hr-assessment-system/scripts/debug-password-verification.js

const https = require('https')
const http = require('http')

const debugPasswordVerification = async () => {
  console.log('🔍 調試密碼驗證問題')
  console.log('=' .repeat(50))

  try {
    // 1. 創建一個測試用戶
    console.log('\n📊 1. 創建測試用戶...')
    const testUser = {
      name: '密碼調試用戶',
      email: 'debug.password@company.com',
      password: 'password123',
      department: '測試部',
      role: 'user'
    }

    const createResponse = await new Promise((resolve, reject) => {
      const postData = JSON.stringify(testUser)
      const options = {
        hostname: 'localhost',
        port: 3000,
        path: '/api/admin/users',
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'Content-Length': Buffer.byteLength(postData)
        }
      }

      const req = http.request(options, (res) => {
        let data = ''
        res.on('data', chunk => data += chunk)
        res.on('end', () => resolve({ status: res.statusCode, data }))
      })
      req.on('error', reject)
      req.write(postData)
      req.end()
    })

    let testUserId = null
    if (createResponse.status === 200) {
      const createData = JSON.parse(createResponse.data)
      if (createData.success) {
        testUserId = createData.data.id
        console.log('✅ 測試用戶創建成功')
      } else {
        console.log('❌ 創建測試用戶失敗:', createData.error)
        return
      }
    }

    // 2. 直接查詢資料庫中的密碼雜湊
    console.log('\n📊 2. 檢查資料庫中的密碼雜湊...')
    
    // 這裡我們需要直接查詢資料庫來看看密碼是如何儲存的
    // 由於我們無法直接訪問資料庫，我們可以通過 API 來檢查
    
    // 3. 測試不同的密碼組合
    console.log('\n📊 3. 測試不同的密碼組合...')
    
    const testPasswords = [
      'password123',  // 原始密碼
      'Password123',  // 大寫開頭
      'PASSWORD123',  // 全大寫
      'password',     // 沒有數字
      '123456',       // 只有數字
    ]

    for (const testPassword of testPasswords) {
      console.log(`\n   測試密碼: "${testPassword}"`)
      
      const loginData = {
        email: 'debug.password@company.com',
        password: testPassword
      }

      const loginResponse = await new Promise((resolve, reject) => {
        const postData = JSON.stringify(loginData)
        const options = {
          hostname: 'localhost',
          port: 3000,
          path: '/api/auth/login',
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
            'Content-Length': Buffer.byteLength(postData)
          }
        }

        const req = http.request(options, (res) => {
          let data = ''
          res.on('data', chunk => data += chunk)
          res.on('end', () => resolve({ status: res.statusCode, data }))
        })
        req.on('error', reject)
        req.write(postData)
        req.end()
      })

      if (loginResponse.status === 200) {
        const loginResult = JSON.parse(loginResponse.data)
        if (loginResult.success) {
          console.log(`   ✅ 登入成功！正確密碼是: "${testPassword}"`)
          break
        } else {
          console.log(`   ❌ 登入失敗: ${loginResult.error}`)
        }
      } else {
        const errorData = JSON.parse(loginResponse.data)
        console.log(`   ❌ 登入失敗: ${errorData.error}`)
      }
    }

    // 4. 檢查現有用戶的登入情況
    console.log('\n📊 4. 檢查現有用戶的登入情況...')
    
    const existingUsers = [
      { email: 'admin@company.com', password: 'admin123' },
      { email: 'user@company.com', password: 'user123' },
      { email: 'test@company.com', password: 'password123' }
    ]

    for (const user of existingUsers) {
      console.log(`\n   測試現有用戶: ${user.email}`)
      
      const loginData = {
        email: user.email,
        password: user.password
      }

      const loginResponse = await new Promise((resolve, reject) => {
        const postData = JSON.stringify(loginData)
        const options = {
          hostname: 'localhost',
          port: 3000,
          path: '/api/auth/login',
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
            'Content-Length': Buffer.byteLength(postData)
          }
        }

        const req = http.request(options, (res) => {
          let data = ''
          res.on('data', chunk => data += chunk)
          res.on('end', () => resolve({ status: res.statusCode, data }))
        })
        req.on('error', reject)
        req.write(postData)
        req.end()
      })

      if (loginResponse.status === 200) {
        const loginResult = JSON.parse(loginResponse.data)
        if (loginResult.success) {
          console.log(`   ✅ 登入成功`)
        } else {
          console.log(`   ❌ 登入失敗: ${loginResult.error}`)
        }
      } else {
        const errorData = JSON.parse(loginResponse.data)
        console.log(`   ❌ 登入失敗: ${errorData.error}`)
      }
    }

    // 5. 清理測試用戶
    console.log('\n📊 5. 清理測試用戶...')
    if (testUserId) {
      const deleteResponse = await new Promise((resolve, reject) => {
        const options = {
          hostname: 'localhost',
          port: 3000,
          path: `/api/admin/users?id=${testUserId}`,
          method: 'DELETE'
        }

        const req = http.request(options, (res) => {
          let data = ''
          res.on('data', chunk => data += chunk)
          res.on('end', () => resolve({ status: res.statusCode, data }))
        })
        req.on('error', reject)
        req.end()
      })

      if (deleteResponse.status === 200) {
        console.log(`✅ 已刪除測試用戶: ${testUserId}`)
      }
    }

    console.log('\n📝 調試總結:')
    console.log('🔍 請檢查以上測試結果，找出密碼驗證問題的原因')

  } catch (error) {
    console.error('❌ 調試失敗:', error.message)
  } finally {
    console.log('\n✅ 密碼驗證調試完成')
  }
}

debugPasswordVerification()