postJson('/api/login', [ 'email' => 'nobody@example.com', 'password' => 'wrong', ]); $response->assertStatus(401); }); it('logs in with valid credentials and returns user', function () { $user = User::factory()->create([ 'email' => 'staff@example.com', 'password' => bcrypt('password'), ]); $response = $this->postJson('/api/login', [ 'email' => 'staff@example.com', 'password' => 'password', ]); $response->assertStatus(200) ->assertJsonPath('data.email', 'staff@example.com'); }); it('returns 401 on /api/user when unauthenticated', function () { $response = $this->getJson('/api/user'); $response->assertStatus(401); }); it('returns user on /api/user when authenticated', function () { $user = User::factory()->create(); $response = $this->actingAs($user)->getJson('/api/user'); $response->assertStatus(200)->assertJsonPath('data.id', $user->id); });