feat(api): UDT-003 registro de usuarios — backend completo (Phases 1-6)
- Domain: Usuario.ForCreation factory, UsernameAlreadyExistsException, IUsuarioRepository extendido - Application: CreateUsuarioCommand/Validator/Handler, UsuarioCreatedDto, AuthOptions password policy - Infrastructure: UsuarioRepository.ExistsByUsernameAsync + AddAsync (INSERT OUTPUT INSERTED.Id), RoleClaimType="rol" en TokenValidationParameters - Api: UsuariosController POST api/v1/users [Authorize(Roles="admin")], ExceptionFilter mapea UsernameAlreadyExistsException + SqlException 2627 → 409 - Tests (unit): 43 tests — 33 validator + 10 handler (107 total, green) - Tests (integration): 7 tests CreateUsuarioEndpoint — 401/403/400/201/409/race/e2e (green) - Fix: TestWebAppFactory.ConfigureTestServices reemplaza SqlConnectionFactory singleton con CS de test correcto
This commit is contained in:
@@ -6,4 +6,6 @@ public interface IUsuarioRepository
|
||||
{
|
||||
Task<Usuario?> GetByUsernameAsync(string username);
|
||||
Task<Usuario?> GetByIdAsync(int id, CancellationToken ct = default);
|
||||
Task<bool> ExistsByUsernameAsync(string username, CancellationToken ct = default);
|
||||
Task<int> AddAsync(Usuario usuario, CancellationToken ct = default);
|
||||
}
|
||||
|
||||
@@ -9,4 +9,9 @@ public sealed class AuthOptions
|
||||
{
|
||||
public int AccessTokenMinutes { get; set; } = 60;
|
||||
public int RefreshTokenDays { get; set; } = 7;
|
||||
|
||||
// Password policy — configurable, secure defaults
|
||||
public int PasswordMinLength { get; set; } = 8;
|
||||
public bool PasswordRequireLetter { get; set; } = true;
|
||||
public bool PasswordRequireDigit { get; set; } = true;
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Auth.Login;
|
||||
using SIGCM2.Application.Auth.Logout;
|
||||
using SIGCM2.Application.Auth.Refresh;
|
||||
using SIGCM2.Application.Usuarios.Create;
|
||||
|
||||
namespace SIGCM2.Application;
|
||||
|
||||
@@ -15,6 +16,7 @@ public static class DependencyInjection
|
||||
services.AddScoped<ICommandHandler<LoginCommand, LoginResponseDto>, LoginCommandHandler>();
|
||||
services.AddScoped<ICommandHandler<RefreshCommand, RefreshResponseDto>, RefreshCommandHandler>();
|
||||
services.AddScoped<ICommandHandler<LogoutCommand, LogoutResponseDto>, LogoutCommandHandler>();
|
||||
services.AddScoped<ICommandHandler<CreateUsuarioCommand, UsuarioCreatedDto>, CreateUsuarioCommandHandler>();
|
||||
|
||||
// FluentValidation validators (scans entire Application assembly)
|
||||
services.AddValidatorsFromAssemblyContaining<LoginCommandValidator>();
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
namespace SIGCM2.Application.Usuarios.Create;
|
||||
|
||||
public sealed record CreateUsuarioCommand(
|
||||
string Username,
|
||||
string Password,
|
||||
string Nombre,
|
||||
string Apellido,
|
||||
string? Email,
|
||||
string Rol);
|
||||
@@ -0,0 +1,52 @@
|
||||
using SIGCM2.Application.Abstractions;
|
||||
using SIGCM2.Application.Abstractions.Persistence;
|
||||
using SIGCM2.Application.Abstractions.Security;
|
||||
using SIGCM2.Domain.Entities;
|
||||
using SIGCM2.Domain.Exceptions;
|
||||
|
||||
namespace SIGCM2.Application.Usuarios.Create;
|
||||
|
||||
public sealed class CreateUsuarioCommandHandler : ICommandHandler<CreateUsuarioCommand, UsuarioCreatedDto>
|
||||
{
|
||||
private readonly IUsuarioRepository _repository;
|
||||
private readonly IPasswordHasher _hasher;
|
||||
|
||||
public CreateUsuarioCommandHandler(
|
||||
IUsuarioRepository repository,
|
||||
IPasswordHasher hasher)
|
||||
{
|
||||
_repository = repository;
|
||||
_hasher = hasher;
|
||||
}
|
||||
|
||||
public async Task<UsuarioCreatedDto> Handle(CreateUsuarioCommand command)
|
||||
{
|
||||
// Check-then-insert: explicit check gives a clear 409 message.
|
||||
// SqlException 2627 (UQ violation) acts as race-condition fallback — caught in ExceptionFilter.
|
||||
var exists = await _repository.ExistsByUsernameAsync(command.Username);
|
||||
if (exists)
|
||||
throw new UsernameAlreadyExistsException(command.Username);
|
||||
|
||||
var passwordHash = _hasher.Hash(command.Password);
|
||||
|
||||
var usuario = Usuario.ForCreation(
|
||||
username: command.Username,
|
||||
passwordHash: passwordHash,
|
||||
nombre: command.Nombre,
|
||||
apellido: command.Apellido,
|
||||
email: command.Email,
|
||||
rol: command.Rol);
|
||||
|
||||
// TODO: audit — record which admin created this user (defer to UDT-Audit)
|
||||
var newId = await _repository.AddAsync(usuario);
|
||||
|
||||
return new UsuarioCreatedDto(
|
||||
Id: newId,
|
||||
Username: usuario.Username,
|
||||
Nombre: usuario.Nombre,
|
||||
Apellido: usuario.Apellido,
|
||||
Email: usuario.Email,
|
||||
Rol: usuario.Rol,
|
||||
Activo: usuario.Activo);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,60 @@
|
||||
using FluentValidation;
|
||||
using SIGCM2.Application.Auth;
|
||||
|
||||
namespace SIGCM2.Application.Usuarios.Create;
|
||||
|
||||
public sealed class CreateUsuarioCommandValidator : AbstractValidator<CreateUsuarioCommand>
|
||||
{
|
||||
private static readonly string[] ValidRoles = ["admin", "vendedor", "tasador", "consulta"];
|
||||
|
||||
private const int UsernameMinLength = 3;
|
||||
private const int UsernameMaxLength = 50;
|
||||
private const int NombreMaxLength = 100;
|
||||
private const int ApellidoMaxLength = 100;
|
||||
private const int EmailMaxLength = 150;
|
||||
|
||||
public CreateUsuarioCommandValidator() : this(new AuthOptions()) { }
|
||||
|
||||
public CreateUsuarioCommandValidator(AuthOptions authOptions)
|
||||
{
|
||||
RuleFor(x => x.Username)
|
||||
.NotEmpty().WithMessage("El nombre de usuario es requerido.")
|
||||
.Length(UsernameMinLength, UsernameMaxLength)
|
||||
.WithMessage($"El username debe tener entre {UsernameMinLength} y {UsernameMaxLength} caracteres.")
|
||||
.Matches(@"^[a-zA-Z0-9._\-]+$")
|
||||
.WithMessage("El username solo puede contener letras, dígitos, puntos, guiones y guiones bajos.");
|
||||
|
||||
RuleFor(x => x.Password)
|
||||
.NotEmpty().WithMessage("La contraseña es requerida.")
|
||||
.MinimumLength(authOptions.PasswordMinLength)
|
||||
.WithMessage($"La contraseña debe tener al menos {authOptions.PasswordMinLength} caracteres.")
|
||||
.Must(p => !authOptions.PasswordRequireLetter || ContainsLetter(p))
|
||||
.WithMessage("La contraseña debe contener al menos una letra.")
|
||||
.Must(p => !authOptions.PasswordRequireDigit || ContainsDigit(p))
|
||||
.WithMessage("La contraseña debe contener al menos un dígito.");
|
||||
|
||||
RuleFor(x => x.Nombre)
|
||||
.NotEmpty().WithMessage("El nombre es requerido.")
|
||||
.MaximumLength(NombreMaxLength).WithMessage($"El nombre no puede superar los {NombreMaxLength} caracteres.");
|
||||
|
||||
RuleFor(x => x.Apellido)
|
||||
.NotEmpty().WithMessage("El apellido es requerido.")
|
||||
.MaximumLength(ApellidoMaxLength).WithMessage($"El apellido no puede superar los {ApellidoMaxLength} caracteres.");
|
||||
|
||||
RuleFor(x => x.Email)
|
||||
.EmailAddress().WithMessage("El email no tiene un formato válido.")
|
||||
.MaximumLength(EmailMaxLength).WithMessage($"El email no puede superar los {EmailMaxLength} caracteres.")
|
||||
.When(x => x.Email is not null);
|
||||
|
||||
RuleFor(x => x.Rol)
|
||||
.NotEmpty().WithMessage("El rol es requerido.")
|
||||
.Must(r => ValidRoles.Contains(r))
|
||||
.WithMessage($"El rol debe ser uno de: {string.Join(", ", ValidRoles)}.");
|
||||
}
|
||||
|
||||
private static bool ContainsLetter(string value) =>
|
||||
value is not null && value.Any(char.IsLetter);
|
||||
|
||||
private static bool ContainsDigit(string value) =>
|
||||
value is not null && value.Any(char.IsDigit);
|
||||
}
|
||||
@@ -0,0 +1,10 @@
|
||||
namespace SIGCM2.Application.Usuarios.Create;
|
||||
|
||||
public sealed record UsuarioCreatedDto(
|
||||
int Id,
|
||||
string Username,
|
||||
string Nombre,
|
||||
string Apellido,
|
||||
string? Email,
|
||||
string Rol,
|
||||
bool Activo);
|
||||
Reference in New Issue
Block a user