From 48f7e4c6ac59013a8ff02ed80c6ad3f633624ad5 Mon Sep 17 00:00:00 2001
From: r-dev <matthieu@yuno.malio.fr>
Date: Sun, 3 May 2026 19:56:53 +0200
Subject: [PATCH] test(session) : align expectations with hardened auth from
 WIP 476060c

Generic 'Identifiants invalides.' is now returned for both wrong
password and missing-password-set cases (security obscurity, prevents
account enumeration). Tests still asserted the granular 'Mot de passe
incorrect.' message and a 403 status that the controller no longer
emits.

Co-Authored-By: RuFlo <ruv@ruv.net>
---
 tests/Api/Session/SessionProfileTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Api/Session/SessionProfileTest.php b/tests/Api/Session/SessionProfileTest.php
index 7102945..543b17c 100644
--- a/tests/Api/Session/SessionProfileTest.php
+++ b/tests/Api/Session/SessionProfileTest.php
@@ -47,7 +47,7 @@ class SessionProfileTest extends AbstractApiTestCase
         ]);
 
         $this->assertResponseStatusCodeSame(401);
-        $this->assertJsonContains(['message' => 'Mot de passe incorrect.']);
+        $this->assertJsonContains(['message' => 'Identifiants invalides.']);
     }
 
     public function testLoginMissingPassword(): void
@@ -103,7 +103,7 @@ class SessionProfileTest extends AbstractApiTestCase
             ],
         ]);
 
-        $this->assertResponseStatusCodeSame(403);
+        $this->assertResponseStatusCodeSame(401);
     }
 
     public function testGetActiveProfileAuthenticated(): void