migrants-nt-sec/tests/Feature/AuthControllerTest.php

<?php

namespace Tests\Feature;

use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class AuthControllerTest extends TestCase
{
    use RefreshDatabase;

    /**
     * Test that anyone can register as a new user
     */
    public function test_public_user_registration(): void
    {
        $userData = [
            'name' => 'New User',
            'email' => 'newuser@example.com',
            'password' => 'password123',
        ];

        $response = $this->postJson('/api/register', $userData);
        
        $response->assertStatus(201)
            ->assertJson([
                'success' => true,
                'message' => 'User created successfully',
            ])
            ->assertJsonStructure([
                'success',
                'message',
                'data' => [
                    'id',
                    'name',
                    'email',
                    'updated_at',
                    'created_at',
                ]
            ]);

        // Verify the user was actually created in the database
        $this->assertDatabaseHas('users', [
            'name' => 'New User',
            'email' => 'newuser@example.com',
        ]);
        
        // Verify the user is not an admin by default
        $this->assertDatabaseHas('users', [
            'email' => 'newuser@example.com',
            'is_admin' => 0,
        ]);
    }

    /**
     * Test validation rules for user registration
     */
    public function test_registration_validation_rules(): void
    {
        // Create and authenticate an admin user
        $admin = User::factory()->create([
            'is_admin' => true
        ]);
        
        $this->actingAs($admin);
        
        // Test empty fields
        $response = $this->postJson('/api/register', []);
        
        $response->assertStatus(422)
            ->assertJsonValidationErrors(['name', 'email', 'password']);

        // Test email format validation
        $response = $this->postJson('/api/register', [
            'name' => 'New User',
            'email' => 'not-an-email',
            'password' => 'password123',
        ]);
        
        $response->assertStatus(422)
            ->assertJsonValidationErrors(['email']);

        // Test email uniqueness validation
        User::factory()->create(['email' => 'existing@example.com']);
        
        $response = $this->postJson('/api/register', [
            'name' => 'New User',
            'email' => 'existing@example.com',
            'password' => 'password123',
        ]);
        
        $response->assertStatus(422)
            ->assertJsonValidationErrors(['email']);

        // Test password length validation
        $response = $this->postJson('/api/register', [
            'name' => 'New User',
            'email' => 'newuser@example.com',
            'password' => 'short',
        ]);
        
        $response->assertStatus(422)
            ->assertJsonValidationErrors(['password']);
    }
}