he

Andrei Neagoie: Python _best_

def __init__( self, secret_key: str, max_failed_attempts: int = 5, lockout_minutes: int = 15 ): """ Initialize authentication service Args: secret_key: Secret key for JWT max_failed_attempts: Number of failed attempts before lockout lockout_minutes: Lockout duration in minutes """ self.users: Dict[str, User] = {} self.token_manager = TokenManager(secret_key) self.password_hasher = PasswordHasher() self.rate_limiter = RateLimiter() self.max_failed_attempts = max_failed_attempts self.lockout_minutes = lockout_minutes

def test_register_duplicate_user(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") with pytest.raises(ValidationError): auth_service.register_user("test@example.com", "Another456!")

def test_token_validation(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") token, _ = auth_service.login("test@example.com", "ValidPass123!", "10.0.0.1") user = auth_service.verify_token(token) assert user.email == "test@example.com" andrei neagoie python

def __init__(self, max_attempts: int = 5, window_seconds: int = 300): """ Initialize rate limiter Args: max_attempts: Maximum attempts allowed in time window window_seconds: Time window in seconds """ self.max_attempts = max_attempts self.window_seconds = window_seconds self.attempts: Dict[str, list] = {}

def test_login_success(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") token, user = auth_service.login("test@example.com", "ValidPass123!", "192.168.1.1") assert token is not None assert user.email == "test@example.com" def __init__( self

# Register user try: user = auth_service.register_user("user@example.com", "MySecurePass123!") print(f"✅ User registered: user.email") except ValidationError as e: print(f"❌ Registration failed: e")

def is_locked(self) -> bool: """Check if user account is currently locked""" if self.locked_until and datetime.utcnow() < self.locked_until: return True return False class PasswordHasher: """Handles secure password hashing and verification""" max_failed_attempts: int = 5

@staticmethod def hash_password(password: str) -> str: """ Hash password using SHA-256 with salt Args: password: Plain text password Returns: String containing salt and hash separated by colon Raises: ValidationError: If password doesn't meet security requirements """ PasswordHasher._validate_password_strength(password) # Generate random salt (32 bytes) salt = os.urandom(32) # Hash password with salt password_hash = hashlib.pbkdf2_hmac( 'sha256', password.encode('utf-8'), salt, 100000 # Number of iterations ) # Return salt and hash as hex strings return f"salt.hex():password_hash.hex()"