Add tests for authentication and security features

- Implement unit tests for password handling in `auth_test.ts`, covering bcrypt and legacy password hashes.
- Create a fake database for user management to facilitate testing of the `AdminHandler`.
- Validate JWT-based identity verification against database records.
- Introduce tests for credential encryption and registry management in `security_test.ts`.
- Ensure registry passwords are securely stored and can be decrypted correctly, including legacy support.
- Add utility functions for password hashing and verification in `auth.ts`.

ts/classes/platform-services/providers/clickhouse.ts

@@ -76,7 +76,9 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
     if (dataExists && platformService?.adminCredentialsEncrypted) {
       // Reuse existing credentials from database
       logger.info('Reusing existing ClickHouse credentials (data directory already initialized)');
-      adminCredentials = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+      adminCredentials = await credentialEncryption.decrypt<{ username: string; password: string }>(
+        platformService.adminCredentialsEncrypted,
+      );
     } else {
       // Generate new credentials for fresh deployment
       logger.info('Generating new ClickHouse admin credentials');
@@ -191,7 +193,9 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
       throw new Error('ClickHouse platform service not found or not configured');
     }
 
-    const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+    const adminCreds = await credentialEncryption.decrypt<{ username: string; password: string }>(
+      platformService.adminCredentialsEncrypted,
+    );
     const containerName = this.getContainerName();
 
     // Generate resource names and credentials
@@ -247,7 +251,9 @@ export class ClickHouseProvider extends BasePlatformServiceProvider {
       throw new Error('ClickHouse platform service not found or not configured');
     }
 
-    const adminCreds = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+    const adminCreds = await credentialEncryption.decrypt<{ username: string; password: string }>(
+      platformService.adminCredentialsEncrypted,
+    );
 
     logger.info(`Deprovisioning ClickHouse database '${resource.resourceName}'...`);
 

ts/classes/platform-services/providers/mariadb.ts

@@ -74,7 +74,9 @@ export class MariaDBProvider extends BasePlatformServiceProvider {
     if (dataExists && platformService?.adminCredentialsEncrypted) {
       // Reuse existing credentials from database
       logger.info('Reusing existing MariaDB credentials (data directory already initialized)');
-      adminCredentials = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+      adminCredentials = await credentialEncryption.decrypt<{ username: string; password: string }>(
+        platformService.adminCredentialsEncrypted,
+      );
     } else {
       // Generate new credentials for fresh deployment
       logger.info('Generating new MariaDB admin credentials');

ts/classes/platform-services/providers/minio.ts

@@ -80,7 +80,9 @@ export class MinioProvider extends BasePlatformServiceProvider {
     if (dataExists && platformService?.adminCredentialsEncrypted) {
       // Reuse existing credentials from database
       logger.info('Reusing existing MinIO credentials (data directory already initialized)');
-      adminCredentials = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+      adminCredentials = await credentialEncryption.decrypt<{ username: string; password: string }>(
+        platformService.adminCredentialsEncrypted,
+      );
     } else {
       // Generate new credentials for fresh deployment
       logger.info('Generating new MinIO admin credentials');

ts/classes/platform-services/providers/mongodb.ts

@@ -74,7 +74,9 @@ export class MongoDBProvider extends BasePlatformServiceProvider {
     if (dataExists && platformService?.adminCredentialsEncrypted) {
       // Reuse existing credentials from database
       logger.info('Reusing existing MongoDB credentials (data directory already initialized)');
-      adminCredentials = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+      adminCredentials = await credentialEncryption.decrypt<{ username: string; password: string }>(
+        platformService.adminCredentialsEncrypted,
+      );
     } else {
       // Generate new credentials for fresh deployment
       logger.info('Generating new MongoDB admin credentials');

ts/classes/platform-services/providers/redis.ts

@@ -76,7 +76,9 @@ export class RedisProvider extends BasePlatformServiceProvider {
     if (dataExists && platformService?.adminCredentialsEncrypted) {
       // Reuse existing credentials from database
       logger.info('Reusing existing Redis credentials (data directory already initialized)');
-      adminCredentials = await credentialEncryption.decrypt(platformService.adminCredentialsEncrypted);
+      adminCredentials = await credentialEncryption.decrypt<{ username: string; password: string }>(
+        platformService.adminCredentialsEncrypted,
+      );
     } else {
       // Generate new credentials for fresh deployment
       logger.info('Generating new Redis admin credentials');