feat(API): change to jwt authentication.

tienda_ilusion/users/tests.py

@@ -0,0 +1,51 @@
+from django.test import TestCase
+from django.urls import reverse
+from django.contrib.auth.models import User
+from rest_framework.test import APIClient
+from rest_framework_simplejwt.tokens import RefreshToken
+
+
+class MeEndpointTests(TestCase):
+    def setUp(self):
+        self.user = User.objects.create_superuser(
+            username='admin',
+            email='admin@example.com',
+            password='adminpass'
+        )
+
+        refresh = RefreshToken.for_user(self.user)
+        self.access_token = str(refresh.access_token)
+
+        self.client = APIClient()
+        self.client.credentials(
+            HTTP_AUTHORIZATION=f'Bearer {self.access_token}')
+
+    def test_me_endpoint_returns_correct_user_data(self):
+        """
+        Verifica que GET /api/users/me/ devuelve los datos del usuario
+        autenticado.
+        """
+        url = reverse('current-user')
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 200)
+
+        expected_fields = {'id', 'username', 'email',
+                           'first_name', 'last_name'}
+        self.assertTrue(expected_fields.issubset(response.json().keys()))
+
+        data = response.json()
+        self.assertEqual(data['username'], self.user.username)
+        self.assertEqual(data['email'], self.user.email)
+        self.assertEqual(data['first_name'], self.user.first_name)
+        self.assertEqual(data['last_name'], self.user.last_name)
+
+    def test_me_endpoint_requires_authentication(self):
+        """
+        Sin token el endpoint debe devolver 401 Unauthorized.
+        """
+        client_no_auth = APIClient()
+        url = reverse('current-user')
+        response = client_no_auth.get(url)
+
+        self.assertEqual(response.status_code, 401)