rhl-lieferscheine/lib/auth/passwordPolicy.test.js

/* @vitest-environment node */

import { describe, it, expect } from "vitest";
import {
	validateNewPassword,
	PASSWORD_POLICY,
	PASSWORD_POLICY_REASON,
} from "./passwordPolicy.js";

describe("lib/auth/passwordPolicy", () => {
	it("accepts a strong password", () => {
		const res = validateNewPassword({
			newPassword: "StrongPassword123",
			currentPassword: "OldPassword123",
		});

		expect(res.ok).toBe(true);
		expect(res.reasons).toEqual([]);
		expect(res.policy).toEqual(PASSWORD_POLICY);
	});

	it("rejects too short passwords", () => {
		const res = validateNewPassword({
			newPassword: "Abc1",
			currentPassword: "OldPassword123",
		});

		expect(res.ok).toBe(false);
		expect(res.reasons).toContain(PASSWORD_POLICY_REASON.MIN_LENGTH);
	});

	it("rejects passwords without numbers", () => {
		const res = validateNewPassword({
			newPassword: "VeryStrongPassword",
			currentPassword: "OldPassword123",
		});

		expect(res.ok).toBe(false);
		expect(res.reasons).toContain(PASSWORD_POLICY_REASON.MISSING_NUMBER);
	});

	it("rejects passwords without letters", () => {
		const res = validateNewPassword({
			newPassword: "1234567890123",
			currentPassword: "OldPassword123",
		});

		expect(res.ok).toBe(false);
		expect(res.reasons).toContain(PASSWORD_POLICY_REASON.MISSING_LETTER);
	});

	it("rejects when new password equals current password", () => {
		const res = validateNewPassword({
			newPassword: "SamePassword123",
			currentPassword: "SamePassword123",
		});

		expect(res.ok).toBe(false);
		expect(res.reasons).toContain(PASSWORD_POLICY_REASON.SAME_AS_CURRENT);
	});
});