feat : bloque les caractères spéciaux dans les champs texte des 4 répertoires (ERP-193)
This commit is contained in:
@@ -0,0 +1,93 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Validation back-autoritative des caracteres autorises dans les champs texte
|
||||
* (retour metier ERP-193) : on rejette les caracteres parasites « ²³§~#| … » via
|
||||
* une allow-list par profil (App\Shared\Domain\Validation\TextInputPattern). Le
|
||||
* front filtre deja a la frappe, mais le back reste l'autorite : une 422 portee
|
||||
* sur le champ fautif (mappable inline par useFormErrors).
|
||||
*
|
||||
* On couvre les clients (M1) et les fournisseurs (M2) — meme socle de profils.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class TextInputSanitizationTest extends AbstractSupplierApiTestCase
|
||||
{
|
||||
/** Raison sociale avec exposants ²³ et § -> 422 sur companyName. */
|
||||
public function testClientCompanyNameAvecParasitesEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Parasite Client SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'ACME²³§'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('companyName', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Raison sociale legitime « Dupont & Fils » (esperluette) -> acceptee (200). */
|
||||
public function testClientCompanyNameLegitimeEst200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Legit Client SARL');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Dupont & Fils (Pôle n°2)'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/** Dirigeant avec chiffres -> 422 (profil nom de personne, pas de chiffres). */
|
||||
public function testClientDirectorNameAvecChiffresEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Director Parasite SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['directorName' => 'Jean123'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('directorName', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** N° de compte avec caractere special -> 422 (profil code alphanumerique). */
|
||||
public function testClientAccountNumberAvecParasiteEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Account Parasite SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['accountNumber' => '411#DUP'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('accountNumber', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Fournisseur : raison sociale avec parasites -> 422 sur companyName. */
|
||||
public function testSupplierCompanyNameAvecParasitesEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Parasite Fournisseur SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'NEGOCE~#|²'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('companyName', $this->violationsByPath($body));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user