test(udt-001): backend unit and integration tests (30 tests)

tests/SIGCM2.Application.Tests/Infrastructure/BcryptPasswordHasherTests.cs

@@ -0,0 +1,46 @@
+using SIGCM2.Infrastructure.Security;
+
+namespace SIGCM2.Application.Tests.Infrastructure;
+
+public class BcryptPasswordHasherTests
+{
+    private readonly BcryptPasswordHasher _hasher = new();
+
+    // The seed hash for '@Diego550@' generated at cost 12
+    private const string SeedHash = "$2a$12$rmq6tlSAQ8WXhR2CwLCSeuwCJKz/.8Eab95UQCUNfwe4dokeOqMcW";
+
+    // Scenario: correct password verifies against seed hash
+    [Fact]
+    public void Verify_CorrectPassword_ReturnsTrue()
+    {
+        var result = _hasher.Verify("@Diego550@", SeedHash);
+        Assert.True(result);
+    }
+
+    // Triangulation: wrong password does not verify
+    [Fact]
+    public void Verify_WrongPassword_ReturnsFalse()
+    {
+        var result = _hasher.Verify("WrongPass1", SeedHash);
+        Assert.False(result);
+    }
+
+    // Hash + Verify round-trip: hash a new password and verify it
+    [Fact]
+    public void Hash_ThenVerify_ReturnsTrue()
+    {
+        var plain = "TestPassword123!";
+        var hash = _hasher.Hash(plain);
+
+        Assert.StartsWith("$2a$", hash); // BCrypt format
+        Assert.True(_hasher.Verify(plain, hash));
+    }
+
+    // Triangulation: verification of different password against generated hash fails
+    [Fact]
+    public void Hash_ThenVerifyWrong_ReturnsFalse()
+    {
+        var hash = _hasher.Hash("OriginalPassword1!");
+        Assert.False(_hasher.Verify("DifferentPassword1!", hash));
+    }
+}