refactor: use ApiRoutes constants in AuthenticationTests

Replace hardcoded route strings with ApiRoutes.* constants:
- ApiRoutes.Auth.PublicKey, Login, Logout, Me
- ApiRoutes.Search.Base
- ApiRoutes.Lookup.Items, ProfitCenters, WorkCenters, Operators

NEW/tests/JdeScoping.Api.IntegrationTests/AuthenticationTests.cs

@@ -3,6 +3,7 @@ using System.Net.Http.Json;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
+using JdeScoping.Core.ApiContracts;
 using JdeScoping.Core.Models;
 using JdeScoping.Core.Models.Auth;
 using Microsoft.AspNetCore.Mvc.Testing;
@@ -35,7 +36,7 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
     private async Task<EncryptedLoginRequest> EncryptLoginAsync(HttpClient client, string username, string password)
     {
         // Step 1: Fetch the public key from the server
-        var publicKeyResponse = await client.GetFromJsonAsync<PublicKeyResponse>("/api/auth/public-key");
+        var publicKeyResponse = await client.GetFromJsonAsync<PublicKeyResponse>($"/{ApiRoutes.Auth.PublicKey}");
         publicKeyResponse.ShouldNotBeNull();
         publicKeyResponse.PublicKeyPem.ShouldStartWith("-----BEGIN PUBLIC KEY-----");
 
@@ -56,7 +57,7 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
     public async Task GetPublicKey_ReturnsValidPemKey()
     {
         // Act
-        var response = await _client.GetAsync("/api/auth/public-key");
+        var response = await _client.GetAsync($"/{ApiRoutes.Auth.PublicKey}");
 
         // Assert
         response.StatusCode.ShouldBe(HttpStatusCode.OK);
@@ -71,7 +72,7 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
     {
         // Step 1: Login with encrypted credentials
         var encryptedRequest = await EncryptLoginAsync(_client, "testuser", "testpass");
-        var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", encryptedRequest);
+        var loginResponse = await _client.PostAsJsonAsync($"/{ApiRoutes.Auth.Login}", encryptedRequest);
 
         loginResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
         var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResultModel>();
@@ -81,18 +82,18 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
         loginResult.User.Username.ShouldBe("testuser");
 
         // Step 2: Verify we can access protected endpoint
-        var meResponse = await _client.GetAsync("/api/auth/me");
+        var meResponse = await _client.GetAsync($"/{ApiRoutes.Auth.Me}");
         meResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
         var meUser = await meResponse.Content.ReadFromJsonAsync<UserInfo>();
         meUser.ShouldNotBeNull();
         meUser.Username.ShouldBe("testuser");
 
         // Step 3: Logout
-        var logoutResponse = await _client.PostAsync("/api/auth/logout", null);
+        var logoutResponse = await _client.PostAsync($"/{ApiRoutes.Auth.Logout}", null);
         logoutResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
 
         // Step 4: Verify protected endpoint returns 401 after logout
-        var afterLogoutResponse = await _client.GetAsync("/api/auth/me");
+        var afterLogoutResponse = await _client.GetAsync($"/{ApiRoutes.Auth.Me}");
         afterLogoutResponse.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
     }
 
@@ -107,11 +108,11 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
         });
 
         // Search endpoints require auth
-        var searchResponse = await freshClient.GetAsync("/api/search");
+        var searchResponse = await freshClient.GetAsync($"/{ApiRoutes.Search.Base}");
         searchResponse.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
 
         // Auth me endpoint requires auth
-        var meResponse = await freshClient.GetAsync("/api/auth/me");
+        var meResponse = await freshClient.GetAsync($"/{ApiRoutes.Auth.Me}");
         meResponse.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
     }
 
@@ -120,7 +121,7 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
     {
         // Login first with encrypted credentials
         var encryptedRequest = await EncryptLoginAsync(_client, "testuser", "testpass");
-        var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", encryptedRequest);
+        var loginResponse = await _client.PostAsJsonAsync($"/{ApiRoutes.Auth.Login}", encryptedRequest);
         loginResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
 
         var loginResult = await loginResponse.Content.ReadFromJsonAsync<LoginResultModel>();
@@ -128,7 +129,7 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
         loginResult.Success.ShouldBeTrue();
 
         // Now search endpoint should work
-        var searchResponse = await _client.GetAsync("/api/search");
+        var searchResponse = await _client.GetAsync($"/{ApiRoutes.Search.Base}");
         searchResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
     }
 
@@ -143,16 +144,16 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
         });
 
         // Lookup endpoints should work without auth
-        var itemsResponse = await freshClient.GetAsync("/api/lookup/items?q=test");
+        var itemsResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.Items}?q=test");
         itemsResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
 
-        var profitCentersResponse = await freshClient.GetAsync("/api/lookup/profit-centers?q=test");
+        var profitCentersResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.ProfitCenters}?q=test");
         profitCentersResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
 
-        var workCentersResponse = await freshClient.GetAsync("/api/lookup/work-centers?q=test");
+        var workCentersResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.WorkCenters}?q=test");
         workCentersResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
 
-        var operatorsResponse = await freshClient.GetAsync("/api/lookup/operators?q=test");
+        var operatorsResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.Operators}?q=test");
         operatorsResponse.StatusCode.ShouldBe(HttpStatusCode.OK);
     }
 
@@ -163,7 +164,7 @@ public class AuthenticationTests : IClassFixture<TestWebApplicationFactory>
         var invalidRequest = new EncryptedLoginRequest("not-valid-base64!!!");
 
         // Act
-        var response = await _client.PostAsJsonAsync("/api/auth/login", invalidRequest);
+        var response = await _client.PostAsJsonAsync($"/{ApiRoutes.Auth.Login}", invalidRequest);
 
         // Assert
         response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);