94 lines
3.6 KiB
PHP
94 lines
3.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Module\Commercial\Api;
|
|
|
|
/**
|
|
* Validation back-autoritative des caracteres autorises dans les champs texte
|
|
* (retour metier ERP-193) : on rejette les caracteres parasites « ²³§~#| … » via
|
|
* une allow-list par profil (App\Shared\Domain\Validation\TextInputPattern). Le
|
|
* front filtre deja a la frappe, mais le back reste l'autorite : une 422 portee
|
|
* sur le champ fautif (mappable inline par useFormErrors).
|
|
*
|
|
* On couvre les clients (M1) et les fournisseurs (M2) — meme socle de profils.
|
|
*
|
|
* @internal
|
|
*/
|
|
final class TextInputSanitizationTest extends AbstractSupplierApiTestCase
|
|
{
|
|
/** Raison sociale avec exposants ²³ et § -> 422 sur companyName. */
|
|
public function testClientCompanyNameAvecParasitesEst422(): void
|
|
{
|
|
$client = $this->createAdminClient();
|
|
$seed = $this->seedClient('Parasite Client SARL');
|
|
|
|
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['companyName' => 'ACME²³§'],
|
|
])->toArray(false);
|
|
|
|
self::assertResponseStatusCodeSame(422);
|
|
self::assertArrayHasKey('companyName', $this->violationsByPath($body));
|
|
}
|
|
|
|
/** Raison sociale legitime « Dupont & Fils » (esperluette) -> acceptee (200). */
|
|
public function testClientCompanyNameLegitimeEst200(): void
|
|
{
|
|
$client = $this->createAdminClient();
|
|
$seed = $this->seedClient('Legit Client SARL');
|
|
|
|
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['companyName' => 'Dupont & Fils (Pôle n°2)'],
|
|
]);
|
|
|
|
self::assertResponseStatusCodeSame(200);
|
|
}
|
|
|
|
/** Dirigeant avec chiffres -> 422 (profil nom de personne, pas de chiffres). */
|
|
public function testClientDirectorNameAvecChiffresEst422(): void
|
|
{
|
|
$client = $this->createAdminClient();
|
|
$seed = $this->seedClient('Director Parasite SARL');
|
|
|
|
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['directorName' => 'Jean123'],
|
|
])->toArray(false);
|
|
|
|
self::assertResponseStatusCodeSame(422);
|
|
self::assertArrayHasKey('directorName', $this->violationsByPath($body));
|
|
}
|
|
|
|
/** N° de compte avec caractere special -> 422 (profil code alphanumerique). */
|
|
public function testClientAccountNumberAvecParasiteEst422(): void
|
|
{
|
|
$client = $this->createAdminClient();
|
|
$seed = $this->seedClient('Account Parasite SARL');
|
|
|
|
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['accountNumber' => '411#DUP'],
|
|
])->toArray(false);
|
|
|
|
self::assertResponseStatusCodeSame(422);
|
|
self::assertArrayHasKey('accountNumber', $this->violationsByPath($body));
|
|
}
|
|
|
|
/** Fournisseur : raison sociale avec parasites -> 422 sur companyName. */
|
|
public function testSupplierCompanyNameAvecParasitesEst422(): void
|
|
{
|
|
$client = $this->createAdminClient();
|
|
$seed = $this->seedSupplier('Parasite Fournisseur SARL');
|
|
|
|
$body = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['companyName' => 'NEGOCE~#|²'],
|
|
])->toArray(false);
|
|
|
|
self::assertResponseStatusCodeSame(422);
|
|
self::assertArrayHasKey('companyName', $this->violationsByPath($body));
|
|
}
|
|
}
|