fix: скрыл инфу о активности ака и перестал выдавать рефреши если ак не активен

backend/UniVerse.Api.Tests/Auth/AuthServiceTests.cs

@@ -0,0 +1,93 @@
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging.Abstractions;
+using NSubstitute;
+using UniVerse.Application.DTOs.Notifications;
+using UniVerse.Application.Interfaces;
+using UniVerse.Domain.Entities;
+using UniVerse.Domain.Enums;
+using UniVerse.Domain.Exceptions;
+using UniVerse.Infrastructure.Data;
+using UniVerse.Infrastructure.Services;
+using Xunit;
+
+namespace UniVerse.Api.Tests.Auth;
+
+public class AuthServiceTests
+{
+    [Fact]
+    public async Task RefreshTokenAsync_InactiveUser_RevokesTokenAndThrowsForbidden()
+    {
+        await using var db = CreateDbContext();
+        db.Users.Add(new User
+        {
+            Id = 1,
+            Email = "blocked@test.local",
+            IsActive = false,
+            Roles = [new UserRoleAssignment { UserId = 1, Role = UserRole.Student }]
+        });
+        db.RefreshTokens.Add(new RefreshToken
+        {
+            Id = 1,
+            UserId = 1,
+            Token = "refresh-token",
+            ExpiresAt = DateTime.UtcNow.AddDays(1),
+            CreatedAt = DateTime.UtcNow
+        });
+        await db.SaveChangesAsync();
+        var service = CreateService(db);
+
+        await Assert.ThrowsAsync<ForbiddenException>(() => service.RefreshTokenAsync("refresh-token"));
+
+        var token = await db.RefreshTokens.SingleAsync(t => t.Token == "refresh-token");
+        Assert.NotNull(token.RevokedAt);
+    }
+
+    [Fact]
+    public async Task GetCurrentUserAsync_InactiveUser_ThrowsForbidden()
+    {
+        await using var db = CreateDbContext();
+        db.Users.Add(new User
+        {
+            Id = 1,
+            Email = "blocked@test.local",
+            IsActive = false,
+            Roles = [new UserRoleAssignment { UserId = 1, Role = UserRole.Student }]
+        });
+        await db.SaveChangesAsync();
+        var service = CreateService(db);
+
+        await Assert.ThrowsAsync<ForbiddenException>(() => service.GetCurrentUserAsync(1));
+    }
+
+    private static AppDbContext CreateDbContext()
+    {
+        var options = new DbContextOptionsBuilder<AppDbContext>()
+            .UseInMemoryDatabase($"AuthServiceTests_{Guid.NewGuid()}")
+            .Options;
+        return new AppDbContext(options);
+    }
+
+    private static AuthService CreateService(AppDbContext db)
+    {
+        var config = new ConfigurationBuilder()
+            .AddInMemoryCollection(new Dictionary<string, string?>
+            {
+                ["Jwt:Secret"] = "test-secret-test-secret-test-secret-test-secret",
+                ["Jwt:Issuer"] = "UniVerse.Tests",
+                ["Jwt:Audience"] = "UniVerse.Tests",
+                ["Jwt:AccessTokenExpirationMinutes"] = "15",
+                ["Jwt:RefreshTokenExpirationDays"] = "30"
+            })
+            .Build();
+
+        var gamification = Substitute.For<IGamificationService>();
+        gamification.CalculateLevelAsync(Arg.Any<int>()).Returns(1);
+
+        var notifications = Substitute.For<INotificationService>();
+        notifications.SendAsync(Arg.Any<NotificationMessage>(), Arg.Any<CancellationToken>())
+            .Returns(Task.CompletedTask);
+
+        return new AuthService(db, config, gamification, notifications, NullLogger<AuthService>.Instance);
+    }
+}

backend/UniVerse.Api.Tests/Helpers/ApiWebApplicationFactory.cs

@@ -123,7 +123,7 @@ public class ApiWebApplicationFactory : WebApplicationFactory<Program>
             .Returns(authResult);
         stub.RefreshTokenAsync(Arg.Any<string>()).Returns(authResult);
         stub.GetCurrentUserAsync(Arg.Any<int>())
-            .Returns(new UserDto(1, "test@test.com", "Test", null, [UserRole.Student], true, 0, 0, 1, DateTime.UtcNow));
+            .Returns(new CurrentUserDto(1, "test@test.com", "Test", null, [UserRole.Student], 0, 0, 1, DateTime.UtcNow));
         return stub;
     }