From 8300474f6a1ab2f076a671e293494abecf817736 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 06:25:15 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=AA=20Add=20error=20handling=20test=20?= =?UTF-8?q?for=20PII=20data=20decryption?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🎯 What: Added tests to cover the 'decrypt' and 'encrypt' functions in apps/web/src/lib/encryption.ts, focusing on handling invalid ciphertext formats. 📊 Coverage: Tested happy paths for encrypting and decrypting strings, emails, and phone numbers. Added an error handling case where an invalid ciphertext throws internally and gracefully returns '[DECRYPTION ERROR]'. Also covered edge cases with empty strings. ✨ Result: Improved overall test coverage and established proper verification for encryption utilities. Co-authored-by: singhaditya21 <53948039+singhaditya21@users.noreply.github.com> --- apps/web/src/__tests__/encryption.test.ts | 53 +++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 apps/web/src/__tests__/encryption.test.ts diff --git a/apps/web/src/__tests__/encryption.test.ts b/apps/web/src/__tests__/encryption.test.ts new file mode 100644 index 00000000..3f2105b7 --- /dev/null +++ b/apps/web/src/__tests__/encryption.test.ts @@ -0,0 +1,53 @@ +import { encrypt, decrypt, encryptEmail, encryptPhone } from '../lib/encryption'; + +describe('Encryption Utilities', () => { + describe('encrypt and decrypt', () => { + it('should return empty string if input is empty', () => { + expect(encrypt('')).toBe(''); + expect(decrypt('')).toBe(''); + }); + + it('should correctly encrypt and decrypt a string', () => { + const originalText = 'Sensitive Data 123'; + const ciphertext = encrypt(originalText); + + // Should not be the original text + expect(ciphertext).not.toBe(originalText); + // Should have the correct format (iv:authTag:encryptedData) + expect(ciphertext.split(':').length).toBe(3); + + const decryptedText = decrypt(ciphertext); + expect(decryptedText).toBe(originalText); + }); + + it('should return [DECRYPTION ERROR] for invalid ciphertext format', () => { + // Invalid format (not 3 parts separated by ':') + expect(decrypt('invalid-ciphertext')).toBe('[DECRYPTION ERROR]'); + }); + + it('should return [DECRYPTION ERROR] for invalid base64 data', () => { + // 3 parts, but invalid data + expect(decrypt('invalid:auth:tag')).toBe('[DECRYPTION ERROR]'); + }); + }); + + describe('encryptEmail', () => { + it('should lowercase and trim email before encrypting', () => { + const email = ' Test@Example.com '; + const encrypted = encryptEmail(email); + const decrypted = decrypt(encrypted); + + expect(decrypted).toBe('test@example.com'); + }); + }); + + describe('encryptPhone', () => { + it('should extract only digits and + from phone before encrypting', () => { + const phone = '+1 (234) 567-8900'; + const encrypted = encryptPhone(phone); + const decrypted = decrypt(encrypted); + + expect(decrypted).toBe('+12345678900'); + }); + }); +});