diff --git a/src/test/java/com/example/bankcards/controller/AuthControllerTest.java b/src/test/java/com/example/bankcards/controller/AuthControllerTest.java
new file mode 100644
index 0000000..9b5853d
--- /dev/null
+++ b/src/test/java/com/example/bankcards/controller/AuthControllerTest.java
@@ -0,0 +1,89 @@
+package com.example.bankcards.controller;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import com.example.bankcards.dto.AuthResponse;
+import com.example.bankcards.dto.LoginRequest;
+import com.example.bankcards.dto.RegisterRequest;
+import com.example.bankcards.security.JwtAuthenticationFilter;
+import com.example.bankcards.security.JwtService;
+import com.example.bankcards.service.AuthService;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.FilterType;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+
+@WebMvcTest(
+    controllers = AuthController.class,
+    excludeFilters = @ComponentScan.Filter(
+        type = FilterType.ASSIGNABLE_TYPE,
+        classes = JwtAuthenticationFilter.class
+    )
+)
+class AuthControllerTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @MockBean
+    private AuthService authService;
+
+    @MockBean
+    private JwtService jwtService;
+
+    @MockBean
+    private UserDetailsService userDetailsService;
+
+    @Test
+    @WithMockUser
+    void login_invalidBody_returns400() throws Exception {
+        LoginRequest req = new LoginRequest();
+
+        mockMvc
+            .perform(
+                post("/api/auth/login")
+                    .with(csrf())
+                    .contentType(MediaType.APPLICATION_JSON)
+                    .content(objectMapper.writeValueAsString(req))
+            )
+            .andExpect(status().isBadRequest());
+    }
+
+    @Test
+    @WithMockUser
+    void register_success_returns200() throws Exception {
+        RegisterRequest req = new RegisterRequest();
+        req.setUsername("user1");
+        req.setEmail("user1@test.com");
+        req.setPassword("password123");
+
+        when(authService.register(any())).thenReturn(
+            new AuthResponse("token", "user1", "ROLE_USER")
+        );
+
+        mockMvc
+            .perform(
+                post("/api/auth/register")
+                    .with(csrf())
+                    .contentType(MediaType.APPLICATION_JSON)
+                    .content(objectMapper.writeValueAsString(req))
+            )
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$.token").value("token"));
+    }
+}
diff --git a/src/test/java/com/example/bankcards/service/AuthServiceTest.java b/src/test/java/com/example/bankcards/service/AuthServiceTest.java
new file mode 100644
index 0000000..df84949
--- /dev/null
+++ b/src/test/java/com/example/bankcards/service/AuthServiceTest.java
@@ -0,0 +1,97 @@
+package com.example.bankcards.service;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.*;
+
+import com.example.bankcards.dto.RegisterRequest;
+import com.example.bankcards.entity.Role;
+import com.example.bankcards.entity.User;
+import com.example.bankcards.exception.BadRequestException;
+import com.example.bankcards.repository.UserRepository;
+import com.example.bankcards.security.JwtService;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@ExtendWith(MockitoExtension.class)
+class AuthServiceTest {
+
+    @Mock
+    private UserRepository userRepository;
+
+    @Mock
+    private PasswordEncoder passwordEncoder;
+
+    @Mock
+    private JwtService jwtService;
+
+    @Mock
+    private AuthenticationManager authenticationManager;
+
+    @Mock
+    private UserDetailsService userDetailsService;
+
+    @InjectMocks
+    private AuthService authService;
+
+    @Test
+    void register_duplicateUsername_throwsBadRequest() {
+        RegisterRequest req = new RegisterRequest();
+        req.setUsername("existing");
+        req.setEmail("new@test.com");
+        req.setPassword("password");
+
+        when(userRepository.existsByUsername("existing")).thenReturn(true);
+
+        assertThatThrownBy(() -> authService.register(req))
+            .isInstanceOf(BadRequestException.class)
+            .hasMessageContaining("Username already taken");
+    }
+
+    @Test
+    void register_success() {
+        RegisterRequest req = new RegisterRequest();
+        req.setUsername("newuser");
+        req.setEmail("new@test.com");
+        req.setPassword("password");
+
+        when(userRepository.existsByUsername("newuser")).thenReturn(false);
+        when(userRepository.existsByEmail("new@test.com")).thenReturn(false);
+        when(passwordEncoder.encode(any())).thenReturn("encoded");
+
+        User savedUser = User.builder()
+            .id(1L)
+            .username("newuser")
+            .email("new@test.com")
+            .password("encoded")
+            .role(Role.ROLE_USER)
+            .build();
+        when(userRepository.save(any())).thenReturn(savedUser);
+
+        UserDetails mockDetails =
+            org.springframework.security.core.userdetails.User.withUsername(
+                "newuser"
+            )
+                .password("encoded")
+                .authorities("ROLE_USER")
+                .build();
+        when(userDetailsService.loadUserByUsername("newuser")).thenReturn(
+            mockDetails
+        );
+        when(jwtService.generateToken(any())).thenReturn("token");
+
+        var response = authService.register(req);
+
+        assertThat(response.getToken()).isEqualTo("token");
+        assertThat(response.getUsername()).isEqualTo("newuser");
+        verify(userRepository).save(any());
+    }
+}