From db78002412c588273bc6177bc1c1b6ab6d1c37a0 Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Sat, 2 Apr 2011 12:42:07 -0500
Subject: [PATCH] Also make sure the auth system successfully returns False
 when login failboats.

---
 mediagoblin/tests/test_auth.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py
index 5b66bb3c..d7397723 100644
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@@ -28,9 +28,14 @@ def test_bcrypt_check_password():
         'lollerskates',
         '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
 
+    assert not auth_lib.bcrypt_check_password(
+        'notthepassword',
+        '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
+
+
     # Same thing, but with extra fake salt.
-    assert auth_lib.bcrypt_check_password(
-        'lollerskates',
+    assert not auth_lib.bcrypt_check_password(
+        'notthepassword',
         '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
         '3><7R45417')
 
@@ -42,8 +47,13 @@ def test_bcrypt_gen_password_hash():
     hashed_pw = auth_lib.bcrypt_gen_password_hash(pw)
     assert auth_lib.bcrypt_check_password(
         pw, hashed_pw)
+    assert not auth_lib.bcrypt_check_password(
+        'notthepassword', hashed_pw)
+
 
     # Same thing, extra salt.
     hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417')
     assert auth_lib.bcrypt_check_password(
         pw, hashed_pw, '3><7R45417')
+    assert not auth_lib.bcrypt_check_password(
+        'notthepassword', hashed_pw, '3><7R45417')