Description
The Auth and Hasher test suites run significantly slower than necessary due to bcrypt hashing using the production default cost of 12. Since the tests only need to verify correctness of authentication logic (not the strength of the hash), the cost can be safely lowered to 4 (bcrypt minimum) in test contexts.
Problem
The Hasher class defaults to PASSWORD_BCRYPT with cost 12. Every test that exercises signup(), signin(), forget(), reset(), or generateToken() triggers one or more real bcrypt operations at this cost.
Across the Auth and Hasher test suites, there are approximately 118 bcrypt operations, each taking ~250–400ms at cost 12. This results in ~30–45 seconds spent purely on password hashing during test execution.
Solution
Set bcrypt cost to 4 when constructing the Hasher in test files:
JwtAuthAdapterTest — (new Hasher())->setCost(4) in setUp()
SessionAuthAdapterTest — (new Hasher())->setCost(4) in setUp()
AuthTest — (new Hasher())->setCost(4) at all 4 construction sites
HasherTest — $this->hasher->setCost(4) in testHashAndCheck, testNeedsRehash, and testInfo. Default-checking tests (testSetAndGetCost, testSetAndGetAlgorithm) are left unchanged to continue verifying the production default of 12.
Expected impact
Total hashing time: ~35s → ~0.2s (~150x speedup)
No change to test correctness — bcrypt cost affects computation time, not hash verification logic
Description
The
AuthandHashertest suites run significantly slower than necessary due tobcrypthashing using the production default cost of 12. Since the tests only need to verify correctness of authentication logic (not the strength of the hash), the cost can be safely lowered to 4 (bcrypt minimum) in test contexts.Problem
The
Hasherclass defaults toPASSWORD_BCRYPTwith cost 12. Every test that exercisessignup(),signin(),forget(),reset(), orgenerateToken()triggers one or more realbcryptoperations at this cost.Across the
AuthandHashertest suites, there are approximately 118 bcrypt operations, each taking ~250–400ms at cost 12. This results in ~30–45 seconds spent purely on password hashing during test execution.Solution
Set bcrypt cost to 4 when constructing the Hasher in test files:
JwtAuthAdapterTest—(new Hasher())->setCost(4)insetUp()SessionAuthAdapterTest—(new Hasher())->setCost(4)insetUp()AuthTest—(new Hasher())->setCost(4)at all 4 construction sitesHasherTest—$this->hasher->setCost(4)intestHashAndCheck,testNeedsRehash, and testInfo. Default-checking tests (testSetAndGetCost,testSetAndGetAlgorithm) are left unchanged to continue verifying the production default of 12.Expected impact
Total hashing time: ~35s → ~0.2s (~150x speedup)
No change to test correctness — bcrypt cost affects computation time, not hash verification logic