admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
e-ticket/tests/Entity/BilletBuyerTest.php
Serreau Jovann 04927ec988 Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization 
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)

Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin

UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page

Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)

Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config

Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00

204 lines
6.1 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Tests\Entity;
use App\Entity\BilletBuyer;
use App\Entity\BilletBuyerItem;
use App\Entity\Event;
use App\Entity\User;
use PHPUnit\Framework\TestCase;
class BilletBuyerTest extends TestCase
{
public function testDefaults(): void
{
$buyer = new BilletBuyer();
self::assertNull($buyer->getId());
self::assertNull($buyer->getEvent());
self::assertNull($buyer->getUser());
self::assertNull($buyer->getFirstName());
self::assertNull($buyer->getLastName());
self::assertNull($buyer->getEmail());
self::assertSame(0, $buyer->getTotalHT());
self::assertSame(0.0, $buyer->getTotalHTDecimal());
self::assertSame(BilletBuyer::STATUS_PENDING, $buyer->getStatus());
self::assertNull($buyer->getStripeSessionId());
self::assertNull($buyer->getPaymentMethod());
self::assertNull($buyer->getCardBrand());
self::assertNull($buyer->getCardLast4());
self::assertNull($buyer->getPaidAt());
self::assertMatchesRegularExpression('/^ETICKET-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}$/', $buyer->getReference());
self::assertSame(32, \strlen($buyer->getAccessToken()));
self::assertInstanceOf(\DateTimeImmutable::class, $buyer->getCreatedAt());
self::assertCount(0, $buyer->getItems());
}
public function testSetAndGetEvent(): void
{
$buyer = new BilletBuyer();
$event = new Event();
$result = $buyer->setEvent($event);
self::assertSame($event, $buyer->getEvent());
self::assertSame($buyer, $result);
}
public function testSetAndGetUser(): void
{
$buyer = new BilletBuyer();
$user = new User();
$result = $buyer->setUser($user);
self::assertSame($user, $buyer->getUser());
self::assertSame($buyer, $result);
$buyer->setUser(null);
self::assertNull($buyer->getUser());
}
public function testSetAndGetNames(): void
{
$buyer = new BilletBuyer();
$buyer->setFirstName('Jean');
$buyer->setLastName('Dupont');
$buyer->setEmail('jean@exemple.fr');
self::assertSame('Jean', $buyer->getFirstName());
self::assertSame('Dupont', $buyer->getLastName());
self::assertSame('jean@exemple.fr', $buyer->getEmail());
}
public function testSetAndGetOrderNumber(): void
{
$buyer = new BilletBuyer();
self::assertNull($buyer->getOrderNumber());
$result = $buyer->setOrderNumber('2026-03-21-1');
self::assertSame('2026-03-21-1', $buyer->getOrderNumber());
self::assertSame($buyer, $result);
}
public function testSetAndGetTotalHT(): void
{
$buyer = new BilletBuyer();
$result = $buyer->setTotalHT(2500);
self::assertSame(2500, $buyer->getTotalHT());
self::assertSame(25.0, $buyer->getTotalHTDecimal());
self::assertSame($buyer, $result);
}
public function testSetAndGetStatus(): void
{
$buyer = new BilletBuyer();
$result = $buyer->setStatus(BilletBuyer::STATUS_PAID);
self::assertSame(BilletBuyer::STATUS_PAID, $buyer->getStatus());
self::assertSame($buyer, $result);
}
public function testSetAndGetStripeSessionId(): void
{
$buyer = new BilletBuyer();
$result = $buyer->setStripeSessionId('cs_test_123');
self::assertSame('cs_test_123', $buyer->getStripeSessionId());
self::assertSame($buyer, $result);
}
public function testSetAndGetPaymentDetails(): void
{
$buyer = new BilletBuyer();
$buyer->setPaymentMethod('card');
$buyer->setCardBrand('visa');
$buyer->setCardLast4('4242');
self::assertSame('card', $buyer->getPaymentMethod());
self::assertSame('visa', $buyer->getCardBrand());
self::assertSame('4242', $buyer->getCardLast4());
}
public function testSetAndGetIsInvitation(): void
{
$buyer = new BilletBuyer();
self::assertNull($buyer->isInvitation());
$result = $buyer->setIsInvitation(true);
self::assertTrue($buyer->isInvitation());
self::assertSame($buyer, $result);
$buyer->setIsInvitation(false);
self::assertFalse($buyer->isInvitation());
$buyer->setIsInvitation(null);
self::assertNull($buyer->isInvitation());
}
public function testSetAndGetPaidAt(): void
{
$buyer = new BilletBuyer();
$date = new \DateTimeImmutable();
$result = $buyer->setPaidAt($date);
self::assertSame($date, $buyer->getPaidAt());
self::assertSame($buyer, $result);
}
public function testAddItem(): void
{
$buyer = new BilletBuyer();
$item = new BilletBuyerItem();
$result = $buyer->addItem($item);
self::assertCount(1, $buyer->getItems());
self::assertSame($buyer, $item->getBilletBuyer());
self::assertSame($buyer, $result);
}
public function testAddItemDoesNotDuplicate(): void
{
$buyer = new BilletBuyer();
$item = new BilletBuyerItem();
$buyer->addItem($item);
$buyer->addItem($item);
self::assertCount(1, $buyer->getItems());
}
public function testGenerateReferenceUnique(): void
{
$b1 = new BilletBuyer();
$b2 = new BilletBuyer();
self::assertNotSame($b1->getReference(), $b2->getReference());
}
public function testRefundedAmountDefaults(): void
{
$buyer = new BilletBuyer();
self::assertSame(0, $buyer->getRefundedAmount());
self::assertSame(0.0, $buyer->getRefundedAmountDecimal());
}
public function testSetAndGetRefundedAmount(): void
{
$buyer = new BilletBuyer();
$result = $buyer->setRefundedAmount(1500);
self::assertSame(1500, $buyer->getRefundedAmount());
self::assertSame(15.0, $buyer->getRefundedAmountDecimal());
self::assertSame($buyer, $result);
}
public function testStatusPartiallyRefunded(): void
{
$buyer = new BilletBuyer();
$buyer->setStatus(BilletBuyer::STATUS_PARTIALLY_REFUNDED);
self::assertSame('partially_refunded', $buyer->getStatus());
}
}
Reference in New Issue View Git Blame Copy Permalink