From 82b051c2e556556c2276c128e22b7dd973fbc8c2 Mon Sep 17 00:00:00 2001
From: SRISUMUKHA SHESHANARAYANA <sumukha.sheshn5@gmail.com>
Date: Sun, 22 Mar 2026 17:37:27 +0900
Subject: [PATCH] test 4

---
 tests/unit/test_security.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/unit/test_security.py b/tests/unit/test_security.py
index 783595c..6c012cf 100644
--- a/tests/unit/test_security.py
+++ b/tests/unit/test_security.py
@@ -60,8 +60,10 @@ def test_invalid_token_raises(self):
 
     def test_tampered_token_raises(self):
         token = create_access_token(subject="user-123")
-        # Flip the last character
-        tampered = token[:-1] + ("X" if token[-1] != "X" else "Y")
+        # Replace entire signature segment with garbage — flipping one char is flaky
+        # because base64url padding can tolerate single-char changes
+        header, payload, _ = token.split(".")
+        tampered = f"{header}.{payload}.invalidsignatureXXXXXXXX"
         with pytest.raises(JWTError):
             decode_token(tampered)