98 lines
3.8 KiB
C#
98 lines
3.8 KiB
C#
using System.Net;
|
|
using System.Net.Http.Json;
|
|
using System.Text.Json;
|
|
using SIGCM2.TestSupport;
|
|
|
|
namespace SIGCM2.Api.Tests.Auth;
|
|
|
|
[Collection("ApiIntegration")]
|
|
public class AuthControllerTests : IClassFixture<TestWebAppFactory>
|
|
{
|
|
private readonly HttpClient _client;
|
|
|
|
public AuthControllerTests(TestWebAppFactory factory)
|
|
{
|
|
_client = factory.CreateClient();
|
|
}
|
|
|
|
// Scenario: happy path — valid admin credentials return 200 with token shape + usuario
|
|
[Fact]
|
|
public async Task Login_ValidCredentials_Returns200WithTokenShape()
|
|
{
|
|
var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
|
|
{
|
|
username = "admin",
|
|
password = "@Diego550@"
|
|
});
|
|
|
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
|
|
|
var json = await response.Content.ReadFromJsonAsync<JsonElement>();
|
|
Assert.True(json.TryGetProperty("accessToken", out var token), "Response missing 'accessToken'");
|
|
Assert.True(json.TryGetProperty("refreshToken", out var refresh), "Response missing 'refreshToken'");
|
|
Assert.True(json.TryGetProperty("expiresIn", out var expires), "Response missing 'expiresIn'");
|
|
|
|
Assert.False(string.IsNullOrWhiteSpace(token.GetString()), "'accessToken' must not be empty");
|
|
Assert.False(string.IsNullOrWhiteSpace(refresh.GetString()), "'refreshToken' must not be empty");
|
|
Assert.Equal(3600, expires.GetInt32());
|
|
|
|
// Contract: response must include usuario object
|
|
Assert.True(json.TryGetProperty("usuario", out var usuario), "Response missing 'usuario'");
|
|
Assert.True(usuario.TryGetProperty("id", out var id), "usuario missing 'id'");
|
|
Assert.True(usuario.TryGetProperty("nombre", out var nombre), "usuario missing 'nombre'");
|
|
Assert.True(usuario.TryGetProperty("rol", out var rol), "usuario missing 'rol'");
|
|
Assert.True(usuario.TryGetProperty("permisos", out var permisos), "usuario missing 'permisos'");
|
|
|
|
Assert.True(id.GetInt32() > 0, "'usuario.id' must be positive");
|
|
Assert.False(string.IsNullOrWhiteSpace(nombre.GetString()), "'usuario.nombre' must not be empty");
|
|
Assert.False(string.IsNullOrWhiteSpace(rol.GetString()), "'usuario.rol' must not be empty");
|
|
Assert.Equal(JsonValueKind.Array, permisos.ValueKind);
|
|
}
|
|
|
|
// Scenario: invalid credentials return 401 with opaque error
|
|
[Fact]
|
|
public async Task Login_InvalidCredentials_Returns401()
|
|
{
|
|
var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
|
|
{
|
|
username = "admin",
|
|
password = "WrongPassword1!"
|
|
});
|
|
|
|
Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
|
|
|
|
var json = await response.Content.ReadFromJsonAsync<JsonElement>();
|
|
Assert.True(json.TryGetProperty("error", out var error));
|
|
Assert.Equal("Credenciales inválidas", error.GetString());
|
|
}
|
|
|
|
// Scenario: malformed body (missing password) returns 400
|
|
[Fact]
|
|
public async Task Login_MissingPassword_Returns400()
|
|
{
|
|
var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
|
|
{
|
|
username = "admin"
|
|
// password intentionally missing — JSON serializes as no field
|
|
});
|
|
|
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
|
|
|
var json = await response.Content.ReadFromJsonAsync<JsonElement>();
|
|
Assert.True(json.TryGetProperty("errors", out var errors), "Response missing 'errors'");
|
|
}
|
|
|
|
// Triangulation: empty username returns 400
|
|
[Fact]
|
|
public async Task Login_EmptyUsername_Returns400()
|
|
{
|
|
var response = await _client.PostAsJsonAsync("/api/v1/auth/login", new
|
|
{
|
|
username = "",
|
|
password = "@Diego550@"
|
|
});
|
|
|
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
|
}
|
|
}
|