Return friendly generic auth messages for login and resume failures

2026-02-28 04:39:26 -05:00
parent 6f813434e2
commit 9f3cd1fbdc
2 changed files with 62 additions and 2 deletions
--- a/server/tests/test_server_message_handling.py
+++ b/server/tests/test_server_message_handling.py
@@ -10,7 +10,8 @@ import pytest
 from websockets.asyncio.server import ServerConnection

 from app.client import ClientConnection
-from app.server import SignalingServer
+from app.auth_service import AuthError
+from app.server import AUTH_LOGIN_FAILURE_MESSAGE, AUTH_RESUME_FAILURE_MESSAGE, SignalingServer


 def _fake_ws() -> ServerConnection:
@@ -248,6 +249,58 @@ async def test_auth_rate_limit_blocks_before_hash(monkeypatch: pytest.MonkeyPatc
    assert "too many" in send_payloads[-1].message.lower()


+@pytest.mark.asyncio
+async def test_auth_login_failure_message_is_generic(monkeypatch: pytest.MonkeyPatch) -> None:
+    server = SignalingServer("127.0.0.1", 8765, None, None)
+    ws = _fake_ws()
+    client = ClientConnection(websocket=ws, id="u1", nickname="tester")
+    send_payloads: list[object] = []
+
+    async def fake_send(websocket: ServerConnection, packet: object) -> None:
+        send_payloads.append(packet)
+
+    monkeypatch.setattr(server, "_send", fake_send)
+    monkeypatch.setattr(server, "_sleep_auth_failure_jitter", lambda: asyncio.sleep(0))
+
+    def fake_login(_username: str, _password: str):
+        raise AuthError("Account is disabled.")
+
+    monkeypatch.setattr(server.auth_service, "login", fake_login)
+
+    await server._handle_message(client, json.dumps({"type": "auth_login", "username": "alpha", "password": "wrongpass"}))
+
+    auth_results = [packet for packet in send_payloads if getattr(packet, "type", "") == "auth_result"]
+    assert auth_results
+    assert auth_results[-1].ok is False
+    assert auth_results[-1].message == AUTH_LOGIN_FAILURE_MESSAGE
+
+
+@pytest.mark.asyncio
+async def test_auth_resume_failure_message_is_generic(monkeypatch: pytest.MonkeyPatch) -> None:
+    server = SignalingServer("127.0.0.1", 8765, None, None)
+    ws = _fake_ws()
+    client = ClientConnection(websocket=ws, id="u1", nickname="tester")
+    send_payloads: list[object] = []
+
+    async def fake_send(websocket: ServerConnection, packet: object) -> None:
+        send_payloads.append(packet)
+
+    monkeypatch.setattr(server, "_send", fake_send)
+    monkeypatch.setattr(server, "_sleep_auth_failure_jitter", lambda: asyncio.sleep(0))
+
+    def fake_resume(_token: str):
+        raise AuthError("Session has expired.")
+
+    monkeypatch.setattr(server.auth_service, "resume", fake_resume)
+
+    await server._handle_message(client, json.dumps({"type": "auth_resume", "sessionToken": "expired-token"}))
+
+    auth_results = [packet for packet in send_payloads if getattr(packet, "type", "") == "auth_result"]
+    assert auth_results
+    assert auth_results[-1].ok is False
+    assert auth_results[-1].message == AUTH_RESUME_FAILURE_MESSAGE
+
+
@pytest.mark.asyncio
 async def test_item_drop_rejects_out_of_bounds(monkeypatch: pytest.MonkeyPatch) -> None:
    server = SignalingServer("127.0.0.1", 8765, None, None, grid_size=41)