tests/conftest.py

@@ -1,10 +1,12 @@
 from collections.abc import AsyncGenerator
 
+from cryptography.fernet import Fernet
 import pytest
 from fastapi.testclient import TestClient
 from pydantic_settings import SettingsConfigDict
 from redis import asyncio as aioredis
 
+from pssecret_server.fernet import get_fernet
 from pssecret_server.main import app
 from pssecret_server.settings import Settings, get_settings
 
@@ -29,6 +31,11 @@ def get_test_settings() -> Settings:
     return TestSettings()
 
 
+@pytest.fixture 
+def fernet(settings: Settings) -> Fernet:
+    return get_fernet(settings)
+
+
 @pytest.fixture(scope="session")
 def client() -> TestClient:
     client_ = TestClient(app)

tests/unit/test_utils.py

@@ -0,0 +1,29 @@
+from cryptography.fernet import Fernet, InvalidToken
+import pytest
+from pssecret_server.utils import encrypt_secret, decrypt_secret
+from ..factories import SecretFactory
+
+
+def test_encrypte_secret_ok(fernet: Fernet):
+    secret = SecretFactory().build()
+    encrypted_secret = encrypt_secret(secret, fernet)
+    
+    assert secret.data != encrypted_secret.data
+
+
+def test_secret_is_decryptable_by_correct_key(fernet: Fernet):
+    secret = SecretFactory().build()
+    encrypted_secret = encrypt_secret(secret, fernet)
+    decrypted_secret = decrypt_secret(encrypted_secret.data.encode(), fernet)
+
+    assert decrypted_secret.decode() == secret.data
+
+
+def test_secret_is_not_decryptable_by_random_key(fernet: Fernet):
+    secret = SecretFactory().build()
+    encrypted_secret = encrypt_secret(secret, fernet)
+
+    random_fernet = Fernet(Fernet.generate_key())
+
+    with pytest.raises(InvalidToken):
+        decrypt_secret(encrypted_secret.data.encode(), random_fernet)