Adds displayname to existing assertions and new tests covering:
null/short/invalid-charset displayname, duplicate displayname,
findability by displayname. AuthenticateUser tests pick up the
seedUser displayname argument.
Add display_name (unique) and email_confirmed_at columns plus
matching getters, DTO fields, repo methods (findByDisplayName,
update), and migration. Existing auth tests updated to construct
User with the new params.
7 cases: zero postId or requesterId -> BadRequest; unknown post
is idempotent no-op; author can delete own post; admin can
delete anyone's post; non-author non-admin -> ForbiddenException;
forbidden attempts leave post intact.
4 cases: zero/negative id -> BadRequest; unknown id -> null
(controller maps to 404); existing id returns the Post.
GetPost takes int id directly (no Request object - the value is
trivial and controllers pull it from a route param).
5 cases: zero/negative userId -> BadRequest; user with no posts
-> []; returns only requested user's posts (filters out other
authors); ordered newest-first by createdAt. fails red.
7 cases: null + whitespace title -> BadRequest; null +
whitespace body -> BadRequest; valid request returns Post with
correct userId/title/body and createdAt = clock.now(); the post
is findable via the repo afterwards; title and body get trimmed
of leading/trailing whitespace. fails red - CreatePost class
absent.
4 cases: returns Session with the generated token + supplied
user; createdAt matches injected Clock now; expiresAt is now+7d;
session is findable via SessionRepository->findByToken. fails
red - CreateSession class missing.
9 cases: null/empty/malformed email -> BadRequest; null/empty
password -> BadRequest; unknown email -> Unauthorized; wrong
password -> Unauthorized; valid creds return the User entity;
isAdmin flag survives the auth round-trip. fails red - the
AuthenticateUser class does not exist yet.
9 cases: null/empty/malformed email -> BadRequest; null or
sub-8-char password -> BadRequest; duplicate email -> DomainException;
valid signup returns User with hashed password and isAdmin=false;
user is findable by email afterwards; EmailAddress vo lowercases
the domain. fails red - SignupUser class not yet defined.
7 cases: rejects spaces, double-@, empty input; trims whitespace;
lowercases domain only (preserving local-part case); equality by
normalized value; __toString and getDomain. fails red - class
App\\Shared\\ValueObject\\EmailAddress not yet defined.
