hardened password validation, added tests

go-backend/internal/controllers/user_controller_test.go

@@ -195,7 +195,7 @@ func testLoginHandler(t *testing.T) (string, http.Cookie) {
 				name: "Valid login",
 				input: `{
                     "email": "john.doe@example.com",
-                    "password": "password123"
+                    "password": "passw@#$#%$!-ord123"
                 }`,
 				wantStatusCode: http.StatusOK,
 				wantToken:      true,
@@ -204,7 +204,7 @@ func testLoginHandler(t *testing.T) (string, http.Cookie) {
 				name: "Invalid email",
 				input: `{
                     "email": "nonexistent@example.com",
-                    "password": "password123"
+                    "password": "passw@#$#%$!-ord123"
                 }`,
 				wantStatusCode: http.StatusNotFound,
 				wantToken:      false,
@@ -645,6 +645,23 @@ func testUpdateUser(t *testing.T, loginCookie http.Cookie, adminCookie http.Cook
 				{"field": "user.user", "key": "server.error.unauthorized"},
 			},
 		},
+		{
+			name: "Password Update low entropy should fail",
+			setupCookie: func(req *http.Request) {
+				req.AddCookie(&loginCookie)
+			},
+			updateFunc: func(u *models.User) {
+				u.FirstName = "John Updated"
+				u.LastName = "Doe Updated"
+				u.Phone = "01738484994"
+				u.Licence.Number = "B072RRE2I50"
+				u.Password = "newpassword"
+			},
+			expectedErrors: []map[string]string{
+				{"field": "server.validation.special server.validation.uppercase server.validation.numbers server.validation.longer", "key": "server.validation.insecure"},
+			},
+			expectedStatus: http.StatusBadRequest,
+		},
 		{
 			name: "Password Update",
 			setupCookie: func(req *http.Request) {
@@ -655,7 +672,7 @@ func testUpdateUser(t *testing.T, loginCookie http.Cookie, adminCookie http.Cook
 				u.LastName = "Doe Updated"
 				u.Phone = "01738484994"
 				u.Licence.Number = "B072RRE2I50"
-				u.Password = "NewPassword"
+				u.Password = "NewPa0293409@#-!ssword"
 			},
 			expectedReturn: func(u *models.User) {
 				u.Password = ""
@@ -1069,7 +1086,7 @@ func getTestUsers() []RegisterUserTest {
 			Assert:       false,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.BankAccount.IBAN = ""
-				user.RoleID = 0
+				user.RoleID = 1
 				return user
 			})),
 		},
@@ -1078,9 +1095,33 @@ func getTestUsers() []RegisterUserTest {
 			WantResponse: http.StatusBadRequest,
 			WantDBData:   map[string]interface{}{"email": "john.doe@example.com"},
 			Assert:       false,
+			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
+				user.BankAccount.IBAN = "DE1234234123134"
+				user.RoleID = 1
+				return user
+			})),
+		},
+		{
+			Name:         "invalid IBAN should fail when supporter",
+			WantResponse: http.StatusBadRequest,
+			WantDBData:   map[string]interface{}{"email": "john.supporter@example.com"},
+			Assert:       false,
 			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
 				user.BankAccount.IBAN = "DE1234234123134"
 				user.RoleID = 0
+				user.Email = "john.supporter@example.com"
+				return user
+			})),
+		},
+		{
+			Name:         "empty IBAN should pass when supporter",
+			WantResponse: http.StatusCreated,
+			WantDBData:   map[string]interface{}{"email": "john.supporter@example.com"},
+			Assert:       true,
+			Input: GenerateInputJSON(customizeInput(func(user models.User) models.User {
+				user.BankAccount.IBAN = ""
+				user.RoleID = 0
+				user.Email = "john.supporter@example.com"
 				return user
 			})),
 		},