Update testing/test_hash_token.sh

testing/test_hash_token.sh

@@ -134,20 +134,21 @@ echo "Generated hash for authentication: ${AUTH_HASH:0:20}..."
 if [[ $AUTH_HASH == \$2b\$* ]] && [ ${#AUTH_HASH} -ge 59 ]; then
     echo "✓ Generated hash is valid for use in authentication config"
     
-    # Test that we can verify the token against the hash using hash_token
+    # Generate another hash for the same token to verify it's different (bcrypt salt)
     if [ "$IN_CONTAINER" = true ]; then
-        # Create a test to verify the token matches the hash
+        AUTH_HASH2=$(/sos/hash_token --quiet "$AUTH_TOKEN" 2>/dev/null)
-        echo "$AUTH_TOKEN" | /sos/hash_token --verify --quiet 2>/dev/null <<< "$AUTH_HASH" && VERIFY_RESULT="VALID" || VERIFY_RESULT="INVALID"
     else
-        # For outside container, verification is more complex, skip for now
+        AUTH_HASH2=$(docker exec sos-test /sos/hash_token --quiet "$AUTH_TOKEN" 2>/dev/null)
-        VERIFY_RESULT="SKIPPED"
     fi
     
-    if [ "$VERIFY_RESULT" = "VALID" ] || [ "$VERIFY_RESULT" = "SKIPPED" ]; then
+    if [ "$AUTH_HASH" != "$AUTH_HASH2" ]; then
-        echo "✓ Hash verification works correctly"
+        echo "✓ Different hashes generated for same token (proper salting)"
     else
-        echo "Note: Hash verification test skipped in container environment"
+        echo "Warning: Same hash generated for same token (salting issue?)"
     fi
+    
+    # Note: The --verify mode requires TTY for password input, which isn't available in test environment
+    echo "Note: Verification test skipped (requires interactive TTY)"
 else
     echo "Warning: Generated hash may not be suitable for authentication"
 fi