view data tests

2026-01-22 17:28:09 +01:00
parent a165ac9b65
commit 0a37454171
22 changed files with 5534 additions and 16 deletions
--- a/core/identity/domain/services/PasswordHashingService.test.ts
+++ b/core/identity/domain/services/PasswordHashingService.test.ts
@@ -0,0 +1,216 @@
+/**
+ * Domain Service Tests: PasswordHashingService
+ * 
+ * Tests for password hashing and verification business logic
+ */
+
+import { describe, it, expect, beforeEach } from 'vitest';
+import { PasswordHashingService } from './PasswordHashingService';
+
+describe('PasswordHashingService', () => {
+  let service: PasswordHashingService;
+
+  beforeEach(() => {
+    service = new PasswordHashingService();
+  });
+
+  describe('hash', () => {
+    it('should hash a plain text password', async () => {
+      const plainPassword = 'mySecurePassword123';
+      const hash = await service.hash(plainPassword);
+
+      expect(hash).toBeDefined();
+      expect(typeof hash).toBe('string');
+      expect(hash.length).toBeGreaterThan(0);
+      // Hash should not be the same as the plain password
+      expect(hash).not.toBe(plainPassword);
+    });
+
+    it('should produce different hashes for the same password (with salt)', async () => {
+      const plainPassword = 'mySecurePassword123';
+      const hash1 = await service.hash(plainPassword);
+      const hash2 = await service.hash(plainPassword);
+
+      // Due to salting, hashes should be different
+      expect(hash1).not.toBe(hash2);
+    });
+
+    it('should handle empty string password', async () => {
+      const hash = await service.hash('');
+      expect(hash).toBeDefined();
+      expect(typeof hash).toBe('string');
+    });
+
+    it('should handle special characters in password', async () => {
+      const specialPassword = 'P@ssw0rd!#$%^&*()_+-=[]{}|;:,.<>?';
+      const hash = await service.hash(specialPassword);
+
+      expect(hash).toBeDefined();
+      expect(typeof hash).toBe('string');
+    });
+
+    it('should handle unicode characters in password', async () => {
+      const unicodePassword = 'Pässwörd!🔒';
+      const hash = await service.hash(unicodePassword);
+
+      expect(hash).toBeDefined();
+      expect(typeof hash).toBe('string');
+    });
+
+    it('should handle very long passwords', async () => {
+      const longPassword = 'a'.repeat(1000);
+      const hash = await service.hash(longPassword);
+
+      expect(hash).toBeDefined();
+      expect(typeof hash).toBe('string');
+    });
+
+    it('should handle whitespace-only password', async () => {
+      const whitespacePassword = '   ';
+      const hash = await service.hash(whitespacePassword);
+
+      expect(hash).toBeDefined();
+      expect(typeof hash).toBe('string');
+    });
+  });
+
+  describe('verify', () => {
+    it('should verify correct password against hash', async () => {
+      const plainPassword = 'mySecurePassword123';
+      const hash = await service.hash(plainPassword);
+
+      const isValid = await service.verify(plainPassword, hash);
+      expect(isValid).toBe(true);
+    });
+
+    it('should reject incorrect password', async () => {
+      const plainPassword = 'mySecurePassword123';
+      const hash = await service.hash(plainPassword);
+
+      const isValid = await service.verify('wrongPassword', hash);
+      expect(isValid).toBe(false);
+    });
+
+    it('should reject empty password against hash', async () => {
+      const plainPassword = 'mySecurePassword123';
+      const hash = await service.hash(plainPassword);
+
+      const isValid = await service.verify('', hash);
+      expect(isValid).toBe(false);
+    });
+
+    it('should handle verification with special characters', async () => {
+      const specialPassword = 'P@ssw0rd!#$%^&*()_+-=[]{}|;:,.<>?';
+      const hash = await service.hash(specialPassword);
+
+      const isValid = await service.verify(specialPassword, hash);
+      expect(isValid).toBe(true);
+    });
+
+    it('should handle verification with unicode characters', async () => {
+      const unicodePassword = 'Pässwörd!🔒';
+      const hash = await service.hash(unicodePassword);
+
+      const isValid = await service.verify(unicodePassword, hash);
+      expect(isValid).toBe(true);
+    });
+
+    it('should handle verification with very long passwords', async () => {
+      const longPassword = 'a'.repeat(1000);
+      const hash = await service.hash(longPassword);
+
+      const isValid = await service.verify(longPassword, hash);
+      expect(isValid).toBe(true);
+    });
+
+    it('should handle verification with whitespace-only password', async () => {
+      const whitespacePassword = '   ';
+      const hash = await service.hash(whitespacePassword);
+
+      const isValid = await service.verify(whitespacePassword, hash);
+      expect(isValid).toBe(true);
+    });
+
+    it('should reject verification with null hash', async () => {
+      // bcrypt throws an error when hash is null, which is expected behavior
+      await expect(service.verify('password', null as any)).rejects.toThrow();
+    });
+
+    it('should reject verification with empty hash', async () => {
+      const isValid = await service.verify('password', '');
+      expect(isValid).toBe(false);
+    });
+
+    it('should reject verification with invalid hash format', async () => {
+      const isValid = await service.verify('password', 'invalid-hash-format');
+      expect(isValid).toBe(false);
+    });
+  });
+
+  describe('Hash Consistency', () => {
+    it('should consistently verify the same password-hash pair', async () => {
+      const plainPassword = 'testPassword123';
+      const hash = await service.hash(plainPassword);
+
+      // Verify multiple times
+      const result1 = await service.verify(plainPassword, hash);
+      const result2 = await service.verify(plainPassword, hash);
+      const result3 = await service.verify(plainPassword, hash);
+
+      expect(result1).toBe(true);
+      expect(result2).toBe(true);
+      expect(result3).toBe(true);
+    });
+
+    it('should consistently reject wrong password', async () => {
+      const plainPassword = 'testPassword123';
+      const wrongPassword = 'wrongPassword';
+      const hash = await service.hash(plainPassword);
+
+      // Verify multiple times with wrong password
+      const result1 = await service.verify(wrongPassword, hash);
+      const result2 = await service.verify(wrongPassword, hash);
+      const result3 = await service.verify(wrongPassword, hash);
+
+      expect(result1).toBe(false);
+      expect(result2).toBe(false);
+      expect(result3).toBe(false);
+    });
+  });
+
+  describe('Security Properties', () => {
+    it('should not leak information about the original password from hash', async () => {
+      const password1 = 'password123';
+      const password2 = 'password456';
+      
+      const hash1 = await service.hash(password1);
+      const hash2 = await service.hash(password2);
+
+      // Hashes should be different
+      expect(hash1).not.toBe(hash2);
+      
+      // Neither hash should contain the original password
+      expect(hash1).not.toContain(password1);
+      expect(hash2).not.toContain(password2);
+    });
+
+    it('should handle case sensitivity correctly', async () => {
+      const password1 = 'Password';
+      const password2 = 'password';
+      
+      const hash1 = await service.hash(password1);
+      const hash2 = await service.hash(password2);
+
+      // Should be treated as different passwords
+      const isValid1 = await service.verify(password1, hash1);
+      const isValid2 = await service.verify(password2, hash2);
+      const isCrossValid1 = await service.verify(password1, hash2);
+      const isCrossValid2 = await service.verify(password2, hash1);
+
+      expect(isValid1).toBe(true);
+      expect(isValid2).toBe(true);
+      expect(isCrossValid1).toBe(false);
+      expect(isCrossValid2).toBe(false);
+    });
+  });
+});