using SIGCM2.Infrastructure.Security;

namespace SIGCM2.Application.Tests.Infrastructure;

public class BcryptPasswordHasherTests
{
    private readonly BcryptPasswordHasher _hasher = new();

    // The seed hash for '@Diego550@' generated at cost 12
    private const string SeedHash = "$2a$12$rmq6tlSAQ8WXhR2CwLCSeuwCJKz/.8Eab95UQCUNfwe4dokeOqMcW";

    // Scenario: correct password verifies against seed hash
    [Fact]
    public void Verify_CorrectPassword_ReturnsTrue()
    {
        var result = _hasher.Verify("@Diego550@", SeedHash);
        Assert.True(result);
    }

    // Triangulation: wrong password does not verify
    [Fact]
    public void Verify_WrongPassword_ReturnsFalse()
    {
        var result = _hasher.Verify("WrongPass1", SeedHash);
        Assert.False(result);
    }

    // Hash + Verify round-trip: hash a new password and verify it
    [Fact]
    public void Hash_ThenVerify_ReturnsTrue()
    {
        var plain = "TestPassword123!";
        var hash = _hasher.Hash(plain);

        Assert.StartsWith("$2a$", hash); // BCrypt format
        Assert.True(_hasher.Verify(plain, hash));
    }

    // Triangulation: verification of different password against generated hash fails
    [Fact]
    public void Hash_ThenVerifyWrong_ReturnsFalse()
    {
        var hash = _hasher.Hash("OriginalPassword1!");
        Assert.False(_hasher.Verify("DifferentPassword1!", hash));
    }
}