diff --git a/NEW/tests/JdeScoping.Api.IntegrationTests/AuthenticationTests.cs b/NEW/tests/JdeScoping.Api.IntegrationTests/AuthenticationTests.cs index ed85cd1..6dd8668 100644 --- a/NEW/tests/JdeScoping.Api.IntegrationTests/AuthenticationTests.cs +++ b/NEW/tests/JdeScoping.Api.IntegrationTests/AuthenticationTests.cs @@ -3,6 +3,7 @@ using System.Net.Http.Json; using System.Security.Cryptography; using System.Text; using System.Text.Json; +using JdeScoping.Core.ApiContracts; using JdeScoping.Core.Models; using JdeScoping.Core.Models.Auth; using Microsoft.AspNetCore.Mvc.Testing; @@ -35,7 +36,7 @@ public class AuthenticationTests : IClassFixture private async Task EncryptLoginAsync(HttpClient client, string username, string password) { // Step 1: Fetch the public key from the server - var publicKeyResponse = await client.GetFromJsonAsync("/api/auth/public-key"); + var publicKeyResponse = await client.GetFromJsonAsync($"/{ApiRoutes.Auth.PublicKey}"); publicKeyResponse.ShouldNotBeNull(); publicKeyResponse.PublicKeyPem.ShouldStartWith("-----BEGIN PUBLIC KEY-----"); @@ -56,7 +57,7 @@ public class AuthenticationTests : IClassFixture public async Task GetPublicKey_ReturnsValidPemKey() { // Act - var response = await _client.GetAsync("/api/auth/public-key"); + var response = await _client.GetAsync($"/{ApiRoutes.Auth.PublicKey}"); // Assert response.StatusCode.ShouldBe(HttpStatusCode.OK); @@ -71,7 +72,7 @@ public class AuthenticationTests : IClassFixture { // Step 1: Login with encrypted credentials var encryptedRequest = await EncryptLoginAsync(_client, "testuser", "testpass"); - var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", encryptedRequest); + var loginResponse = await _client.PostAsJsonAsync($"/{ApiRoutes.Auth.Login}", encryptedRequest); loginResponse.StatusCode.ShouldBe(HttpStatusCode.OK); var loginResult = await loginResponse.Content.ReadFromJsonAsync(); @@ -81,18 +82,18 @@ public class AuthenticationTests : IClassFixture loginResult.User.Username.ShouldBe("testuser"); // Step 2: Verify we can access protected endpoint - var meResponse = await _client.GetAsync("/api/auth/me"); + var meResponse = await _client.GetAsync($"/{ApiRoutes.Auth.Me}"); meResponse.StatusCode.ShouldBe(HttpStatusCode.OK); var meUser = await meResponse.Content.ReadFromJsonAsync(); meUser.ShouldNotBeNull(); meUser.Username.ShouldBe("testuser"); // Step 3: Logout - var logoutResponse = await _client.PostAsync("/api/auth/logout", null); + var logoutResponse = await _client.PostAsync($"/{ApiRoutes.Auth.Logout}", null); logoutResponse.StatusCode.ShouldBe(HttpStatusCode.OK); // Step 4: Verify protected endpoint returns 401 after logout - var afterLogoutResponse = await _client.GetAsync("/api/auth/me"); + var afterLogoutResponse = await _client.GetAsync($"/{ApiRoutes.Auth.Me}"); afterLogoutResponse.StatusCode.ShouldBe(HttpStatusCode.Unauthorized); } @@ -107,11 +108,11 @@ public class AuthenticationTests : IClassFixture }); // Search endpoints require auth - var searchResponse = await freshClient.GetAsync("/api/search"); + var searchResponse = await freshClient.GetAsync($"/{ApiRoutes.Search.Base}"); searchResponse.StatusCode.ShouldBe(HttpStatusCode.Unauthorized); // Auth me endpoint requires auth - var meResponse = await freshClient.GetAsync("/api/auth/me"); + var meResponse = await freshClient.GetAsync($"/{ApiRoutes.Auth.Me}"); meResponse.StatusCode.ShouldBe(HttpStatusCode.Unauthorized); } @@ -120,7 +121,7 @@ public class AuthenticationTests : IClassFixture { // Login first with encrypted credentials var encryptedRequest = await EncryptLoginAsync(_client, "testuser", "testpass"); - var loginResponse = await _client.PostAsJsonAsync("/api/auth/login", encryptedRequest); + var loginResponse = await _client.PostAsJsonAsync($"/{ApiRoutes.Auth.Login}", encryptedRequest); loginResponse.StatusCode.ShouldBe(HttpStatusCode.OK); var loginResult = await loginResponse.Content.ReadFromJsonAsync(); @@ -128,7 +129,7 @@ public class AuthenticationTests : IClassFixture loginResult.Success.ShouldBeTrue(); // Now search endpoint should work - var searchResponse = await _client.GetAsync("/api/search"); + var searchResponse = await _client.GetAsync($"/{ApiRoutes.Search.Base}"); searchResponse.StatusCode.ShouldBe(HttpStatusCode.OK); } @@ -143,16 +144,16 @@ public class AuthenticationTests : IClassFixture }); // Lookup endpoints should work without auth - var itemsResponse = await freshClient.GetAsync("/api/lookup/items?q=test"); + var itemsResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.Items}?q=test"); itemsResponse.StatusCode.ShouldBe(HttpStatusCode.OK); - var profitCentersResponse = await freshClient.GetAsync("/api/lookup/profit-centers?q=test"); + var profitCentersResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.ProfitCenters}?q=test"); profitCentersResponse.StatusCode.ShouldBe(HttpStatusCode.OK); - var workCentersResponse = await freshClient.GetAsync("/api/lookup/work-centers?q=test"); + var workCentersResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.WorkCenters}?q=test"); workCentersResponse.StatusCode.ShouldBe(HttpStatusCode.OK); - var operatorsResponse = await freshClient.GetAsync("/api/lookup/operators?q=test"); + var operatorsResponse = await freshClient.GetAsync($"/{ApiRoutes.Lookup.Operators}?q=test"); operatorsResponse.StatusCode.ShouldBe(HttpStatusCode.OK); } @@ -163,7 +164,7 @@ public class AuthenticationTests : IClassFixture var invalidRequest = new EncryptedLoginRequest("not-valid-base64!!!"); // Act - var response = await _client.PostAsJsonAsync("/api/auth/login", invalidRequest); + var response = await _client.PostAsJsonAsync($"/{ApiRoutes.Auth.Login}", invalidRequest); // Assert response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);