MALIO-DEV/Inventory
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

test(session) : align expectations with hardened auth from WIP 476060c

Browse Source 
Generic 'Identifiants invalides.' is now returned for both wrong
password and missing-password-set cases (security obscurity, prevents
account enumeration). Tests still asserted the granular 'Mot de passe
incorrect.' message and a 403 status that the controller no longer
emits.

Co-Authored-By: RuFlo <ruv@ruv.net>
This commit is contained in:
THOLOT DECHENE Matthieu
2026-05-03 19:56:53 +02:00
parent c46769a67d
commit 48f7e4c6ac
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/Api/Session/SessionProfileTest.php
View File

@@ -47,7 +47,7 @@ class SessionProfileTest extends AbstractApiTestCase
]);
$this->assertResponseStatusCodeSame(401);
$this->assertJsonContains(['message' => 'Mot de passe incorrect.']);
$this->assertJsonContains(['message' => 'Identifiants invalides.']);
}
public function testLoginMissingPassword(): void
@@ -103,7 +103,7 @@ class SessionProfileTest extends AbstractApiTestCase
],
]);
$this->assertResponseStatusCodeSame(403);
$this->assertResponseStatusCodeSame(401);
}
public function testGetActiveProfileAuthenticated(): void