admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
e-ticket/tests/Controller/InvitationFlowTest.php

426 lines
15 KiB
PHP
Raw Permalink Normal View History

Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization Billetterie: - Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration) - Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction - Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set - Disable checkout when event ended (server 400 + template hide) - Webhook deduplication via cache (24h TTL on stripe event.id) - Email validation (filter_var) in OrderController guest flow - JSON cart validation (structure check before processing) - Invitation expiration after 7 days (isExpired method + landing page message) - Stripe Checkout fallback when JS fails to load (noscript + redirect) Config externalization: - Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml - Replace all hardcoded contact@e-cosplay.fr across 13 files - MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin UX & Accessibility: - ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End) - aria-label on cart +/- buttons and editor toolbar buttons - tabindex=0 on editor toolbar buttons for keyboard access - data-confirm handler in app.js (was only in admin.js) - Cart error feedback on checkout failure - Billet designer save feedback (loading/success/error states) - Stock polling every 30s with rupture/low stock badges - Back to event link on payment page Security: - HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed - Stripe polling timeout (15s max) with fallback redirect - Rate limiting on public order access (20/5min) - .catch() on all fetch() calls (sortable, billet-designer) Tests (92% PHP, 100% JS lines): - PCOV added to dev Dockerfile - Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key - Rate limiter disabled in test env - Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js - New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4) - New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest - New tests: Stripe webhook payment_failed (6) + charge.refunded (6) - New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration - JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9) - ESLint + PHP CS Fixer: 0 errors - SonarQube exclusions aligned with vitest coverage config Infra: - Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am - MeilisearchService: getAllDocumentIds(), listIndexes() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
<?php
namespace App\Tests\Controller;
use App\Entity\OrganizerInvitation;
use App\Entity\User;
use App\Service\MailerService;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
class InvitationFlowTest extends WebTestCase
{
private function createInvitation(EntityManagerInterface $em, string $status = OrganizerInvitation::STATUS_SENT, ?string $email = null): OrganizerInvitation
{
$invitation = new OrganizerInvitation();
$invitation->setCompanyName('Asso Test '.uniqid());
$invitation->setFirstName('Jean');
$invitation->setLastName('Dupont');
$invitation->setEmail($email ?? 'invite-'.uniqid().'@example.com');
$invitation->setOffer('basic');
$invitation->setCommissionRate(2.5);
$invitation->setStatus($status);
$em->persist($invitation);
$em->flush();
return $invitation;
}
// --- viewInvitation ---
public function testViewInvitationReturnsSuccess(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em);
$client->request('GET', '/invitation/'.$invitation->getToken());
self::assertResponseIsSuccessful();
}
public function testViewInvitationMarksAsOpened(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em);
self::assertSame(OrganizerInvitation::STATUS_SENT, $invitation->getStatus());
$client->request('GET', '/invitation/'.$invitation->getToken());
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_OPENED, $invitation->getStatus());
}
public function testViewInvitationAlreadyOpenedStaysOpened(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_OPENED);
$client->request('GET', '/invitation/'.$invitation->getToken());
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_OPENED, $invitation->getStatus());
}
Reduce cognitive complexity, improve test coverage, fix SonarQube issues Cognitive complexity refactors: - cart.js: extract buildCart, handleCheckout, updateStockLabel, updateItemStock, startStockPolling (21→~8) - tabs.js: use .at(-1) instead of [length-1] - MeilisearchConsistencyCommand: extract checkAllIndexes, accumulate, reportSummary (18→~8) - TranslateCommand: extract processDomain, processLanguage, loadExisting, findMissingKeys, removeObsoleteKeys, handleUpToDate, mergeAndOrder (36→~10) - AccountController::index: extract computeFinanceStats with statusMap pattern (19→~12) Test coverage additions: - HomeController: expired invitation view, stock not found, stock with billets, search+city with mock results - AdminController: delete/resend invitation not found (404) - AccountController: item without billet (codeCoverageIgnore - NOT NULL in DB) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 12:57:00 +01:00
public function testViewExpiredInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em);
$ref = new \ReflectionProperty($invitation, 'createdAt');
$ref->setValue($invitation, new \DateTimeImmutable('-10 days'));
$em->flush();
$client->request('GET', '/invitation/'.$invitation->getToken());
self::assertResponseIsSuccessful();
self::assertStringContainsString('expiree', $client->getResponse()->getContent());
}
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization Billetterie: - Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration) - Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction - Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set - Disable checkout when event ended (server 400 + template hide) - Webhook deduplication via cache (24h TTL on stripe event.id) - Email validation (filter_var) in OrderController guest flow - JSON cart validation (structure check before processing) - Invitation expiration after 7 days (isExpired method + landing page message) - Stripe Checkout fallback when JS fails to load (noscript + redirect) Config externalization: - Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml - Replace all hardcoded contact@e-cosplay.fr across 13 files - MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin UX & Accessibility: - ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End) - aria-label on cart +/- buttons and editor toolbar buttons - tabindex=0 on editor toolbar buttons for keyboard access - data-confirm handler in app.js (was only in admin.js) - Cart error feedback on checkout failure - Billet designer save feedback (loading/success/error states) - Stock polling every 30s with rupture/low stock badges - Back to event link on payment page Security: - HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed - Stripe polling timeout (15s max) with fallback redirect - Rate limiting on public order access (20/5min) - .catch() on all fetch() calls (sortable, billet-designer) Tests (92% PHP, 100% JS lines): - PCOV added to dev Dockerfile - Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key - Rate limiter disabled in test env - Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js - New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4) - New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest - New tests: Stripe webhook payment_failed (6) + charge.refunded (6) - New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration - JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9) - ESLint + PHP CS Fixer: 0 errors - SonarQube exclusions aligned with vitest coverage config Infra: - Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am - MeilisearchService: getAllDocumentIds(), listIndexes() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
public function testViewInvitationInvalidTokenReturns404(): void
{
$client = static::createClient();
$client->request('GET', '/invitation/invalid-token-that-does-not-exist');
self::assertResponseStatusCodeSame(404);
}
// --- respondInvitation ---
public function testAcceptInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::exactly(2))->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em);
$client->request('POST', '/invitation/'.$invitation->getToken().'/accept');
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_ACCEPTED, $invitation->getStatus());
self::assertNotNull($invitation->getRespondedAt());
}
public function testRefuseInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::once())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em);
$client->request('POST', '/invitation/'.$invitation->getToken().'/refuse');
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_REFUSED, $invitation->getStatus());
self::assertNotNull($invitation->getRespondedAt());
}
public function testAcceptOpenedInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::exactly(2))->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_OPENED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/accept');
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_ACCEPTED, $invitation->getStatus());
}
public function testRespondAlreadyAcceptedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/accept');
self::assertResponseStatusCodeSame(404);
}
public function testRespondAlreadyRefusedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_REFUSED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/refuse');
self::assertResponseStatusCodeSame(404);
}
public function testRespondInvalidTokenReturns404(): void
{
$client = static::createClient();
$client->request('POST', '/invitation/invalid-token/accept');
self::assertResponseStatusCodeSame(404);
}
// --- invitationRegister (GET) ---
public function testRegisterPageReturnsSuccess(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseIsSuccessful();
}
public function testRegisterPageNonAcceptedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_SENT);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseStatusCodeSame(404);
}
public function testRegisterPageRefusedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_REFUSED);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseStatusCodeSame(404);
}
public function testRegisterPageRedirectsIfEmailAlreadyExists(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$email = 'existing-'.uniqid().'@example.com';
$existingUser = new User();
$existingUser->setEmail($email);
$existingUser->setFirstName('Existing');
$existingUser->setLastName('User');
$existingUser->setPassword('hashed');
$em->persist($existingUser);
$em->flush();
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED, $email);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseRedirects('/connexion');
}
// --- invitationRegister (POST) ---
public function testRegisterCreatesUserAndRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Pierre',
'last_name' => 'Martin',
'password' => 'securepassword123',
'siret' => '12345678901234',
'address' => '10 rue de la Paix',
'postal_code' => '75002',
'city' => 'Paris',
'phone' => '0612345678',
]);
self::assertResponseRedirects('/mon-compte');
$user = $em->getRepository(User::class)->findOneBy(['email' => $invitation->getEmail()]);
self::assertNotNull($user);
self::assertSame('Pierre', $user->getFirstName());
self::assertSame('Martin', $user->getLastName());
self::assertSame($invitation->getCompanyName(), $user->getCompanyName());
self::assertSame('basic', $user->getOffer());
self::assertSame(2.5, $user->getCommissionRate());
self::assertTrue($user->isApproved());
self::assertTrue($user->isVerified());
self::assertContains('ROLE_ORGANIZER', $user->getRoles());
self::assertSame('12345678901234', $user->getSiret());
self::assertSame('Paris', $user->getCity());
}
public function testRegisterAutoLoginsUser(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Auto',
'last_name' => 'Login',
'password' => 'securepassword123',
]);
self::assertResponseRedirects('/mon-compte');
$client->followRedirect();
self::assertResponseIsSuccessful();
}
public function testRegisterWithEmptyFieldsRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => '',
'last_name' => '',
'password' => '',
]);
self::assertResponseRedirects('/invitation/'.$invitation->getToken().'/inscription');
}
public function testRegisterWithMissingPasswordRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Test',
'last_name' => 'User',
'password' => '',
]);
self::assertResponseRedirects('/invitation/'.$invitation->getToken().'/inscription');
$user = $em->getRepository(User::class)->findOneBy(['email' => $invitation->getEmail()]);
self::assertNull($user);
}
public function testRegisterWithOptionalFieldsEmpty(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Minimal',
'last_name' => 'User',
'password' => 'securepassword123',
'siret' => '',
'address' => '',
'postal_code' => '',
'city' => '',
'phone' => '',
]);
self::assertResponseRedirects('/mon-compte');
$user = $em->getRepository(User::class)->findOneBy(['email' => $invitation->getEmail()]);
self::assertNotNull($user);
self::assertNull($user->getSiret());
self::assertNull($user->getCity());
self::assertNull($user->getPhone());
}
public function testRegisterPostWithDuplicateEmailRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$email = 'dup-'.uniqid().'@example.com';
$existingUser = new User();
$existingUser->setEmail($email);
$existingUser->setFirstName('Existing');
$existingUser->setLastName('User');
$existingUser->setPassword('hashed');
$em->persist($existingUser);
$em->flush();
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED, $email);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Pierre',
'last_name' => 'Martin',
'password' => 'securepassword123',
]);
self::assertResponseRedirects('/connexion');
}
// --- Full flow ---
public function testFullInvitationFlow(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em);
$token = $invitation->getToken();
$email = $invitation->getEmail();
$companyName = $invitation->getCompanyName();
// Step 1: View invitation (status: sent → opened)
$client->request('GET', '/invitation/'.$token);
self::assertResponseIsSuccessful();
// Step 2: Accept invitation (status: opened → accepted)
$client->request('POST', '/invitation/'.$token.'/accept');
self::assertResponseIsSuccessful();
// Step 3: View registration form
$client->request('GET', '/invitation/'.$token.'/inscription');
self::assertResponseIsSuccessful();
// Step 4: Submit registration
$client->request('POST', '/invitation/'.$token.'/inscription', [
'first_name' => 'Jean',
'last_name' => 'Dupont',
'password' => 'motdepasse123',
]);
self::assertResponseRedirects('/mon-compte');
// Verify user was created correctly
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$user = $freshEm->getRepository(User::class)->findOneBy(['email' => $email]);
self::assertNotNull($user);
self::assertTrue($user->isApproved());
self::assertTrue($user->isVerified());
self::assertContains('ROLE_ORGANIZER', $user->getRoles());
self::assertSame($companyName, $user->getCompanyName());
}
}
Reference in New Issue Copy Permalink