MALIO-DEV/Inventory
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
27d51ffdb13448e2d2ef5c3c4f78bbf62dbf9627
Inventory/tests/Api/Session/SessionProfileTest.php
r-dev 48f7e4c6ac test(session) : align expectations with hardened auth from WIP 476060c 
Generic 'Identifiants invalides.' is now returned for both wrong
password and missing-password-set cases (security obscurity, prevents
account enumeration). Tests still asserted the granular 'Mot de passe
incorrect.' message and a 403 status that the controller no longer
emits.

Co-Authored-By: RuFlo <ruv@ruv.net>
2026-05-03 19:56:53 +02:00

139 lines
3.9 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Tests\Api\Session;
use App\Tests\AbstractApiTestCase;
/**
* @internal
*/
class SessionProfileTest extends AbstractApiTestCase
{
private const PASSWORD = 'secret123';
public function testLoginSuccess(): void
{
$profile = $this->createProfile(password: self::PASSWORD);
$client = static::createClient();
$client->request('POST', '/api/session/profile', [
'json' => [
'profileId' => $profile->getId(),
'password' => self::PASSWORD,
],
]);
$this->assertResponseStatusCodeSame(200);
$this->assertJsonContains([
'id' => $profile->getId(),
'firstName' => 'Test',
'lastName' => 'User',
'isActive' => true,
]);
}
public function testLoginWrongPassword(): void
{
$profile = $this->createProfile(password: self::PASSWORD);
$client = static::createClient();
$client->request('POST', '/api/session/profile', [
'json' => [
'profileId' => $profile->getId(),
'password' => 'wrong',
],
]);
$this->assertResponseStatusCodeSame(401);
$this->assertJsonContains(['message' => 'Identifiants invalides.']);
}
public function testLoginMissingPassword(): void
{
$profile = $this->createProfile(password: self::PASSWORD);
$client = static::createClient();
$client->request('POST', '/api/session/profile', [
'json' => [
'profileId' => $profile->getId(),
],
]);
$this->assertResponseStatusCodeSame(400);
$this->assertJsonContains(['message' => 'Mot de passe requis.']);
}
public function testLoginMissingProfileId(): void
{
$client = static::createClient();
$client->request('POST', '/api/session/profile', [
'json' => [],
]);
$this->assertResponseStatusCodeSame(400);
$this->assertJsonContains(['message' => 'profileId est requis.']);
}
public function testLoginInactiveProfile(): void
{
$profile = $this->createProfile(password: self::PASSWORD, isActive: false);
$client = static::createClient();
$client->request('POST', '/api/session/profile', [
'json' => [
'profileId' => $profile->getId(),
'password' => self::PASSWORD,
],
]);
$this->assertResponseStatusCodeSame(401);
}
public function testLoginNoPasswordSet(): void
{
$profile = $this->createProfile();
$client = static::createClient();
$client->request('POST', '/api/session/profile', [
'json' => [
'profileId' => $profile->getId(),
'password' => 'anything',
],
]);
$this->assertResponseStatusCodeSame(401);
}
public function testGetActiveProfileAuthenticated(): void
{
$client = $this->createViewerClient();
$client->request('GET', '/api/session/profile');
$this->assertResponseIsSuccessful();
$this->assertJsonContains(['isActive' => true]);
}
public function testGetActiveProfileUnauthenticated(): void
{
$client = $this->createUnauthenticatedClient();
$client->request('GET', '/api/session/profile');
$this->assertResponseStatusCodeSame(401);
$this->assertJsonContains(['message' => 'Aucun profil actif.']);
}
public function testLogout(): void
{
$client = $this->createViewerClient();
$client->request('DELETE', '/api/session/profile');
$this->assertResponseIsSuccessful();
$this->assertJsonContains(['success' => true]);
$client->request('GET', '/api/session/profile');
$this->assertResponseStatusCodeSame(401);
}
}
Reference in New Issue View Git Blame Copy Permalink