<?php

use PHPUnit\Framework\TestCase;

class PasswordHashTest extends TestCase {
	public function test_argon2id_hash_can_be_verified(): void {
		$password = 'my-secret-password';
		$hash = password_hash($password, PASSWORD_ARGON2ID);

		$this -> assertNotEmpty($hash);
		$this -> assertStringStartsWith('$argon2id$', $hash);
		$this -> assertTrue(password_verify($password, $hash));
		$this -> assertFalse(password_verify('wrong-password', $hash));
	}

	public function test_sha1_legacy_fallback_matches(): void {
		$password = 'legacy-pass';
		$legacy_hash = sha1($password);

		$this -> assertTrue(sha1($password) === $legacy_hash);
		$this -> assertFalse(sha1('wrong') === $legacy_hash);
	}

	public function test_rehash_detects_weak_hashes(): void {
		$password = 'test-pass';
		$weak_hash = password_hash($password, PASSWORD_DEFAULT);
		$strong_hash = password_hash($password, PASSWORD_ARGON2ID);

		$this -> assertTrue(password_needs_rehash($weak_hash, PASSWORD_ARGON2ID));
		$this -> assertFalse(password_needs_rehash($strong_hash, PASSWORD_ARGON2ID));
	}
}