🧪 AuthService.php — Smoke Test

PHP 8.3.31 | MAX_LOGIN_ATTEMPTS = 5 | SESSION_LIFETIME = 480 min

#	Test	Result	Detail
1	Setup: test user created	✓ PASS	user_id=139
2	AuthService instantiates	✓ PASS
3	login() correct password — success	✓ PASS
4	login() returns user array	✓ PASS	["success","user","permissions","session_token"]
5	login() returns permissions array	✓ PASS
6	login() returns session_token	✓ PASS	24a02940…
7	Session::isLoggedIn() after login	✓ PASS
8	Session::getUserId() matches	✓ PASS	got: 139
9	Session user_data has auth_method	✓ PASS	local
10	DB session auth_method = local (not hardcoded ldap)	✓ PASS	got: local
11	logout() returns success	✓ PASS
12	Session cleared after logout	✓ PASS
13	DB session deactivated after logout	✓ PASS	is_active=0
14	login() wrong password — fails	✓ PASS
15	login() wrong password — error msg	✓ PASS	Invalid credentials
16	failed_login_attempts incremented	✓ PASS	attempts=1
17	Account locked after 5 failures	✓ PASS	is_locked=1
18	login() locked account returns error	✓ PASS
19	login() locked error message correct	✓ PASS	Account is locked. Contact your administrator.
20	unlockAccount() clears is_locked	✓ PASS
21	unlockAccount() resets failed_attempts	✓ PASS
22	isAccountLocked() false after unlock	✓ PASS
23	Inactive user cannot login	✓ PASS	Invalid credentials
24	hasPermission() callable	✓ PASS
25	Non-existent user — success=false	✓ PASS
26	Cleanup: test user deleted	✓ PASS

✓ ALL PASS — 26/26 tests passed

⚠️ Delete test_authservice.php before deploying to production.