mirror of
https://github.com/apache/superset.git
synced 2026-07-05 06:15:31 +00:00
Co-authored-by: Evan <evan@preset.io> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
109 lines
3.8 KiB
Python
109 lines
3.8 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""Integration tests for database password encoding."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from sqlalchemy.engine.url import make_url
|
|
|
|
from superset.constants import PASSWORD_MASK
|
|
from superset.models.core import Database
|
|
from tests.integration_tests.base_tests import SupersetTestCase
|
|
|
|
|
|
class TestDatabasePasswordEncodingIntegration(SupersetTestCase):
|
|
"""Integration tests for password encoding in Database model."""
|
|
|
|
def test_database_with_percent_in_password_roundtrip(self) -> None:
|
|
"""Test that database with % in password survives save/load cycle."""
|
|
password = "mypass%123" # noqa: S105
|
|
base_uri = "postgresql://user@localhost:5432/testdb"
|
|
|
|
db = Database(
|
|
database_name="test_percent_pass",
|
|
sqlalchemy_uri=base_uri,
|
|
password=password,
|
|
)
|
|
|
|
decrypted_uri = db.sqlalchemy_uri_decrypted
|
|
parsed = make_url(decrypted_uri)
|
|
|
|
assert parsed.password == password
|
|
|
|
def test_database_with_special_chars_roundtrip(self) -> None:
|
|
"""Test database with various special characters in password."""
|
|
test_cases = [
|
|
("p@ss!word", "postgresql://user@localhost:5432/testdb"), # noqa: S105
|
|
("pass#word", "postgresql://user@localhost:5432/testdb"), # noqa: S105
|
|
("pass%word", "postgresql://user@localhost:5432/testdb"), # noqa: S105
|
|
]
|
|
|
|
for password, uri in test_cases:
|
|
db = Database(
|
|
database_name=f"test_special_{password[:5]}",
|
|
sqlalchemy_uri=uri,
|
|
password=password,
|
|
)
|
|
|
|
decrypted_uri = db.sqlalchemy_uri_decrypted
|
|
parsed = make_url(decrypted_uri)
|
|
|
|
assert parsed.password == password
|
|
|
|
def test_database_engine_creation_with_special_password(self) -> None:
|
|
"""Test that SQLAlchemy engine can be created with special password."""
|
|
password = "test%pass" # noqa: S105
|
|
|
|
db = Database(
|
|
database_name="test_engine_creation",
|
|
sqlalchemy_uri="sqlite:///:memory:",
|
|
password=password,
|
|
)
|
|
|
|
with db.get_sqla_engine() as engine:
|
|
assert engine is not None
|
|
|
|
def test_database_password_stored_encrypted(self) -> None:
|
|
"""Test that password is properly encrypted in database model."""
|
|
password = "secret%pass" # noqa: S105
|
|
|
|
db = Database(
|
|
database_name="test_encrypted_pass",
|
|
sqlalchemy_uri="sqlite:///:memory:",
|
|
password=password,
|
|
)
|
|
|
|
assert db.password is not None
|
|
assert isinstance(db.password, str)
|
|
|
|
def test_database_masked_url(self) -> None:
|
|
"""Test that password masking works correctly."""
|
|
password = "secret%pass" # noqa: S105
|
|
uri = "postgresql://user@localhost:5432/db"
|
|
|
|
db = Database(
|
|
database_name="test_masked_url",
|
|
sqlalchemy_uri=uri,
|
|
password=password,
|
|
)
|
|
|
|
masked_url = db.get_password_masked_url(db.url_object)
|
|
|
|
assert masked_url.password != password
|
|
assert masked_url.password == PASSWORD_MASK
|