egutierrez
eff5771b03
Fase 2 del issue 0010 — auth core: - jwt_generate/validate: HS256 manual con crypto/hmac + crypto/sha256 - password_hash/verify: wrappers de golang.org/x/crypto/bcrypt (cost 12 default) - JWT rechaza alg != HS256 para mitigar ataque 'alg=none' - hmac.Equal para comparacion constant-time de firmas
24 lines
647 B
Go
24 lines
647 B
Go
package infra
|
|
|
|
import "testing"
|
|
|
|
func TestPasswordVerify_CorrectPassword(t *testing.T) {
|
|
hash, _ := PasswordHash("correct-horse-battery-staple", 4)
|
|
if err := PasswordVerify("correct-horse-battery-staple", hash); err != nil {
|
|
t.Fatalf("esperaba nil, got %v", err)
|
|
}
|
|
}
|
|
|
|
func TestPasswordVerify_WrongPassword(t *testing.T) {
|
|
hash, _ := PasswordHash("secret", 4)
|
|
if err := PasswordVerify("wrong", hash); err == nil {
|
|
t.Fatal("esperaba error con password incorrecto")
|
|
}
|
|
}
|
|
|
|
func TestPasswordVerify_InvalidHash(t *testing.T) {
|
|
if err := PasswordVerify("x", "not-a-bcrypt-hash"); err == nil {
|
|
t.Fatal("esperaba error con hash invalido")
|
|
}
|
|
}
|