pos-system/services/membership-service-net/tests/MembershipService.FunctionalTests/Controllers/MembersControllerTests.cs

using System.Net;
using System.Net.Http.Json;
using FluentAssertions;
using MembershipService.API.Application.Commands;
using Xunit;

namespace MembershipService.FunctionalTests.Controllers;

/// <summary>
/// EN: Functional tests for MembersController - Authorization tests.
/// VI: Functional tests cho MembersController - Tests Authorization.
/// </summary>
[Collection("Sequential")]
public class MembersControllerTests : IClassFixture<CustomWebApplicationFactory>
{
    private readonly CustomWebApplicationFactory _factory;

    public MembersControllerTests(CustomWebApplicationFactory factory)
    {
        _factory = factory;
    }

    #region Authorization Tests - All endpoints require auth

    [Fact]
    public async Task GetMembers_WithoutAuth_ShouldReturnUnauthorized()
    {
        // Arrange
        var client = _factory.CreateClient();

        // Act
        var response = await client.GetAsync("/api/v1/members?page=1&pageSize=10");

        // Assert
        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
    }

    [Fact]
    public async Task GetMemberById_WithoutAuth_ShouldReturnUnauthorized()
    {
        // Arrange
        var client = _factory.CreateClient();

        // Act
        var response = await client.GetAsync($"/api/v1/members/{Guid.NewGuid()}");

        // Assert
        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
    }

    [Fact]
    public async Task CreateMember_WithoutAuth_ShouldReturnUnauthorized()
    {
        // Arrange
        var client = _factory.CreateClient();
        var command = new CreateMemberCommand
        {
            UserId = Guid.NewGuid(),
            CountryCode = "VN"
        };

        // Act
        var response = await client.PostAsJsonAsync("/api/v1/members", command);

        // Assert
        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
    }

    [Fact]
    public async Task AddExperience_WithoutAuth_ShouldReturnUnauthorized()
    {
        // Arrange
        var client = _factory.CreateClient();
        var command = new AddExperienceCommand
        {
            Points = 50,
            SourceId = 1
        };

        // Act
        var response = await client.PostAsJsonAsync($"/api/v1/members/{Guid.NewGuid()}/experience", command);

        // Assert
        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
    }

    [Fact]
    public async Task GetProgress_WithoutAuth_ShouldReturnUnauthorized()
    {
        // Arrange
        var client = _factory.CreateClient();

        // Act
        var response = await client.GetAsync($"/api/v1/members/{Guid.NewGuid()}/progress");

        // Assert
        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
    }

    [Fact]
    public async Task GetExperienceHistory_WithoutAuth_ShouldReturnUnauthorized()
    {
        // Arrange
        var client = _factory.CreateClient();

        // Act
        var response = await client.GetAsync($"/api/v1/members/{Guid.NewGuid()}/experience");

        // Assert
        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
    }

    #endregion
}