package auth_test import ( "os" "testing" "github.com/rede5/gohorsejobs/backend/internal/infrastructure/auth" "github.com/stretchr/testify/assert" ) func TestJWTService_HashAndVerifyPassword(t *testing.T) { // Setup os.Setenv("PASSWORD_PEPPER", "test-pepper") defer os.Unsetenv("PASSWORD_PEPPER") service := auth.NewJWTService("secret", "issuer") t.Run("Should hash and verify password correctly", func(t *testing.T) { password := "mysecurepassword" hash, err := service.HashPassword(password) assert.NoError(t, err) assert.NotEmpty(t, hash) valid := service.VerifyPassword(hash, password) assert.True(t, valid) }) t.Run("Should fail verification with wrong password", func(t *testing.T) { password := "password" hash, _ := service.HashPassword(password) valid := service.VerifyPassword(hash, "wrong-password") assert.False(t, valid) }) t.Run("Should fail verification with wrong pepper", func(t *testing.T) { password := "password" hash, _ := service.HashPassword(password) // Change pepper os.Setenv("PASSWORD_PEPPER", "wrong-pepper") valid := service.VerifyPassword(hash, password) assert.False(t, valid) // Reset pepper os.Setenv("PASSWORD_PEPPER", "test-pepper") }) } func TestJWTService_TokenOperations(t *testing.T) { service := auth.NewJWTService("secret", "issuer") t.Run("Should generate and validate token", func(t *testing.T) { userID := "user-123" tenantID := "tenant-456" roles := []string{"admin"} token, err := service.GenerateToken(userID, tenantID, roles) assert.NoError(t, err) assert.NotEmpty(t, token) claims, err := service.ValidateToken(token) assert.NoError(t, err) assert.Equal(t, userID, claims["sub"]) assert.Equal(t, tenantID, claims["tenant"]) // JSON numbers are float64, so careful with types if we check deep structure, // but roles might come back as []interface{} }) t.Run("Should fail invalid token", func(t *testing.T) { claims, err := service.ValidateToken("invalid-token") assert.Error(t, err) assert.Nil(t, claims) }) }