🏠 Overview ✅ Implementation Tasks ✅ epic-email-password-login-foundation-task-009

Unit Test Credential Validator

epic-email-password-login-foundation-task-009 — Write comprehensive unit tests for CredentialValidator covering valid emails, malformed emails (missing @, missing domain, consecutive dots), valid passwords, and passwords failing each individual constraint rule. Achieve 100% branch coverage. Tests must run without network access and complete in under 500ms.

high priority low complexity testing pending testing specialist Tier 2

Acceptance Criteria

All tests pass with flutter test and complete within 500ms total
No test requires network access, file I/O, or platform channels
Email validation tests cover: valid standard email, valid email with subdomain, missing @ symbol, missing local part, missing domain, missing TLD, consecutive dots in local part, leading dot, trailing dot, spaces within email, empty string, null-equivalent empty input
Password validation tests cover: valid password meeting all constraints, password too short (below minimum length), password missing uppercase letter, password missing lowercase letter, password missing digit, password missing special character, password exceeding maximum length if a limit exists, empty string
Each individual password constraint rule has at least one dedicated failing test so that removing any single rule causes at least one test to fail
Return types from CredentialValidator are asserted explicitly (e.g., ValidationResult.valid vs ValidationResult.invalid(reason))
100% branch coverage reported by flutter test --coverage for credential_validator.dart
Test file is co-located with or mirrors the structure of the source file (test/validators/credential_validator_test.dart)

Technical Requirements

frameworks
Flutter
flutter_test
data models
ValidationResult (valid | invalid with reason string)
CredentialValidator
performance requirements
All tests combined must complete in under 500ms
No async operations — all validator methods should be synchronous
security requirements
Test inputs must not include real user credentials — use clearly synthetic values only

Execution Context

Execution Tier
Tier 2

Tier 2 - 518 tasks

Can start after Tier 1 completes

Implementation Notes

Use table-driven tests: define a list of (input, expectedResult) records and iterate with test() inside forEach. This makes adding new edge cases trivial and keeps the file concise. For email tests, ensure the regex or validation logic is tested through the public API only — do not test internal regex strings directly, as that creates brittle coupling. For password constraint tests, name each test after the specific constraint being violated (e.g., 'returns invalid when password has no digit') so failures are immediately actionable in CI logs.

If CredentialValidator is a static class, no setup/teardown is needed.

Testing Requirements

Pure unit tests using flutter_test. Organise tests with nested group() blocks: one group for validateEmail and one for validatePassword, with sub-groups for valid cases and each category of invalid case. Use parameterised test helpers (e.g., a local testCases list with forEach) to avoid repetitive test boilerplate for similar invalid-input scenarios. Run flutter test --coverage and confirm credential_validator.dart shows 100% line and branch coverage before marking the task complete.

Component
Credential Validator
service low
Dependencies (1)
Add password validation to CredentialValidator enforcing minimum length (8 characters), at least one uppercase letter, one digit, and one special character. Return per-rule validation results so the UI can show granular feedback. Include a combined isPasswordValid method that returns a single boolean for quick checks. epic-email-password-login-foundation-task-005
Epic Risks (2)
high impact low prob integration

Supabase client initialization may fail silently in certain Flutter environments if environment variables are missing or the anon key is rotated, leading to runtime null-pointer errors throughout the auth layer.

Mitigation & Contingency

Mitigation: Add explicit assertion checks during app startup that verify the Supabase client is initialized before the router resolves. Document required --dart-define keys in the project README and add a CI step that validates their presence.

Contingency: Implement a fallback initialization error screen with a clear message and a retry button. Log initialization failures to crash reporting immediately.

medium impact medium prob technical

The flutter_secure_storage package behaviour differs between iOS Keychain and Android Keystore implementations. On Android, biometric-enrolled devices may require additional authentication to read stored tokens, causing unexpected session read failures.

Mitigation & Contingency

Mitigation: Test the repository on Android devices with and without biometric enrollment early in development. Use accessibility options in flutter_secure_storage to configure whether biometric authentication is required for storage access.

Contingency: If biometric-gated storage causes regressions, fall back to a non-biometric storage option for session tokens (reserving biometric-gated storage for higher-sensitivity credentials only).

Quick Links
All Tasks Execution Plan