169 lines
5.5 KiB
PHP
169 lines
5.5 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use App\Models\Sponsor;
|
|
use App\Models\User;
|
|
use App\Models\EmployerProfile;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Http\UploadedFile;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Tests\TestCase;
|
|
|
|
class SponsorAuthApiTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
/**
|
|
* Test a pure Sponsor can register with simple info and a license file upload.
|
|
*/
|
|
public function test_sponsor_can_register_with_license()
|
|
{
|
|
$licenseFile = UploadedFile::fake()->create('license.pdf', 500, 'application/pdf');
|
|
|
|
$response = $this->postJson('/api/sponsors/register', [
|
|
'full_name' => 'Test Sponsor Organization',
|
|
'mobile' => '+971509990001',
|
|
'password' => 'securepassword',
|
|
'license_file' => $licenseFile,
|
|
'organization_name' => 'Charity Co',
|
|
'nationality' => 'Emirati',
|
|
'city' => 'Abu Dhabi',
|
|
]);
|
|
|
|
$response->assertStatus(201)
|
|
->assertJsonStructure([
|
|
'success',
|
|
'message',
|
|
'data' => [
|
|
'sponsor' => [
|
|
'id',
|
|
'full_name',
|
|
'mobile',
|
|
'organization_name',
|
|
'nationality',
|
|
'city',
|
|
'license_file',
|
|
],
|
|
'token',
|
|
]
|
|
]);
|
|
|
|
$this->assertDatabaseHas('sponsors', [
|
|
'mobile' => '+971509990001',
|
|
'full_name' => 'Test Sponsor Organization',
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test both Sponsor and Employer can log in using the unified login endpoint.
|
|
*/
|
|
public function test_unified_login_returns_correct_role_and_data()
|
|
{
|
|
// 1. Create a pure Sponsor (no User record)
|
|
$sponsorUser = Sponsor::create([
|
|
'full_name' => 'Sponsor User',
|
|
'email' => 'sponsor@example.com',
|
|
'mobile' => '+971509991111',
|
|
'password' => Hash::make('password123'),
|
|
'license_file' => 'uploads/licenses/fake.pdf',
|
|
'status' => 'active',
|
|
]);
|
|
|
|
// 2. Create an Employer (has both User and Sponsor records, legacy setup)
|
|
$employerUser = User::create([
|
|
'name' => 'Employer User',
|
|
'email' => 'employer@example.com',
|
|
'password' => Hash::make('password123'),
|
|
'role' => 'employer',
|
|
'api_token' => 'old_token',
|
|
]);
|
|
|
|
EmployerProfile::create([
|
|
'user_id' => $employerUser->id,
|
|
'company_name' => 'Employer Corp',
|
|
'phone' => '+971509992222',
|
|
'country' => 'United Arab Emirates',
|
|
'verification_status' => 'approved',
|
|
]);
|
|
|
|
Sponsor::create([
|
|
'full_name' => 'Employer User',
|
|
'email' => 'employer@example.com',
|
|
'mobile' => '+971509992222',
|
|
'password' => $employerUser->password,
|
|
'status' => 'active',
|
|
]);
|
|
|
|
// --- Test Sponsor Login via /api/employers/login ---
|
|
$responseSponsor = $this->postJson('/api/employers/login', [
|
|
'mobile' => '+971509991111',
|
|
'password' => 'password123',
|
|
]);
|
|
|
|
$responseSponsor->assertStatus(200)
|
|
->assertJson([
|
|
'success' => true,
|
|
'role' => 'sponsor',
|
|
])
|
|
->assertJsonStructure([
|
|
'data' => [
|
|
'sponsor',
|
|
'token',
|
|
]
|
|
]);
|
|
|
|
// --- Test Employer Login via /api/employers/login ---
|
|
$responseEmployer = $this->postJson('/api/employers/login', [
|
|
'mobile' => '+971509992222',
|
|
'password' => 'password123',
|
|
]);
|
|
|
|
$responseEmployer->assertStatus(200)
|
|
->assertJson([
|
|
'success' => true,
|
|
'role' => 'employer',
|
|
])
|
|
->assertJsonStructure([
|
|
'data' => [
|
|
'employer' => [
|
|
'id',
|
|
'name',
|
|
'email',
|
|
'employer_profile',
|
|
],
|
|
'token',
|
|
]
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Test that pure sponsors can only access their limited routes.
|
|
*/
|
|
public function test_sponsor_restricted_access()
|
|
{
|
|
$sponsor = Sponsor::create([
|
|
'full_name' => 'Pure Sponsor',
|
|
'email' => 'pure_sponsor@example.com',
|
|
'mobile' => '+971509993333',
|
|
'password' => Hash::make('password123'),
|
|
'api_token' => 'sponsor_token_abc',
|
|
'status' => 'active',
|
|
]);
|
|
|
|
// Access dashboard successfully
|
|
$responseDash = $this->withHeaders([
|
|
'Authorization' => 'Bearer sponsor_token_abc',
|
|
])->getJson('/api/sponsors/dashboard');
|
|
|
|
$responseDash->assertStatus(200);
|
|
|
|
// Try to access employer protected route (should get blocked as they don't have employer token/role)
|
|
$responseEmployerRoute = $this->withHeaders([
|
|
'Authorization' => 'Bearer sponsor_token_abc',
|
|
])->getJson('/api/employers/profile');
|
|
|
|
$responseEmployerRoute->assertStatus(401);
|
|
}
|
|
}
|