work-club-manager/backend/WorkClub.Tests.Integration/Middleware/TenantValidationTests.cs

using System.Net;
using System.Text;
using WorkClub.Tests.Integration.Infrastructure;
using Xunit;

namespace WorkClub.Tests.Integration.Middleware;

public class TenantValidationTests : IntegrationTestBase
{
    public TenantValidationTests(CustomWebApplicationFactory<Program> factory) : base(factory)
    {
    }

    [Fact]
    public async Task Request_WithValidTenantId_Returns200()
    {
        AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });
        SetTenant("club-1");

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
    }

    [Fact]
    public async Task Request_WithNonMemberTenantId_Returns403()
    {
        AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });
        SetTenant("club-2");

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
    }

    [Fact]
    public async Task Request_WithoutTenantIdHeader_Returns400()
    {
        AuthenticateAs("test@test.com", new Dictionary<string, string> { ["club-1"] = "admin" });

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
    }

    [Fact]
    public async Task Request_WithoutAuthentication_Returns401()
    {
        AuthenticateAsUnauthenticated();
        SetTenant("club-1");

        var response = await Client.GetAsync("/api/test");

        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
    }
}