veza/veza-backend-api/internal/handlers/auth_fuzz_test.go

package handlers

import (
	"encoding/json"
	"testing"
)

// FuzzLoginPayload fuzzes the login request parsing.
// The handler should never panic on any input.
func FuzzLoginPayload(f *testing.F) {
	f.Add([]byte(`{"email":"test@test.com","password":"Pass123!"}`))
	f.Add([]byte(`{"email":"","password":""}`))
	f.Add([]byte(`{}`))
	f.Add([]byte(`invalid json`))
	f.Add([]byte(""))
	f.Add([]byte(`{"email":null,"password":123}`))
	f.Add([]byte(`{"email":"a@b.c","password":"` + string(make([]byte, 10000)) + `"}`))

	f.Fuzz(func(t *testing.T, data []byte) {
		// Verify that JSON parsing of arbitrary payloads never panics
		var payload struct {
			Email    string `json:"email"`
			Password string `json:"password"`
		}
		_ = json.Unmarshal(data, &payload)
	})
}