Update request validation

src/Core/API/API.Core/Controllers/AuthController.cs

@@ -33,7 +33,7 @@ namespace API.Core.Controllers
 
             var response = new ResponseBody<AuthPayload>
             {
-                Message = "Registration successful.",
+                Message = "User registered successfully.",
                 Payload = new AuthPayload(
                     new UserDTO(created.UserAccountId, created.Username),
                     jwt,
@@ -49,7 +49,10 @@ namespace API.Core.Controllers
             var userAccount = await auth.LoginAsync(req.Username, req.Password);
             if (userAccount is null)
             {
-                return Unauthorized();
+                return Unauthorized(new ResponseBody
+                {
+                    Message = "Invalid username or password."
+                });
             }
 
             UserDTO dto = new(userAccount.UserAccountId, userAccount.Username);
@@ -59,7 +62,7 @@ namespace API.Core.Controllers
 
             return Ok(new ResponseBody<AuthPayload>
             {
-                Message = "Login successful.",
+                Message = "Logged in successfully.",
                 Payload = new AuthPayload(dto, jwt, DateTime.UtcNow, jwtExpiresAt)
             });
         }

src/Core/API/API.Specs/Features/Registration.feature

@@ -1,75 +1,67 @@
 Feature: User Registration
-As a new user
+  As a new user
-I want to register an account
+  I want to register an account
-So that I can log in and access authenticated routes
+  So that I can log in and access authenticated routes
 
-    Scenario: Successful registration with valid details
+  Scenario: Successful registration with valid details
-        Given the API is running
+    Given the API is running
-        When I submit a registration request with values:
+    When I submit a registration request with values:
-          | Username | FirstName | LastName | Email               | DateOfBirth | Password   |
+      | Username | FirstName | LastName | Email               | DateOfBirth | Password   |
-          | newuser  | New       | User     | newuser@example.com | 1990-01-01  | Password1! |
+      | newuser  | New       | User     | newuser@example.com | 1990-01-01  | Password1! |
-        Then the response has HTTP status 201
+    Then the response has HTTP status 201
-        And the response JSON should have "message" equal "User registered successfully."
+    And the response JSON should have "message" equal "User registered successfully."
-        And the response JSON should have an access token
+    And the response JSON should have an access token
 
-    @Ignore
+  @Ignore
-    Scenario: Registration fails with existing username
+  Scenario: Registration fails with existing username
-        Given the API is running
+    Given the API is running
-        And I have an existing account with username "existinguser"
+    And I have an existing account with username "existinguser"
-        When I submit a registration request with values:
+    When I submit a registration request with values:
-          | Username     | FirstName | LastName | Email                | DateOfBirth | Password   |
+      | Username     | FirstName | LastName | Email                | DateOfBirth | Password   |
-          | existinguser | Existing  | User     | existing@example.com | 1990-01-01  | Password1! |
+      | existinguser | Existing  | User     | existing@example.com | 1990-01-01  | Password1! |
-        Then the response has HTTP status 409
+    Then the response has HTTP status 409
-        And the response JSON should have "message" equal "Username already exists."
+    And the response JSON should have "message" equal "Username already exists."
 
-    @Ignore
+  @Ignore
-    Scenario: Registration fails with existing email
+  Scenario: Registration fails with existing email
-        Given the API is running
+    Given the API is running
-        And I have an existing account with email "existing@example.com"
+    And I have an existing account with email "existing@example.com"
-        When I submit a registration request with values:
+    When I submit a registration request with values:
-          | Username | FirstName | LastName | Email                | DateOfBirth | Password   |
+      | Username | FirstName | LastName | Email                | DateOfBirth | Password   |
-          | newuser  | New       | User     | existing@example.com | 1990-01-01  | Password1! |
+      | newuser  | New       | User     | existing@example.com | 1990-01-01  | Password1! |
-        Then the response has HTTP status 409
+    Then the response has HTTP status 409
-        And the response JSON should have "message" equal "Email already in use."
+    And the response JSON should have "message" equal "Email already in use."
 
-    @Ignore
+  Scenario: Registration fails with missing required fields
-    Scenario: Registration fails with missing required fields
+    Given the API is running
-        Given the API is running
+    When I submit a registration request with values:
-        When I submit a registration request with values:
+      | Username | FirstName | LastName | Email | DateOfBirth | Password   |
-          | Username | FirstName | LastName | Email | DateOfBirth | Password   |
+      |          | New       | User     |       |             | Password1! |
-          |          | New       | User     |       |             | Password1! |
+    Then the response has HTTP status 400
-        Then the response has HTTP status 400
-        And the response JSON should have "message" equal "Username is required."
 
-    @Ignore
+  Scenario: Registration fails with invalid email format
-    Scenario: Registration fails with invalid email format
+    Given the API is running
-        Given the API is running
+    When I submit a registration request with values:
-        When I submit a registration request with values:
+      | Username | FirstName | LastName | Email        | DateOfBirth | Password   |
-          | Username | FirstName | LastName | Email        | DateOfBirth | Password   |
+      | newuser  | New       | User     | invalidemail | 1990-01-01  | Password1! |
-          | newuser  | New       | User     | invalidemail | 1990-01-01  | Password1! |
+    Then the response has HTTP status 400
-        Then the response has HTTP status 400
-        And the response JSON should have "message" equal "Invalid email format."
 
-    @Ignore
+  Scenario: Registration fails with weak password
-    Scenario: Registration fails with weak password
+    Given the API is running
-        Given the API is running
+    When I submit a registration request with values:
-        When I submit a registration request with values:
+      | Username | FirstName | LastName | Email               | DateOfBirth | Password |
-          | Username | FirstName | LastName | Email               | DateOfBirth | Password |
+      | newuser  | New       | User     | newuser@example.com | 1990-01-01  | weakpass |
-          | newuser  | New       | User     | newuser@example.com | 1990-01-01  | weakpass |
+    Then the response has HTTP status 400
-        Then the response has HTTP status 400
+    And the response JSON should have "message" equal "Password does not meet complexity requirements."
-        And the response JSON should have "message" equal "Password does not meet complexity requirements."
 
-    @Ignore
+  Scenario: Cannot register a user younger than 19 years of age (regulatory requirement)
-    Scenario: Cannot register a user younger than 19 years of age (regulatory requirement)
+    Given the API is running
-        Given the API is running
+    When I submit a registration request with values:
-        When I submit a registration request with values:
+      | Username  | FirstName | LastName | Email                 | DateOfBirth     | Password   |
-          | Username  | FirstName | LastName | Email                 | DateOfBirth | Password   |
+      | younguser | Young     | User     | younguser@example.com | {underage_date} | Password1! |
-          | younguser | Young     | User     | younguser@example.com |             | Password1! |
+    Then the response has HTTP status 400
-        Then the response has HTTP status 400
-        And the response JSON should have "message" equal "You must be at least 19 years old to register."
 
-    Scenario: Registration endpoint only accepts POST requests
+  Scenario: Registration endpoint only accepts POST requests
-        Given the API is running
+    Given the API is running
-        When I submit a registration request using a GET request
+    When I submit a registration request using a GET request
-        Then the response has HTTP status 404
+    Then the response has HTTP status 404
-        And the response JSON should have "message" equal "Not Found."

src/Core/API/API.Specs/Steps/AuthSteps.cs

@@ -163,17 +163,28 @@ public class AuthSteps(ScenarioContext scenario)
     {
         var client = GetClient();
         var row = table.Rows[0];
-    
+
+        var username = row["Username"] ?? "";
+        var firstName = row["FirstName"] ?? "";
+        var lastName = row["LastName"] ?? "";
+        var email = row["Email"] ?? "";
+        var dateOfBirth = row["DateOfBirth"] ?? "";
+
+        if (dateOfBirth == "{underage_date}")
+        {
+            dateOfBirth = DateTime.UtcNow.AddYears(-18).ToString("yyyy-MM-dd");
+        }
+
+        var password = row["Password"];
+
         var registrationData = new
         {
-            username = row.TryGetValue("Username", out var value) ? value : null,
+            username,
-            firstName = row.TryGetValue("FirstName", out var value1) ? value1 : null,
+            firstName,
-            lastName = row.TryGetValue("LastName", out var value2) ? value2 : null,
+            lastName,
-            email = row.TryGetValue("Email", out var value3) ? value3 : null,
+            email,
-            dateOfBirth = row.ContainsKey("DateOfBirth") && !string.IsNullOrEmpty(row["DateOfBirth"]) 
+            dateOfBirth,
-                ? row["DateOfBirth"] 
+            password
-                : null,
-            password = row.ContainsKey("Password") ? row["Password"] : null
         };
 
         var body = JsonSerializer.Serialize(registrationData);
@@ -189,17 +200,17 @@ public class AuthSteps(ScenarioContext scenario)
         scenario[ResponseKey] = response;
         scenario[ResponseBodyKey] = responseBody;
     }
-    
+
     [Given("I have an existing account with username {string}")]
     public void GivenIHaveAnExistingAccountWithUsername(string username)
     {
-     
+
     }
 
     [Given("I have an existing account with email {string}")]
     public void GivenIHaveAnExistingAccountWithEmail(string email)
     {
-       
+
     }
 
     [When("I submit a registration request using a GET request")]
@@ -217,4 +228,4 @@ public class AuthSteps(ScenarioContext scenario)
         scenario[ResponseKey] = response;
         scenario[ResponseBodyKey] = responseBody;
     }
-}
+}