From 369fcde28ac102d0a1fb882709ec7323facc22b4 Mon Sep 17 00:00:00 2001
From: Tim <135014430+nagisa77@users.noreply.github.com>
Date: Tue, 1 Jul 2025 14:04:36 +0800
Subject: [PATCH] Require 6 char min for low strength passwords and add
 validator tests

---
 .../openisle/service/PasswordValidator.java   |  9 ++++-
 .../service/PasswordValidatorTest.java        | 39 +++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/com/openisle/service/PasswordValidatorTest.java

diff --git a/src/main/java/com/openisle/service/PasswordValidator.java b/src/main/java/com/openisle/service/PasswordValidator.java
index 5c0b0e57a..0f6c8518f 100644
--- a/src/main/java/com/openisle/service/PasswordValidator.java
+++ b/src/main/java/com/openisle/service/PasswordValidator.java
@@ -24,7 +24,14 @@ public class PasswordValidator {
                 checkHigh(password);
                 break;
             default:
-                // LOW, nothing beyond non-empty
+                checkLow(password);
+                break;
+        }
+    }
+
+    private void checkLow(String password) {
+        if (password.length() < 6) {
+            throw new IllegalArgumentException("Password must be at least 6 characters long");
         }
     }
 
diff --git a/src/test/java/com/openisle/service/PasswordValidatorTest.java b/src/test/java/com/openisle/service/PasswordValidatorTest.java
new file mode 100644
index 000000000..ba564491f
--- /dev/null
+++ b/src/test/java/com/openisle/service/PasswordValidatorTest.java
@@ -0,0 +1,39 @@
+package com.openisle.service;
+
+import com.openisle.model.PasswordStrength;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class PasswordValidatorTest {
+
+    @Test
+    void lowStrengthRequiresSixChars() {
+        PasswordValidator validator = new PasswordValidator(PasswordStrength.LOW);
+
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("12345"));
+        assertDoesNotThrow(() -> validator.validate("123456"));
+    }
+
+    @Test
+    void mediumStrengthRules() {
+        PasswordValidator validator = new PasswordValidator(PasswordStrength.MEDIUM);
+
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("abc123"));
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("abcdefgh"));
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("12345678"));
+        assertDoesNotThrow(() -> validator.validate("abcd1234"));
+    }
+
+    @Test
+    void highStrengthRules() {
+        PasswordValidator validator = new PasswordValidator(PasswordStrength.HIGH);
+
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("Abc123$"));
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("abcd1234$xyz"));
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("ABCD1234$XYZ"));
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("AbcdABCDabcd"));
+        assertThrows(IllegalArgumentException.class, () -> validator.validate("Abcd1234abcd"));
+        assertDoesNotThrow(() -> validator.validate("Abcd1234$xyz"));
+    }
+}