package auth

import (
	"errors"
	"strings"
	"testing"
)

func TestPasswordHasherRoundTrip(t *testing.T) {
	h := NewPasswordHasher()
	hash, err := h.Hash("correct-horse-battery-staple")
	if err != nil {
		t.Fatalf("hash: %v", err)
	}
	if hash == "" {
		t.Fatal("empty hash")
	}
	if err := h.Verify(hash, "correct-horse-battery-staple"); err != nil {
		t.Fatalf("verify correct: %v", err)
	}
	if err := h.Verify(hash, "wrong"); !errors.Is(err, ErrPasswordMismatch) {
		t.Fatalf("verify wrong: got %v want ErrPasswordMismatch", err)
	}
}

func TestPasswordValidation(t *testing.T) {
	tests := []struct {
		name string
		pw   string
		want error
	}{
		{"too short", "1234567", ErrPasswordTooShort},
		{"min length ok", "12345678", nil},
		{"too long", strings.Repeat("a", 73), ErrPasswordTooLong},
		{"max length ok", strings.Repeat("a", 72), nil},
	}
	for _, tc := range tests {
		t.Run(tc.name, func(t *testing.T) {
			if got := ValidatePassword(tc.pw); !errors.Is(got, tc.want) {
				t.Fatalf("got %v want %v", got, tc.want)
			}
		})
	}
}