Update request validation

2026-02-16 02:39:03 +00:00 · 2026-02-11 19:59:54 -05:00
parent 109ade474c
commit b2cf21399b
3 changed files with 88 additions and 82 deletions
--- a/src/Core/API/API.Core/Controllers/AuthController.cs
+++ b/src/Core/API/API.Core/Controllers/AuthController.cs
@@ -33,7 +33,7 @@ namespace API.Core.Controllers

            var response = new ResponseBody<AuthPayload>
            {
-                Message = "Registration successful.",
+                Message = "User registered successfully.",
                Payload = new AuthPayload(
                    new UserDTO(created.UserAccountId, created.Username),
                    jwt,
@@ -49,7 +49,10 @@ namespace API.Core.Controllers
            var userAccount = await auth.LoginAsync(req.Username, req.Password);
            if (userAccount is null)
            {
-                return Unauthorized();
+                return Unauthorized(new ResponseBody
+                {
+                    Message = "Invalid username or password."
+                });
            }

            UserDTO dto = new(userAccount.UserAccountId, userAccount.Username);
@@ -59,7 +62,7 @@ namespace API.Core.Controllers

            return Ok(new ResponseBody<AuthPayload>
            {
-                Message = "Login successful.",
+                Message = "Logged in successfully.",
                Payload = new AuthPayload(dto, jwt, DateTime.UtcNow, jwtExpiresAt)
            });
        }
--- a/src/Core/API/API.Specs/Features/Registration.feature
+++ b/src/Core/API/API.Specs/Features/Registration.feature
@@ -32,25 +32,20 @@ So that I can log in and access authenticated routes
    Then the response has HTTP status 409
    And the response JSON should have "message" equal "Email already in use."

-    @Ignore
  Scenario: Registration fails with missing required fields
    Given the API is running
    When I submit a registration request with values:
      | Username | FirstName | LastName | Email | DateOfBirth | Password   |
      |          | New       | User     |       |             | Password1! |
    Then the response has HTTP status 400
-        And the response JSON should have "message" equal "Username is required."

-    @Ignore
  Scenario: Registration fails with invalid email format
    Given the API is running
    When I submit a registration request with values:
      | Username | FirstName | LastName | Email        | DateOfBirth | Password   |
      | newuser  | New       | User     | invalidemail | 1990-01-01  | Password1! |
    Then the response has HTTP status 400
-        And the response JSON should have "message" equal "Invalid email format."

-    @Ignore
  Scenario: Registration fails with weak password
    Given the API is running
    When I submit a registration request with values:
@@ -59,17 +54,14 @@ So that I can log in and access authenticated routes
    Then the response has HTTP status 400
    And the response JSON should have "message" equal "Password does not meet complexity requirements."

-    @Ignore
  Scenario: Cannot register a user younger than 19 years of age (regulatory requirement)
    Given the API is running
    When I submit a registration request with values:
      | Username  | FirstName | LastName | Email                 | DateOfBirth     | Password   |
-          | younguser | Young     | User     | younguser@example.com |             | Password1! |
+      | younguser | Young     | User     | younguser@example.com | {underage_date} | Password1! |
    Then the response has HTTP status 400
-        And the response JSON should have "message" equal "You must be at least 19 years old to register."

  Scenario: Registration endpoint only accepts POST requests
    Given the API is running
    When I submit a registration request using a GET request
    Then the response has HTTP status 404
-        And the response JSON should have "message" equal "Not Found."
--- a/src/Core/API/API.Specs/Steps/AuthSteps.cs
+++ b/src/Core/API/API.Specs/Steps/AuthSteps.cs
@@ -164,16 +164,27 @@ public class AuthSteps(ScenarioContext scenario)
        var client = GetClient();
        var row = table.Rows[0];

+        var username = row["Username"] ?? "";
+        var firstName = row["FirstName"] ?? "";
+        var lastName = row["LastName"] ?? "";
+        var email = row["Email"] ?? "";
+        var dateOfBirth = row["DateOfBirth"] ?? "";
+
+        if (dateOfBirth == "{underage_date}")
+        {
+            dateOfBirth = DateTime.UtcNow.AddYears(-18).ToString("yyyy-MM-dd");
+        }
+
+        var password = row["Password"];
+
        var registrationData = new
        {
-            username = row.TryGetValue("Username", out var value) ? value : null,
-            firstName = row.TryGetValue("FirstName", out var value1) ? value1 : null,
-            lastName = row.TryGetValue("LastName", out var value2) ? value2 : null,
-            email = row.TryGetValue("Email", out var value3) ? value3 : null,
-            dateOfBirth = row.ContainsKey("DateOfBirth") && !string.IsNullOrEmpty(row["DateOfBirth"]) 
-                ? row["DateOfBirth"] 
-                : null,
-            password = row.ContainsKey("Password") ? row["Password"] : null
+            username,
+            firstName,
+            lastName,
+            email,
+            dateOfBirth,
+            password
        };

        var body = JsonSerializer.Serialize(registrationData);