Andrei Neagoie Python //top\\ -

def __init__( self, secret_key: str, max_failed_attempts: int = 5, lockout_minutes: int = 15 ): """ Initialize authentication service Args: secret_key: Secret key for JWT max_failed_attempts: Number of failed attempts before lockout lockout_minutes: Lockout duration in minutes """ self.users: Dict[str, User] = {} self.token_manager = TokenManager(secret_key) self.password_hasher = PasswordHasher() self.rate_limiter = RateLimiter() self.max_failed_attempts = max_failed_attempts self.lockout_minutes = lockout_minutes

def is_locked(self) -> bool: """Check if user account is currently locked""" if self.locked_until and datetime.utcnow() < self.locked_until: return True return False class PasswordHasher: """Handles secure password hashing and verification""" andrei neagoie python

class InvalidPasswordError(AuthenticationError): """Raised when password is incorrect""" pass def __init__( self

class RateLimitExceededError(AuthenticationError): """Raised when too many attempts""" pass max_failed_attempts: int = 5

def test_account_lockout(self, auth_service): auth_service.register_user("test@example.com", "ValidPass123!") # Try wrong password 5 times (max_failed_attempts=5) for _ in range(5): with pytest.raises(InvalidPasswordError): auth_service.login("test@example.com", "wrong", "127.0.0.1") # Next attempt should lock account with pytest.raises(AuthenticationError, match="Account locked"): auth_service.login("test@example.com", "ValidPass123!", "127.0.0.1")