diff --git a/backend/.projectile b/backend/.projectile deleted file mode 100644 index e69de29..0000000 diff --git a/backend/app/Controllers/AuthController.php b/backend/app/Controllers/AuthController.php deleted file mode 100644 index 841b4c4..0000000 --- a/backend/app/Controllers/AuthController.php +++ /dev/null @@ -1,105 +0,0 @@ -authenticateUser->execute( - new AuthenticateUserRequest( - email: $request->input('email'), - password: $request->input('password'), - ) - ); - } catch (BadRequestException $exception) { - return new JsonResponse( - ['error' => $exception->getMessage()], 400 - ); - } catch (UnauthorizedException $exception) { - return new JsonResponse( - ['error' => $exception->getMessage()], 401 - ); - } - - $session = $this->createSession->execute($user); - - $response = new JsonResponse([ - 'user' => $this->buildUserPayload($user), - ], 200); - - return $response->withCookie(Cookie::create( - name: AuthMiddleware::COOKIE_NAME, - value: $session->getToken(), - expire: $session->getExpiresAt()->getTimestamp(), - path: '/', - domain: null, - secure: false, - httpOnly: true, - raw: false, - sameSite: Cookie::SAMESITE_LAX, - )); - } - - public function me(Request $request): JsonResponse - { - /** @var User $user */ - $user = $request->attributes->get('user'); - - return new JsonResponse([ - 'user' => $this->buildUserPayload($user), - ], 200); - } - - /** - * @return array{id: int, email: string, firstname: string, lastname: string} - */ - private function buildUserPayload(User $user): array - { - return [ - 'id' => $user->getId(), - 'email' => $user->getEmail()->value(), - ]; - } - - public function logout(Request $request): JsonResponse - { - $token = $request->cookie(AuthMiddleware::COOKIE_NAME); - if (is_string($token) && $token !== '') { - $this->logout->execute($token); - } - - $response = new JsonResponse(null, 204); - - return $response->withCookie(Cookie::create( - name: AuthMiddleware::COOKIE_NAME, - value: '', - expire: 1, - path: '/', - domain: null, - secure: false, - httpOnly: true, - raw: false, - sameSite: Cookie::SAMESITE_LAX, - )); - } -} diff --git a/backend/tests/Fakes/FakeTokenGenerator.php b/backend/tests/Fakes/FakeTokenGenerator.php index e10bbcf..dcb8819 100644 --- a/backend/tests/Fakes/FakeTokenGenerator.php +++ b/backend/tests/Fakes/FakeTokenGenerator.php @@ -3,27 +3,11 @@ namespace Tests\Fakes; use App\Auth\TokenGenerator; -use RuntimeException; class FakeTokenGenerator implements TokenGenerator { - private int $callCount = 0; - - /** - * @param string[] $tokens - */ - public function __construct(private array $tokens) {} - public function generate(): string { - if ($this->callCount >= count($this->tokens)) { - throw new RuntimeException( - 'FakeTokenGenerator exhausted' - ); - } - $token = $this->tokens[$this->callCount]; - $this->callCount++; - - return $token; + return 'fake-token-123'; } } diff --git a/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php b/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php index 034d7c5..0367f1c 100644 --- a/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php +++ b/backend/tests/Unit/Auth/UseCases/CreateSessionTest.php @@ -22,7 +22,7 @@ class CreateSessionTest extends TestCase protected function setUp(): void { $this->sessionRepo = new FakeSessionRepository(); - $this->tokenGenerator = new FakeTokenGenerator(['fake-token-123']); + $this->tokenGenerator = new FakeTokenGenerator(); $this->clock = new FakeClock( new DateTimeImmutable('2026-05-18 12:00:00') ); diff --git a/backend/tests/Unit/Controllers/AuthControllerTest.php b/backend/tests/Unit/Controllers/AuthControllerTest.php deleted file mode 100644 index 1855c59..0000000 --- a/backend/tests/Unit/Controllers/AuthControllerTest.php +++ /dev/null @@ -1,183 +0,0 @@ -now = new DateTimeImmutable( - '2026-04-29T12:00:00', - new DateTimeZone('UTC') - ); - $this->clock = new FakeClock($this->now); - $this->tokenGenerator = new FakeTokenGenerator(['session-token-1']); - $this->userRepo = new FakeUserRepository(); - $this->hasher = new FakeHasher(); - $this->sessionRepo = new FakeSessionRepository(); - $authenticateUser = new AuthenticateUser( - $this->userRepo, - $this->hasher, - ); - $createSession = new CreateSession( - $this->sessionRepo, - $this->tokenGenerator, - $this->clock, - ); - $logout = new Logout($this->sessionRepo); - $this->controller = new AuthController( - $authenticateUser, - $createSession, - $logout, - ); - } - - private function seedStartupUser(string $email, string $password): void - { - $user = $this->userRepo->create( - new CreateUserDto( - email: new EmailAddress($email), - passwordHash: 'hashed-password', - ) - ); - } - - public function test_login_returns_200_and_sets_cookie_on_success(): void - { - $email = 'user@example.com'; - $password = 'password'; - $this->seedStartupUser($email, $password); - - $request = new Request([ - 'email' => $email, - 'password' => $password, - ]); - $response = $this->controller->login($request); - - $this->assertEquals(200, $response->getStatusCode()); - $body = json_decode($response->getContent(), true); - $this->assertSame($email, $body['user']['email']); - - $cookies = $response->headers->getCookies(); - $this->assertCount(1, $cookies); - $cookie = $cookies[0]; - $this->assertSame( - AuthMiddleware::COOKIE_NAME, - $cookie->getName() - ); - $this->assertSame('session-token-1', $cookie->getValue()); - $this->assertTrue($cookie->isHttpOnly()); - $this->assertSame('lax', $cookie->getSameSite()); - $this->assertNotNull( - $this->sessionRepo->findByToken('session-token-1') - ); - } - - public function test_login_returns_400_when_email_missing(): void - { - $request = new Request(['password' => 'correctpassword']); - $response = $this->controller->login($request); - $this->assertEquals(400, $response->getStatusCode()); - } - - public function test_login_returns_400_when_password_missing(): void - { - $request = new Request(['email' => 'user@example.com']); - $response = $this->controller->login($request); - $this->assertEquals(400, $response->getStatusCode()); - } - - public function test_login_returns_401_when_credentials_invalid(): void - { - $this->seedStartupUser('user@example.com', 'correctpassword'); - - $request = new Request([ - 'email' => 'user@example.com', - 'password' => 'wrongpassword', - ]); - $response = $this->controller->login($request); - $this->assertEquals(401, $response->getStatusCode()); - } - - public function test_logout_returns_204_and_clears_cookie(): void - { - $this->seedStartupUser('user@example.com', 'correctpassword'); - $loginRequest = new Request([ - 'email' => 'user@example.com', - 'password' => 'correctpassword', - ]); - $this->controller->login($loginRequest); - - $logoutRequest = new Request; - $logoutRequest->cookies->set( - AuthMiddleware::COOKIE_NAME, - 'session-token-1' - ); - $response = $this->controller->logout($logoutRequest); - - $this->assertEquals(204, $response->getStatusCode()); - $this->assertNull( - $this->sessionRepo->findByToken('session-token-1') - ); - - $cookies = $response->headers->getCookies(); - $this->assertCount(1, $cookies); - $this->assertSame( - AuthMiddleware::COOKIE_NAME, - $cookies[0]->getName() - ); - $this->assertSame('', $cookies[0]->getValue()); - } - - public function test_me_returns_200_with_user_when_authenticated(): void - { - $email = 'me@example.com'; - $user = $this->userRepo->create( - new CreateUserDto( - email: new EmailAddress($email), - passwordHash: 'password' - ) - ); - - $request = new Request; - $request->attributes->set('user', $user); - - $response = $this->controller->me($request); - - $this->assertEquals(200, $response->getStatusCode()); - $body = json_decode($response->getContent(), true); - $this->assertSame($user->getId(), $body['user']['id']); - $this->assertSame($email, $body['user']['email']); - } -}