test: add ApiKeyMiddleware integration tests

DevD4v3 · DevD4v3 · commit 5d37558411cc · 2025-11-23T14:38:11.000-05:00
Add integration tests for ApiKeyMiddleware covering scenarios with missing, invalid, and valid API keys.
Tests use real endpoints (POST /api/testers) and verify correct HTTP responses, ensuring the middleware enforces authentication as expected.
diff --git a/tests/Middlewares/ApiKeyMiddlewareTests.cs b/tests/Middlewares/ApiKeyMiddlewareTests.cs
@@ -0,0 +1,70 @@
+﻿using FluentAssertions;
+using Playtesters.API.Tests.Common;
+using Playtesters.API.UseCases.Testers;
+using SimpleResults;
+using System.Net;
+
+namespace Playtesters.API.Tests.Middlewares;
+
+public class ApiKeyMiddlewareTests : TestBase
+{
+    [Test]
+    public async Task Post_WhenCreatingTesterWithoutApiKey_ShouldReturnUnauthorized()
+    {
+        // Arrange
+        var client = ApplicationFactory.CreateClient();
+        var request = new CreateTesterRequest(Name: "Tester1");
+        var expectedMessage = "Missing API Key.";
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/testers", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+
+        var body = await response.Content.ReadFromJsonAsync<Result>();
+        body.Should().NotBeNull();
+        body.Message.Should().Be(expectedMessage);
+    }
+
+    [Test]
+    public async Task Post_WhenCreatingTesterWithInvalidApiKey_ShouldReturnUnauthorized()
+    {
+        // Arrange
+        var client = ApplicationFactory.CreateClient();
+        var request = new CreateTesterRequest(Name: "Tester1");
+        var expectedMessage = "Invalid API Key.";
+        client.DefaultRequestHeaders.Add("X-Api-Key", "INVALID_KEY");
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/testers", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
+
+        var body = await response.Content.ReadFromJsonAsync<Result>();
+        body.Should().NotBeNull();
+        body.Message.Should().Be(expectedMessage);
+    }
+
+    [Test]
+    public async Task Post_WhenCreatingTesterWithValidApiKey_ShouldReturnOk()
+    {
+        // Arrange
+        var client = ApplicationFactory.CreateClient();
+        var request = new CreateTesterRequest(Name: "TesterValid");
+        var apiKey = Environment.GetEnvironmentVariable("API_KEY");
+        client.DefaultRequestHeaders.Add("X-Api-Key", apiKey);
+
+        // Act
+        var response = await client.PostAsJsonAsync("/api/testers", request);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+
+        var body = await response.Content.ReadFromJsonAsync<Result<CreateTesterResponse>>();
+        body.Should().NotBeNull();
+        body.Data.Name.Should().Be(request.Name);
+        body.Data.AccessKey.Should().NotBeNullOrEmpty();
+    }
+}
