import { describe, it, expect } from "vitest";
import { hashPassword, verifyPassword, ARGON2_PARAMS } from "../password";

describe("password (argon2id)", () => {
  it("verwendet OWASP-Minima für argon2id", () => {
    // type 2 === argon2id
    expect(ARGON2_PARAMS.type).toBe(2);
    expect(ARGON2_PARAMS.memoryCost).toBeGreaterThanOrEqual(19456);
    expect(ARGON2_PARAMS.timeCost).toBeGreaterThanOrEqual(2);
    expect(ARGON2_PARAMS.parallelism).toBeGreaterThanOrEqual(1);
  });

  it("erzeugt einen argon2id-Hash mit korrektem Präfix", async () => {
    const h = await hashPassword("geheimes-passwort");
    expect(h.startsWith("$argon2id$")).toBe(true);
  });

  it("verifiziert das korrekte Passwort", async () => {
    const h = await hashPassword("richtig");
    expect(await verifyPassword(h, "richtig")).toBe(true);
  });

  it("lehnt ein falsches Passwort ab", async () => {
    const h = await hashPassword("richtig");
    expect(await verifyPassword(h, "falsch")).toBe(false);
  });
});