fotospiel-app/tests/Feature/TestingApiAccessTest.php

<?php

namespace Tests\Feature;

use Tests\TestCase;

class TestingApiAccessTest extends TestCase
{
    public function test_testing_routes_are_blocked_when_disabled(): void
    {
        config([
            'e2e.testing_enabled' => false,
            'e2e.testing_token' => 'secret-token',
        ]);

        $this->withHeader('X-Testing-Token', 'secret-token')
            ->getJson('/api/_testing/mailbox')
            ->assertNotFound();
    }

    public function test_testing_routes_require_token_when_enabled(): void
    {
        config([
            'e2e.testing_enabled' => true,
            'e2e.testing_token' => 'secret-token',
        ]);

        $this->getJson('/api/_testing/mailbox')
            ->assertNotFound();

        $this->withHeader('X-Testing-Token', 'secret-token')
            ->getJson('/api/_testing/mailbox')
            ->assertOk()
            ->assertJsonStructure(['data']);
    }
}