This commit is contained in:
39
tests/Integration/AuthTest.php
Normal file
39
tests/Integration/AuthTest.php
Normal file
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Integration;
|
||||
|
||||
use Tests\Support\ApiTestCase;
|
||||
use Tests\Support\DatabaseFixture;
|
||||
|
||||
final class AuthTest extends ApiTestCase
|
||||
{
|
||||
public function testLoginSuccess(): void
|
||||
{
|
||||
$res = $this->loginAs(DatabaseFixture::ADMIN_USERNAME);
|
||||
$this->assertOk($res);
|
||||
$this->assertSame('admin', $res['body']['data']['role']);
|
||||
$this->assertNotEmpty($this->bearerToken);
|
||||
}
|
||||
|
||||
public function testLoginInvalidPassword(): void
|
||||
{
|
||||
$res = $this->api('POST', 'auth/login', [
|
||||
'username' => DatabaseFixture::ADMIN_USERNAME,
|
||||
'password' => 'wrong-password',
|
||||
]);
|
||||
$this->assertError($res, 'INVALID_CREDENTIALS');
|
||||
$this->assertSame(401, $res['status']);
|
||||
}
|
||||
|
||||
public function testMustChangePasswordTempTokenBlocked(): void
|
||||
{
|
||||
$login = $this->loginAs(DatabaseFixture::MUST_CHANGE_USERNAME);
|
||||
$this->assertOk($login);
|
||||
$this->assertTrue($login['body']['data']['mustChangePassword'] ?? false);
|
||||
|
||||
$blocked = $this->api('GET', 'app_questionnaires');
|
||||
$this->assertLegacyAuthError($blocked, 403, 'Password change required before access');
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user