test(udt-001): backend unit and integration tests (30 tests)

2026-04-13 21:36:09 -03:00
parent 9891f96618
commit b657dc0d2a
12 changed files with 851 additions and 0 deletions
--- a/tests/SIGCM2.Api.Tests/Auth/AuthControllerTests.cs
+++ b/tests/SIGCM2.Api.Tests/Auth/AuthControllerTests.cs
@@ -0,0 +1,97 @@
+using System.Net;
+using System.Net.Http.Json;
+using System.Text.Json;
+using SIGCM2.TestSupport;
+
+namespace SIGCM2.Api.Tests.Auth;
+
+[Collection("ApiIntegration")]
+public class AuthControllerTests : IClassFixture<TestWebAppFactory>
+{
+    private readonly HttpClient _client;
+
+    public AuthControllerTests(TestWebAppFactory factory)
+    {
+        _client = factory.CreateClient();
+    }
+
+    // Scenario: happy path — valid admin credentials return 200 with token shape + usuario
+    [Fact]
+    public async Task Login_ValidCredentials_Returns200WithTokenShape()
+    {
+        var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
+        {
+            username = "admin",
+            password = "@Diego550@"
+        });
+
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+        var json = await response.Content.ReadFromJsonAsync<JsonElement>();
+        Assert.True(json.TryGetProperty("accessToken", out var token), "Response missing 'accessToken'");
+        Assert.True(json.TryGetProperty("refreshToken", out var refresh), "Response missing 'refreshToken'");
+        Assert.True(json.TryGetProperty("expiresIn", out var expires), "Response missing 'expiresIn'");
+
+        Assert.False(string.IsNullOrWhiteSpace(token.GetString()), "'accessToken' must not be empty");
+        Assert.False(string.IsNullOrWhiteSpace(refresh.GetString()), "'refreshToken' must not be empty");
+        Assert.Equal(3600, expires.GetInt32());
+
+        // Contract: response must include usuario object
+        Assert.True(json.TryGetProperty("usuario", out var usuario), "Response missing 'usuario'");
+        Assert.True(usuario.TryGetProperty("id", out var id), "usuario missing 'id'");
+        Assert.True(usuario.TryGetProperty("nombre", out var nombre), "usuario missing 'nombre'");
+        Assert.True(usuario.TryGetProperty("rol", out var rol), "usuario missing 'rol'");
+        Assert.True(usuario.TryGetProperty("permisos", out var permisos), "usuario missing 'permisos'");
+
+        Assert.True(id.GetInt32() > 0, "'usuario.id' must be positive");
+        Assert.False(string.IsNullOrWhiteSpace(nombre.GetString()), "'usuario.nombre' must not be empty");
+        Assert.False(string.IsNullOrWhiteSpace(rol.GetString()), "'usuario.rol' must not be empty");
+        Assert.Equal(JsonValueKind.Array, permisos.ValueKind);
+    }
+
+    // Scenario: invalid credentials return 401 with opaque error
+    [Fact]
+    public async Task Login_InvalidCredentials_Returns401()
+    {
+        var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
+        {
+            username = "admin",
+            password = "WrongPassword1!"
+        });
+
+        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+
+        var json = await response.Content.ReadFromJsonAsync<JsonElement>();
+        Assert.True(json.TryGetProperty("error", out var error));
+        Assert.Equal("Credenciales inválidas", error.GetString());
+    }
+
+    // Scenario: malformed body (missing password) returns 400
+    [Fact]
+    public async Task Login_MissingPassword_Returns400()
+    {
+        var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
+        {
+            username = "admin"
+            // password intentionally missing — JSON serializes as no field
+        });
+
+        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+
+        var json = await response.Content.ReadFromJsonAsync<JsonElement>();
+        Assert.True(json.TryGetProperty("errors", out var errors), "Response missing 'errors'");
+    }
+
+    // Triangulation: empty username returns 400
+    [Fact]
+    public async Task Login_EmptyUsername_Returns400()
+    {
+        var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
+        {
+            username = "",
+            password = "@Diego550@"
+        });
+
+        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+    }
+}
--- a/tests/SIGCM2.Api.Tests/SIGCM2.Api.Tests.csproj
+++ b/tests/SIGCM2.Api.Tests/SIGCM2.Api.Tests.csproj
@@ -0,0 +1,32 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsPackable>false</IsPackable>
+    <RootNamespace>SIGCM2.Api.Tests</RootNamespace>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="coverlet.collector" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" />
+    <PackageReference Include="xunit" />
+    <PackageReference Include="xunit.runner.visualstudio" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" />
+    <PackageReference Include="NSubstitute" />
+    <PackageReference Include="FluentAssertions" />
+    <PackageReference Include="Respawn" />
+    <PackageReference Include="Microsoft.Data.SqlClient" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\api\SIGCM2.Api\SIGCM2.Api.csproj" />
+    <ProjectReference Include="..\SIGCM2.TestSupport\SIGCM2.TestSupport.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Using Include="Xunit" />
+  </ItemGroup>
+
+</Project>