<?php 
$I = new ApiTester($scenario);

$I->wantTo('log in');

$I->comment('logging in using correct credentials');
$I->login();
$I->sendPOST('auth/login', ApiTester::$defaultCredentials);
$authToken = json_decode($I->grabResponse());
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::OK);
$I->seeResponseIsJson();
$I->seeResponseContainsJson([
    'user' => [
        'id' => 1,
        'name' => 'admin',
        'email' => ApiTester::$defaultCredentials['username'],
        'role_id' => 1
    ]
]);
$I->seeResponseJsonMatchesJsonPath('$.token');
$I->seeResponseJsonMatchesJsonPath('$.permissions[0].permission_name');

$I->comment('failing to login using wrong credentials');
$I->sendPOST('auth/login', ['username' => ApiTester::$defaultCredentials['username'], 'password' => $I->fake()->password]);
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);

$I->comment('failing to login as a blocked user');
$I->sendPOST('auth/login', ['username' => ApiTester::BLOCKED_USER, 'password' => ApiTester::PASSWORD_DEFAULT]);
$I->seeResponseCodeIs(\Codeception\Util\HttpCode::UNAUTHORIZED);