create('license.pdf', 500, 'application/pdf'); $response = $this->postJson('/api/sponsors/register', [ 'full_name' => 'Test Sponsor Organization', 'mobile' => '+971509990001', 'password' => 'securepassword', 'license_file' => $licenseFile, 'organization_name' => 'Charity Co', 'nationality' => 'Emirati', 'city' => 'Abu Dhabi', ]); $response->assertStatus(201) ->assertJsonStructure([ 'success', 'message', 'data' => [ 'sponsor' => [ 'id', 'full_name', 'mobile', 'organization_name', 'nationality', 'city', 'license_file', ], 'token', ] ]); $this->assertDatabaseHas('sponsors', [ 'mobile' => '+971509990001', 'full_name' => 'Test Sponsor Organization', ]); } /** * Test both Sponsor and Employer can log in using the unified login endpoint. */ public function test_unified_login_returns_correct_role_and_data() { // 1. Create a pure Sponsor (no User record) $sponsorUser = Sponsor::create([ 'full_name' => 'Sponsor User', 'email' => 'sponsor@example.com', 'mobile' => '+971509991111', 'password' => Hash::make('password123'), 'license_file' => 'uploads/licenses/fake.pdf', 'status' => 'active', ]); // 2. Create an Employer (has both User and Sponsor records, legacy setup) $employerUser = User::create([ 'name' => 'Employer User', 'email' => 'employer@example.com', 'password' => Hash::make('password123'), 'role' => 'employer', 'api_token' => 'old_token', ]); EmployerProfile::create([ 'user_id' => $employerUser->id, 'company_name' => 'Employer Corp', 'phone' => '+971509992222', 'country' => 'United Arab Emirates', 'verification_status' => 'approved', ]); Sponsor::create([ 'full_name' => 'Employer User', 'email' => 'employer@example.com', 'mobile' => '+971509992222', 'password' => $employerUser->password, 'status' => 'active', ]); // --- Test Sponsor Login via /api/employers/login --- $responseSponsor = $this->postJson('/api/employers/login', [ 'mobile' => '+971509991111', 'password' => 'password123', ]); $responseSponsor->assertStatus(200) ->assertJson([ 'success' => true, 'role' => 'sponsor', ]) ->assertJsonStructure([ 'data' => [ 'sponsor', 'token', ] ]); // --- Test Employer Login via /api/employers/login --- $responseEmployer = $this->postJson('/api/employers/login', [ 'mobile' => '+971509992222', 'password' => 'password123', ]); $responseEmployer->assertStatus(200) ->assertJson([ 'success' => true, 'role' => 'employer', ]) ->assertJsonStructure([ 'data' => [ 'employer' => [ 'id', 'name', 'email', 'employer_profile', ], 'token', ] ]); } /** * Test that pure sponsors can only access their limited routes. */ public function test_sponsor_restricted_access() { $sponsor = Sponsor::create([ 'full_name' => 'Pure Sponsor', 'email' => 'pure_sponsor@example.com', 'mobile' => '+971509993333', 'password' => Hash::make('password123'), 'api_token' => 'sponsor_token_abc', 'status' => 'active', ]); // Access dashboard successfully $responseDash = $this->withHeaders([ 'Authorization' => 'Bearer sponsor_token_abc', ])->getJson('/api/sponsors/dashboard'); $responseDash->assertStatus(200); // Try to access employer protected route (should get blocked as they don't have employer token/role) $responseEmployerRoute = $this->withHeaders([ 'Authorization' => 'Bearer sponsor_token_abc', ])->getJson('/api/employers/profile'); $responseEmployerRoute->assertStatus(401); } }