From a473a9d3fb2e6a8ed7ffbdb7f37ab5c91b0d3188 Mon Sep 17 00:00:00 2001
From: Luciano Righetti <luciano.righetti@gmail.com>
Date: Wed, 5 Jan 2022 17:44:02 +0100
Subject: [PATCH] new: initial api and integration tests.

---
 .gitignore                                    |   2 +
 config/Migrations/schema-dump-default.lock    | Bin 42139 -> 56757 bytes
 phpunit.xml.dist                              |  18 +--
 src/Model/Table/AuditLogsTable.php            |   4 +-
 tests/Fixture/AuthKeysFixture.php             |  36 +++++
 tests/Fixture/IndividualsFixture.php          |  25 ++++
 tests/Fixture/RolesFixture.php                |  24 ++++
 tests/Fixture/UsersFixture.php                |  38 ++++++
 tests/README.md                               |  48 +++++++
 tests/TestCase/Api/UsersApiTest.php           |  40 ++++++
 tests/TestCase/ApplicationTest.php            |   6 +-
 .../Controller/PagesControllerTest.php        | 126 ------------------
 .../Controller/UsersControllerTest.php        |  32 +++++
 tests/bootstrap.php                           |  17 +++
 14 files changed, 278 insertions(+), 138 deletions(-)
 create mode 100644 tests/Fixture/AuthKeysFixture.php
 create mode 100644 tests/Fixture/IndividualsFixture.php
 create mode 100644 tests/Fixture/RolesFixture.php
 create mode 100644 tests/Fixture/UsersFixture.php
 create mode 100644 tests/README.md
 create mode 100644 tests/TestCase/Api/UsersApiTest.php
 delete mode 100644 tests/TestCase/Controller/PagesControllerTest.php
 create mode 100644 tests/TestCase/Controller/UsersControllerTest.php

diff --git a/.gitignore b/.gitignore
index f84928d..869728c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ vendor
 webroot/theme/node_modules
 .vscode
 docker/run/
+.phpunit.result.cache
+config.json
\ No newline at end of file
diff --git a/config/Migrations/schema-dump-default.lock b/config/Migrations/schema-dump-default.lock
index 291060ccbeef6d3415e60d985954fd26141e1c02..8c9385cea7539531476901ab307ae28e67e054d4 100644
GIT binary patch
literal 56757
zcmeHQOLOBm4&I-V%5hKK>GaEe+S$3xVRsKZ$Ek8DwvwpYmb{YOkLsHLz8@%w0zuFZ
z%8sQT-x5<I2@nK6JV+(8yH~Rx)$H}F*=@4Qp7M2?*VXN(|IFUp&2Imhd`|!PHK~(_
zq)Pwz@8UUKCx85&Jgm~@@7vjXdimq*_HTdx+Z>Or(%VmdXZYoH^T?uDZPz*aPiF7v
zO^lH(>A#Qk-~H^i{=P9?yhlS`r%!1~9lo30uG0Lee!l(mZ~XgVcDv0hOg6>453|?!
z39shc)r$Uog@5t-GJQ<8tGamu|1XL)(MH{YRx`~vpm|#tzvYWEZQ7d7&_5CUyO|3O
z2m&`{y2z@m$f?6WK@ncg@@4iVTW*up{Bl(6ooq8#L1;t6+u3bVJ|%fpB{fK!CKXm{
z5(vf*M~WafRb6KJlMte8_WGlc8v2(@jS;$ax_)RR&<N0KmDG)ZlLXd}AJz}|^KG6j
zie)-qWHg8>XnU6k@<cC|Df&0t!E7r_n34D;+Ujg=#uxiRif7z*5VORb@XNYbW{=r;
zCPh21)g`1V{*`Q`E-|cRx<lEh-Xq#RkPordaKwr)oVQR82SqC*1&Sp7mKwEqM<T4u
zIhnl?!i`Cr_pI1i)%tq&BQt7H=?9}S=}DjqfBZ=^(O3{Srq+`>YC9~Mjzy7Uqb683
z!vsSr7`rL6by9w(C6?6l)@Jwgrp40Vniq9+(2PEMn>WuM9zW0TtT?gt#&eHFnZn@g
z;&p&-vaDtLn3ie2uuI%857)n-9hwPR#F_VYLtCFlhBTEaDYS(#V_3&!x=KTBoyF|e
zSfTfIJiWdFqy^nUE%t41G0#dXO{CQl#fB_fzqP<LAc-vR^yqJSUi|tCaTi(?@B}K}
z7<u#nc56zWItT3r@ucfbQ5p#)+|kmXY?oO*UlmUnbvTY<o%K{P9QE30jOhX?2<7Mu
zALg{J((?3pNTLh^m&5=Mn?m+>L(oPDRa8e%ep^3(PQOo=fHM8x7OHNZ8T&5b5H|5c
zmYaR&m@{b4ci<>gcjpY8j^VVqvCF!NHI9l8IZ5x-S^k|N5N2-`?}gkIHsOQ4m%S3w
zYNKw#jfZkVgluK^oUr&cSkqCEEE?79GaVcb;QYHo*?UeRfDC}6Q+TJxO#Q<crVc4H
zQ=h0N!DeixUuQMNCVc)A%uBy@c&fupB-?CL2DQjJrH1UnbCN&l&R0kU9y)Uw4B4+v
zNT0Nzin(46{E$8qx9!6FF^^g!D_=C>C}zX7_D(I3i7-~6HwnI?Zssl&a|2deLj%9t
z^wKL5P4|dL`kgHroPFcXUW%m=woVNBx;u2S1z--NiKF2i%S+!^!YucBio64i!%SB1
zJ{V}v&9d~#4j9K_ITkK3R?pWcYWmj${cB4bHImj*U`$6Oq6Tw%2#mtFT+|@E19c4i
zNYMhtZHM1&ME#s@JB{9Ip%-@T;2#pKo&#48b?n@(dWx7^X9D8W_3B_ex7!ACO7L!*
z95o~C)=6P7M7ni|Gz1U^kMHk}h5_g-sTNr_e@gSTL}FlISePOWoikU}NeQ6hW0)`n
z_m?LCo3$e#%}sFoa3AFI)92doGFhs<zzpi65fYxrYVtd<*y*=TR<<#%$q@kVGgxzp
z9N_@&ljwAD9e>Y`)$d^Tm7#oYjU<|7`kejAb*{k1icXVHNTng#`L2}HA%w|=Ubb_Y
zQrhg2F-*>Q!hrYNE>qK~H>;mxaIvrFF{%o~C2yio9$~0%-bO74M&q208i;og7(=dD
z)Ht$}z*v0sqsHMKsAJ&A06cz~td`w_K6wx)WUJx9k*iA!qomC2>nd@ejSx-;gPWXL
zd=5!4vvCg9R2du&vIP6GMnn|wSF-HVJAH!8YwBV>t%FPJhD||k%?mpg;OIkH6w9Gr
z1?#7$g|G3%GeuT369_LnP5j?P;mx0oyW!}}bNUn*JWr?^!#C|%hdzjee>y=^s!oD#
z&N%~%Fg4rq$Y8WrFLRNZ(*|9p)uPNyR##&_3B@?$xq%Xk>7m-X+*W})B`Dd4qFAMg
zsgz){FScSZpniN<+HC%fsr~cy!bRpoW~}<0ZRVS@_-2Y%q`JDuv@mFk__Tc!R$BKW
z4;5UyUT2}RlSV->_0iP`G{M*j6vyq%&{&)5*idWSgx}R!4)L?6mK)pLs$o^{DV~>A
zE2fR95zMC9-?Bk&G}+E2UQC%wl$V)umR7Vfn8<v=`xcLMkRZYXv^)<0?~eCAtOqvU
zm)_}K4)o0#71clQATWk122q2lJ*lJOM|xOERs0;j7?!p19ELh#A(rm&$S8{QV#SNJ
zke6}Jh%>0%EWaDXd5YwZ+G9^2ci7C)jB65T?@5lmQCi3k^lPYQD~x?c;`U(ft_*4j
zjtCs5=L73dreBKBdL;{5nX!K%p8<oKAaPTXeL^2Bh>nl;Y@iaLVgcE`ybi>@_=@!6
zbc?c@=|>dBNoV9DVF(D%)g57p68O6mQ5IU*94l#!HcKS|QXqEM8a3$#K!<g4JonEo
z(C4UXD!!3=(Q!Sv;!&Ifs{!ORoDC)$35YoIdtTSV1Z_#To70F<fZ4vSf@DLVWku8g
zT$`$65Ps8vxFHYkpR;C&`L;fJkf?!45hCs~;M91255>2E=S=!;dP+D9z2*%lTekl|
zu~2~Oxnc0SS`>81c_fL0x0v<s&*@EF+!%X&Q{*>apR>jDO^sjMBHNqlx!A6jHxKE}
zCM|IoZk;aiU|lGBUnLv6ET(+_jQIN=R_h-()dt79AG5_xGdmEtD(HCF6Y+x>&|(zN
zx~WuRaf5~Cj^)BXW6KI*N=2E0^wCJB4l7i~V|$*bQ0OJ#JSK0!l&=)Xc#qSq^TNJU
znmpKwW3`DU>^jG@+5O$e`;YJ5-+g=wu#1QGo-ykaBG9qgQBniF?AqIlDGsqCBsACi
z0=oLT5bHud2uCy$-(zJJAEdY20`4=*CR%!HAR3se6)jwk$$4=#;dnXTK6F~GpgX^E
z@evsg^DoR^o7xhs4D7P}hdG4Ov&cu;Xxo>g=wDY|2*ar!Lqud)*h&RP=vOS3g4X;8
z`ezFtH2`}*FalrKs3CX<;W3!8jaUebVLMRAz>fiU@#o0fQ1l~*-!?RDBN(|OTLa1d
zY3t`m|3SI5S1}E(qVsxFePVNl;hLE_NoEGJiF?JeX;!4cNqNjl+*Ht|{trLhaz^L&
z2-gW`(N@WX=MS*FDXJ`VHGmH04=qQ#BKQV1wzu+u*Drnz8DRlGi@^1-1j<1G-)b3w
zxyfqsEi9Vd{UI71;X5b5Hn@i?$_UuizpjEV@L6yo3P8$E0%N&sjT*`ALLG;M2V^S+
zK-atjU1bUOK!ml>1aS`OXX0G#-*SZwxhfVo-ddyD_Y{cB=?z1-JDz1B_>RBKK}IDV
zfB1c&P)ZX<2)LgwPZxE8+gSY|AH330pLc+SS80vAKj=a>fBK_F2*}G8)v&smV2Q-h
z6)B_>urVil0)xjk{Idd=05>AmHjYWP%WPDCf5$4<zY5}Nl$(G@u+U6%h(>2yO6+9i
z-VDX+!#n|$Z`!E12wVzQi&jQ63u_vXz%+LR=(2BP1SrZb>t}D(aak0LgBX|9afmz}
z2mRc4wve=}(>j^s4&&9}1D0NIDp28P<tGSKASUA~P&h7@u}N^zF7AyqH;tUIuJd$O
z6hafI>jdkKoN6d#>>vws|B|feXt|HD#y)rG=<!@uL<j7R$|ARmE}WmHEZ-qG?vi0d
zdz!>hOe3r2wgSw@X@Hgtq%cD-B8^gwKpD(#U)lQ@j)&w7xUeEyZi6IP>lM5JWPl<}
zdn&KB%1OM|?|ji<x0QitT~1w>Z#mj7@sZEU)iLdMH5h{!vU`z)wad_0Y{%9_#dg(<
z+l>f_+P@y|-|F_b{@d3B{p%tT#V@_9z_`1FENb*!9jbG{j{#h6PLx8cOt>x@w86(?
z@O$Vd7WS~0^g!TC3;4*9W{nUJ+WEl+3K&FQCleq({;r&$WbYuG4oEmg_>2UTD7R7D
z7rs9yytsqDz7X!Vr<BE~%^eTZtqACiz$Ec|cRFTj*>`<cUnXn-WgYv?2}n<gkG0_-
ziZ4CTK_e|-ChLSx#ATc2YWP##(gO7`4AUC`o96U6J@so~hdLXwczy81n2u-82G@KN
zoA+wPcMh68D}L8Egwky*Z%+8vSy0yvaCz#sF|wG8V34jpohWdqcZIQ;w`jw{J>R0n
z>R%7^Pn+^w2MURun83x7?mDB}FHTy*jR+j@SuZslLnMaL=FzYVavT3)FPh6`fR{$+
zAjqY4*i*;AmUE}kWvrzV#67$k0NZ1-L3Zq*30E@E)T>Rhm}H=u_W6{v?_Y3(tNFT~
zj}oC~M_oh$sUJ^{fS6Tm%fUh{0U`yfDdu55gNPjh-3!yCm4~&@9UreYFOCu0HWq!P
zQT~SA*YkeoIPcfnV&RHdLnnSmSf5!D(demY$3em7vN}+_Xcdf;Enz!dJddvIHZtO2
zGakMq%XZr1oiK?)n3ysda}$2g##oP~MMMFQg>fQk0QP=h1iRi*{oA(#y}MEqHH6zm
zU>q)DQKRq<)G_emMg2RwQ+)EU$dkRyg&YcTq2e%S%I^;g*LsTFm*N*PP0*KO;vge<
zw#n$uuJ&$EO5TE?7;s~?!1NF<#AW!k@E1XpB-FY2#t}Z}UYi@Y2jl@RLIPQ*Qxw==
zWbzRDE|@qqzQesi?QD&E1*Ug4z(P2`90_E-_(45^9LF&!!YZxFV;Kv?Zhstq2ccTx
z-f2yN&OMbR+Sz^=Ep{`B-yKPnPK6bPQ=xfg$090z?At1StY#h4d;kY8!lYnqMcit;
z&dt_Dp?Wr>^11HiK;ItcqXzMM35>?pF=`z4eqaPE4^jQwx7FV9;}ywc34Y7-;@4kD
z=HOyA(JvFG1bYJUFX9{oQ9mAu9*b=~{9Z=ZPp`%}ayN%Jrdx9Y;T%s)mB%jzpcq-;
zYrTo1uM&8J<##S-TxB_~(7ySa)y>_ENMuyWlL^y8N_UrTG~2(wK4}~jLI8-u_U^@j
z^kD%fd-)<_F7`&Gle*wRf8c26wo!Q6b>tLH>;kjC+e;ScdVe9-w|@Mvez>0_KD8*8
z>Cg{DgRR&53yqOJQ8))05?Zvs_iohw3pe~GxS!=U>hEwo-^m_W18dF*wDEP}SHQ}2
zW<j*{3RN_4Z6!zN%E0kb2vIw^Yp2zUv-2x;Ho-ha$ImFl&eo$b+FjU^*M?a`7vY@s
z%NppPb3KX#-a&W_X7D1Yz!<gzbqxF%@NLX!cz@bQE8u-JPR8{T!BhBbci?B4t_z&E
zq&scq?TLC=7(^ci<zaUAtowC5Jatky81zmg92`{LMlbgl`b_l5CoB?|he;kNr%G5(
z#8m6{$i1a6WKUC+AW0`+e9)6SI<SDkWx|Pv#0>Dv@mD8}?51?=fvQgGt(xF5jU}#z
zB97pn4s2z!H+Kz|KH`>lynp@d?aL>g2<aV}<54V>bY!R&o$F3A0NyiLasG^&A##+L
z?7`{=;bJ)(&+&<j#5UqA-r=zORCyqc3sF9S){%<av6w1X<3?4x3XID*8#NevKQMw_
z?Wq3k+kxH{p^h3y=|>$AKL$Lkm$_W?jX8m%LiV9Pk<Nl$M}DAyddLe?bFOpc#Pn9#
zz3?$>#0|<~MIX!@<PP=S^pvoi7C%flLDvU+bUZ07t1$eiywO!E?it6e<h0dJQ;Q$O
z&C=yP1P{}+@By^-JXx-rFJ;M+Ll|LJhz&M(h*E^9PdY7Rt<9{e@A-m`V8>2Mh6k`i
zhn{36yKm-(($?WzJNX2eI%V}iTnQ<Nt-H#|ZgvCERPZO|*!0E(L<*E_cUM-nYRq+?
zVf3-1%_e=ov_nMv)xM1pn3T6cY8n=b{$fXf?aKH72$P*`i8$hF)f2wCILH8Zov7y5
zNCE-y>Nz3vFn=nG?Pi*B7m`3;P(Mv7U{IFnDy=7R6~qqlF?xxmDb>}H4{_oTQEbNX
z2#IfmmeadZRbHd<6nTpoR+C(H)Ucv8Iv)Is%yNN~O}VAcg2ug3*DyHG%eXCMBOPTn
z)Pd1DRCOu*v>&$0`0C4ivZZh_$lKzL3HmZ7wYW-?DtX942UI}cwM+^w*on)eR1I~R
zy|~xEgc5<I1S;%ovBTsh4=_muF<;D$8?m0LbeF-a*)1+pG@!s%ABH{yt9~;YHr7P!
zhB(Y;m=;X7t$Ff2c?i+<U=J)w=)=C;<VrAUokHWTGbdj6+<mR><Y9K#v#EMVP6$hF
zx3z3zyT&xJm_aYNvW3ge2{J$ix$;T+-ZbX2@4OE0K*ffaLC!2@6GfH<Bq~i|T>evB
z?0X08>w@Z`cl)XvhPY^wJdY{9>ad{PLo(|<6YNm#Z=Esg0vI2lIQ~Lku`hNIicLm(
z;*9hWqc7v05$;Xs!(4-6TDF&-4wh3gTW-?Fq)t#jBtz%c8#`zHkY^-)?~RsjoaaMe
zf+0k>XG^=)mO`Ypnm~K!)(suNce3@>BFpAaX`Yt&s^TIWfNa@bW+@H62PD?8rc4x+
zc&q0CAjTf&JvRP0QVs(nVR*fXgtZz3^nvs)t;Z4`mr<bPGa3}x7wQdCrAmLQQZ--D
z_=_pkySHzT-rNVqH16;morNS#e^Wf()cBj0^`>1`QV4q^2oOzR1^cZIdB{^&wJ%Yw
zd51hEQD>$$ggg$KP8tc3p1d`WM+YmhTf$+St82eESQBvVxxP8nfc2Zfv0Pk;WLIdj
zYjgq^+L&EyU(euZn)%x(Lev199jb9NV_2@lj$u0pi~;S&PhUo)&72<8QSc)<nis1}
zpl^ye#(HR>qFB4Xs1w;c$b+Cy-;IiRz}z3#d>*P19us^u<91j+4||n1!U-JPpyfWN
zV~go;lB)Vzl;#T^5^06KL$AE@BGZT3pjzH(R>Tmzf@hh1$(CC<%ac5r2l-iM$On(@
z3op{t%X}Tp8{Z_Yv$eT*hB?9nn5kN^Ocz;m$vgc*&}X|^-F|v7cXvVVj#eMA*%*~W
zgK<nsjaX02Cm}r4hAmjE$T4&hAY(;Y>a6<{E7YrVCmdu}uh*5LjVmHKlCsa`BhEH5
zjVw=wzAffF3d%Pik*5}nl5q!TtYcxWE@j5FYXp$xT){YOm)T1o6y`($bETiqh=4~P
zPvXYZdQwLvCgWiRum2QjG<?R!Y@2Fu_RKel#JU~1Gwk}_hVIKOVVlK&p9u4C$sCk2
bvm0wSeGr=Vu+q+hSc3?o8C)Xf`{(}w>L?lb

delta 3761
zcmb_fdrVVj6i=ars!U!*KweVRK|$%Il*esAamE<b1v9f`4lJ#GSRQ?gW2`=gI$w*a
zCvjW0D4AKZx#5Hh&IK?^=7XRDCYv%J!R(J^hB?We*^;^QUAX1mdO>FV=gaN)I=^$i
z^ZT9C&aTi8`$7^7G*w79d1xx1RvPMTR(rkK?$vt@FmyRzqrwkkomr`Sa^31-XDM2#
z(r<RuZLPQCgn`z;aq8R)R37g#@YkOSE1;ELgB3qJ;PK7yxp;A-)4a~$96vMEofLHD
zku+}E_!+&;L@X83N}Jtlwwm2aoe$x#hHZ9}`3*B`IFEHgV3%^~A_NonEy)}Z%0+XZ
z_bv0`JQE&6{IGkxZUfq3ucYAgYD-ieS`q|i`@o7IuwAx=5o+Ep7#mmskMEQudFbHN
zR*&9hwAAX0Av&BEqI-s0itv_V&W|ozMi@RK3G>tK7d{vJ1<!0>`&{hjKeK(!%<adD
zydu<XDVsj-{KP{Raqmt+RCpls#9wU6lVum^875vbLZ0dx^|UctDN#Y2dLtRj75-Vv
zBr5-!1^8>Yw;x&(rA&#WJmg4gIL_R?m<b=<%78c97lBGPPtK7N_Q?Ll<(AbAFdF^<
z{tkPD?2<|eUng#MWyC^ud?{|Ki%-Sz-T3dIGcg<53f_T-Sz0C~@gFHpC#7nj#V3Vg
zSp<yaB!D;dtVG4+rl~@3aqRUb9LJHmGG0#MDHY0w(d}@UCIt%o)J@jHLe<+RDw-vr
z)-*u%H{CFDwvWlrbWV75{o|}7IdfQ>`}apcnlBEP=3I&A9MkjEMoTxrV0sGdytWux
za#O(m$tLFH5}gDwx#$My$sG%z!#IMMQa}Nv#yK0c2*+a^u0wU6oWsOC$U6`^2NlGz
z&2Dz1G(yy2HH^${9*=bD#%%bdTRs6S9eRqk%?fM=i7HkUq9zF9U#?0R+#v%wZ9xS5
z__ft2=3>y$JzIm#wAE0jhecG`GG0jYgv)08W_P30YjfE3wdTgjI6qMcNXkHo<U%y6
zxA4$3m4IYbBo-z92{;}j$gtfaH=^8&%ucE9h0wOzoTAYP91jAyW1tM~$>u?YeD8}M
zdfL4cx=s|47J-4{&St@H11Y33%<wiXNaWwna4*rq=Vw_%ET=uiXQF~JK`(^~0YYc_
zlCl9)PrfD{$E8<<6xhA?_X!#vyE>Wfv?&69uBZ`B@O)u{Gp*~33I7C{T^<iVRF>du
zMinu7Y(qcHKI{i)bT)H+(~1y|fUvXvGQ4K&C%p-7OWl|Wzi#%jgxlxLh4)RWI58C{
zgoj5>pnoNa(*dT+oE5B2Z8cSRWpu3y#jCXTPoiwITQi~B`2|iyy4G@<vB#1CqwagS
z9ME4V^}d9^cY7D&=%=o7*rB4ii+R|vDuACk(>Nv>7Yh_I2=yIdvG*lLzzN@a7-0o_
z)Z~KY2c^uZ?RzBw@j8DfO{yi*EC^eTBB}`0$Za*)Z5{(lbRr35d`Sr2Af(Q8qA+sy
zl33PE-5Zh`Bc=$VX@QL(7;@ra`S*GS_K89rA=x>tPGF$1a;0f7CIa_`-T@JY!E*_a
zrrwv1Bzem2|4kDG9NM)4p$zTHz%jU5R5V+qVwHg_SxHd2-y#~D0wHBc*@BZxDw!Jx
zG{Mwii}a^-7VpW?OShwrwA)<&&1?L%*!cGa_=E`x%hyREs%aIBM6ZF;bzz|S+>fY*
zt-ltAy0L;{mFFsMb!#cfSKP)cw|QW=W(*KbG-nCkQ(qR%=ix<Z_gEbPv}_Nvvt9~|
zJ7SpZ({Y5Tq=`{>%!8WtSA#7^pH7C+_S?8gKn<+s`JJ)wM+d3qS)GKLT>paI1z{%J
zCvEvEbK;G-HimO>eos4bFiPNHke0!t1x6@m8jz+kczmup2n6wUS8p-S_VgyAiVXKk
zLh;Ali#{ByE_p?^UmB#7d7;6l-0CsAC!Z2ZYx|+%vpL)gGL1Lh3ms3g*{y6JCiA*&
zb}OvBb@WO2LA^#8k`6Nk)Gi&Ix)TXMSrqW~u#^1DLTIEj+<rR}_70T52g4E2b7u#<
bb^Av_ml%s!&Gk-)+u&|g>Ws8n=kxssYtD)Z

diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 7107122..7be6529 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -15,17 +15,17 @@
         <testsuite name="app">
             <directory>tests/TestCase/</directory>
         </testsuite>
-        <!-- Add plugin test suites here. -->
+        <testsuite name="controller">
+            <directory>./tests/TestCase/Controller</directory>
+        </testsuite>
+        <testsuite name="api">
+            <directory>./tests/TestCase/Api</directory>
+        </testsuite>
     </testsuites>
 
-    <!-- Setup a listener for fixtures -->
-    <listeners>
-        <listener class="Cake\TestSuite\Fixture\FixtureInjector">
-            <arguments>
-                <object class="Cake\TestSuite\Fixture\FixtureManager"/>
-            </arguments>
-        </listener>
-    </listeners>
+    <extensions>
+        <extension class="\Cake\TestSuite\Fixture\PHPUnitExtension" />
+    </extensions>
 
     <!-- Ignore vendor tests in code coverage reports -->
     <filter>
diff --git a/src/Model/Table/AuditLogsTable.php b/src/Model/Table/AuditLogsTable.php
index efd6339..7987af6 100644
--- a/src/Model/Table/AuditLogsTable.php
+++ b/src/Model/Table/AuditLogsTable.php
@@ -163,8 +163,8 @@ class AuditLogsTable extends AppTable
         if ($this->user !== null) {
             return $this->user;
         }
-
-        $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT];
+        
+        $this->user = ['id' => 0, /*'org_id' => 0, */'authkey_id' => 0, 'request_type' => self::REQUEST_TYPE_DEFAULT, 'name' => ''];
 
         $isShell = (php_sapi_name() === 'cli');
         if ($isShell) {
diff --git a/tests/Fixture/AuthKeysFixture.php b/tests/Fixture/AuthKeysFixture.php
new file mode 100644
index 0000000..5924c5b
--- /dev/null
+++ b/tests/Fixture/AuthKeysFixture.php
@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
+
+class AuthKeysFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const ADMIN_API_KEY = '4cd687b314a3b9c4d83264e6195b9a3706ef4c2f';
+
+    public function init(): void
+    {
+        $hasher = new DefaultPasswordHasher();
+
+        $this->records = [
+            [
+                'id' => 1,
+                'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e5',
+                'authkey' => $hasher->hash(self::ADMIN_API_KEY),
+                'authkey_start' => '4cd6',
+                'authkey_end' => '4c2f',
+                'expiration' => 0,
+                'user_id' => 1,
+                'comment' => '',
+                'created' => time(),
+                'modified' => time()
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/Fixture/IndividualsFixture.php b/tests/Fixture/IndividualsFixture.php
new file mode 100644
index 0000000..31261f2
--- /dev/null
+++ b/tests/Fixture/IndividualsFixture.php
@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class IndividualsFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public $records = [
+        [
+            'id' => 1,
+            'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e1',
+            'email' => 'admin@admin.test',
+            'first_name' => 'admin',
+            'last_name' => 'admin',
+            'position' => 'admin',
+            'created' => '2022-01-04 10:00:00',
+            'modified' => '2022-01-04 10:00:00'
+        ]
+    ];
+}
diff --git a/tests/Fixture/RolesFixture.php b/tests/Fixture/RolesFixture.php
new file mode 100644
index 0000000..ced82a1
--- /dev/null
+++ b/tests/Fixture/RolesFixture.php
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+
+class RolesFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public $records = [
+        [
+            'id' => 1,
+            'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e4',
+            'name' => 'admin',
+            'is_default' => true,
+            'perm_admin' => true,
+            'perm_sync' => true,
+            'perm_org_admin' => true
+        ]
+    ];
+}
diff --git a/tests/Fixture/UsersFixture.php b/tests/Fixture/UsersFixture.php
new file mode 100644
index 0000000..df6b8bd
--- /dev/null
+++ b/tests/Fixture/UsersFixture.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\Fixture;
+
+use Cake\TestSuite\Fixture\TestFixture;
+use Authentication\PasswordHasher\DefaultPasswordHasher;
+
+class UsersFixture extends TestFixture
+{
+    public $connection = 'test';
+
+    public const ADMIN_USER = 'admin';
+    public const ADMIN_PASSWORD = 'Password1234';
+
+    public function init(): void
+    {
+        $hasher = new DefaultPasswordHasher();
+
+
+        $this->records = [
+            [
+                'id' => 1,
+                'uuid' => '3ebfbe50-e7d2-406e-a092-f031e604b6e5',
+                'username' => self::ADMIN_USER,
+                'password' => $hasher->hash(self::ADMIN_PASSWORD),
+                'role_id' => 1,
+                'individual_id' => 1,
+                'disabled' => 0,
+                'organisation_id' => 1,
+                'created' => '2022-01-04 10:00:00',
+                'modified' => '2022-01-04 10:00:00'
+            ]
+        ];
+        parent::init();
+    }
+}
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..898e249
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,48 @@
+# Testing
+Add a test database to your `config/app_local.php` config file and set `debug` mode to `true`.
+```php
+'debug' => true,
+'Datasources' => [
+    'default' => [
+        ...
+    ],
+    /*
+        * The test connection is used during the test suite.
+        */
+    'test' => [
+        'host' => 'localhost',
+        'username' => 'cerebrate',
+        'password' => 'cerebrate',
+        'database' => 'cerebrate_test',
+    ],
+],
+```
+
+## Runing the tests
+
+```
+$ composer install
+$ vendor/bin/phpunit
+PHPUnit 8.5.22 by Sebastian Bergmann and contributors.
+
+.....                                     5 / 5 (100%)
+
+Time: 11.61 seconds, Memory: 26.00 MB
+
+OK (5 tests, 15 assertions)
+```
+
+Running a specific suite:
+```
+$ vendor/bin/phpunit --testsuite=api
+```
+Available suites:
+* `app`: runs all test suites
+* `api`: runs only api tests
+* `controller`: runs only controller tests
+* _to be continued ..._
+
+By default the database is re-generated before running the test suite, to skip this step and speed up the test run use the `-d skip-migrations` option:
+```
+$ vendor/bin/phpunit -d skip-migrations
+```
diff --git a/tests/TestCase/Api/UsersApiTest.php b/tests/TestCase/Api/UsersApiTest.php
new file mode 100644
index 0000000..5353305
--- /dev/null
+++ b/tests/TestCase/Api/UsersApiTest.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Api;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\AuthKeysFixture;
+use App\Test\Fixture\UsersFixture;
+
+class UsersApiTest extends TestCase
+{
+    use IntegrationTestTrait;
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users',
+        'app.AuthKeys'
+    ];
+
+    public function testViewMe(): void
+    {
+        // ugly hack, $_SERVER['HTTP_AUTHORIZATION'] is not set automatically in test environment
+        $_SERVER['HTTP_AUTHORIZATION'] = AuthKeysFixture::ADMIN_API_KEY;
+        $this->configRequest([
+            'headers' => [
+                // this does not work: https://book.cakephp.org/4/en/development/testing.html#testing-stateless-authentication-and-apis
+                // 'Authorization' => AuthKeysFixture::ADMIN_API_KEY,
+                'Accept' => 'application/json'
+            ]
+        ]);
+
+        $this->get('/users/view');
+
+        $this->assertResponseOk();
+        $this->assertResponseContains(sprintf('"username": "%s"', UsersFixture::ADMIN_USER));
+    }
+}
diff --git a/tests/TestCase/ApplicationTest.php b/tests/TestCase/ApplicationTest.php
index cd09f1e..e2d3183 100644
--- a/tests/TestCase/ApplicationTest.php
+++ b/tests/TestCase/ApplicationTest.php
@@ -40,10 +40,14 @@ class ApplicationTest extends IntegrationTestCase
         $app->bootstrap();
         $plugins = $app->getPlugins();
 
-        $this->assertCount(3, $plugins);
+        $this->assertCount(7, $plugins);
         $this->assertSame('Bake', $plugins->get('Bake')->getName());
         $this->assertSame('DebugKit', $plugins->get('DebugKit')->getName());
         $this->assertSame('Migrations', $plugins->get('Migrations')->getName());
+        $this->assertSame('Authentication', $plugins->get('Authentication')->getName());
+        $this->assertSame('ADmad/SocialAuth', $plugins->get('ADmad/SocialAuth')->getName());
+        $this->assertSame('Tags', $plugins->get('Tags')->getName());
+        $this->assertSame('Cake/TwigView', $plugins->get('Cake/TwigView')->getName());
     }
 
     /**
diff --git a/tests/TestCase/Controller/PagesControllerTest.php b/tests/TestCase/Controller/PagesControllerTest.php
deleted file mode 100644
index f2958f9..0000000
--- a/tests/TestCase/Controller/PagesControllerTest.php
+++ /dev/null
@@ -1,126 +0,0 @@
-<?php
-declare(strict_types=1);
-
-/**
- * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
- * @link          https://cakephp.org CakePHP(tm) Project
- * @since         1.2.0
- * @license       https://opensource.org/licenses/mit-license.php MIT License
- */
-namespace App\Test\TestCase\Controller;
-
-use Cake\Core\Configure;
-use Cake\TestSuite\IntegrationTestTrait;
-use Cake\TestSuite\TestCase;
-
-/**
- * PagesControllerTest class
- *
- * @uses \App\Controller\PagesController
- */
-class PagesControllerTest extends TestCase
-{
-    use IntegrationTestTrait;
-
-    /**
-     * testMultipleGet method
-     *
-     * @return void
-     */
-    public function testMultipleGet()
-    {
-        $this->get('/');
-        $this->assertResponseOk();
-        $this->get('/');
-        $this->assertResponseOk();
-    }
-
-    /**
-     * testDisplay method
-     *
-     * @return void
-     */
-    public function testDisplay()
-    {
-        $this->get('/pages/home');
-        $this->assertResponseOk();
-        $this->assertResponseContains('CakePHP');
-        $this->assertResponseContains('<html>');
-    }
-
-    /**
-     * Test that missing template renders 404 page in production
-     *
-     * @return void
-     */
-    public function testMissingTemplate()
-    {
-        Configure::write('debug', false);
-        $this->get('/pages/not_existing');
-
-        $this->assertResponseError();
-        $this->assertResponseContains('Error');
-    }
-
-    /**
-     * Test that missing template in debug mode renders missing_template error page
-     *
-     * @return void
-     */
-    public function testMissingTemplateInDebug()
-    {
-        Configure::write('debug', true);
-        $this->get('/pages/not_existing');
-
-        $this->assertResponseFailure();
-        $this->assertResponseContains('Missing Template');
-        $this->assertResponseContains('Stacktrace');
-        $this->assertResponseContains('not_existing.php');
-    }
-
-    /**
-     * Test directory traversal protection
-     *
-     * @return void
-     */
-    public function testDirectoryTraversalProtection()
-    {
-        $this->get('/pages/../Layout/ajax');
-        $this->assertResponseCode(403);
-        $this->assertResponseContains('Forbidden');
-    }
-
-    /**
-     * Test that CSRF protection is applied to page rendering.
-     *
-     * @reutrn void
-     */
-    public function testCsrfAppliedError()
-    {
-        $this->post('/pages/home', ['hello' => 'world']);
-
-        $this->assertResponseCode(403);
-        $this->assertResponseContains('CSRF');
-    }
-
-    /**
-     * Test that CSRF protection is applied to page rendering.
-     *
-     * @reutrn void
-     */
-    public function testCsrfAppliedOk()
-    {
-        $this->enableCsrfToken();
-        $this->post('/pages/home', ['hello' => 'world']);
-
-        $this->assertResponseCode(200);
-        $this->assertResponseContains('CakePHP');
-    }
-}
diff --git a/tests/TestCase/Controller/UsersControllerTest.php b/tests/TestCase/Controller/UsersControllerTest.php
new file mode 100644
index 0000000..0c856e8
--- /dev/null
+++ b/tests/TestCase/Controller/UsersControllerTest.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Test\TestCase\Controller;
+
+use Cake\TestSuite\IntegrationTestTrait;
+use Cake\TestSuite\TestCase;
+use App\Test\Fixture\UsersFixture;
+
+class UsersControllerTest extends TestCase
+{
+    use IntegrationTestTrait;
+
+    protected $fixtures = [
+        'app.Individuals',
+        'app.Roles',
+        'app.Users'
+    ];
+    public function testLogin(): void
+    {
+        $this->enableCsrfToken();
+        $this->enableSecurityToken();
+
+        $this->post('/users/login', [
+            'username' => UsersFixture::ADMIN_USER,
+            'password' => UsersFixture::ADMIN_PASSWORD,
+        ]);
+
+        $this->assertSessionHasKey('authUser.uuid');
+    }
+}
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 962815c..f8088be 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -1,4 +1,5 @@
 <?php
+
 declare(strict_types=1);
 
 /**
@@ -17,6 +18,8 @@ declare(strict_types=1);
 
 use Cake\Core\Configure;
 use Cake\Datasource\ConnectionManager;
+use Cake\TestSuite\Fixture\SchemaLoader;
+use Migrations\TestSuite\Migrator;
 
 /**
  * Test runner bootstrap.
@@ -50,3 +53,17 @@ ConnectionManager::alias('test_debug_kit', 'debug_kit');
 // does not allow the sessionid to be set after stdout
 // has been written to.
 session_id('cli');
+
+// Load db schema from mysql.sql and run migrations
+// super hacky way to skip migrations
+if (!in_array('skip-migrations', $_SERVER['argv'])) {
+    // TODO: Removing mysql.sql and relying only in migrations would be ideal
+    // in the meantime, `'skip' => ['*']`, prevents migrations from droping already created tables
+    (new SchemaLoader())->loadSqlFiles('./INSTALL/mysql.sql', 'test');
+    $migrator = new Migrator();
+    $migrator->runMany([
+        ['connection' => 'test', 'skip' => ['*']],
+        ['plugin' => 'Tags', 'connection' => 'test', 'skip' => ['*']],
+        ['plugin' => 'ADmad/SocialAuth', 'connection' => 'test', 'skip' => ['*']]
+    ]);
+}