86 lines
2.5 KiB
PHP
86 lines
2.5 KiB
PHP
<?php
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
beforeEach(function () {
|
|
$this->withHeaders(['X-Api-Key' => config('app.api_secret_key')]);
|
|
});
|
|
|
|
it('registers a new user and returns a token', function () {
|
|
$this->postJson('/api/auth/register', [
|
|
'name' => 'Test User',
|
|
'email' => 'test@example.com',
|
|
'password' => 'password',
|
|
'password_confirmation' => 'password',
|
|
])
|
|
->assertCreated()
|
|
->assertJsonStructure(['token', 'user' => ['id', 'name', 'email']]);
|
|
});
|
|
|
|
it('returns 422 when register fields are missing', function () {
|
|
$this->postJson('/api/auth/register')
|
|
->assertUnprocessable()
|
|
->assertJsonValidationErrors(['name', 'email', 'password']);
|
|
});
|
|
|
|
it('returns 422 when email is already taken', function () {
|
|
User::factory()->create(['email' => 'taken@example.com']);
|
|
|
|
$this->postJson('/api/auth/register', [
|
|
'name' => 'Another User',
|
|
'email' => 'taken@example.com',
|
|
'password' => 'password',
|
|
'password_confirmation' => 'password',
|
|
])
|
|
->assertUnprocessable()
|
|
->assertJsonValidationErrors(['email']);
|
|
});
|
|
|
|
it('logs in with valid credentials and returns a token', function () {
|
|
$user = User::factory()->create(['password' => bcrypt('secret123')]);
|
|
|
|
$this->postJson('/api/auth/login', [
|
|
'email' => $user->email,
|
|
'password' => 'secret123',
|
|
])
|
|
->assertOk()
|
|
->assertJsonStructure(['token', 'user']);
|
|
});
|
|
|
|
it('returns 401 for invalid credentials', function () {
|
|
User::factory()->create(['email' => 'user@example.com', 'password' => bcrypt('correct')]);
|
|
|
|
$this->postJson('/api/auth/login', [
|
|
'email' => 'user@example.com',
|
|
'password' => 'wrong',
|
|
])->assertUnauthorized();
|
|
});
|
|
|
|
it('returns the authenticated user on /me', function () {
|
|
$user = User::factory()->create();
|
|
|
|
$this->actingAs($user, 'sanctum')
|
|
->getJson('/api/auth/me')
|
|
->assertOk()
|
|
->assertJsonPath('email', $user->email);
|
|
});
|
|
|
|
it('logs out and revokes the token', function () {
|
|
$user = User::factory()->create();
|
|
$token = $user->createToken('api')->plainTextToken;
|
|
|
|
$this->withToken($token)
|
|
->postJson('/api/auth/logout')
|
|
->assertOk()
|
|
->assertJsonPath('message', 'Logged out.');
|
|
|
|
expect($user->tokens()->count())->toBe(0);
|
|
});
|
|
|
|
it('returns 401 on protected routes without a token', function () {
|
|
$this->getJson('/api/auth/me')->assertUnauthorized();
|
|
});
|