admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
432 Commits 1 Branch 0 Tags
42d06dd49f9291d175fe7b4de6199302cd9563fc
Commit Graph

432 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Serreau Jovann
42d06dd49f Add LibreTranslate auto-translation, improve test coverage, fix code duplication 
Translation system:
- Add LibreTranslate container (dev + prod), CPU-only, no port exposed, FR/EN/ES/DE/IT
- Create app:translate command: reads *.fr.yaml, translates incrementally, preserves placeholders
- Makefile: make trans / make trans_prod (stops container after translation)
- Ansible: start libretranslate -> translate -> stop during deploy
- Prod container restart: "no" (only runs during deploy)
- .gitignore: ignore generated *.en/es/de/it.yaml files
- 11 tests for TranslateCommand (API unreachable, empty, incremental, obsolete keys, placeholders, fallback)

Test coverage improvements:
- OrderController: event ended (400), invalid cart JSON, invalid email, stock zero (4 new tests)
- AccountController: finance stats all statuses (paid/pending/refunded/cancelled), soldCounts (2 new tests)
- JS cart: checkout without error elements, hide error on retry, stock polling edge cases (singular, no label, qty zero, unknown billet) (8 new tests)
- JS editor: comment node sanitization (1 new test)
- JS tabs: missing panel, generated id, parent null, click no-panel (5 new tests)

Code duplication fixes:
- MeilisearchConsistencyCommand: extract diffAndReport() method (was duplicated 3x)
- Email templates: extract _order_items_table.html.twig partial (shared by notification + cancelled)
- SonarQube: exclude src/Entity/** from CPD (getters/setters duplication)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 11:44:13 +01:00
Serreau Jovann
04927ec988 Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization 
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)

Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin

UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page

Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)

Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config

Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 11:14:06 +01:00
Serreau Jovann
61200adc74 Add stock management, order notifications, webhooks, expiration cron, and billet type validation 
- Decrement billet quantity after purchase in BilletOrderService::generateOrderTickets
- Block purchase when stock is exhausted (quantity <= 0) in OrderController::buildOrderItems
- Add organizer email notification on new order (order_notification_orga template)
- Add organizer email notification on cancel/refund (order_cancelled_orga template)
- Add ExpirePendingOrdersCommand (app:orders:expire-pending) cron every 5min via Ansible
  - Cancels pending orders older than 30 minutes, restores stock, invalidates tickets
  - Includes BilletBuyerRepository::findExpiredPending query method
  - 3 unit tests covering: no expired orders, stock restoration, unlimited billets
- Add payment_intent.payment_failed webhook: cancels order, logs audit, emails buyer
- Add charge.refunded webhook: sets order to refunded, invalidates tickets, notifies orga and buyer
- Validate billet type (billet/reservation_brocante/vote) against organizer offer
  - getAllowedBilletTypes: gratuit=billet only, basic/sur-mesure=all types
  - Server-side validation in hydrateBilletFromRequest, UI filtering in templates
- Update TASK_CHECKUP.md: all Billetterie & Commandes items now complete

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 00:12:30 +01:00
Serreau Jovann
f03b33ac5a Mark invitation Stripe block as not needed (invitations are free, no payment) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:50:18 +01:00
Serreau Jovann
517e31f2f7 Auto-login after invitation registration, redirect to /mon-compte 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:49:41 +01:00
Serreau Jovann
ef06066794 Show clear error and redirect to login on duplicate email registration 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:34:18 +01:00
Serreau Jovann
36db3fc25d Notify admin when organizer accepts or refuses invitation 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:33:04 +01:00
Serreau Jovann
80b48b9dbf Add financial dashboard for organizer in payouts tab 
- 6 KPIs: encaissé, en attente, remboursé, com E-Ticket, com Stripe, net perçu
- Calculated from all orders linked to organizer's events
- Displayed above export buttons and payouts table

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:23:59 +01:00
Serreau Jovann
141871af1f Mark payouts tab as already done in TASK_CHECKUP 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:19:22 +01:00
Serreau Jovann
608b746989 Add monthly export CSV + PDF for admin and organizers 
- ExportService: monthly stats query, CSV generation, PDF generation via dompdf
- Admin: /admin/export/{year}/{month} (CSV) + /admin/export/{year}/{month}/pdf
- Orga: /mon-compte/export/{year}/{month} (CSV) + /mon-compte/export/{year}/{month}/pdf
- Admin CSV: commande, date, événement, orga, acheteur, billets, total HT, com E-Ticket, com Stripe
- Orga CSV: + net perçu column
- PDF A4 landscape: KPIs + orders table with commissions breakdown
- Buttons in admin dashboard and orga payouts tab (current + previous month)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:16:55 +01:00
Serreau Jovann
47916f5f30 Add admin dashboard stats: CA, commissions E-Ticket/Stripe, orders, billets, orgas 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:09:16 +01:00
Serreau Jovann
94ebe09181 Enforce sub-account permissions on events and tickets routes 
- SubAccountPermissionSubscriber: checks events/tickets permissions for sub-accounts
- Blocks access with redirect + flash error if permission missing
- Hide events/subaccounts/payouts tabs for sub-accounts without permission
- 5 tests: non-sub-account, blocked events, allowed events, blocked tickets

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 22:05:16 +01:00
Serreau Jovann
6db0566f69 Add admin orders page with search, status filter, KPIs 
- /admin/commandes: paginated list of all orders
- Search by order number, name, email
- Filter by status (pending, paid, cancelled, refunded)
- 4 KPIs: paid count, CA total HT, refunded count, cancelled count
- Table: order number, buyer, event, billets, total, date, status badges
- Navigation link 'Commandes' in admin header

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 21:25:32 +01:00
Serreau Jovann
372bf46136 Add organizer suspension: toggle, badge, block access, audit log 
- User.isSuspended (nullable bool, null = not suspended)
- Admin: toggle suspend/reactivate button on organizers list
- SuspendedUserSubscriber: redirects suspended users to homepage with error
- Audit log: organizer_suspended / organizer_reactivated
- Badge 'Suspendu' (red) replaces offer badge when suspended

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:53:46 +01:00
Serreau Jovann
64d0a6fd29 Mark admin edit offer/commission as done, add sub-account permissions verification task 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:49:23 +01:00
Serreau Jovann
66ac2379ec Add audit trail: AuditLog entity, AuditService, admin logs page 
- AuditLog entity: action, entityType, entityId, data (JSON), performedBy, ipAddress
- AuditService: logs actions with current user and IP
- Audit on: order_created, order_paid, order_cancelled, order_refunded
- Admin /admin/logs: paginated table with action badges, details, user, IP
- Navigation link 'Logs' in admin header

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:48:10 +01:00
Serreau Jovann
6ae9b1c7ff Add brocantes and vote to Basic offer, add billet type verification task 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:39:39 +01:00
Serreau Jovann
349219005d Add interactive commission slider on /tarifs page, remove no-subscription text 
- Slider 0% to 3% updates commission examples table in real-time
- Remove 'Pas d abonnement mensuel' text

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:38:13 +01:00
Serreau Jovann
d4941c6c23 Redesign /tarifs page: 3 offers (free/basic 20EUR/mo/custom), commissions table, examples 
- Free: 0 EUR, 1 event, billets standards
- Basic: 20 EUR/mois, events illimites, PDF, invitations
- Sur-mesure: sur devis, design personnalise, brocantes, vote
- Commission examples table: 1, 2, 5, 10, 15, 20 EUR
- Stripe fees + E-Ticket fees breakdown
- Includes section with 6 feature cards
- Neo-brutalist design matching the rest of the app

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:36:26 +01:00
Serreau Jovann
e5a63b1a33 Add search bar on homepage hero section, redirects to /evenements 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:33:47 +01:00
Serreau Jovann
44845b6313 Add city and date filters on /evenements page 
- City filter: LIKE search on event.city
- Date filter: events starting on selected date
- Combines with Meilisearch text search
- Labels on filter inputs, clear button when any filter active

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:32:51 +01:00
Serreau Jovann
830e3359d9 Fix billet preview iframe overflow on mobile, mark responsive check done 
- Preview iframe: overflow-x-auto container instead of fixed overflow
- All public pages verified for 320px: flex-wrap, responsive breakpoints OK

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:29:40 +01:00
Serreau Jovann
1db878dfd4 Add og:url, Twitter Card meta, og:type event on detail page 
- base.html.twig: add og:url (dynamic), twitter:card, twitter:title, twitter:description
- event_detail: og:type = event
- All public pages already have title + description blocks that propagate to OG

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:24:18 +01:00
Serreau Jovann
68ed76eba5 Fix breadcrumb JSON-LD: use absolute URLs for item field 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:18:06 +01:00
Serreau Jovann
281835ee0d Add CA global, commission E-Ticket and Stripe to admin dashboard task 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:15:10 +01:00
Serreau Jovann
0e79c65966 Optimize N+1 queries: batch billets, soldCounts, paid orders with items 
- AccountController: single query for all billets by categories, single
  GROUP BY query for sold counts, eager-load items on paid orders
- HomeController: single query for all buyable billets of active categories

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:13:31 +01:00
Serreau Jovann
0772e618da Mark Meilisearch cache invalidation as done (already handled by EventIndexService) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:09:11 +01:00
Serreau Jovann
25033c29a0 Add automatic CSRF protection on all POST forms 
- CsrfProtectionSubscriber: auto-injects hidden _csrf_token in HTML responses,
  auto-verifies on POST requests
- Excludes: webhooks, JSON APIs, login (has its own CSRF)
- 9 tests covering all cases (GET, excluded, JSON, no token, invalid, valid, inject, non-HTML)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:08:02 +01:00
Serreau Jovann
36456e8dfe Add rate limiting on login, order, invitation, contact routes 
- Login: 5 attempts / 15 min (Symfony login_throttling)
- Order create: 10 / 5 min (sliding window)
- Invitation respond/register: 5 / 15 min
- Contact form: 3 / 10 min
- RateLimiterSubscriber with route-to-limiter mapping
- Returns 429 when rate limited

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:01:01 +01:00
Serreau Jovann
207e985821 Add Messenger monitor command, uploads backup, hourly cron 
- MonitorMessengerCommand: checks failed messages, emails admin with details
- Backup script: add /public/uploads tar.gz alongside DB dump
- Ansible: cron every hour for messenger monitor
- TASK_CHECKUP: mark infrastructure tasks done

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:55:35 +01:00
Serreau Jovann
add8d8f5af Change backup retention to 1 day 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:53:25 +01:00
Serreau Jovann
30eceeccf9 Add database backup cron every 30 minutes via Ansible 
- backup.sh.j2: pg_dump via Docker, gzip, 7 days retention
- deploy.yml: create backup dir, deploy script, configure cron
- TASK_CHECKUP: mark backup as done

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:52:52 +01:00
Serreau Jovann
b7b56ed35a Add dynamic events to sitemap (online + not secret), update TASK_CHECKUP 
- Sitemap: list all online non-secret events with images
- Fix event/orga page counts in sitemap index
- TASK_CHECKUP: mark sitemap done, remove health check, captcha, E2E tests,
  simplify crons to backups only

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:51:34 +01:00
Serreau Jovann
8e0177463b Remove captcha task from TASK_CHECKUP 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:49:21 +01:00
Serreau Jovann
063b02dfe9 Simplify API section: scanner only (login, events, scan) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:48:11 +01:00
Serreau Jovann
7dc6d4b01f Add API section to TASK_CHECKUP: login, events, scan, stats 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:47:43 +01:00
Serreau Jovann
244717a0d0 Add task: block invitations if Stripe not validated 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:46:37 +01:00
Serreau Jovann
80aa2a19d6 Remove Billets & Scan section from TASK_CHECKUP (deferred) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:45:46 +01:00
Serreau Jovann
048999c26c Add TASK_CHECKUP.md with all pending tasks and improvements 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:44:44 +01:00
Serreau Jovann
aaad00ede0 Add invitation registration flow: accept sends email, prefilled signup form 
- Accept: sends email with unique registration link
- /invitation/{token}/inscription: prefilled form (company, email, offer, commission)
  with password, SIRET, address, phone fields
- Account created as ROLE_ORGANIZER, pre-approved, pre-verified
- Response page: link to finalize registration immediately
- Email: welcome message with offer recap and register button

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:23:01 +01:00
Serreau Jovann
ddeee82dd8 Add commission examples table for 1, 2, 5, 10, 15, 20 EUR on invitation landing 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:18:11 +01:00
Serreau Jovann
d7a498292f Complete invitation landing: offers, commissions, how it works, unsubscribe handling 
- Landing page: features grid, 3-step how it works, 3 offers with highlight,
  commissions breakdown (E-Ticket + Stripe) with example calculation
- Unsubscribe: auto-refuse pending invitations, notify contact@e-cosplay.fr
- Email: enable List-Unsubscribe header for invitation emails
- Accept/refuse now via POST forms (CSRF safe)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:16:22 +01:00
Serreau Jovann
0bb6f43339 Add invitation landing page with E-Ticket showcase, accept/refuse buttons 
- /invitation/{token} GET: landing page with platform presentation
- Sets status to 'opened' on first view
- Neo-brutalist design: offer banner, features grid, message block
- Accept/refuse via POST forms (not GET links)
- Shows current status if already responded
- Email links to landing page instead of direct accept/refuse
- Admin uses viewUrl instead of acceptUrl/refuseUrl

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:12:31 +01:00
Serreau Jovann
abd0b13ea5 Add delete invitation button 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 19:07:29 +01:00
Serreau Jovann
ac65d4af64 Add offer and commission rate to organizer invitation 
- offer (free/basic/custom) and commissionRate fields on OrganizerInvitation
- Admin form: select offer + commission rate input
- Invitation list: show offer badge + rate
- Email: gold banner with proposed offer and commission rate (hors Stripe)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 18:24:40 +01:00
Serreau Jovann
a0724ccf88 Redesign invitation email: prominent CTA, E-Ticket by E-Cosplay showcase block 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 18:21:08 +01:00
Serreau Jovann
24e7eb5734 Add resend invitation button for non-accepted invitations 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 17:53:05 +01:00
Serreau Jovann
ca41078adf Redesign invite organizer page to match admin theme (table, cards, badges) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 17:44:43 +01:00
Serreau Jovann
cca5575274 Add organizer invitation system: invite, accept, refuse 
- OrganizerInvitation entity: companyName, firstName, lastName, email,
  message, status (sent/opened/accepted/refused), unique token (64 hex chars)
- Admin route /admin/organisateurs/inviter: form + invitation list with status
- Button "Inviter un organisateur" on admin organizers page
- Email with accept/refuse links using unique token
- Public route /invitation/{token}/{action}: accept or refuse without auth
- Response page: confirmation message for accept/refuse
- Migration, PHPStan config, 7 entity tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 17:41:31 +01:00
Serreau Jovann
233f3d5067 Reduce cognitive complexity: extract computeEventStats from editEvent 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 22:36:57 +01:00