stage 1 of oauth removal, switch to sanctum pat tokens

tests/Feature/Auth/TenantAdminTokenAuthTest.php

@@ -0,0 +1,125 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\Tenant;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Hash;
+use Tests\TestCase;
+
+class TenantAdminTokenAuthTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_tenant_admin_can_login_and_receive_token(): void
+    {
+        $tenant = Tenant::factory()->create();
+
+        $user = User::factory()->create([
+            'tenant_id' => $tenant->id,
+            'role' => 'tenant_admin',
+            'password' => Hash::make('secret-password'),
+            'email_verified_at' => now(),
+        ]);
+
+        $response = $this->postJson(route('api.v1.tenant-auth.login'), [
+            'login' => $user->email,
+            'password' => 'secret-password',
+        ]);
+
+        $response->assertOk();
+        $response->assertJsonStructure([
+            'token',
+            'token_type',
+            'abilities',
+            'user' => ['id', 'email', 'name', 'role', 'tenant_id'],
+        ]);
+
+        $this->assertDatabaseCount('personal_access_tokens', 1);
+    }
+
+    public function test_regular_user_cannot_login(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'user',
+            'password' => Hash::make('secret-password'),
+            'email_verified_at' => now(),
+        ]);
+
+        $response = $this->postJson(route('api.v1.tenant-auth.login'), [
+            'login' => $user->email,
+            'password' => 'secret-password',
+        ]);
+
+        $response->assertStatus(422);
+        $response->assertJsonValidationErrors('login');
+    }
+
+    public function test_unverified_user_cannot_login(): void
+    {
+        $user = User::factory()->create([
+            'role' => 'tenant_admin',
+            'password' => Hash::make('secret-password'),
+            'email_verified_at' => null,
+        ]);
+
+        $response = $this->postJson(route('api.v1.tenant-auth.login'), [
+            'login' => $user->email,
+            'password' => 'secret-password',
+        ]);
+
+        $response->assertStatus(422);
+        $response->assertJsonValidationErrors('login');
+    }
+
+    public function test_me_endpoint_returns_user_details(): void
+    {
+        $tenant = Tenant::factory()->create();
+
+        $user = User::factory()->create([
+            'tenant_id' => $tenant->id,
+            'role' => 'tenant_admin',
+            'password' => Hash::make('secret-password'),
+            'email_verified_at' => now(),
+        ]);
+
+        $token = $user->createToken('tenant-admin', ['tenant-admin']);
+
+        $response = $this
+            ->withToken($token->plainTextToken)
+            ->getJson(route('api.v1.tenant-auth.me'));
+
+        $response->assertOk();
+        $response->assertJsonFragment([
+            'id' => $user->id,
+            'email' => $user->email,
+            'role' => 'tenant_admin',
+            'tenant_id' => $tenant->id,
+        ]);
+    }
+
+    public function test_logout_revokes_current_token(): void
+    {
+        $tenant = Tenant::factory()->create();
+
+        $user = User::factory()->create([
+            'tenant_id' => $tenant->id,
+            'role' => 'tenant_admin',
+            'password' => Hash::make('secret-password'),
+            'email_verified_at' => now(),
+        ]);
+
+        $token = $user->createToken('tenant-admin', ['tenant-admin']);
+
+        $response = $this
+            ->withToken($token->plainTextToken)
+            ->postJson(route('api.v1.tenant-auth.logout'));
+
+        $response->assertOk();
+
+        $this->assertDatabaseMissing('personal_access_tokens', [
+            'id' => $token->accessToken->id,
+        ]);
+    }
+}

tests/Feature/Auth/TenantProfileApiTest.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\Tenant;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Hash;
+use Tests\TestCase;
+
+class TenantProfileApiTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_me_endpoint_returns_user_and_tenant_payload(): void
+    {
+        $tenant = Tenant::factory()->create([
+            'name' => 'Test Tenant GmbH',
+            'slug' => 'test-tenant',
+            'event_credits_balance' => 12,
+            'features' => ['custom_branding' => true],
+        ]);
+
+        $user = User::factory()->create([
+            'tenant_id' => $tenant->id,
+            'role' => 'tenant_admin',
+            'password' => Hash::make('secret-password'),
+            'email' => 'tenant@example.com',
+            'name' => 'Max Mustermann',
+        ]);
+
+        $login = $this->postJson('/api/v1/tenant-auth/login', [
+            'login' => 'tenant@example.com',
+            'password' => 'secret-password',
+        ]);
+
+        $login->assertOk()->assertJsonStructure(['token', 'token_type', 'abilities']);
+
+        $token = $login->json('token');
+
+        $me = $this->withHeader('Authorization', 'Bearer '.$token)->getJson('/api/v1/tenant-auth/me');
+
+        $me->assertOk();
+        $me->assertJsonFragment([
+            'id' => $user->id,
+            'email' => 'tenant@example.com',
+            'role' => 'tenant_admin',
+            'tenant_id' => $tenant->id,
+        ]);
+
+        $me->assertJsonFragment([
+            'name' => 'Test Tenant GmbH',
+            'slug' => 'test-tenant',
+            'event_credits_balance' => 12,
+        ]);
+
+        $data = $me->json();
+        $this->assertEquals('Max Mustermann', data_get($data, 'user.name'));
+        $this->assertContains('tenant-admin', $data['abilities']);
+    }
+
+    public function test_me_requires_valid_token(): void
+    {
+        $response = $this->getJson('/api/v1/tenant-auth/me');
+
+        $response->assertStatus(401);
+    }
+}