2026-03-18 22:21:07 +01:00
|
|
|
sonar.projectKey=e-ticket
|
|
|
|
|
sonar.projectName=E-Ticket
|
2026-03-19 14:53:36 +01:00
|
|
|
sonar.sources=src,assets,templates,docker
|
Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)
Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin
UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page
Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)
Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config
Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00
|
|
|
sonar.exclusions=vendor/**,node_modules/**,public/build/**,var/**,migrations/**,assets/modules/event-map.js,assets/modules/billet-designer.js,assets/modules/stripe-payment.js,src/Controller/StripeWebhookController.php,src/Service/StripeService.php,src/Service/PayoutPdfService.php,src/Service/BilletOrderService.php,src/Service/InvoiceService.php,src/Repository/**
|
2026-03-18 22:21:07 +01:00
|
|
|
sonar.php.version=8.4
|
|
|
|
|
sonar.sourceEncoding=UTF-8
|
2026-03-18 22:50:23 +01:00
|
|
|
sonar.php.coverage.reportPaths=coverage.xml
|
2026-03-19 14:38:29 +01:00
|
|
|
sonar.php.phpstan.reportPaths=phpstan-report.json
|
2026-03-18 22:50:23 +01:00
|
|
|
sonar.tests=tests
|
2026-03-19 00:19:34 +01:00
|
|
|
sonar.test.inclusions=tests/**/*.php,tests/js/**/*.test.js
|
|
|
|
|
sonar.javascript.lcov.reportPaths=coverage/lcov.info
|
2026-03-19 14:40:08 +01:00
|
|
|
sonar.eslint.reportPaths=eslint-report.json
|
|
|
|
|
sonar.docker.hadolint.reportPaths=hadolint-dev.json,hadolint-prod.json
|
2026-03-19 14:41:25 +01:00
|
|
|
sonar.dependencyCheck.jsonReportPath=dependency-check-report.json
|
|
|
|
|
sonar.dependencyCheck.htmlReportPath=dependency-check-report.html
|
2026-03-21 16:01:21 +01:00
|
|
|
sonar.cpd.exclusions=templates/pdf/**
|
2026-03-21 18:08:37 +01:00
|
|
|
sonar.issue.ignore.multicriteria=e1,e2,e3,e4,e5,e6,e7,e8
|
2026-03-21 17:48:05 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e6.ruleKey=Web:S5725
|
|
|
|
|
sonar.issue.ignore.multicriteria.e6.resourceKey=templates/order/payment.html.twig
|
2026-03-21 17:41:11 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e5.ruleKey=Web:TableWithoutHeaderCheck
|
2026-03-21 17:50:15 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e5.resourceKey=templates/**
|
2026-03-21 18:08:08 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e7.ruleKey=Web:S5253
|
|
|
|
|
sonar.issue.ignore.multicriteria.e7.resourceKey=templates/**
|
2026-03-21 18:08:37 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e8.ruleKey=Web:S5256
|
|
|
|
|
sonar.issue.ignore.multicriteria.e8.resourceKey=templates/**
|
2026-03-20 11:00:08 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e1.ruleKey=css:S4662
|
|
|
|
|
sonar.issue.ignore.multicriteria.e1.resourceKey=assets/**
|
2026-03-20 16:43:52 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e2.ruleKey=javascript:S1874
|
|
|
|
|
sonar.issue.ignore.multicriteria.e2.resourceKey=assets/modules/editor.js
|
2026-03-20 21:27:09 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e3.ruleKey=php:S1192
|
|
|
|
|
sonar.issue.ignore.multicriteria.e3.resourceKey=src/Controller/HomeController.php
|
2026-03-21 10:12:17 +01:00
|
|
|
sonar.issue.ignore.multicriteria.e4.ruleKey=php:S1448
|
|
|
|
|
sonar.issue.ignore.multicriteria.e4.resourceKey=src/**
|