Fix KDF metadata handling and headless password prompts

2025-09-10 00:09:04 +00:00 · 2025-08-20 17:23:10 -04:00
parent 06ca51993a
commit 26632c0e70
8 changed files with 75 additions and 26 deletions
--- a/src/tests/test_legacy_migration.py
+++ b/src/tests/test_legacy_migration.py
@@ -1,4 +1,5 @@
 import json
+import base64
 import hashlib
 from pathlib import Path

@@ -99,7 +100,8 @@ def test_migrated_index_has_v2_prefix(monkeypatch, tmp_path: Path):
    vault.load_index()

    new_file = tmp_path / "seedpass_entries_db.json.enc"
-    assert new_file.read_bytes().startswith(b"V2:")
+    payload = json.loads(new_file.read_text())
+    assert base64.b64decode(payload["ct"]).startswith(b"V2:")
    assert vault.migrated_from_legacy


--- a/src/tests/test_legacy_migration_iterations.py
+++ b/src/tests/test_legacy_migration_iterations.py
@@ -66,5 +66,5 @@ def test_migrate_iterations(tmp_path, monkeypatch, iterations):
    cfg = ConfigManager(vault, tmp_path)
    assert cfg.get_kdf_iterations() == iterations

-    content = (tmp_path / "seedpass_entries_db.json.enc").read_bytes()
-    assert content.startswith(b"V2:")
+    payload = json.loads((tmp_path / "seedpass_entries_db.json.enc").read_text())
+    assert base64.b64decode(payload["ct"]).startswith(b"V2:")
--- a/src/tests/test_legacy_migration_prompt.py
+++ b/src/tests/test_legacy_migration_prompt.py
@@ -50,6 +50,6 @@ def test_migrate_legacy_sets_flag(tmp_path, monkeypatch):
    monkeypatch.setattr(vault_module, "prompt_existing_password", lambda _: password)
    monkeypatch.setattr("builtins.input", lambda _: "2")
    vault.load_index()
-    content = (tmp_path / "seedpass_entries_db.json.enc").read_bytes()
-    assert content.startswith(b"V2:")
+    payload = json.loads((tmp_path / "seedpass_entries_db.json.enc").read_text())
+    assert base64.b64decode(payload["ct"]).startswith(b"V2:")
    assert vault.encryption_manager.last_migration_performed is True
--- a/src/tests/test_legacy_migration_second_session.py
+++ b/src/tests/test_legacy_migration_second_session.py
@@ -1,4 +1,5 @@
 import json
+import base64
 import hashlib
 from pathlib import Path
 from types import SimpleNamespace
@@ -34,7 +35,8 @@ def test_legacy_migration_second_session(monkeypatch, tmp_path: Path) -> None:
    monkeypatch.setattr("builtins.input", lambda *_a, **_k: "y")
    vault.load_index()
    new_file = fp_dir / "seedpass_entries_db.json.enc"
-    assert new_file.read_bytes().startswith(b"V2:")
+    payload = json.loads(new_file.read_text())
+    assert base64.b64decode(payload["ct"]).startswith(b"V2:")

    new_enc_mgr = EncryptionManager(key, fp_dir)
    new_vault = Vault(new_enc_mgr, fp_dir)
@@ -59,4 +61,5 @@ def test_legacy_migration_second_session(monkeypatch, tmp_path: Path) -> None:
    )

    pm.initialize_managers()
-    assert new_file.read_bytes().startswith(b"V2:")
+    payload = json.loads(new_file.read_text())
+    assert base64.b64decode(payload["ct"]).startswith(b"V2:")
--- a/src/tests/test_seed_migration.py
+++ b/src/tests/test_seed_migration.py
@@ -1,4 +1,6 @@
 import sys
+import json
+import base64
 from pathlib import Path
 from cryptography.fernet import Fernet

@@ -28,4 +30,5 @@ def test_parent_seed_migrates_from_fernet(tmp_path: Path) -> None:

    assert new_file.exists()
    assert new_file.read_bytes() != encrypted
-    assert new_file.read_bytes().startswith(b"V2:")
+    payload = json.loads(new_file.read_text())
+    assert base64.b64decode(payload["ct"]).startswith(b"V2:")