From fe8a1e8a0059ae90b2750374f9e88aceae1fb1bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BE=9D=E7=91=AA=E8=B2=93?= <imacat@mail.imacat.idv.tw>
Date: Tue, 10 Mar 2026 09:51:34 +0800
Subject: [PATCH] Replace hard-coded test passwords with crypto.randomUUID()
 (S2068)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 tests/components/Login.test.js | 4 ++--
 tests/stores/acctMgmt.test.js  | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/components/Login.test.js b/tests/components/Login.test.js
index 657d20b..7fb401a 100644
--- a/tests/components/Login.test.js
+++ b/tests/components/Login.test.js
@@ -59,7 +59,7 @@ describe("Login", () => {
     const wrapper = mountLogin();
     const store = useLoginStore();
     store.auth.username = "user";
-    store.auth.password = "pass";
+    store.auth.password = crypto.randomUUID();
     await wrapper.vm.$nextTick();
     const btn = wrapper.find("#login_btn_main_btn");
     expect(btn.attributes("disabled")).toBeUndefined();
@@ -76,7 +76,7 @@ describe("Login", () => {
   it("toggles password visibility", async () => {
     const wrapper = mountLogin();
     const store = useLoginStore();
-    store.auth.password = "secret";
+    store.auth.password = crypto.randomUUID();
     await wrapper.vm.$nextTick();
 
     const pwdInput = wrapper.find("#password");
diff --git a/tests/stores/acctMgmt.test.js b/tests/stores/acctMgmt.test.js
index d0a3c88..da93569 100644
--- a/tests/stores/acctMgmt.test.js
+++ b/tests/stores/acctMgmt.test.js
@@ -93,7 +93,8 @@ describe("acctMgmtStore", () => {
   describe("createNewAccount", () => {
     it("posts to /api/users and sets flag on success", async () => {
       mockPost.mockResolvedValue({ status: 200 });
-      const user = { username: "newuser", password: "pass" };
+      const randomPassword = crypto.randomUUID();
+      const user = { username: "newuser", password: randomPassword };
 
       await store.createNewAccount(user);
 
@@ -135,9 +136,10 @@ describe("acctMgmtStore", () => {
   describe("editAccount", () => {
     it("puts edited data", async () => {
       mockPut.mockResolvedValue({ status: 200 });
+      const randomPassword = crypto.randomUUID();
       const detail = {
         username: "alice",
-        password: "newpw",
+        password: randomPassword,
         name: "Alice",
         is_active: true,
       };
@@ -146,7 +148,7 @@ describe("acctMgmtStore", () => {
 
       expect(mockPut).toHaveBeenCalledWith(
         "/api/users/alice",
-        expect.objectContaining({ password: "newpw" }),
+        expect.objectContaining({ password: randomPassword }),
       );
       expect(result).toBe(true);
     });