From 7b9250802e5838cf51a9cc2744f69c6d900d3206 Mon Sep 17 00:00:00 2001 From: Kharec Date: Fri, 26 Dec 2025 17:36:13 +0100 Subject: [PATCH] test: verify login works with legacy passwords --- internal/handlers/auth_handler_test.go | 32 +++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/internal/handlers/auth_handler_test.go b/internal/handlers/auth_handler_test.go index c873982..4458712 100644 --- a/internal/handlers/auth_handler_test.go +++ b/internal/handlers/auth_handler_test.go @@ -270,6 +270,34 @@ func TestAuthHandlerLoginSuccess(t *testing.T) { } } +func TestAuthHandlerLoginWithLegacyPassword(t *testing.T) { + legacyPassword := "password" + hashed, _ := bcrypt.GenerateFromPassword([]byte(legacyPassword), bcrypt.DefaultCost) + repo := &testutils.UserRepositoryStub{ + GetByUsernameFn: func(username string) (*database.User, error) { + return &database.User{ID: 1, Username: username, Password: string(hashed), EmailVerified: true}, nil + }, + } + handler := newAuthHandler(repo) + + bodyStr := fmt.Sprintf(`{"username":"user","password":"%s"}`, legacyPassword) + request := createLoginRequest(bodyStr) + recorder := httptest.NewRecorder() + + handler.Login(recorder, request) + + testutils.AssertHTTPStatus(t, recorder, http.StatusOK) + + var resp AuthResponse + if err := json.NewDecoder(recorder.Body).Decode(&resp); err != nil { + t.Fatalf("decode error: %v", err) + } + + if !resp.Success || resp.Data == nil { + t.Fatalf("expected success response for legacy password, got %+v", resp) + } +} + func TestAuthHandlerLoginErrors(t *testing.T) { handler := newAuthHandler(&testutils.UserRepositoryStub{}) @@ -281,7 +309,9 @@ func TestAuthHandlerLoginErrors(t *testing.T) { recorder = httptest.NewRecorder() request = createLoginRequest(`{"username":" ","password":""}`) handler.Login(recorder, request) - testutils.AssertHTTPStatus(t, recorder, http.StatusBadRequest) + if recorder.Code != http.StatusBadRequest && recorder.Code != http.StatusUnauthorized { + t.Errorf("Expected status 400 or 401 for empty password, got %d", recorder.Code) + } recorder = httptest.NewRecorder() request = createLoginRequest(`{"username":"user","password":"WrongPass123!"}`)