_uri_decrypted
parsed = make_url(decrypted_uri)
assert parsed.password == password
def test_database_engine_creation_with_special_password(self) -> None:
"""Test that SQLAlchemy engine can be created with special password."""
password = "test%pass" # noqa: S105
db = Database(
database_name="test_engine_creation",
sqlalchemy_uri="sqlite:///:memory:",
password=password,
)
with db.get_sqla_engine() as engine:
assert engine is not None
def test_database_password_stored_encrypted(self) -> None:
"""Test that password is properly encrypted in database model."""
password = "secret%pass" # noqa: S105
db = Database(
database_name="test_encrypted_pass",
sqlalchemy_uri="sqlite:///:memory:",
password=password,
)
assert db.password is not None
assert isinstance(db.password, str)
def test_database_masked_url(self) -> None:
"""Test that password masking works correctly."""
password = "secret%pass" # noqa: S105
uri = "postgresql://user@localhost:5432/db"
db = Database(
database_name="test_masked_url",
sqlalchemy_uri=uri,
password=password,
)
masked_url = db.get_password_masked_url(db.url_object)
assert masked_url.password != password
assert masked_url.password == PASSWORD_MASK