test: add integration tests for authentication endpoints#39
test: add integration tests for authentication endpoints#39GabrielBBaldez wants to merge 3 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds end-to-end integration coverage for the API gateway’s public auth endpoints and fixes a validation error-mapping gap so @Valid @RequestBody failures return 400 instead of falling through to the generic 500 handler.
Changes:
- Add
GatewayAuthControllerIntegrationTestcovering/auth/register,/auth/login, and/auth/refresh. - Add a
WebExchangeBindExceptionhandler to return400 BAD_REQUESTwith aggregated field error messages. - Add test profile R2DBC H2 configuration + test-scoped H2 dependencies to run against an in-memory database.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| apigateway/src/test/resources/application-test.yaml | Configures in-memory R2DBC H2 and schema initialization for integration tests. |
| apigateway/src/test/java/vaultweb/apigateway/controller/GatewayAuthControllerIntegrationTest.java | New integration tests for register/login/refresh flows using WebTestClient. |
| apigateway/src/main/java/vaultweb/apigateway/exceptions/GlobalExceptionHandler.java | Adds handler for WebExchangeBindException to map body validation failures to 400 responses. |
| apigateway/pom.xml | Adds test dependencies for running R2DBC H2 integration tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @ExceptionHandler(WebExchangeBindException.class) | ||
| Mono<ResponseEntity<ErrorResponse>> handleValidation( | ||
| WebExchangeBindException ex, ServerHttpRequest request) { | ||
| String message = | ||
| ex.getFieldErrors().stream() | ||
| .map(error -> error.getField() + ": " + error.getDefaultMessage()) | ||
| .collect(Collectors.joining(", ")); | ||
|
|
||
| return Mono.just( | ||
| ResponseEntity.status(HttpStatus.BAD_REQUEST) | ||
| .body( | ||
| new ErrorResponse( | ||
| message, | ||
| new Timestamp(System.currentTimeMillis()), | ||
| request.getURI().getPath(), | ||
| HttpStatus.BAD_REQUEST.toString()))); | ||
| } |
There was a problem hiding this comment.
Added log.error(...) for consistency with the other handlers, and switched to getAllErrors() (covers object-level errors) with a "Validation failed" fallback when the message would otherwise be empty.
| @Test | ||
| void register_withMissingName_isRejected() { | ||
| register("", "frank", "frank@example.com", VALID_PASSWORD).expectStatus().isBadRequest(); | ||
| } |
There was a problem hiding this comment.
Good point — it now omits the name property entirely instead of sending a blank string, so it exercises the missing-property case.
| @Test | ||
| void login_withMissingPassword_isRejected() { | ||
| login("someone@example.com", "").expectStatus().isBadRequest(); | ||
| } |
There was a problem hiding this comment.
Good point — it now omits the password property entirely instead of sending a blank string, so it exercises the missing-property case.
…ts assert absent fields
Summary
Adds integration tests for the public authentication endpoints (
/auth/register,/auth/login,/auth/refresh), addressing #31. The gateway is started on a random port backed by an in-memory R2DBC (H2) database, so each test exercises the full controller → service → repository path end to end (no mocking of the data layer).Coverage (12 tests):
register: valid payload, duplicate email, duplicate username, invalid email format, weak password, missing fieldlogin: valid (by email and by username), wrong password, non-existent user, missing fieldrefresh: round-trips a refresh token obtained from loginDrive-by fix: the new tests surfaced that request-validation failures (
WebExchangeBindExceptionfrom@Validbodies) fell through to the generic handler and returned 500. Added a handler so they now return 400 with the field messages, consistent with the existingConstraintViolationExceptionhandling.Verified locally with
mvn spotless:check test→ 13 tests pass.Resolves #31.