Yisroel Baum
21dca993cd
Red phase: AuthControllerTest covers login with valid credentials (returns user+cookie), missing email (400), invalid credentials (401), logout (clears cookie, 204), and me (returns user from attribute).
170 lines
5.1 KiB
PHP
170 lines
5.1 KiB
PHP
<?php
|
|
|
|
namespace Tests\Unit\Controllers;
|
|
|
|
use App\Auth\UseCases\AuthenticateUser\AuthenticateUser;
|
|
use App\Auth\UseCases\AuthenticateUser\AuthenticateUserRequest;
|
|
use App\Auth\UseCases\CreateSession\CreateSession;
|
|
use App\Auth\UseCases\Logout\Logout;
|
|
use App\Middleware\AuthMiddleware;
|
|
use App\Controllers\AuthController;
|
|
use App\Shared\ValueObject\EmailAddress;
|
|
use App\User\CreateUserDto;
|
|
use App\User\User;
|
|
use DateTimeImmutable;
|
|
use PHPUnit\Framework\TestCase;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use Slim\Psr7\Factory\ServerRequestFactory;
|
|
use Slim\Psr7\Response;
|
|
use Tests\Fakes\FakeClock;
|
|
use Tests\Fakes\FakePasswordHasher;
|
|
use Tests\Fakes\FakeSessionRepository;
|
|
use Tests\Fakes\FakeTokenGenerator;
|
|
use Tests\Fakes\FakeUserRepository;
|
|
|
|
class AuthControllerTest extends TestCase
|
|
{
|
|
private FakeUserRepository $userRepo;
|
|
private FakeSessionRepository $sessionRepo;
|
|
private FakePasswordHasher $hasher;
|
|
private FakeTokenGenerator $tokenGenerator;
|
|
private FakeClock $clock;
|
|
private AuthController $controller;
|
|
private User $user;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->userRepo = new FakeUserRepository();
|
|
$this->sessionRepo = new FakeSessionRepository();
|
|
$this->hasher = new FakePasswordHasher();
|
|
$this->tokenGenerator = new FakeTokenGenerator([
|
|
'session-token-1',
|
|
'session-token-2',
|
|
]);
|
|
$this->clock = new FakeClock(
|
|
new DateTimeImmutable('2026-05-16 12:00:00'),
|
|
);
|
|
|
|
$authenticateUser = new AuthenticateUser(
|
|
$this->userRepo,
|
|
$this->hasher,
|
|
);
|
|
$createSession = new CreateSession(
|
|
$this->sessionRepo,
|
|
$this->tokenGenerator,
|
|
$this->clock,
|
|
);
|
|
$logout = new Logout($this->sessionRepo);
|
|
|
|
$this->controller = new AuthController(
|
|
$authenticateUser,
|
|
$createSession,
|
|
$logout,
|
|
);
|
|
|
|
$this->user = $this->userRepo->create(new CreateUserDto(
|
|
email: new EmailAddress('user@example.com'),
|
|
passwordHash: $this->hasher->hash('correct-password'),
|
|
));
|
|
}
|
|
|
|
public function testLoginReturnsUserAndSetsCookie(): void
|
|
{
|
|
$request = $this->jsonRequest('POST', '/login', [
|
|
'email' => 'user@example.com',
|
|
'password' => 'correct-password',
|
|
]);
|
|
|
|
$response = $this->controller->login($request, new Response());
|
|
|
|
$this->assertSame(200, $response->getStatusCode());
|
|
$this->assertStringContainsString(
|
|
'user@example.com',
|
|
(string) $response->getBody(),
|
|
);
|
|
|
|
$cookieHeader = $response->getHeaderLine('Set-Cookie');
|
|
$this->assertStringContainsString(
|
|
AuthMiddleware::COOKIE_NAME.'=session-token-1',
|
|
$cookieHeader,
|
|
);
|
|
$this->assertStringContainsString('HttpOnly', $cookieHeader);
|
|
}
|
|
|
|
public function testLoginReturns400ForMissingEmail(): void
|
|
{
|
|
$request = $this->jsonRequest('POST', '/login', [
|
|
'password' => 'correct-password',
|
|
]);
|
|
|
|
$response = $this->controller->login($request, new Response());
|
|
|
|
$this->assertSame(400, $response->getStatusCode());
|
|
}
|
|
|
|
public function testLoginReturns401ForInvalidCredentials(): void
|
|
{
|
|
$request = $this->jsonRequest('POST', '/login', [
|
|
'email' => 'user@example.com',
|
|
'password' => 'wrong-password',
|
|
]);
|
|
|
|
$response = $this->controller->login($request, new Response());
|
|
|
|
$this->assertSame(401, $response->getStatusCode());
|
|
}
|
|
|
|
public function testLogoutClearsCookieAndReturns204(): void
|
|
{
|
|
$request = $this->createRequest()
|
|
->withCookieParams([
|
|
AuthMiddleware::COOKIE_NAME => 'session-token-1',
|
|
]);
|
|
|
|
$response = $this->controller->logout($request, new Response());
|
|
|
|
$this->assertSame(204, $response->getStatusCode());
|
|
|
|
$cookieHeader = $response->getHeaderLine('Set-Cookie');
|
|
$this->assertStringContainsString(
|
|
AuthMiddleware::COOKIE_NAME.'=',
|
|
$cookieHeader,
|
|
);
|
|
}
|
|
|
|
public function testMeReturnsUserFromAttribute(): void
|
|
{
|
|
$request = $this->createRequest()
|
|
->withAttribute('user', $this->user);
|
|
|
|
$response = $this->controller->me($request, new Response());
|
|
|
|
$this->assertSame(200, $response->getStatusCode());
|
|
$this->assertStringContainsString(
|
|
'user@example.com',
|
|
(string) $response->getBody(),
|
|
);
|
|
}
|
|
|
|
private function jsonRequest(
|
|
string $method,
|
|
string $path,
|
|
array $body,
|
|
): ServerRequestInterface {
|
|
$request = $this->createRequest($method, $path)
|
|
->withHeader('Content-Type', 'application/json');
|
|
$request->getBody()->write(json_encode($body));
|
|
$request->getBody()->rewind();
|
|
|
|
return $request;
|
|
}
|
|
|
|
private function createRequest(
|
|
string $method = 'POST',
|
|
string $path = '/',
|
|
): ServerRequestInterface {
|
|
$factory = new ServerRequestFactory();
|
|
|
|
return $factory->createServerRequest($method, $path);
|
|
}
|
|
}
|