admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04927ec988aae6db73f74358ca26d5366a81d9c4
e-ticket/tests/Entity/UserTest.php
Serreau Jovann 04927ec988 Complete TASK_CHECKUP: security, UX, tests, coverage, accessibility, config externalization 
Billetterie:
- Partial refund support (STATUS_PARTIALLY_REFUNDED, refundedAmount field, migration)
- Race condition fix: PESSIMISTIC_WRITE lock on stock decrement in transaction
- Idempotency key on PaymentIntent::create, reuse existing PI if stripeSessionId set
- Disable checkout when event ended (server 400 + template hide)
- Webhook deduplication via cache (24h TTL on stripe event.id)
- Email validation (filter_var) in OrderController guest flow
- JSON cart validation (structure check before processing)
- Invitation expiration after 7 days (isExpired method + landing page message)
- Stripe Checkout fallback when JS fails to load (noscript + redirect)

Config externalization:
- Move Stripe fees (STRIPE_FEE_RATE, STRIPE_FEE_FIXED) and admin email (ADMIN_EMAIL) to .env/services.yaml
- Replace all hardcoded contact@e-cosplay.fr across 13 files
- MailerService: getAdminEmail()/getAdminFrom(), default $from=null resolves to admin

UX & Accessibility:
- ARIA tabs: role=tablist/tab/tabpanel, aria-selected, keyboard nav (arrows, Home, End)
- aria-label on cart +/- buttons and editor toolbar buttons
- tabindex=0 on editor toolbar buttons for keyboard access
- data-confirm handler in app.js (was only in admin.js)
- Cart error feedback on checkout failure
- Billet designer save feedback (loading/success/error states)
- Stock polling every 30s with rupture/low stock badges
- Back to event link on payment page

Security:
- HTML sanitizer: BLOCKED_TAGS list (script, style, iframe, svg, etc.) - content fully removed
- Stripe polling timeout (15s max) with fallback redirect
- Rate limiting on public order access (20/5min)
- .catch() on all fetch() calls (sortable, billet-designer)

Tests (92% PHP, 100% JS lines):
- PCOV added to dev Dockerfile
- Test DB setup: .env.test with DATABASE_URL, Redis auth, Meilisearch key
- Rate limiter disabled in test env
- Makefile: test_db_setup, test_db_reset, run_test_php, run_test_coverage_php/js
- New tests: InvitationFlowTest (21), AuditServiceTest (4), ExportServiceTest (9), InvoiceServiceTest (4)
- New tests: SuspendedUserSubscriberTest, RateLimiterSubscriberTest, MeilisearchServiceTest
- New tests: Stripe webhook payment_failed (6) + charge.refunded (6)
- New tests: BilletBuyer refund, User suspended, OrganizerInvitation expiration
- JS tests: stock polling (6), data-confirm (2), copy-url restore (1), editor ARIA (2), XSS (9), tabs keyboard (9)
- ESLint + PHP CS Fixer: 0 errors
- SonarQube exclusions aligned with vitest coverage config

Infra:
- Meilisearch consistency command (app:meilisearch:check-consistency --fix) + cron daily 3am
- MeilisearchService: getAllDocumentIds(), listIndexes()

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 11:14:06 +01:00

234 lines
7.2 KiB
PHP
Raw Blame History

<?php
namespace App\Tests\Entity;
use App\Entity\User;
use PHPUnit\Framework\TestCase;
class UserTest extends TestCase
{
public function testNewUserHasCreatedAt(): void
{
$user = new User();
self::assertInstanceOf(\DateTimeImmutable::class, $user->getCreatedAt());
}
public function testGetRolesAlwaysIncludesRoleUser(): void
{
$user = new User();
self::assertContains('ROLE_USER', $user->getRoles());
}
public function testSetRolesDeduplicatesRoleUser(): void
{
$user = new User();
$user->setRoles(['ROLE_ADMIN', 'ROLE_USER']);
$roles = $user->getRoles();
self::assertCount(2, $roles);
self::assertContains('ROLE_ADMIN', $roles);
self::assertContains('ROLE_USER', $roles);
}
public function testGetUserIdentifierReturnsEmail(): void
{
$user = new User();
$user->setEmail('test@example.com');
self::assertSame('test@example.com', $user->getUserIdentifier());
}
public function testFluentSetters(): void
{
$user = new User();
$result = $user->setEmail('a@b.com')
->setFirstName('John')
->setLastName('Doe')
->setPassword('hashed');
self::assertSame($user, $result);
self::assertSame('a@b.com', $user->getEmail());
self::assertSame('John', $user->getFirstName());
self::assertSame('Doe', $user->getLastName());
self::assertSame('hashed', $user->getPassword());
}
public function testOrganizerFields(): void
{
$user = new User();
$result = $user->setCompanyName('Mon Asso')
->setSiret('12345678901234')
->setAddress('12 rue de la Paix')
->setPostalCode('75001')
->setCity('Paris')
->setPhone('0612345678');
self::assertSame($user, $result);
self::assertSame('Mon Asso', $user->getCompanyName());
self::assertSame('12345678901234', $user->getSiret());
self::assertSame('12 rue de la Paix', $user->getAddress());
self::assertSame('75001', $user->getPostalCode());
self::assertSame('Paris', $user->getCity());
self::assertSame('0612345678', $user->getPhone());
}
public function testOrganizerFieldsDefaultToNull(): void
{
$user = new User();
self::assertNull($user->getCompanyName());
self::assertNull($user->getSiret());
self::assertNull($user->getAddress());
self::assertNull($user->getPostalCode());
self::assertNull($user->getCity());
self::assertNull($user->getPhone());
}
public function testLogoFields(): void
{
$user = new User();
self::assertNull($user->getLogoFile());
self::assertNull($user->getLogoName());
self::assertNull($user->getUpdatedAt());
$result = $user->setLogoName('logo.png');
self::assertSame($user, $result);
self::assertSame('logo.png', $user->getLogoName());
$file = new \Symfony\Component\HttpFoundation\File\File(__FILE__);
$result = $user->setLogoFile($file);
self::assertSame($user, $result);
self::assertSame($file, $user->getLogoFile());
self::assertNotNull($user->getUpdatedAt());
}
public function testSetLogoFileNullDoesNotUpdateTimestamp(): void
{
$user = new User();
$user->setLogoFile(null);
self::assertNull($user->getUpdatedAt());
}
public function testResetCodeFields(): void
{
$user = new User();
self::assertNull($user->getResetCode());
self::assertNull($user->getResetCodeExpiresAt());
$expiry = new \DateTimeImmutable('+15 minutes');
$result = $user->setResetCode('123456')->setResetCodeExpiresAt($expiry);
self::assertSame($user, $result);
self::assertSame('123456', $user->getResetCode());
self::assertSame($expiry, $user->getResetCodeExpiresAt());
}
public function testApprovalAndOfferFields(): void
{
$user = new User();
self::assertFalse($user->isApproved());
self::assertNull($user->getOffer());
self::assertNull($user->getCommissionRate());
$result = $user->setIsApproved(true)->setOffer('custom')->setCommissionRate(1.5);
self::assertSame($user, $result);
self::assertTrue($user->isApproved());
self::assertSame('custom', $user->getOffer());
self::assertSame(1.5, $user->getCommissionRate());
}
public function testSubAccountFields(): void
{
$parent = new User();
$sub = new User();
self::assertNull($sub->getParentOrganizer());
self::assertNull($sub->getSubAccountPermissions());
self::assertFalse($sub->hasPermission('scanner'));
$result = $sub->setParentOrganizer($parent)
->setSubAccountPermissions(['scanner', 'events']);
self::assertSame($sub, $result);
self::assertSame($parent, $sub->getParentOrganizer());
self::assertSame(['scanner', 'events'], $sub->getSubAccountPermissions());
self::assertTrue($sub->hasPermission('scanner'));
self::assertTrue($sub->hasPermission('events'));
self::assertFalse($sub->hasPermission('tickets'));
}
public function testStripeFields(): void
{
$user = new User();
self::assertNull($user->getStripeAccountId());
self::assertNull($user->getStripeStatus());
self::assertFalse($user->isStripeChargesEnabled());
self::assertFalse($user->isStripePayoutsEnabled());
$result = $user->setStripeAccountId('acct_1234567890')
->setStripeStatus('started')
->setStripeChargesEnabled(true)
->setStripePayoutsEnabled(true);
self::assertSame($user, $result);
self::assertSame('acct_1234567890', $user->getStripeAccountId());
self::assertSame('started', $user->getStripeStatus());
self::assertTrue($user->isStripeChargesEnabled());
self::assertTrue($user->isStripePayoutsEnabled());
}
public function testEmailVerificationFields(): void
{
$user = new User();
self::assertFalse($user->isVerified());
self::assertNull($user->getEmailVerificationToken());
self::assertNull($user->getEmailVerifiedAt());
$now = new \DateTimeImmutable();
$result = $user->setIsVerified(true)
->setEmailVerificationToken('abc123')
->setEmailVerifiedAt($now);
self::assertSame($user, $result);
self::assertTrue($user->isVerified());
self::assertSame('abc123', $user->getEmailVerificationToken());
self::assertSame($now, $user->getEmailVerifiedAt());
}
public function testEraseCredentialsDoesNotThrow(): void
{
$user = new User();
$user->eraseCredentials();
self::assertNull($user->getId());
}
public function testSuspendedFields(): void
{
$user = new User();
self::assertNull($user->isSuspended());
$result = $user->setIsSuspended(true);
self::assertSame($user, $result);
self::assertTrue($user->isSuspended());
$user->setIsSuspended(false);
self::assertFalse($user->isSuspended());
$user->setIsSuspended(null);
self::assertNull($user->isSuspended());
}
}
Reference in New Issue View Git Blame Copy Permalink