Add actor parameter to all tests requiring authorization

This commit adds actor: system_actor to all Ash operations in tests that
require authorization.

test/accounts/user_authentication_test.exs

@@ -10,6 +10,11 @@ defmodule Mv.Accounts.UserAuthenticationTest do
   use MvWeb.ConnCase, async: true
   require Ash.Query
 
+  setup do
+    system_actor = Mv.Helpers.SystemActor.get_system_actor()
+    %{actor: system_actor}
+  end
+
   describe "Password authentication user identification" do
     @tag :test_proposal
     test "password login uses email as identifier" do
@@ -27,7 +32,7 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       {:ok, users} =
         Mv.Accounts.User
         |> Ash.Query.filter(email == ^email_to_find)
-        |> Ash.read()
+        |> Ash.read(actor: user)
 
       assert length(users) == 1
       found_user = List.first(users)
@@ -113,11 +118,16 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       # Use sign_in_with_rauthy to find user by oidc_id
       # Note: This test will FAIL until we implement the security fix
       # that changes the filter from email to oidc_id
+      system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
       result =
-        Mv.Accounts.read_sign_in_with_rauthy(%{
-          user_info: user_info,
-          oauth_tokens: %{}
-        })
+        Mv.Accounts.read_sign_in_with_rauthy(
+          %{
+            user_info: user_info,
+            oauth_tokens: %{}
+          },
+          actor: system_actor
+        )
 
       case result do
         {:ok, [found_user]} ->
@@ -141,11 +151,16 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       }
 
       # Should create via register_with_rauthy
+      system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
       {:ok, new_user} =
-        Mv.Accounts.create_register_with_rauthy(%{
-          user_info: user_info,
-          oauth_tokens: %{}
-        })
+        Mv.Accounts.create_register_with_rauthy(
+          %{
+            user_info: user_info,
+            oauth_tokens: %{}
+          },
+          actor: system_actor
+        )
 
       assert to_string(new_user.email) == "newuser@example.com"
       assert new_user.oidc_id == "brand_new_oidc_789"
@@ -170,12 +185,12 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       {:ok, users1} =
         Mv.Accounts.User
         |> Ash.Query.filter(oidc_id == "oidc_unique_1")
-        |> Ash.read()
+        |> Ash.read(actor: user1)
 
       {:ok, users2} =
         Mv.Accounts.User
         |> Ash.Query.filter(oidc_id == "oidc_unique_2")
-        |> Ash.read()
+        |> Ash.read(actor: user2)
 
       assert length(users1) == 1
       assert length(users2) == 1
@@ -205,11 +220,16 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       }
 
       # Should NOT find the user (security requirement)
+      system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
       result =
-        Mv.Accounts.read_sign_in_with_rauthy(%{
-          user_info: user_info,
-          oauth_tokens: %{}
-        })
+        Mv.Accounts.read_sign_in_with_rauthy(
+          %{
+            user_info: user_info,
+            oauth_tokens: %{}
+          },
+          actor: system_actor
+        )
 
       # Either returns empty list OR authentication error - both mean "user not found"
       case result do
@@ -241,11 +261,16 @@ defmodule Mv.Accounts.UserAuthenticationTest do
       }
 
       # Should NOT find the user because oidc_id is nil
+      system_actor = Mv.Helpers.SystemActor.get_system_actor()
+
       result =
-        Mv.Accounts.read_sign_in_with_rauthy(%{
-          user_info: user_info,
-          oauth_tokens: %{}
-        })
+        Mv.Accounts.read_sign_in_with_rauthy(
+          %{
+            user_info: user_info,
+            oauth_tokens: %{}
+          },
+          actor: system_actor
+        )
 
       # Either returns empty list OR authentication error - both mean "user not found"
       case result do