233 lines
6.6 KiB
PHP
233 lines
6.6 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use App\Models\User;
|
|
use App\Models\Person;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Tests\TestCase;
|
|
|
|
class PersonApiAuthTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
/**
|
|
* Test that unauthenticated users receive 401 when accessing index endpoint
|
|
*/
|
|
public function test_unauthenticated_users_cannot_access_index(): void
|
|
{
|
|
$response = $this->getJson('/api/persons');
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that unauthenticated users receive 401 when accessing show endpoint
|
|
*/
|
|
public function test_unauthenticated_users_cannot_access_show(): void
|
|
{
|
|
$person = Person::factory()->create();
|
|
|
|
$response = $this->getJson("/api/persons/{$person->person_id}");
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that unauthenticated users receive 401 when accessing store endpoint
|
|
*/
|
|
public function test_unauthenticated_users_cannot_access_store(): void
|
|
{
|
|
$personData = [
|
|
'surname' => 'New',
|
|
'christian_name' => 'Person',
|
|
'full_name' => 'New Person',
|
|
];
|
|
|
|
$response = $this->postJson('/api/persons', $personData);
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that unauthenticated users receive 401 when accessing update endpoint
|
|
*/
|
|
public function test_unauthenticated_users_cannot_access_update(): void
|
|
{
|
|
$person = Person::factory()->create();
|
|
|
|
$updateData = [
|
|
'surname' => 'Updated',
|
|
'christian_name' => 'Person',
|
|
];
|
|
|
|
$response = $this->putJson("/api/persons/{$person->person_id}", $updateData);
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that unauthenticated users receive 401 when accessing delete endpoint
|
|
*/
|
|
public function test_unauthenticated_users_cannot_access_delete(): void
|
|
{
|
|
$person = Person::factory()->create();
|
|
|
|
$response = $this->deleteJson("/api/persons/{$person->person_id}");
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that unauthenticated users receive 401 when accessing custom endpoints
|
|
*/
|
|
public function test_unauthenticated_users_cannot_access_custom_endpoints(): void
|
|
{
|
|
Person::factory()->create(['id_card_no' => 'TEST-12345']);
|
|
|
|
$response = $this->getJson("/api/persons/id-card/TEST-12345");
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that invalid tokens result in a 401 response
|
|
*/
|
|
public function test_invalid_tokens_result_in_401(): void
|
|
{
|
|
// Test with a completely invalid token
|
|
$response = $this->withHeader('Authorization', 'Bearer invalid-token-here')
|
|
->getJson('/api/persons');
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that expired tokens result in a 401 response
|
|
*/
|
|
public function test_expired_tokens_result_in_401(): void
|
|
{
|
|
// Create a user
|
|
$user = User::factory()->create();
|
|
|
|
// Generate token
|
|
$token = $user->createToken('test-token')->plainTextToken;
|
|
|
|
// Revoke the token to simulate expiration
|
|
$user->tokens()->delete();
|
|
|
|
// Try to use the now-revoked token
|
|
$response = $this->withHeader('Authorization', 'Bearer ' . $token)
|
|
->getJson('/api/persons');
|
|
|
|
$response->assertStatus(401)
|
|
->assertJson([
|
|
'message' => 'Unauthenticated.'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that authenticated users can access protected endpoints
|
|
*/
|
|
public function test_authenticated_users_can_access_protected_endpoints(): void
|
|
{
|
|
// Create and authenticate a user
|
|
$user = User::factory()->create();
|
|
Sanctum::actingAs($user);
|
|
|
|
// Test the index endpoint
|
|
$response = $this->getJson('/api/persons');
|
|
$response->assertStatus(200);
|
|
|
|
// Test creating a person
|
|
$personData = [
|
|
'surname' => 'Test',
|
|
'christian_name' => 'User',
|
|
'full_name' => 'Test User',
|
|
];
|
|
|
|
$response = $this->postJson('/api/persons', $personData);
|
|
$response->assertStatus(201);
|
|
|
|
// Get the created person ID
|
|
$personId = $response->json('data.person_id');
|
|
|
|
// Test getting a specific person
|
|
$response = $this->getJson("/api/persons/{$personId}");
|
|
$response->assertStatus(200);
|
|
|
|
// Test updating a person
|
|
$updateData = [
|
|
'surname' => 'Updated',
|
|
];
|
|
|
|
$response = $this->putJson("/api/persons/{$personId}", $updateData);
|
|
$response->assertStatus(200);
|
|
|
|
// Test deleting a person
|
|
$response = $this->deleteJson("/api/persons/{$personId}");
|
|
$response->assertStatus(200);
|
|
}
|
|
|
|
/**
|
|
* Test that the login endpoint returns the correct JSON structure
|
|
*/
|
|
public function test_login_returns_proper_json_response(): void
|
|
{
|
|
// Create a test user
|
|
$user = User::factory()->create([
|
|
'email' => 'test@example.com',
|
|
'password' => bcrypt('password123'),
|
|
]);
|
|
|
|
$response = $this->postJson('/api/login', [
|
|
'email' => 'test@example.com',
|
|
'password' => 'password123',
|
|
'device_name' => 'test_device',
|
|
]);
|
|
|
|
$response->assertStatus(200)
|
|
->assertJsonStructure([
|
|
'success',
|
|
'message',
|
|
'token',
|
|
'token_type',
|
|
'expires_at',
|
|
'user' => [
|
|
'id',
|
|
'name',
|
|
'email',
|
|
'is_admin',
|
|
'abilities',
|
|
]
|
|
])
|
|
->assertJson([
|
|
'success' => true,
|
|
'message' => 'User signed in successfully',
|
|
'token_type' => 'Bearer',
|
|
]);
|
|
}
|
|
}
|