backend/WorkClub.Tests.Integration/Middleware/TenantValidationTests.cs

using System.Net;
using System.Text;
using WorkClub.Tests.Integration.Infrastructure;
using Xunit;

namespace WorkClub.Tests.Integration.Middleware;

public class TenantValidationTests : IntegrationTestBase
{
    public TenantValidationTests(CustomWebApplicationFactory<Program> factory) : base(factory)
    {
    }

    [Fact]
    public async Task Request_WithValidTenantId_Returns200()
    {
        AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });
        SetTenant("club-1");

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
    }

    [Fact]
    public async Task Request_WithNonMemberTenantId_Returns403()
    {
        AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });
        SetTenant("club-2");

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
    }

    [Fact]
    public async Task Request_WithoutTenantIdHeader_Returns400()
    {
        AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
    }

    [Fact]
    public async Task Request_WithoutAuthentication_Returns401()
    {
        AuthenticateAsUnauthenticated();
        SetTenant("club-1");

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
    }
}
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00			`using System.Net;`
			`using System.Text;`
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`using WorkClub.Tests.Integration.Infrastructure;`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00			`using Xunit;`

			`namespace WorkClub.Tests.Integration.Middleware;`

test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`public class TenantValidationTests : IntegrationTestBase`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00			`{`
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`public TenantValidationTests(CustomWebApplicationFactory<Program> factory) : base(factory)`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00			`{`
			`}`

			`[Fact]`
			`public async Task Request_WithValidTenantId_Returns200()`
			`{`
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });`
			`SetTenant("club-1");`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`var response = await Client.GetAsync("/api/test");`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
			`Assert.Equal(HttpStatusCode.OK, response.StatusCode);`
			`}`

			`[Fact]`
			`public async Task Request_WithNonMemberTenantId_Returns403()`
			`{`
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });`
			`SetTenant("club-2");`
style(backend): apply dotnet format whitespace normalization 2026-03-05 11:07:19 +01:00
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`var response = await Client.GetAsync("/api/test");`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
			`Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);`
			`}`

			`[Fact]`
			`public async Task Request_WithoutTenantIdHeader_Returns400()`
			`{`
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`var response = await Client.GetAsync("/api/test");`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
			`Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);`
			`}`

			`[Fact]`
			`public async Task Request_WithoutAuthentication_Returns401()`
			`{`
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`AuthenticateAsUnauthenticated();`
			`SetTenant("club-1");`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
test(harness): stabilize backend+frontend QA test suite (12/12+63/63 unit+integration, 45/45 frontend) 2026-03-06 09:19:32 +01:00			`var response = await Client.GetAsync("/api/test");`
feat(backend): add PostgreSQL schema, RLS policies, and multi-tenant middleware 2026-03-03 14:32:21 +01:00
			`Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);`
			`}`
			`}`