remove default values from user constructors

Forcing every call site to be explicit about admin status and
password eliminates a class of bugs where an unintended
isAdmin=false or empty passwordHash could silently slip through.
The CreateUserTest case that asserted the isAdmin default is
dropped since the default no longer exists.

tests/Unit/Auth/UseCases/CreateSessionTest.php

@@ -36,6 +36,8 @@ class CreateSessionTest extends TestCase
         $this->user = new User(
             id: 7,
             email: new EmailAddress('test@test.com'),
+            passwordHash: 'hashed:password1',
+            isAdmin: false,
         );
     }
 

tests/Unit/ScheduledNode/UseCases/CreateScheduledNodeTest.php

@@ -30,7 +30,12 @@ class CreateScheduledNodeTest extends TestCase
         $this->planRepo = new FakePlanRepository();
         $this->planRepo->create(new CreatePlanDto(
             name: 'testplan',
-            user: new User(0, new EmailAddress('test@test.com')),
+            user: new User(
+                id: 0,
+                email: new EmailAddress('test@test.com'),
+                passwordHash: 'hashed:password1',
+                isAdmin: false,
+            ),
         ));
         $this->useCase = new CreateScheduledNode(
             $this->scheduledNodeRepo,

tests/Unit/User/UseCases/AuthenticateUserTest.php

@@ -30,6 +30,7 @@ class AuthenticateUserTest extends TestCase
         $createUser->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: 'password1',
+            isAdmin: false,
         ));
         $this->useCase = new AuthenticateUser(
             $this->userRepo,

tests/Unit/User/UseCases/CreateUserTest.php

@@ -31,6 +31,7 @@ class CreateUserTest extends TestCase
         $this->useCase->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: 'password1',
+            isAdmin: false,
         ));
         $user = $this->userRepo->find(0);
         $this->assertInstanceOf(User::class, $user);
@@ -44,17 +45,9 @@ class CreateUserTest extends TestCase
 
         $this->useCase->execute(new CreateUserRequest(
             email: null,
-        ));
-    }
-
-    public function test_is_admin_defaults_to_false(): void
-    {
-        $this->useCase->execute(new CreateUserRequest(
-            email: 'test@test.com',
             password: 'password1',
+            isAdmin: false,
         ));
-        $user = $this->userRepo->find(0);
-        $this->assertFalse($user->isAdmin());
     }
 
     public function test_is_admin_can_be_set_true(): void
@@ -73,6 +66,7 @@ class CreateUserTest extends TestCase
         $this->useCase->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: 'password1',
+            isAdmin: false,
         ));
 
         $this->expectException(BadRequestException::class);
@@ -81,6 +75,7 @@ class CreateUserTest extends TestCase
         $this->useCase->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: 'password1',
+            isAdmin: false
         ));
     }
 
@@ -92,6 +87,7 @@ class CreateUserTest extends TestCase
         $this->useCase->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: null,
+            isAdmin: false,
         ));
     }
 
@@ -105,6 +101,7 @@ class CreateUserTest extends TestCase
         $this->useCase->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: 'short',
+            isAdmin: false,
         ));
     }
 
@@ -113,6 +110,7 @@ class CreateUserTest extends TestCase
         $this->useCase->execute(new CreateUserRequest(
             email: 'test@test.com',
             password: 'password1',
+            isAdmin: false,
         ));
         $user = $this->userRepo->find(0);
         $this->assertNotEquals('password1', $user->getPasswordHash());