add unit tests for user and auth

backend/tests/Unit/Auth/UseCases/AuthenticateUserTest.php

@@ -0,0 +1,89 @@
+<?php
+
+namespace Tests\Unit\Auth\UseCases;
+
+use App\Auth\PasswordHasher;
+use App\Auth\UseCases\AuthenticateUser\AuthenticateUser;
+use App\Auth\UseCases\AuthenticateUser\AuthenticateUserRequest;
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use PHPUnit\Framework\TestCase;
+use Tests\Fakes\FakeUserRepository;
+
+class AuthenticateUserTest extends TestCase
+{
+    private FakeUserRepository $userRepo;
+    private PasswordHasher $hasher;
+    private AuthenticateUser $authenticateUser;
+
+    protected function setUp(): void
+    {
+        $this->userRepo = new FakeUserRepository();
+        $this->hasher = new class implements PasswordHasher {
+            public function hash(string $password): string
+            {
+                return 'hashed-' . $password;
+            }
+
+            public function verify(string $password, string $hash): bool
+            {
+                return $hash === 'hashed-' . $password;
+            }
+        };
+
+        $this->authenticateUser = new AuthenticateUser($this->userRepo, $this->hasher);
+    }
+
+    public function testAuthenticatesValidUser(): void
+    {
+        $email = new EmailAddress('user@example.com');
+        $this->userRepo->create(new \App\User\CreateUserDto($email, 'hashed-secret'));
+
+        $request = new AuthenticateUserRequest('user@example.com', 'secret');
+        $user = $this->authenticateUser->execute($request);
+
+        $this->assertInstanceOf(User::class, $user);
+        $this->assertSame('user@example.com', $user->getEmail()->value());
+    }
+
+    public function testThrowsWhenEmailMissing(): void
+    {
+        $this->expectException(BadRequestException::class);
+        $this->expectExceptionMessage('email is required');
+
+        $request = new AuthenticateUserRequest(null, 'secret');
+        $this->authenticateUser->execute($request);
+    }
+
+    public function testThrowsWhenPasswordMissing(): void
+    {
+        $this->expectException(BadRequestException::class);
+        $this->expectExceptionMessage('password is required');
+
+        $request = new AuthenticateUserRequest('user@example.com', null);
+        $this->authenticateUser->execute($request);
+    }
+
+    public function testThrowsWhenUserNotFound(): void
+    {
+        $this->expectException(UnauthorizedException::class);
+        $this->expectExceptionMessage('invalid credentials');
+
+        $request = new AuthenticateUserRequest('missing@example.com', 'secret');
+        $this->authenticateUser->execute($request);
+    }
+
+    public function testThrowsWhenPasswordIncorrect(): void
+    {
+        $email = new EmailAddress('user@example.com');
+        $this->userRepo->create(new \App\User\CreateUserDto($email, 'hashed-secret'));
+
+        $this->expectException(UnauthorizedException::class);
+        $this->expectExceptionMessage('invalid credentials');
+
+        $request = new AuthenticateUserRequest('user@example.com', 'wrong');
+        $this->authenticateUser->execute($request);
+    }
+}

backend/tests/Unit/Auth/UseCases/CreateSessionTest.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace Tests\Unit\Auth\UseCases;
+
+use App\Auth\Clock;
+use App\Auth\TokenGenerator;
+use App\Auth\UseCases\CreateSession\CreateSession;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use DateTimeImmutable;
+use PHPUnit\Framework\TestCase;
+use Tests\Fakes\FakeSessionRepository;
+
+class CreateSessionTest extends TestCase
+{
+    private FakeSessionRepository $sessionRepo;
+    private TokenGenerator $tokenGenerator;
+    private Clock $clock;
+    private CreateSession $createSession;
+
+    protected function setUp(): void
+    {
+        $this->sessionRepo = new FakeSessionRepository();
+        $this->tokenGenerator = new class implements TokenGenerator {
+            public function generate(): string
+            {
+                return 'fake-token-123';
+            }
+        };
+        $this->clock = new class implements Clock {
+            public function now(): DateTimeImmutable
+            {
+                return new DateTimeImmutable('2026-05-18 12:00:00', new \DateTimeZone('UTC'));
+            }
+        };
+
+        $this->createSession = new CreateSession($this->sessionRepo, $this->tokenGenerator, $this->clock);
+    }
+
+    public function testCreatesSessionForUser(): void
+    {
+        $email = new EmailAddress('user@example.com');
+        $user = new User(1, $email, 'hashed-password');
+
+        $session = $this->createSession->execute($user);
+
+        $this->assertSame('fake-token-123', $session->getToken());
+        $this->assertSame($user, $session->getUser());
+        $this->assertFalse($session->isExpired($this->clock->now()));
+    }
+}

backend/tests/Unit/Auth/UseCases/LogoutTest.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace Tests\Unit\Auth\UseCases;
+
+use App\Auth\UseCases\Logout\Logout;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use PHPUnit\Framework\TestCase;
+use Tests\Fakes\FakeSessionRepository;
+
+class LogoutTest extends TestCase
+{
+    private FakeSessionRepository $sessionRepo;
+    private Logout $logout;
+
+    protected function setUp(): void
+    {
+        $this->sessionRepo = new FakeSessionRepository();
+        $this->logout = new Logout($this->sessionRepo);
+    }
+
+    public function testDeletesSessionByToken(): void
+    {
+        $email = new EmailAddress('user@example.com');
+        $user = new User(1, $email, 'hashed-password');
+
+        $session = $this->sessionRepo->create(new \App\Auth\CreateSessionDto(
+            'session-token',
+            $user,
+            new \DateTimeImmutable(),
+            new \DateTimeImmutable('+1 hour')
+        ));
+
+        $this->logout->execute('session-token');
+
+        $this->assertNull($this->sessionRepo->findByToken('session-token'));
+    }
+}