File: /home/xedaptot/ai.naniguide.com/tests/Feature/ApiWhoamiTest.php
<?php
/**
* Feature tests for GET /api/v1/whoami.
*
* Lightweight identity probe used by `php artisan remote:upgrade
* --min-version=X`. Lives in core (NOT in the acelle/console plugin) so it
* works on a vanilla install with just an admin api_token.
*/
use App\Model\Admin;
use App\Model\User;
uses(\Tests\TestCase::class);
const API_WHOAMI_URL = '/api/v1/whoami';
function makeUserWithTokenForWhoami(string $emailSuffix = 'plain'): array
{
$user = new User();
$user->email = 'test-api-whoami-' . $emailSuffix . '-' . uniqid() . '@example.test';
$user->first_name = 'Test';
$user->last_name = 'User';
$user->password = bcrypt('test-' . uniqid());
$user->save();
$token = $user->fresh()->api_token;
return [$user, $token];
}
function promoteUserToAdminForWhoami(User $user): Admin
{
// mailixa_test isn't seeded in CI — pick an existing admin_group if any,
// otherwise create one inline so the test is self-contained.
$groupId = (int) \DB::table('admin_groups')->orderBy('id')->value('id');
if ($groupId === 0) {
$groupId = (int) \DB::table('admin_groups')->insertGetId([
'name' => 'Test Administrator',
'permissions' => '{}',
'created_at' => now(),
'updated_at' => now(),
]);
}
$admin = new Admin();
$admin->user_id = $user->id;
$admin->timezone = 'UTC';
$admin->status = 'active';
$admin->color_scheme = 'default';
$admin->admin_group_id = $groupId;
$admin->save();
return $admin;
}
afterEach(function () {
foreach (User::where('email', 'like', 'test-api-whoami-%@example.test')->get() as $u) {
Admin::where('user_id', $u->id)->delete();
$u->delete();
}
});
it('returns 401 without any token', function () {
$response = $this->getJson(API_WHOAMI_URL);
expect($response->status())->toBe(401);
});
it('returns 401 for an invalid bearer token', function () {
$response = $this->withHeaders(['Authorization' => 'Bearer totally-invalid-token'])
->getJson(API_WHOAMI_URL);
expect($response->status())->toBe(401);
});
it('returns user + instance for a valid non-admin token', function () {
[$user, $token] = makeUserWithTokenForWhoami('non-admin');
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])
->getJson(API_WHOAMI_URL);
expect($response->status())->toBe(200);
$json = $response->json();
expect($json)->toHaveKeys(['user', 'instance']);
expect($json['user']['id'])->toBe($user->id);
expect($json['user']['email'])->toBe($user->email);
expect($json['user']['is_admin'])->toBeFalse();
expect($json['instance'])->toHaveKeys(['url', 'version']);
expect($json['instance']['url'])->toBe(config('app.url'));
expect($json['instance']['version'])->toBe(trim((string) file_get_contents(base_path('VERSION'))));
});
it('reports is_admin=true for an admin token', function () {
[$user, $token] = makeUserWithTokenForWhoami('admin');
promoteUserToAdminForWhoami($user);
$response = $this->withHeaders(['Authorization' => 'Bearer ' . $token])
->getJson(API_WHOAMI_URL);
expect($response->status())->toBe(200);
expect($response->json('user.is_admin'))->toBeTrue();
});