getJson('/api/user') ->assertUnauthorized(); }); test('events endpoint requires a token', function () { $this->getJson('/api/events') ->assertUnauthorized(); }); test('api user endpoint returns the authenticated user', function () { $user = User::factory()->create([ 'name' => 'API User', 'email' => 'api-user@example.com', ]); Passport::actingAs($user); $this->getJson('/api/user') ->assertOk() ->assertJsonPath('id', $user->id) ->assertJsonPath('name', 'API User') ->assertJsonPath('email', 'api-user@example.com'); }); test('can login with presentation user credentials', function () { $this->seed(DatabaseSeeder::class); $this->postJson('/api/login', [ 'email' => 'user1@thats-me.app', 'password' => 'pass', ]) ->assertOk() ->assertJsonPath('tokenType', 'Bearer') ->assertJsonPath('user.email', 'user1@thats-me.app') ->assertJsonPath('user.name', 'User 1') ->assertJsonPath('user.mode', 'remote') ->assertJsonStructure([ 'token', 'tokenType', 'user' => ['id', 'name', 'email', 'avatar', 'mode'], ]); }); test('login rejects invalid credentials', function () { $this->seed(DatabaseSeeder::class); $this->postJson('/api/login', [ 'email' => 'user1@thats-me.app', 'password' => 'wrong-password', ]) ->assertUnprocessable() ->assertJsonValidationErrors(['email']); }); test('authenticated user can logout', function () { $user = User::factory()->create(); Passport::actingAs($user); $this->postJson('/api/logout') ->assertNoContent(); }); test('database seeder creates the presentation api users', function () { $this->seed(DatabaseSeeder::class); foreach (range(1, 6) as $number) { $user = User::query() ->where('email', "user{$number}@thats-me.app") ->first(); expect($user)->not->toBeNull() ->and($user->name)->toBe("User {$number}") ->and(Hash::check('pass', $user->password))->toBeTrue(); } $hasPersonalAccessClient = Client::query() ->where('provider', 'users') ->where('revoked', false) ->get() ->contains(fn (Client $client): bool => $client->hasGrantType('personal_access')); expect($hasPersonalAccessClient)->toBeTrue(); });