# Hardware Binding Blackbox Tests

**Task**: AZ-192_hardware_tests
**Name**: Hardware Binding Blackbox Tests
**Description**: Implement blackbox tests for hardware fingerprint binding, validation, and mismatch
**Complexity**: 3 points
**Dependencies**: AZ-189_test_infrastructure, AZ-190_auth_tests
**Component**: Blackbox Tests
**Tracker**: AZ-192
**Epic**: AZ-188

## Problem

Hardware binding is a critical security feature with no automated tests. A regression could allow unauthorized devices to access resources.

## Outcome

- First hardware check stores the fingerprint (FT-P-04)
- Same hardware passes on subsequent checks (FT-P-05)
- Different hardware triggers mismatch error (FT-N-06)

## Scope

### Included
- Hardware check endpoint (POST /resources/check)
- First-time binding, repeat validation, mismatch

### Excluded
- Admin hardware reset (covered in user management tests)

## Acceptance Criteria

**AC-1: First hardware binding**
Given a user with no hardware bound
When POST /resources/check is called with a hardware string
Then HTTP 200 with body true

**AC-2: Repeat hardware check**
Given a user with hardware already bound
When POST /resources/check is called with the same hardware
Then HTTP 200 with body true

**AC-3: Hardware mismatch**
Given a user with hardware bound to fingerprint A
When POST /resources/check is called with fingerprint B
Then HTTP 409 with ExceptionEnum code 40

## Blackbox Tests

| AC Ref | Initial Data/Conditions | What to Test | Expected Behavior | NFR References |
|--------|------------------------|-------------|-------------------|----------------|
| AC-1 | New user, no hardware | POST /resources/check first time | HTTP 200, true | — |
| AC-2 | User with hardware A | POST /resources/check same hw | HTTP 200, true | — |
| AC-3 | User with hardware A | POST /resources/check different hw | HTTP 409, code 40 | — |