Files
laravel-api-kit/tests/Feature/Api/V1/AuthTest.php
ELMEHDI ACHAHED 13da9b84c1 Feature (#16)
* feat: add email verification endpoints and tests

Add comprehensive CI/CD pipeline using GitHub Actions

- Run Pest tests on PHP 8.3 and 8.4 with MySQL 8.0
- Automated code style checks with Pint
- Static analysis with Larastan/PHPStan
- Parallel job execution for faster builds
- Composer dependency caching
- MySQL service container with health checks

* feat: implement password reset flow with secure tokens , add forgot password and reset password functionality

- Created password_reset_tokens table migration
- Added POST /api/v1/forgot-password endpoint
- Added POST /api/v1/reset-password endpoint
- Both endpoints rate-limited to 6 requests per minute
- Integrated with Laravel's Password facade for secure token management
- Revokes all user tokens upon successful password reset
- Created ForgotPasswordRequest and ResetPasswordRequest with validation
- Added comprehensive test suite (6 test cases)
Password reset uses signed, time-limited tokens stored in the database.
All user sessions are invalidated after successful reset for security.

* feat: add reusable API middleware examples , Implement three production-ready middleware patterns for APIs

ForceJsonResponse:
- Ensures all API responses are JSON formatted
- Sets Accept: application/json header automatically
- Handles non-JSON responses gracefully
LogApiRequests:
- Logs API requests with timestamp, method, URL, IP, user ID, status
- Tracks and logs response time in milliseconds
- Adds X-Response-Time header to all responses
- Configurable via APP_LOG_API_REQUESTS env variable
EnsureEmailVerified:
- Protects routes requiring verified emails
- Returns 403 with descriptive message for unverified users
- Works with MustVerifyEmail contract
All middleware registered as aliases in bootstrap/app.php:
'force.json', 'log.api', 'verified'
These provide common API patterns that developers can apply to routes as needed.

* docs: update README with new API endpoints , Update API endpoints table with email verification and password reset routes

- Added 4 new endpoint rows to API documentation
- Updated rate limits for protected routes (60/min -> 120/min)
- Documented email verification endpoints
- Documented password reset endpoints
- All new endpoints properly documented with auth requirements"

* Update 0001_01_01_000000_create_users_table.php

* Fix test suite configuration and update route names to standard Laravel conventions

* style: fix code formatting per Laravel Pint standards

* refactor: revert password_reset_tokens back to users create_users migration

* Update 0001_01_01_000000_create_users_table.php

* fix: resolve all code style and type safety issues

Pint fixes:
- Fixed concat_space issues
- Removed unused imports (MustVerifyEmail from EnsureEmailVerified)
- Fixed not_operator_with_successor_space formatting

Rector fixes:
- Applied EncapsedStringsToSprintfRector for better type safety
- All code quality improvements applied

PHPStan fixes:
- Changed all middleware return types from Response to mixed (Laravel standard)
- Added Response type guard in LogApiRequests before accessing methods
- Removed redundant instanceof MustVerifyEmail check (User always implements it)
2026-01-29 04:16:33 +01:00

166 lines
4.8 KiB
PHP

<?php
declare(strict_types=1);
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
describe('Registration', function (): void {
it('registers a new user successfully', function (): void {
$response = $this->postJson('/api/v1/register', [
'name' => 'Test User',
'email' => 'test@example.com',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertStatus(201)
->assertJsonStructure([
'success',
'message',
'data' => [
'user' => ['id', 'name', 'email'],
'token',
],
])
->assertJson([
'success' => true,
'message' => 'User registered successfully. Please check your email to verify your account.',
]);
$this->assertDatabaseHas('users', [
'email' => 'test@example.com',
]);
});
it('fails registration with invalid data', function (): void {
$response = $this->postJson('/api/v1/register', [
'name' => '',
'email' => 'invalid-email',
'password' => 'short',
]);
$response->assertStatus(422);
});
it('fails registration with duplicate email', function (): void {
User::factory()->create(['email' => 'existing@example.com']);
$response = $this->postJson('/api/v1/register', [
'name' => 'Test User',
'email' => 'existing@example.com',
'password' => 'password123',
'password_confirmation' => 'password123',
]);
$response->assertStatus(422);
});
});
describe('Login', function (): void {
it('logs in with valid credentials', function (): void {
$user = User::factory()->create([
'password' => bcrypt('password123'),
]);
$response = $this->postJson('/api/v1/login', [
'email' => $user->email,
'password' => 'password123',
]);
$response->assertStatus(200)
->assertJsonStructure([
'success',
'message',
'data' => [
'user' => ['id', 'name', 'email'],
'token',
],
])
->assertJson([
'success' => true,
'message' => 'Login successful',
]);
});
it('fails login with invalid credentials', function (): void {
$user = User::factory()->create([
'password' => bcrypt('password123'),
]);
$response = $this->postJson('/api/v1/login', [
'email' => $user->email,
'password' => 'wrongpassword',
]);
$response->assertStatus(401)
->assertJson([
'success' => false,
'message' => 'Invalid credentials',
]);
});
it('fails login with non-existent user', function (): void {
$response = $this->postJson('/api/v1/login', [
'email' => 'nonexistent@example.com',
'password' => 'password123',
]);
$response->assertStatus(401);
});
});
describe('Logout', function (): void {
it('logs out authenticated user', function (): void {
$user = User::factory()->create();
$token = $user->createToken('test-token')->plainTextToken;
$response = $this->withHeader('Authorization', 'Bearer '.$token)
->postJson('/api/v1/logout');
$response->assertStatus(200)
->assertJson([
'success' => true,
'message' => 'Logged out successfully',
]);
});
it('fails logout without authentication', function (): void {
$response = $this->postJson('/api/v1/logout');
$response->assertStatus(401);
});
});
describe('Me', function (): void {
it('returns authenticated user data', function (): void {
$user = User::factory()->create();
$token = $user->createToken('test-token')->plainTextToken;
$response = $this->withHeader('Authorization', 'Bearer '.$token)
->getJson('/api/v1/me');
$response->assertStatus(200)
->assertJsonStructure([
'success',
'message',
'data' => ['id', 'name', 'email'],
])
->assertJson([
'success' => true,
'data' => [
'id' => $user->id,
'email' => $user->email,
],
]);
});
it('fails without authentication', function (): void {
$response = $this->getJson('/api/v1/me');
$response->assertStatus(401);
});
});