package auth

import (
	"testing"
)

func TestHashToken(t *testing.T) {
	token := "test-jwt-token-string-12345"
	hash := HashToken(token)

	// Verify hash is not empty
	if hash == "" {
		t.Error("HashToken returned empty string")
	}

	// Verify hash length (SHA-256 produces 64 hex characters)
	if len(hash) != 64 {
		t.Errorf("HashToken returned hash of length %d, expected 64", len(hash))
	}

	// Verify hash is deterministic (same token produces same hash)
	hash2 := HashToken(token)
	if hash != hash2 {
		t.Error("HashToken returned different hashes for same token")
	}
}

func TestHashToken_DifferentTokens(t *testing.T) {
	token1 := "token1"
	token2 := "token2"

	hash1 := HashToken(token1)
	hash2 := HashToken(token2)

	// Different tokens should produce different hashes
	if hash1 == hash2 {
		t.Error("Different tokens produced same hash")
	}
}

func TestVerifyTokenHash(t *testing.T) {
	token := "test-jwt-token-string-12345"
	storedHash := HashToken(token)

	// Test correct token
	if !VerifyTokenHash(token, storedHash) {
		t.Error("VerifyTokenHash returned false for correct token")
	}

	// Test wrong token
	if VerifyTokenHash("wrong-token", storedHash) {
		t.Error("VerifyTokenHash returned true for wrong token")
	}

	// Test empty token
	if VerifyTokenHash("", storedHash) {
		t.Error("VerifyTokenHash returned true for empty token")
	}
}

func TestHashToken_EmptyToken(t *testing.T) {
	hash := HashToken("")
	if hash == "" {
		t.Error("HashToken should return hash even for empty token")
	}
	if len(hash) != 64 {
		t.Errorf("HashToken returned hash of length %d for empty token, expected 64", len(hash))
	}
}