loginAs(DatabaseFixture::ADMIN_USERNAME); $this->assertOk($res); $this->assertSame('admin', $res['body']['data']['role']); $this->assertNotEmpty($this->bearerToken); } public function testLoginInvalidPassword(): void { $res = $this->api('POST', 'auth/login', [ 'username' => DatabaseFixture::ADMIN_USERNAME, 'password' => 'wrong-password', ]); $this->assertError($res, 'INVALID_CREDENTIALS'); $this->assertSame(401, $res['status']); } public function testMustChangePasswordTempTokenBlocked(): void { $login = $this->loginAs(DatabaseFixture::MUST_CHANGE_USERNAME); $this->assertOk($login); $this->assertTrue($login['body']['data']['mustChangePassword'] ?? false); $blocked = $this->api('GET', 'app_questionnaires'); $this->assertLegacyAuthError($blocked, 403, 'Password change required before access'); } }