Increase hash module coverage with targeted tests for driver selection and service provider paths

[Copilot]

• Triage newly added PR comments for actionable changes
• Re-check current CI/workflow failure status
• Update hash/application_test.go to use any instead of interface{} in the latest test callback typing
• Run targeted hash tests
• Run code review and security scan
• Reply to newly addressed PR comment

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Task 1.5: Hash Module - Increase test coverage from 43.88% to 70%</issue_title>
<issue_description>Parent Issue: goravel/goravel#43
Priority: 1
Current Coverage: 43.88% (61/139 lines covered, 73 missed)
Target Coverage: 70%
Estimated Impact: +0.5% overall coverage

Focus Areas

• Password hashing algorithms
• Hash verification
• Configuration options

Implementation Repository

goravel/framework - hash module</issue_description>

Comments on the Issue (you are @copilot in this section)

@hwbrzzl Closing - creating as sub-tasks in goravel/goravel#43 instead

• Fixes Task 1.5: Hash Module - Increase test coverage from 43.88% to 70% goravel#888

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.16%. Comparing base (29a6104) to head (a6d04a3).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1388      +/-   ##
==========================================
+ Coverage   69.40%   70.16%   +0.75%     
==========================================
  Files         292      292              
  Lines       19563    19564       +1     
==========================================
+ Hits        13578    13727     +149     
+ Misses       5403     5260     -143     
+ Partials      582      577       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hwbrzzl]

Good work on increasing test coverage! I've identified a few areas for optimization and potential improvements in the test code.

[hwbrzzl]

Performance optimization: The assertion assert.Same(t, instance, chained) is good, but consider adding a comment explaining that builder methods return the same instance for method chaining (fluent interface pattern). This makes the design decision explicit for future maintainers.

[hwbrzzl]

Potential issue: The test verifies specific arguments at indices 0, 1, 3, 5, 8, and 9, but doesn't validate args[0][2], args[0][4], args[0][6], and args[0][7]. Consider adding assertions for all 10 arguments to ensure complete test coverage, or document why certain indices are skipped.

[hwbrzzl]

Code quality: Consider using assert.ErrorContains(t, err, "unsupported") or a more specific error check instead of just assert.Error(t, err). This makes the test more robust and clearly documents what error is expected.

[hwbrzzl]

Best practice: This test could be more specific about the expected error. Consider using assert.ErrorContains(t, err, "attachment") or checking for a file-not-found error to make the test intention clearer and easier to debug if it fails.

[hwbrzzl]

Code quality & readability: The nested callback testing could be refactored. Consider extracting each scenario (withoutConfig, withoutQueue, withAll) into separate subtests using t.Run(). This would improve readability, make test failures easier to identify, and allow running specific scenarios in isolation.

[hwbrzzl]

Test completeness: Consider adding edge case tests: 1) calling OnConnection or OnQueue multiple times to verify the last value wins, 2) calling methods with empty strings, and 3) verifying that Queue() returns the same instance on subsequent calls.

[hwbrzzl]

Potential Issue: This test doesn't verify the rounds configuration was actually used. Consider asserting the bcrypt cost matches the configured rounds:

hash, err := hasher.Make("test")
assert.NoError(t, err)
cost, _ := bcrypt.Cost([]byte(hash))
assert.Equal(t, 10, cost)

[hwbrzzl]

Best Practice: Consider using a more descriptive driver name for the test. "unknown" could be any invalid value. Use something explicit like "invalid-driver" to make test intent clearer.

[hwbrzzl]

Missing Coverage: The test only checks for invalid rounds (32 > max 31), but doesn't test the lower boundary. Bcrypt rounds must be between 4-31. Consider adding a test case for rounds < 4:

t.Run("returns error when rounds below minimum", func(t *testing.T) {
    config := configmock.NewConfig(t)
    config.EXPECT().GetInt("hashing.bcrypt.rounds", 12).Return(3).Once()
    hasher := NewBcrypt(config)
    hash, err := hasher.Make("password")
    assert.Error(t, err)
    assert.Empty(t, hash)
})

[hwbrzzl]

Improvement: The error assertion is too generic. Consider asserting the specific error type or message to ensure the correct validation is happening. For example:

assert.Contains(t, err.Error(), "cost")
// or check for specific bcrypt error

[hwbrzzl]

Code Smell: Using mock.Anything for the callback parameter reduces type safety. Since you're extracting and using the callback, consider using a typed matcher or at least document why this approach is needed.

[hwbrzzl]

Potential Panic Risk: Type assertion without safety check: args.Get(1).(func(foundation.Application) (any, error)). If the argument type is wrong, this will panic. Consider using the two-value form:

var ok bool
callback, ok = args.Get(1).(func(foundation.Application) (any, error))
if !ok {
    t.Fatal("callback has wrong type")
}

[hwbrzzl]

Test Organization: The callback is captured in the outer scope but only tested in subtests. If someone adds another test between this assertion and the subtests, or if subtests run in unexpected order, this could cause issues. Consider restructuring to make the dependency explicit or add a nil check at the start of each subtest.

[hwbrzzl]

Redundant Assertion: You're checking both assert.Nil(t, hash) and assert.Error(t, err). When err is non-nil, hash should be nil by convention. The double check adds noise. Consider keeping just the error assertion and the specific error type check.

[hwbrzzl]

@copilot There are some comments, but they may not all be correct. Check and fix them if needed.

[hwbrzzl]

@copilot

[hwbrzzl]

Merge this file into hash/application_test.go

[Copilot]

Done in 4386f32: moved the coverage tests from hash/module_test.go into hash/application_test.go and removed hash/module_test.go. No UI changes in this update.

[hwbrzzl]

Suggested change

	configmock "github.com/goravel/framework/mocks/config"
	foundationmock "github.com/goravel/framework/mocks/foundation"
	mocksconfig "github.com/goravel/framework/mocks/config"
	mocksfoundation "github.com/goravel/framework/mocks/foundation"

[Copilot]

Applied in 4386f32: updated aliases to mocksconfig and mocksfoundation in the merged test file. No UI changes in this update.

[hwbrzzl]

@copilot

[hwbrzzl]

Suggested change

	app := mocksfoundation.NewApplication(t)
	mockApp := mocksfoundation.NewApplication(t)

[Copilot]

Updated in c1d822e: renamed the mocked application variable to mockApp in the test. No UI changes in this update.

[hwbrzzl]

Use mockApp.EXPECT().Singleton() instead of On, the same as others.

[Copilot]

Updated in c1d822e: switched Singleton/MakeConfig setup to mockApp.EXPECT() usage for consistency with other tests. No UI changes in this update.

[Copilot]

@copilot There are some comments, but they may not all be correct. Check and fix them if needed.

Checked the review items and applied the actionable ones in c1d822e (including mockApp naming and EXPECT() usage updates). No UI changes in this update.

[hwbrzzl]

Use any instead of interface{}, add this role to your memory. @copilot

[Copilot]

Updated in a6d04a3: changed the callback signature to use any instead of interface{}. I also stored this as a coding preference memory for future updates. No UI changes in this update.