Closed itsnikhil closed 4 years ago
vosi
commented
4 years ago We specifically avoid testing signature check as there is no facility created for that yet. also, tests should not raise random exceptions on purpose (or expect some random exceptions on purpose)
I would not accept that
itsnikhil
commented
4 years ago We specifically avoid testing signature check as there is no facility created for that yet
You are already generating digital signature and test case only checks if its length of it is correct or not but doesn't verify it. I still believe verification should be there
itsnikhil
commented
4 years ago The function verify_signature itself has been designed in this way. To run without error if signature is correct otherwise it raise BadSignature error. Ideally it should return True or False.
Also, internally this function has been used directly without any try catch you can see one such usage here it will "raise some random exception" speaking in your language
Added a test case to validate digital signature. It is important to test if message has been compromised or not.
assertwas not required asverify_signaturemethod will automatically raiseBadSignatureErrorif signature is invalid