admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b3371cb7f6016cab2881faf99079a7f49d64d44
e-ticket/tests/Controller/AttestationControllerTest.php
Serreau Jovann 1b3371cb7f Add comprehensive test coverage for AttestationController, LegalController, AdminController, AccountController and AnalyticsEvent entity 
- AttestationController: fix decodeAndVerifyHash to have max 3 returns, add 11 tests covering all routes (check, ventesRef, ventes) and all decodeAndVerifyHash branches (invalid base64, missing pipe, bad signature, bad JSON, valid hash with/without registered attestation), plus generateHash unit tests with unicode
- LegalController: add 6 tests for RGPD POST routes (rgpdAccess and rgpdDeletion) covering empty fields, data found, and no data found scenarios
- AdminController: add 10 tests for analytics page (all period filters + access denied) and orderTickets endpoint (single ticket PDF, multiple tickets ZIP, order not found, no tickets)
- AccountController: add 17 tests for downloadTicket (success/denied/404), resendTicket (success/denied/404), cancelTicket (success/denied/404), createAccreditation (staff/exposant/empty fields/no categories/invalid type), eventAttestation (with categories/billets/empty selection)
- AnalyticsEvent entity: new test file with 8 tests covering constructor defaults, all getters/setters, nullable fields, and fluent interface

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 18:41:18 +02:00

226 lines
7.6 KiB
PHP
Raw Blame History

<?php
namespace App\Tests\Controller;
use App\Controller\AttestationController;
use App\Entity\Attestation;
use App\Entity\Event;
use App\Entity\Payout;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
class AttestationControllerTest extends WebTestCase
{
public function testCheckWithValidPayout(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = new User();
$user->setEmail('test-attest-'.uniqid().'@example.com');
$user->setFirstName('Test');
$user->setLastName('User');
$user->setPassword('$2y$13$hashed');
$em->persist($user);
$payout = new Payout();
$payout->setOrganizer($user);
$payout->setStripePayoutId('po_check_'.uniqid());
$payout->setStatus('paid');
$payout->setAmount(10000);
$payout->setCurrency('eur');
$em->persist($payout);
$em->flush();
$client->request('GET', '/attestation/check/'.$payout->getStripePayoutId());
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'Attestation authentique');
}
public function testCheckWithInvalidPayout(): void
{
$client = static::createClient();
$client->request('GET', '/attestation/check/po_fake_invalid');
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'Attestation introuvable');
}
public function testVentesRefWithValidReference(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$user = new User();
$user->setEmail('test-vref-'.uniqid().'@example.com');
$user->setFirstName('Test');
$user->setLastName('User');
$user->setPassword('$2y$13$hashed');
$em->persist($user);
$event = new Event();
$event->setAccount($user);
$event->setTitle('Test Event');
$event->setStartAt(new \DateTimeImmutable('+1 day'));
$event->setEndAt(new \DateTimeImmutable('+2 days'));
$event->setAddress('123 Rue Test');
$event->setZipcode('75001');
$event->setCity('Paris');
$em->persist($event);
$reference = 'REF-'.uniqid();
$payload = ['event' => 'Test Event', 'total' => 5000];
$attestation = new Attestation($reference, 'sig_'.uniqid(), $event, $user, 10, $payload);
$em->persist($attestation);
$em->flush();
$client->request('GET', '/attestation/ventes/r/'.$reference);
self::assertResponseIsSuccessful();
}
public function testVentesRefWithInvalidReference(): void
{
$client = static::createClient();
$client->request('GET', '/attestation/ventes/r/INVALID_REF');
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'introuvable');
}
public function testVentesWithValidHash(): void
{
$client = static::createClient();
$appSecret = static::getContainer()->getParameter('kernel.secret');
$data = ['event' => 'Test Event', 'total' => 5000];
$hash = AttestationController::generateHash($data, $appSecret);
$client->request('GET', '/attestation/ventes/'.$hash);
self::assertResponseIsSuccessful();
}
public function testVentesWithValidHashAndRegisteredAttestation(): void
{
$client = static::createClient();
$em = static::getContainer()->get(EntityManagerInterface::class);
$appSecret = static::getContainer()->getParameter('kernel.secret');
$user = new User();
$user->setEmail('test-vreg-'.uniqid().'@example.com');
$user->setFirstName('Test');
$user->setLastName('User');
$user->setPassword('$2y$13$hashed');
$em->persist($user);
$event = new Event();
$event->setAccount($user);
$event->setTitle('Test Event');
$event->setStartAt(new \DateTimeImmutable('+1 day'));
$event->setEndAt(new \DateTimeImmutable('+2 days'));
$event->setAddress('123 Rue Test');
$event->setZipcode('75001');
$event->setCity('Paris');
$em->persist($event);
$data = ['event' => 'Registered Event', 'total' => 8000];
$json = json_encode($data, \JSON_UNESCAPED_UNICODE);
$signatureHash = hash_hmac('sha256', $json, $appSecret);
$attestation = new Attestation('REF-'.uniqid(), $signatureHash, $event, $user, 20, $data);
$em->persist($attestation);
$em->flush();
$hash = AttestationController::generateHash($data, $appSecret);
$client->request('GET', '/attestation/ventes/'.$hash);
self::assertResponseIsSuccessful();
}
public function testVentesWithInvalidBase64(): void
{
$client = static::createClient();
$client->request('GET', '/attestation/ventes/!!!invalid-base64!!!');
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'introuvable');
}
public function testVentesWithMissingPipeSeparator(): void
{
$client = static::createClient();
$hash = rtrim(strtr(base64_encode('no-pipe-here'), '+/', '-_'), '=');
$client->request('GET', '/attestation/ventes/'.$hash);
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'introuvable');
}
public function testVentesWithInvalidSignature(): void
{
$client = static::createClient();
$json = json_encode(['event' => 'Test'], \JSON_UNESCAPED_UNICODE);
$hash = rtrim(strtr(base64_encode('invalidsignature|'.$json), '+/', '-_'), '=');
$client->request('GET', '/attestation/ventes/'.$hash);
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'introuvable');
}
public function testVentesWithInvalidJsonPayload(): void
{
$client = static::createClient();
$appSecret = static::getContainer()->getParameter('kernel.secret');
$invalidJson = '{invalid json}';
$signature = hash_hmac('sha256', $invalidJson, $appSecret);
$hash = rtrim(strtr(base64_encode($signature.'|'.$invalidJson), '+/', '-_'), '=');
$client->request('GET', '/attestation/ventes/'.$hash);
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'introuvable');
}
public function testGenerateHash(): void
{
$data = ['key' => 'value', 'amount' => 1000];
$secret = 'test-secret';
$hash = AttestationController::generateHash($data, $secret);
self::assertNotEmpty($hash);
self::assertMatchesRegularExpression('/^[A-Za-z0-9\-_]+$/', $hash);
$decoded = base64_decode(strtr($hash, '-_', '+/'), true);
self::assertNotFalse($decoded);
$parts = explode('|', $decoded, 2);
self::assertCount(2, $parts);
[$signature, $jsonPayload] = $parts;
$expectedSignature = hash_hmac('sha256', $jsonPayload, $secret);
self::assertTrue(hash_equals($expectedSignature, $signature));
self::assertSame($data, json_decode($jsonPayload, true));
}
public function testGenerateHashWithUnicodeData(): void
{
$data = ['name' => 'Événement été', 'city' => 'Zürich'];
$secret = 'test-secret';
$hash = AttestationController::generateHash($data, $secret);
$decoded = base64_decode(strtr($hash, '-_', '+/'), true);
$parts = explode('|', $decoded, 2);
self::assertStringContainsString('Événement été', $parts[1]);
self::assertStringContainsString('Zürich', $parts[1]);
}
}
Reference in New Issue View Git Blame Copy Permalink