diff --git a/tests/Unit/User/UseCases/AuthenticateUserTest.php b/tests/Unit/User/UseCases/AuthenticateUserTest.php
new file mode 100644
index 0000000..e929ab0
--- /dev/null
+++ b/tests/Unit/User/UseCases/AuthenticateUserTest.php
@@ -0,0 +1,85 @@
+<?php
+
+namespace Tests\Unit\User\UseCases;
+
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\User\UseCases\AuthenticateUser;
+use App\User\UseCases\AuthenticateUserRequest;
+use App\User\UseCases\CreateUser;
+use App\User\UseCases\CreateUserRequest;
+use App\User\User;
+use PHPUnit\Framework\TestCase;
+use Tests\Fakes\FakeUserRepository;
+
+class AuthenticateUserTest extends TestCase
+{
+    private FakeUserRepository $userRepo;
+    private AuthenticateUser $useCase;
+
+    public function setUp(): void
+    {
+        $this->userRepo = new FakeUserRepository();
+        $createUser = new CreateUser($this->userRepo);
+        $createUser->execute(new CreateUserRequest(
+            email: 'test@test.com',
+            password: 'password1',
+        ));
+        $this->useCase = new AuthenticateUser($this->userRepo);
+    }
+
+    public function test_returns_user_on_valid_credentials(): void
+    {
+        $user = $this->useCase->execute(new AuthenticateUserRequest(
+            email: 'test@test.com',
+            password: 'password1',
+        ));
+
+        $this->assertInstanceOf(User::class, $user);
+        $this->assertEquals('test@test.com', (string) $user->getEmail());
+    }
+
+    public function test_throws_bad_request_when_email_null(): void
+    {
+        $this->expectException(BadRequestException::class);
+        $this->expectExceptionMessage('email is required');
+
+        $this->useCase->execute(new AuthenticateUserRequest(
+            email: null,
+            password: 'password1',
+        ));
+    }
+
+    public function test_throws_bad_request_when_password_null(): void
+    {
+        $this->expectException(BadRequestException::class);
+        $this->expectExceptionMessage('password is required');
+
+        $this->useCase->execute(new AuthenticateUserRequest(
+            email: 'test@test.com',
+            password: null,
+        ));
+    }
+
+    public function test_throws_unauthorized_on_wrong_password(): void
+    {
+        $this->expectException(UnauthorizedException::class);
+        $this->expectExceptionMessage('invalid credentials');
+
+        $this->useCase->execute(new AuthenticateUserRequest(
+            email: 'test@test.com',
+            password: 'wrongpassword',
+        ));
+    }
+
+    public function test_throws_unauthorized_when_email_not_found(): void
+    {
+        $this->expectException(UnauthorizedException::class);
+        $this->expectExceptionMessage('invalid credentials');
+
+        $this->useCase->execute(new AuthenticateUserRequest(
+            email: 'missing@test.com',
+            password: 'password1',
+        ));
+    }
+}