feat(api): UDT-003 registro de usuarios — backend completo (Phases 1-6)

- Domain: Usuario.ForCreation factory, UsernameAlreadyExistsException, IUsuarioRepository extendido - Application: CreateUsuarioCommand/Validator/Handler, UsuarioCreatedDto, AuthOptions password policy - Infrastructure: UsuarioRepository.ExistsByUsernameAsync + AddAsync (INSERT OUTPUT INSERTED.Id), RoleClaimType="rol" en TokenValidationParameters - Api: UsuariosController POST api/v1/users [Authorize(Roles="admin")], ExceptionFilter mapea UsernameAlreadyExistsException + SqlException 2627 → 409 - Tests (unit): 43 tests — 33 validator + 10 handler (107 total, green) - Tests (integration): 7 tests CreateUsuarioEndpoint — 401/403/400/201/409/race/e2e (green) - Fix: TestWebAppFactory.ConfigureTestServices reemplaza SqlConnectionFactory singleton con CS de test correcto
2026-04-15 10:47:48 -03:00
parent 023d30fce4
commit 3d598faffc
19 changed files with 1079 additions and 1 deletions
--- a/src/api/SIGCM2.Api/Controllers/UsuariosController.cs
+++ b/src/api/SIGCM2.Api/Controllers/UsuariosController.cs
@@ -0,0 +1,62 @@
+using FluentValidation;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using SIGCM2.Application.Abstractions;
+using SIGCM2.Application.Usuarios.Create;
+
+namespace SIGCM2.Api.Controllers;
+
+[ApiController]
+[Route("api/v1/users")]
+[Authorize(Roles = "admin")]
+public sealed class UsuariosController : ControllerBase
+{
+    private readonly IDispatcher _dispatcher;
+    private readonly IValidator<CreateUsuarioCommand> _validator;
+
+    public UsuariosController(IDispatcher dispatcher, IValidator<CreateUsuarioCommand> validator)
+    {
+        _dispatcher = dispatcher;
+        _validator = validator;
+    }
+
+    /// <summary>Creates a new user. Requires admin role.</summary>
+    [HttpPost]
+    [ProducesResponseType(typeof(UsuarioCreatedDto), StatusCodes.Status201Created)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
+    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
+    [ProducesResponseType(StatusCodes.Status403Forbidden)]
+    [ProducesResponseType(StatusCodes.Status409Conflict)]
+    public async Task<IActionResult> CreateUsuario([FromBody] CreateUsuarioRequest request)
+    {
+        var command = new CreateUsuarioCommand(
+            Username: request.Username ?? string.Empty,
+            Password: request.Password ?? string.Empty,
+            Nombre: request.Nombre ?? string.Empty,
+            Apellido: request.Apellido ?? string.Empty,
+            Email: request.Email,
+            Rol: request.Rol ?? string.Empty);
+
+        var validation = await _validator.ValidateAsync(command);
+        if (!validation.IsValid)
+        {
+            var errors = validation.Errors
+                .GroupBy(e => e.PropertyName)
+                .ToDictionary(g => g.Key, g => g.Select(e => e.ErrorMessage).ToArray());
+            return BadRequest(new { errors });
+        }
+
+        var result = await _dispatcher.Send<CreateUsuarioCommand, UsuarioCreatedDto>(command);
+
+        return CreatedAtAction(nameof(CreateUsuario), new { id = result.Id }, result);
+    }
+}
+
+/// <summary>Create user request body — nullable to catch missing field scenarios.</summary>
+public sealed record CreateUsuarioRequest(
+    string? Username,
+    string? Password,
+    string? Nombre,
+    string? Apellido,
+    string? Email,
+    string? Rol);
--- a/src/api/SIGCM2.Api/Filters/ExceptionFilter.cs
+++ b/src/api/SIGCM2.Api/Filters/ExceptionFilter.cs
@@ -1,6 +1,7 @@
 using FluentValidation;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.Data.SqlClient;
 using SIGCM2.Domain.Exceptions;

 namespace SIGCM2.Api.Filters;
@@ -18,6 +19,31 @@ public sealed class ExceptionFilter : IExceptionFilter
    {
        switch (context.Exception)
        {
+            case UsernameAlreadyExistsException usernameEx:
+                context.Result = new ObjectResult(new
+                {
+                    error = "username_taken",
+                    message = usernameEx.Message
+                })
+                {
+                    StatusCode = StatusCodes.Status409Conflict
+                };
+                context.ExceptionHandled = true;
+                break;
+
+            case SqlException sqlEx when sqlEx.Number == 2627:
+                // Safety net: UQ constraint violation from a race condition
+                context.Result = new ObjectResult(new
+                {
+                    error = "username_taken",
+                    message = "El nombre de usuario ya está en uso."
+                })
+                {
+                    StatusCode = StatusCodes.Status409Conflict
+                };
+                context.ExceptionHandled = true;
+                break;
+
            case InvalidCredentialsException:
                context.Result = new ObjectResult(new { error = "Credenciales inválidas" })
                {