tests/Controller/CspReportControllerTest.php

<?php

namespace App\Tests\Controller;

use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\Mailer\MailerInterface;

class CspReportControllerTest extends WebTestCase
{
    public function testInvalidPayloadReturnsBadRequest(): void
    {
        $client = static::createClient();
        $client->request('POST', '/my-csp-report', [], [], [
            'CONTENT_TYPE' => 'application/json',
        ], '');

        self::assertResponseStatusCodeSame(400);
    }

    public function testBrowserExtensionViolationIsIgnored(): void
    {
        $client = static::createClient();
        $payload = json_encode([
            'csp-report' => [
                'source-file' => 'chrome-extension://abc',
                'blocked-uri' => 'inline',
                'document-uri' => 'https://e-cosplay.fr/',
                'violated-directive' => 'script-src',
            ],
        ]);

        $client->request('POST', '/my-csp-report', [], [], [
            'CONTENT_TYPE' => 'application/json',
        ], $payload);

        self::assertResponseStatusCodeSame(204);
    }

    public function testUserScriptViolationIsIgnored(): void
    {
        $client = static::createClient();
        $payload = json_encode([
            'csp-report' => [
                'source-file' => 'user-script',
                'blocked-uri' => 'eval',
                'document-uri' => 'https://e-cosplay.fr/page',
                'violated-directive' => 'script-src',
            ],
        ]);

        $client->request('POST', '/my-csp-report', [], [], [
            'CONTENT_TYPE' => 'application/json',
        ], $payload);

        self::assertResponseStatusCodeSame(204);
    }

    public function testRealViolationIsProcessed(): void
    {
        $client = static::createClient();
        $payload = json_encode([
            'csp-report' => [
                'source-file' => 'https://evil.com/script.js',
                'blocked-uri' => 'https://evil.com',
                'document-uri' => 'https://e-cosplay.fr/page',
                'violated-directive' => 'script-src',
            ],
        ]);

        $client->request('POST', '/my-csp-report', [], [], [
            'CONTENT_TYPE' => 'application/json',
        ], $payload);

        self::assertResponseStatusCodeSame(204);
    }

    public function testRealViolationHandlesMailerFailure(): void
    {
        $client = static::createClient();

        $mailer = $this->createMock(MailerInterface::class);
        $mailer->method('send')->willThrowException(new \RuntimeException('SMTP down'));
        static::getContainer()->set(MailerInterface::class, $mailer);

        $payload = json_encode([
            'csp-report' => [
                'source-file' => 'https://evil.com/script.js',
                'blocked-uri' => 'https://evil.com',
                'document-uri' => 'https://e-cosplay.fr/page',
                'violated-directive' => 'script-src',
            ],
        ]);

        $client->request('POST', '/my-csp-report', [], [], [
            'CONTENT_TYPE' => 'application/json',
        ], $payload);

        self::assertResponseStatusCodeSame(204);
    }

    public function testGetRequestReturns204(): void
    {
        $client = static::createClient();
        $client->request('GET', '/my-csp-report');

        self::assertResponseStatusCodeSame(204);
    }
}
Add PHPUnit tests with coverage for all src classes - 21 test files covering controllers, services, entities, enums, messages - CI: add test job with Xdebug coverage (clover + text) - SonarQube: configure coverage report path and test sources Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 22:50:23 +01:00			`<?php`

			`namespace App\Tests\Controller;`

			`use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;`
Add homepage, tarifs, legal pages, navbar, footer and full test coverage - Homepage: hero, how it works (buyer/organizer), features, CTA - Tarifs: 3 plans (Gratuit, Basique 10€, Sur-mesure), JSON-LD Product - Legal pages: mentions legales, CGU (tabs buyer/organizer), CGV, RGPD, cookies, hosting - Navbar: neubrutalism style, logo liip, mobile menu, SEO attributes - Footer: contact, description, legal links, tarifs - Sitemap: add /tarifs and /sitemap-orgas-{page}.xml - Liip Imagine: remove S3, webp format on all filters - Tests: full coverage for all controllers, services, repositories - Fix CSP: replace inline onclick with data-tab JS Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-19 00:01:58 +01:00			`use Symfony\Component\Mailer\MailerInterface;`
Add PHPUnit tests with coverage for all src classes - 21 test files covering controllers, services, entities, enums, messages - CI: add test job with Xdebug coverage (clover + text) - SonarQube: configure coverage report path and test sources Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 22:50:23 +01:00
			`class CspReportControllerTest extends WebTestCase`
			`{`
			`public function testInvalidPayloadReturnsBadRequest(): void`
			`{`
			`$client = static::createClient();`
			`$client->request('POST', '/my-csp-report', [], [], [`
			`'CONTENT_TYPE' => 'application/json',`
			`], '');`

			`self::assertResponseStatusCodeSame(400);`
			`}`

			`public function testBrowserExtensionViolationIsIgnored(): void`
			`{`
			`$client = static::createClient();`
			`$payload = json_encode([`
			`'csp-report' => [`
			`'source-file' => 'chrome-extension://abc',`
			`'blocked-uri' => 'inline',`
			`'document-uri' => 'https://e-cosplay.fr/',`
			`'violated-directive' => 'script-src',`
			`],`
			`]);`

			`$client->request('POST', '/my-csp-report', [], [], [`
			`'CONTENT_TYPE' => 'application/json',`
			`], $payload);`

			`self::assertResponseStatusCodeSame(204);`
			`}`

Ignore CSP violations from browser userscripts (source-file: user-script) Add 'user-script' to ignored source files in CspReportController to filter out false positive CSP violations triggered by browser extensions/userscripts. Add corresponding test case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 11:33:09 +02:00			`public function testUserScriptViolationIsIgnored(): void`
			`{`
			`$client = static::createClient();`
			`$payload = json_encode([`
			`'csp-report' => [`
			`'source-file' => 'user-script',`
			`'blocked-uri' => 'eval',`
			`'document-uri' => 'https://e-cosplay.fr/page',`
			`'violated-directive' => 'script-src',`
			`],`
			`]);`

			`$client->request('POST', '/my-csp-report', [], [], [`
			`'CONTENT_TYPE' => 'application/json',`
			`], $payload);`

			`self::assertResponseStatusCodeSame(204);`
			`}`

Add PHPUnit tests with coverage for all src classes - 21 test files covering controllers, services, entities, enums, messages - CI: add test job with Xdebug coverage (clover + text) - SonarQube: configure coverage report path and test sources Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 22:50:23 +01:00			`public function testRealViolationIsProcessed(): void`
			`{`
			`$client = static::createClient();`
			`$payload = json_encode([`
			`'csp-report' => [`
			`'source-file' => 'https://evil.com/script.js',`
			`'blocked-uri' => 'https://evil.com',`
			`'document-uri' => 'https://e-cosplay.fr/page',`
			`'violated-directive' => 'script-src',`
			`],`
			`]);`

			`$client->request('POST', '/my-csp-report', [], [], [`
			`'CONTENT_TYPE' => 'application/json',`
			`], $payload);`

			`self::assertResponseStatusCodeSame(204);`
			`}`
Add homepage, tarifs, legal pages, navbar, footer and full test coverage - Homepage: hero, how it works (buyer/organizer), features, CTA - Tarifs: 3 plans (Gratuit, Basique 10€, Sur-mesure), JSON-LD Product - Legal pages: mentions legales, CGU (tabs buyer/organizer), CGV, RGPD, cookies, hosting - Navbar: neubrutalism style, logo liip, mobile menu, SEO attributes - Footer: contact, description, legal links, tarifs - Sitemap: add /tarifs and /sitemap-orgas-{page}.xml - Liip Imagine: remove S3, webp format on all filters - Tests: full coverage for all controllers, services, repositories - Fix CSP: replace inline onclick with data-tab JS Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-19 00:01:58 +01:00
			`public function testRealViolationHandlesMailerFailure(): void`
			`{`
			`$client = static::createClient();`

			`$mailer = $this->createMock(MailerInterface::class);`
			`$mailer->method('send')->willThrowException(new \RuntimeException('SMTP down'));`
			`static::getContainer()->set(MailerInterface::class, $mailer);`

			`$payload = json_encode([`
			`'csp-report' => [`
			`'source-file' => 'https://evil.com/script.js',`
			`'blocked-uri' => 'https://evil.com',`
			`'document-uri' => 'https://e-cosplay.fr/page',`
			`'violated-directive' => 'script-src',`
			`],`
			`]);`

			`$client->request('POST', '/my-csp-report', [], [], [`
			`'CONTENT_TYPE' => 'application/json',`
			`], $payload);`

			`self::assertResponseStatusCodeSame(204);`
			`}`
Add tests: CSP GET 204, events page, event detail, slug redirect, offline event, contact empty fields, offline page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-20 21:23:21 +01:00
			`public function testGetRequestReturns204(): void`
			`{`
			`$client = static::createClient();`
			`$client->request('GET', '/my-csp-report');`

			`self::assertResponseStatusCodeSame(204);`
			`}`
Add PHPUnit tests with coverage for all src classes - 21 test files covering controllers, services, entities, enums, messages - CI: add test job with Xdebug coverage (clover + text) - SonarQube: configure coverage report path and test sources Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 22:50:23 +01:00			`}`