Skip to content

Reduce bcrypt cost in Auth and Hasher tests for faster test execution #435

Description

@armanist

Description

The Auth and Hasher test suites run significantly slower than necessary due to bcrypt hashing using the production default cost of 12. Since the tests only need to verify correctness of authentication logic (not the strength of the hash), the cost can be safely lowered to 4 (bcrypt minimum) in test contexts.

Problem

The Hasher class defaults to PASSWORD_BCRYPT with cost 12. Every test that exercises signup(), signin(), forget(), reset(), or generateToken() triggers one or more real bcrypt operations at this cost.

Across the Auth and Hasher test suites, there are approximately 118 bcrypt operations, each taking ~250–400ms at cost 12. This results in ~30–45 seconds spent purely on password hashing during test execution.

Solution

Set bcrypt cost to 4 when constructing the Hasher in test files:

  • JwtAuthAdapterTest(new Hasher())->setCost(4) in setUp()
  • SessionAuthAdapterTest(new Hasher())->setCost(4) in setUp()
  • AuthTest(new Hasher())->setCost(4) at all 4 construction sites
  • HasherTest$this->hasher->setCost(4) in testHashAndCheck, testNeedsRehash, and testInfo. Default-checking tests (testSetAndGetCost, testSetAndGetAlgorithm) are left unchanged to continue verifying the production default of 12.

Expected impact

Total hashing time: ~35s → ~0.2s (~150x speedup)
No change to test correctness — bcrypt cost affects computation time, not hash verification logic

Metadata

Metadata

Assignees

Labels

Type

Fields

No fields configured for Task.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions