This commit is contained in:
78
tests/Integration/AppQuestionnairesTest.php
Normal file
78
tests/Integration/AppQuestionnairesTest.php
Normal file
@ -0,0 +1,78 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
final class AppQuestionnairesTest extends ApiTestCase
|
||||
{
|
||||
public function testListActiveQuestionnaires(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
||||
$res = $this->api('GET', 'app_questionnaires');
|
||||
$this->assertOk($res);
|
||||
$this->assertIsArray($res['body']['data']);
|
||||
$ids = array_column($res['body']['data'], 'id');
|
||||
$this->assertContains(DatabaseFixture::QUESTIONNAIRE_ID, $ids);
|
||||
$first = $res['body']['data'][0];
|
||||
$this->assertArrayHasKey('name', $first);
|
||||
$this->assertArrayHasKey('showPoints', $first);
|
||||
$this->assertArrayHasKey('condition', $first);
|
||||
}
|
||||
|
||||
public function testFetchQuestionnaireDetail(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
||||
$res = $this->api('GET', 'app_questionnaires', null, null, [
|
||||
'id' => DatabaseFixture::QUESTIONNAIRE_ID,
|
||||
]);
|
||||
$this->assertOk($res);
|
||||
$this->assertSame(DatabaseFixture::QUESTIONNAIRE_ID, $res['body']['data']['meta']['id']);
|
||||
$this->assertNotEmpty($res['body']['data']['questions']);
|
||||
$q = $res['body']['data']['questions'][0];
|
||||
$this->assertSame('q1', $q['id']);
|
||||
$this->assertSame('radio_question', $q['layout']);
|
||||
}
|
||||
|
||||
public function testCoachCannotUploadForOtherCoachesClient(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
||||
$res = $this->api('POST', 'app_questionnaires', [
|
||||
'questionnaireID' => DatabaseFixture::QUESTIONNAIRE_ID,
|
||||
'clientCode' => DatabaseFixture::CLIENT_COACH2,
|
||||
'answers' => [
|
||||
['questionID' => 'q1', 'answerOptionKey' => 'consent_signed'],
|
||||
],
|
||||
]);
|
||||
$this->assertError($res, 'NOT_FOUND');
|
||||
}
|
||||
|
||||
public function testUploadAnswersMapsShortQuestionIds(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
||||
$res = $this->api('POST', 'app_questionnaires', [
|
||||
'questionnaireID' => DatabaseFixture::QUESTIONNAIRE_ID,
|
||||
'clientCode' => DatabaseFixture::CLIENT_COACH1,
|
||||
'completedAt' => time(),
|
||||
'answers' => [
|
||||
['questionID' => 'q1', 'answerOptionKey' => 'consent_signed', 'answeredAt' => time()],
|
||||
],
|
||||
]);
|
||||
$this->assertOk($res);
|
||||
$this->assertTrue($res['body']['data']['submitted']);
|
||||
$this->assertSame(5, $res['body']['data']['sumPoints']);
|
||||
}
|
||||
|
||||
public function testCoachClientsList(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
||||
$res = $this->api('GET', 'app_questionnaires', null, null, ['clients' => '1']);
|
||||
$this->assertOk($res);
|
||||
$codes = array_column($res['body']['data']['clients'], 'clientCode');
|
||||
$this->assertContains(DatabaseFixture::CLIENT_COACH1, $codes);
|
||||
$this->assertNotContains(DatabaseFixture::CLIENT_COACH2, $codes);
|
||||
}
|
||||
}
|
||||
39
tests/Integration/AuthTest.php
Normal file
39
tests/Integration/AuthTest.php
Normal file
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
final class AuthTest extends ApiTestCase
|
||||
{
|
||||
public function testLoginSuccess(): void
|
||||
{
|
||||
$res = $this->loginAs(DatabaseFixture::ADMIN_USERNAME);
|
||||
$this->assertOk($res);
|
||||
$this->assertSame('admin', $res['body']['data']['role']);
|
||||
$this->assertNotEmpty($this->bearerToken);
|
||||
}
|
||||
|
||||
public function testLoginInvalidPassword(): void
|
||||
{
|
||||
$res = $this->api('POST', 'auth/login', [
|
||||
'username' => DatabaseFixture::ADMIN_USERNAME,
|
||||
'password' => 'wrong-password',
|
||||
]);
|
||||
$this->assertError($res, 'INVALID_CREDENTIALS');
|
||||
$this->assertSame(401, $res['status']);
|
||||
}
|
||||
|
||||
public function testMustChangePasswordTempTokenBlocked(): void
|
||||
{
|
||||
$login = $this->loginAs(DatabaseFixture::MUST_CHANGE_USERNAME);
|
||||
$this->assertOk($login);
|
||||
$this->assertTrue($login['body']['data']['mustChangePassword'] ?? false);
|
||||
|
||||
$blocked = $this->api('GET', 'app_questionnaires');
|
||||
$this->assertLegacyAuthError($blocked, 403, 'Password change required before access');
|
||||
}
|
||||
}
|
||||
49
tests/Integration/ClientsTest.php
Normal file
49
tests/Integration/ClientsTest.php
Normal file
@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
|
||||
|
||||
final class ClientsTest extends ApiTestCase
|
||||
|
||||
{
|
||||
|
||||
public function testRequiresAuth(): void
|
||||
|
||||
{
|
||||
|
||||
$res = $this->api('GET', 'clients');
|
||||
|
||||
$this->assertLegacyAuthError($res, 401, 'Missing Bearer token');
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function testAdminSeesAllClients(): void
|
||||
|
||||
{
|
||||
|
||||
$this->loginAs(DatabaseFixture::ADMIN_USERNAME);
|
||||
|
||||
$res = $this->api('GET', 'clients');
|
||||
|
||||
$this->assertOk($res);
|
||||
|
||||
$codes = array_column($res['body']['data']['clients'], 'clientCode');
|
||||
|
||||
$this->assertContains(DatabaseFixture::CLIENT_COACH1, $codes);
|
||||
|
||||
$this->assertContains(DatabaseFixture::CLIENT_COACH2, $codes);
|
||||
25
tests/Integration/LogoutTest.php
Normal file
25
tests/Integration/LogoutTest.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
final class LogoutTest extends ApiTestCase
|
||||
{
|
||||
public function testLogoutRevokesToken(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::ADMIN_USERNAME);
|
||||
$token = $this->bearerToken;
|
||||
$this->assertNotNull($token);
|
||||
|
||||
$logout = $this->api('POST', 'logout');
|
||||
$this->assertOk($logout);
|
||||
|
||||
$this->bearerToken = $token;
|
||||
$after = $this->api('GET', 'questionnaires');
|
||||
$this->assertLegacyAuthError($after, 403, 'Invalid or expired token');
|
||||
}
|
||||
}
|
||||
25
tests/Integration/QuestionnairesTest.php
Normal file
25
tests/Integration/QuestionnairesTest.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
final class QuestionnairesTest extends ApiTestCase
|
||||
{
|
||||
public function testRequiresAuth(): void
|
||||
{
|
||||
$res = $this->api('GET', 'questionnaires');
|
||||
$this->assertLegacyAuthError($res, 401, 'Missing Bearer token');
|
||||
}
|
||||
|
||||
public function testAdminCanListQuestionnaires(): void
|
||||
{
|
||||
$this->loginAs(DatabaseFixture::ADMIN_USERNAME);
|
||||
$res = $this->api('GET', 'questionnaires');
|
||||
$this->assertOk($res);
|
||||
$this->assertNotEmpty($res['body']['data']['questionnaires'] ?? []);
|
||||
}
|
||||
}
|
||||
48
tests/Integration/UsersTest.php
Normal file
48
tests/Integration/UsersTest.php
Normal file
@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
|
||||
|
||||
final class UsersTest extends ApiTestCase
|
||||
|
||||
{
|
||||
|
||||
public function testRequiresAuth(): void
|
||||
|
||||
{
|
||||
|
||||
$res = $this->api('GET', 'users');
|
||||
|
||||
$this->assertLegacyAuthError($res, 401, 'Missing Bearer token');
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function testCoachForbidden(): void
|
||||
|
||||
{
|
||||
|
||||
$this->loginAs(DatabaseFixture::COACH1_USERNAME);
|
||||
|
||||
$res = $this->api('GET', 'users');
|
||||
|
||||
$this->assertLegacyAuthError($res, 403, 'Insufficient permissions');
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user