postJson('/api/auth/login', [ 'email' => 'wrong@example.com', 'password' => 'wrong', ]); $response->assertStatus(422); }); test('login succeeds with valid credentials', function () { User::factory()->create([ 'email' => 'admin@test.com', 'password' => Hash::make('secret'), ]); $response = test()->postJson('/api/auth/login', [ 'email' => 'admin@test.com', 'password' => 'secret', ]); $response->assertOk(); $response->assertJsonPath('user.email', 'admin@test.com'); }); test('auth user returns 401 when unauthenticated', function () { $response = test()->getJson('/api/auth/user'); $response->assertStatus(401); });