package subsonic import ( "crypto/md5" "encoding/hex" "testing" ) func TestDecodePasswordEnc(t *testing.T) { out, err := decodePassword("enc:68656c6c6f") if err != nil { t.Fatalf("decode: %v", err) } if out != "hello" { t.Errorf("decode = %q, want hello", out) } } func TestDecodePasswordPlain(t *testing.T) { out, err := decodePassword("hunter2") if err != nil || out != "hunter2" { t.Errorf("plain passthrough = %q, %v", out, err) } } func TestDecodePasswordBadHex(t *testing.T) { if _, err := decodePassword("enc:zzzz"); err == nil { t.Error("expected error for malformed enc: prefix") } } // TestTokenMD5Derivation documents the t = md5(password + salt) construction // so regressions in the auth path surface as a failing checksum rather than a // 40/wrong-credentials response that could be mistaken for bad inputs. func TestTokenMD5Derivation(t *testing.T) { password := "hunter2" salt := "NaClz" sum := md5.Sum([]byte(password + salt)) want := hex.EncodeToString(sum[:]) const expected = "91b894c3c9af9c16bec1b3f771e31462" if want != expected { t.Errorf("md5(password+salt) = %s, want %s", want, expected) } }