admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization

Browse Source 
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)

Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin

UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page

Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)

Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config

Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-03-23 11:14:06 +01:00
parent 61200adc74
commit 04927ec988
68 changed files with 3317 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/Controller/AccountControllerTest.php
View File

@@ -54,7 +54,7 @@ class AccountControllerTest extends WebTestCase
$order->setFirstName($user->getFirstName());
$order->setLastName($user->getLastName());
$order->setEmail($user->getEmail());
$order->setOrderNumber('2026-03-21-999');
$order->setOrderNumber('2026-03-21-'.random_int(10000, 99999));
$order->setTotalHT(1000);
$order->setStatus(\App\Entity\BilletBuyer::STATUS_PAID);
@@ -1857,6 +1857,9 @@ class AccountControllerTest extends WebTestCase
$em->persist($ticket);
$em->flush();
$mailer = $this->createMock(\App\Service\MailerService::class);
static::getContainer()->set(\App\Service\MailerService::class, $mailer);
$client->loginUser($user);
$client->request('POST', '/mon-compte/evenement/'.$event->getId().'/commande/'.$order->getId().'/annuler');

410
tests/Controller/InvitationFlowTest.php Normal file
View File

@@ -0,0 +1,410 @@
<?php
namespace App\Tests\Controller;
use App\Entity\OrganizerInvitation;
use App\Entity\User;
use App\Service\MailerService;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
class InvitationFlowTest extends WebTestCase
{
private function createInvitation(EntityManagerInterface $em, string $status = OrganizerInvitation::STATUS_SENT, ?string $email = null): OrganizerInvitation
{
$invitation = new OrganizerInvitation();
$invitation->setCompanyName('Asso Test '.uniqid());
$invitation->setFirstName('Jean');
$invitation->setLastName('Dupont');
$invitation->setEmail($email ?? 'invite-'.uniqid().'@example.com');
$invitation->setOffer('basic');
$invitation->setCommissionRate(2.5);
$invitation->setStatus($status);
$em->persist($invitation);
$em->flush();
return $invitation;
}
// --- viewInvitation ---
public function testViewInvitationReturnsSuccess(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em);
$client->request('GET', '/invitation/'.$invitation->getToken());
self::assertResponseIsSuccessful();
}
public function testViewInvitationMarksAsOpened(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em);
self::assertSame(OrganizerInvitation::STATUS_SENT, $invitation->getStatus());
$client->request('GET', '/invitation/'.$invitation->getToken());
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_OPENED, $invitation->getStatus());
}
public function testViewInvitationAlreadyOpenedStaysOpened(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_OPENED);
$client->request('GET', '/invitation/'.$invitation->getToken());
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_OPENED, $invitation->getStatus());
}
public function testViewInvitationInvalidTokenReturns404(): void
{
$client = static::createClient();
$client->request('GET', '/invitation/invalid-token-that-does-not-exist');
self::assertResponseStatusCodeSame(404);
}
// --- respondInvitation ---
public function testAcceptInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::exactly(2))->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em);
$client->request('POST', '/invitation/'.$invitation->getToken().'/accept');
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_ACCEPTED, $invitation->getStatus());
self::assertNotNull($invitation->getRespondedAt());
}
public function testRefuseInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::once())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em);
$client->request('POST', '/invitation/'.$invitation->getToken().'/refuse');
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_REFUSED, $invitation->getStatus());
self::assertNotNull($invitation->getRespondedAt());
}
public function testAcceptOpenedInvitation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::exactly(2))->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_OPENED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/accept');
self::assertResponseIsSuccessful();
$em->refresh($invitation);
self::assertSame(OrganizerInvitation::STATUS_ACCEPTED, $invitation->getStatus());
}
public function testRespondAlreadyAcceptedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/accept');
self::assertResponseStatusCodeSame(404);
}
public function testRespondAlreadyRefusedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_REFUSED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/refuse');
self::assertResponseStatusCodeSame(404);
}
public function testRespondInvalidTokenReturns404(): void
{
$client = static::createClient();
$client->request('POST', '/invitation/invalid-token/accept');
self::assertResponseStatusCodeSame(404);
}
// --- invitationRegister (GET) ---
public function testRegisterPageReturnsSuccess(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseIsSuccessful();
}
public function testRegisterPageNonAcceptedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_SENT);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseStatusCodeSame(404);
}
public function testRegisterPageRefusedReturns404(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_REFUSED);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseStatusCodeSame(404);
}
public function testRegisterPageRedirectsIfEmailAlreadyExists(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$email = 'existing-'.uniqid().'@example.com';
$existingUser = new User();
$existingUser->setEmail($email);
$existingUser->setFirstName('Existing');
$existingUser->setLastName('User');
$existingUser->setPassword('hashed');
$em->persist($existingUser);
$em->flush();
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED, $email);
$client->request('GET', '/invitation/'.$invitation->getToken().'/inscription');
self::assertResponseRedirects('/connexion');
}
// --- invitationRegister (POST) ---
public function testRegisterCreatesUserAndRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Pierre',
'last_name' => 'Martin',
'password' => 'securepassword123',
'siret' => '12345678901234',
'address' => '10 rue de la Paix',
'postal_code' => '75002',
'city' => 'Paris',
'phone' => '0612345678',
]);
self::assertResponseRedirects('/mon-compte');
$user = $em->getRepository(User::class)->findOneBy(['email' => $invitation->getEmail()]);
self::assertNotNull($user);
self::assertSame('Pierre', $user->getFirstName());
self::assertSame('Martin', $user->getLastName());
self::assertSame($invitation->getCompanyName(), $user->getCompanyName());
self::assertSame('basic', $user->getOffer());
self::assertSame(2.5, $user->getCommissionRate());
self::assertTrue($user->isApproved());
self::assertTrue($user->isVerified());
self::assertContains('ROLE_ORGANIZER', $user->getRoles());
self::assertSame('12345678901234', $user->getSiret());
self::assertSame('Paris', $user->getCity());
}
public function testRegisterAutoLoginsUser(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Auto',
'last_name' => 'Login',
'password' => 'securepassword123',
]);
self::assertResponseRedirects('/mon-compte');
$client->followRedirect();
self::assertResponseIsSuccessful();
}
public function testRegisterWithEmptyFieldsRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => '',
'last_name' => '',
'password' => '',
]);
self::assertResponseRedirects('/invitation/'.$invitation->getToken().'/inscription');
}
public function testRegisterWithMissingPasswordRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Test',
'last_name' => 'User',
'password' => '',
]);
self::assertResponseRedirects('/invitation/'.$invitation->getToken().'/inscription');
$user = $em->getRepository(User::class)->findOneBy(['email' => $invitation->getEmail()]);
self::assertNull($user);
}
public function testRegisterWithOptionalFieldsEmpty(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Minimal',
'last_name' => 'User',
'password' => 'securepassword123',
'siret' => '',
'address' => '',
'postal_code' => '',
'city' => '',
'phone' => '',
]);
self::assertResponseRedirects('/mon-compte');
$user = $em->getRepository(User::class)->findOneBy(['email' => $invitation->getEmail()]);
self::assertNotNull($user);
self::assertNull($user->getSiret());
self::assertNull($user->getCity());
self::assertNull($user->getPhone());
}
public function testRegisterPostWithDuplicateEmailRedirects(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$email = 'dup-'.uniqid().'@example.com';
$existingUser = new User();
$existingUser->setEmail($email);
$existingUser->setFirstName('Existing');
$existingUser->setLastName('User');
$existingUser->setPassword('hashed');
$em->persist($existingUser);
$em->flush();
$invitation = $this->createInvitation($em, OrganizerInvitation::STATUS_ACCEPTED, $email);
$client->request('POST', '/invitation/'.$invitation->getToken().'/inscription', [
'first_name' => 'Pierre',
'last_name' => 'Martin',
'password' => 'securepassword123',
]);
self::assertResponseRedirects('/connexion');
}
// --- Full flow ---
public function testFullInvitationFlow(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$mailer = $this->createMock(MailerService::class);
static::getContainer()->set(MailerService::class, $mailer);
$invitation = $this->createInvitation($em);
$token = $invitation->getToken();
$email = $invitation->getEmail();
$companyName = $invitation->getCompanyName();
// Step 1: View invitation (status: sent → opened)
$client->request('GET', '/invitation/'.$token);
self::assertResponseIsSuccessful();
// Step 2: Accept invitation (status: opened → accepted)
$client->request('POST', '/invitation/'.$token.'/accept');
self::assertResponseIsSuccessful();
// Step 3: View registration form
$client->request('GET', '/invitation/'.$token.'/inscription');
self::assertResponseIsSuccessful();
// Step 4: Submit registration
$client->request('POST', '/invitation/'.$token.'/inscription', [
'first_name' => 'Jean',
'last_name' => 'Dupont',
'password' => 'motdepasse123',
]);
self::assertResponseRedirects('/mon-compte');
// Verify user was created correctly
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$user = $freshEm->getRepository(User::class)->findOneBy(['email' => $email]);
self::assertNotNull($user);
self::assertTrue($user->isApproved());
self::assertTrue($user->isVerified());
self::assertContains('ROLE_ORGANIZER', $user->getRoles());
self::assertSame($companyName, $user->getCompanyName());
}
}

37
tests/Controller/SitemapControllerTest.php
View File

@@ -71,4 +71,41 @@ class SitemapControllerTest extends WebTestCase
self::assertStringContainsString('test-logo.png', $content);
self::assertStringContainsString('Asso Logo', $content);
}
public function testSitemapEventsIncludesEventImage(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$organizer = new User();
$organizer->setEmail('test-sitemap-event-img-'.uniqid().'@example.com');
$organizer->setFirstName('Img');
$organizer->setLastName('Event');
$organizer->setPassword('hashed');
$organizer->setRoles(['ROLE_ORGANIZER']);
$organizer->setIsApproved(true);
$organizer->setIsVerified(true);
$organizer->setCompanyName('Asso Img');
$em->persist($organizer);
$event = new \App\Entity\Event();
$event->setAccount($organizer);
$event->setTitle('Event With Image');
$event->setStartAt(new \DateTimeImmutable('2026-08-01 10:00'));
$event->setEndAt(new \DateTimeImmutable('2026-08-01 18:00'));
$event->setAddress('1 rue');
$event->setZipcode('75001');
$event->setCity('Paris');
$event->setIsOnline(true);
$event->setEventMainPictureName('event-poster.jpg');
$em->persist($event);
$em->flush();
$client->request('GET', '/sitemap-events-1.xml');
self::assertResponseIsSuccessful();
$content = $client->getResponse()->getContent();
self::assertStringContainsString('image:image', $content);
self::assertStringContainsString('event-poster.jpg', $content);
}
}

412
tests/Controller/StripeWebhookControllerTest.php
View File

@@ -2,8 +2,15 @@
namespace App\Tests\Controller;
use App\Entity\Billet;
use App\Entity\BilletBuyer;
use App\Entity\BilletBuyerItem;
use App\Entity\BilletOrder;
use App\Entity\Category;
use App\Entity\Payout;
use App\Entity\User;
use App\Service\AuditService;
use App\Service\BilletOrderService;
use App\Service\MailerService;
use App\Service\PayoutPdfService;
use App\Service\StripeService;
@@ -415,6 +422,411 @@ class StripeWebhookControllerTest extends WebTestCase
self::assertResponseIsSuccessful();
}
// === payment_intent.payment_failed ===
public function testPaymentFailedCancelsOrder(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_pf_'.uniqid());
$order = $this->createTestOrder($em, $user);
$event = Event::constructFrom([
'type' => 'payment_intent.payment_failed',
'data' => ['object' => [
'metadata' => ['order_id' => (string) $order->getId()],
'last_payment_error' => ['message' => 'Your card was declined.'],
]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::once())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$audit = $this->createMock(AuditService::class);
$audit->expects(self::once())->method('log')->with('payment_failed', 'BilletBuyer', $order->getId(), $this->anything());
static::getContainer()->set(AuditService::class, $audit);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$updated = $freshEm->getRepository(BilletBuyer::class)->find($order->getId());
self::assertSame(BilletBuyer::STATUS_CANCELLED, $updated->getStatus());
}
public function testPaymentFailedNoOrderId(): void
{
$client = static::createClient();
$event = Event::constructFrom([
'type' => 'payment_intent.payment_failed',
'data' => ['object' => ['metadata' => []]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
public function testPaymentFailedOrderNotFound(): void
{
$client = static::createClient();
$event = Event::constructFrom([
'type' => 'payment_intent.payment_failed',
'data' => ['object' => [
'metadata' => ['order_id' => '999999'],
]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
public function testPaymentFailedOrderAlreadyPaid(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_pf_paid_'.uniqid());
$order = $this->createTestOrder($em, $user);
$order->setStatus(BilletBuyer::STATUS_PAID);
$em->flush();
$event = Event::constructFrom([
'type' => 'payment_intent.payment_failed',
'data' => ['object' => [
'metadata' => ['order_id' => (string) $order->getId()],
]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$updated = $freshEm->getRepository(BilletBuyer::class)->find($order->getId());
self::assertSame(BilletBuyer::STATUS_PAID, $updated->getStatus());
}
public function testPaymentFailedDefaultErrorMessage(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_pf_def_'.uniqid());
$order = $this->createTestOrder($em, $user);
$event = Event::constructFrom([
'type' => 'payment_intent.payment_failed',
'data' => ['object' => [
'metadata' => ['order_id' => (string) $order->getId()],
]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::once())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$audit = $this->createMock(AuditService::class);
$audit->expects(self::once())->method('log')->with(
'payment_failed',
'BilletBuyer',
$order->getId(),
$this->callback(fn (array $d) => 'Paiement refuse' === $d['error'])
);
static::getContainer()->set(AuditService::class, $audit);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
public function testPaymentFailedNoEmail(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_pf_nomail_'.uniqid());
$order = $this->createTestOrder($em, $user);
$order->setEmail(null);
$em->flush();
$event = Event::constructFrom([
'type' => 'payment_intent.payment_failed',
'data' => ['object' => [
'metadata' => ['order_id' => (string) $order->getId()],
]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::never())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$audit = $this->createMock(AuditService::class);
static::getContainer()->set(AuditService::class, $audit);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
// === charge.refunded ===
public function testChargeRefundedUpdatesOrder(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_cr_'.uniqid());
$order = $this->createTestOrder($em, $user);
$order->setStatus(BilletBuyer::STATUS_PAID);
$order->setStripeSessionId('pi_refund_test_'.uniqid());
$em->flush();
$event = Event::constructFrom([
'type' => 'charge.refunded',
'data' => ['object' => [
'payment_intent' => $order->getStripeSessionId(),
]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::atLeastOnce())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$audit = $this->createMock(AuditService::class);
$audit->expects(self::once())->method('log')->with('order_refunded_webhook', 'BilletBuyer', $order->getId(), $this->anything());
static::getContainer()->set(AuditService::class, $audit);
$billetOrderService = $this->createMock(BilletOrderService::class);
$billetOrderService->expects(self::once())->method('notifyOrganizerCancelled')->with($this->anything(), 'remboursee');
static::getContainer()->set(BilletOrderService::class, $billetOrderService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$updated = $freshEm->getRepository(BilletBuyer::class)->find($order->getId());
self::assertSame(BilletBuyer::STATUS_REFUNDED, $updated->getStatus());
}
public function testChargeRefundedInvalidatesTickets(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_cr_tk_'.uniqid());
$order = $this->createTestOrder($em, $user);
$order->setStatus(BilletBuyer::STATUS_PAID);
$piId = 'pi_ticket_refund_'.uniqid();
$order->setStripeSessionId($piId);
$ticket = new BilletOrder();
$ticket->setBilletBuyer($order);
$ticket->setBilletName('Entree');
$ticket->setUnitPriceHT(1500);
$ticket->setState(BilletOrder::STATE_VALID);
$em->persist($ticket);
$em->flush();
$event = Event::constructFrom([
'type' => 'charge.refunded',
'data' => ['object' => ['payment_intent' => $piId]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$mailer = $this->createMock(MailerService::class);
static::getContainer()->set(MailerService::class, $mailer);
$audit = $this->createMock(AuditService::class);
static::getContainer()->set(AuditService::class, $audit);
$billetOrderService = $this->createMock(BilletOrderService::class);
static::getContainer()->set(BilletOrderService::class, $billetOrderService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$updatedTicket = $freshEm->getRepository(BilletOrder::class)->find($ticket->getId());
self::assertSame(BilletOrder::STATE_INVALID, $updatedTicket->getState());
}
public function testChargeRefundedNoPaymentIntent(): void
{
$client = static::createClient();
$event = Event::constructFrom([
'type' => 'charge.refunded',
'data' => ['object' => []],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
public function testChargeRefundedOrderNotFound(): void
{
$client = static::createClient();
$event = Event::constructFrom([
'type' => 'charge.refunded',
'data' => ['object' => ['payment_intent' => 'pi_nonexistent_'.uniqid()]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
public function testChargeRefundedAlreadyRefunded(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_cr_dup_'.uniqid());
$order = $this->createTestOrder($em, $user);
$piId = 'pi_already_refunded_'.uniqid();
$order->setStatus(BilletBuyer::STATUS_REFUNDED);
$order->setStripeSessionId($piId);
$em->flush();
$event = Event::constructFrom([
'type' => 'charge.refunded',
'data' => ['object' => ['payment_intent' => $piId]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
$freshEm = static::getContainer()->get(EntityManagerInterface::class);
$updated = $freshEm->getRepository(BilletBuyer::class)->find($order->getId());
self::assertSame(BilletBuyer::STATUS_REFUNDED, $updated->getStatus());
}
public function testChargeRefundedNoEmail(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = $this->createOrgaUser($em, 'acct_cr_nomail_'.uniqid());
$order = $this->createTestOrder($em, $user);
$order->setStatus(BilletBuyer::STATUS_PAID);
$piId = 'pi_nomail_'.uniqid();
$order->setStripeSessionId($piId);
$order->setEmail(null);
$em->flush();
$event = Event::constructFrom([
'type' => 'charge.refunded',
'data' => ['object' => ['payment_intent' => $piId]],
]);
$stripeService = $this->createMock(StripeService::class);
$stripeService->method('verifyWebhookSignature')->willReturn($event);
static::getContainer()->set(StripeService::class, $stripeService);
$mailer = $this->createMock(MailerService::class);
$mailer->expects(self::never())->method('sendEmail');
static::getContainer()->set(MailerService::class, $mailer);
$audit = $this->createMock(AuditService::class);
static::getContainer()->set(AuditService::class, $audit);
$billetOrderService = $this->createMock(BilletOrderService::class);
static::getContainer()->set(BilletOrderService::class, $billetOrderService);
$client->request('POST', '/stripe/webhook', [], [], ['HTTP_STRIPE_SIGNATURE' => 'v'], '{}');
self::assertResponseIsSuccessful();
}
private function createTestOrder(EntityManagerInterface $em, User $user): BilletBuyer
{
$event = new \App\Entity\Event();
$event->setAccount($user);
$event->setTitle('WH Event '.uniqid());
$event->setStartAt(new \DateTimeImmutable('2026-08-01 10:00'));
$event->setEndAt(new \DateTimeImmutable('2026-08-01 18:00'));
$event->setAddress('1 rue');
$event->setZipcode('75001');
$event->setCity('Paris');
$event->setIsOnline(true);
$em->persist($event);
$category = new Category();
$category->setName('Cat');
$category->setEvent($event);
$em->persist($category);
$billet = new Billet();
$billet->setName('Entree');
$billet->setCategory($category);
$billet->setPriceHT(1500);
$em->persist($billet);
$count = $em->getRepository(BilletBuyer::class)->count([]) + 1;
$order = new BilletBuyer();
$order->setEvent($event);
$order->setFirstName('Jean');
$order->setLastName('Dupont');
$order->setEmail('jean-wh@test.fr');
$order->setOrderNumber('2026-03-23-'.$count);
$order->setTotalHT(1500);
$item = new BilletBuyerItem();
$item->setBillet($billet);
$item->setBilletName('Entree');
$item->setQuantity(1);
$item->setUnitPriceHT(1500);
$order->addItem($item);
$em->persist($order);
$em->flush();
return $order;
}
private function createOrgaUser(EntityManagerInterface $em, string $stripeAccountId): User
{
$user = new User();