Matthieu
b989c33cc4
Pose une infra d'upload de fichiers générique et réutilisable dans Shared
(spec M4 § 2.7), sans toucher au module Transport.
- Table uploaded_document (migration racine DoctrineMigrations) : fichier
téléversé immuable (PDF / images), checksum sha256, created_at/created_by.
- Service Shared\Infrastructure\Upload\FileUploader : validation MIME
server-side via getMimeType (jamais getClientMimeType), whitelist explicite
(PDF + images), bornage taille, checksum sha256, écriture var/uploads/{yyyy}/{mm}/.
- Endpoint POST /api/uploaded_documents (multipart, deserialize:false) +
UploadedDocumentProcessor -> renvoie l'IRI ; MIME hors whitelist -> 422.
- COMMENT ON COLUMN sur toutes les colonnes + bloc dans ColumnCommentsCatalog.
- Mapping Doctrine Shared + path API Platform Shared.
- Tests : FileUploader (unit) + endpoint (fonctionnel, 422 / IRI / checksum).
145 lines
4.8 KiB
PHP
145 lines
4.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Shared\Infrastructure\Upload;
|
|
|
|
use App\Shared\Domain\Exception\FileTooLargeException;
|
|
use App\Shared\Domain\Exception\UnsupportedMimeTypeException;
|
|
use App\Shared\Infrastructure\Upload\FileUploader;
|
|
use DateTimeImmutable;
|
|
use PHPUnit\Framework\TestCase;
|
|
use Symfony\Component\Clock\MockClock;
|
|
use Symfony\Component\HttpFoundation\File\UploadedFile;
|
|
|
|
/**
|
|
* Tests unitaires du service generique de televersement (ERP-154).
|
|
*
|
|
* Couvre : rejet d'un MIME hors whitelist, rejet d'un fichier trop volumineux,
|
|
* et le chemin nominal (checksum sha256 calcule, taille/MIME captures, fichier
|
|
* ecrit sous var/uploads/{yyyy}/{mm}/ avec horodatage de l'horloge injectee).
|
|
*
|
|
* @internal
|
|
*/
|
|
final class FileUploaderTest extends TestCase
|
|
{
|
|
private string $uploadBaseDir;
|
|
|
|
/** @var list<string> */
|
|
private array $tempFiles = [];
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->uploadBaseDir = sys_get_temp_dir().'/erp154-uploads-'.bin2hex(random_bytes(4));
|
|
}
|
|
|
|
protected function tearDown(): void
|
|
{
|
|
// Nettoyage des fichiers sources et de l'arborescence de destination.
|
|
foreach ($this->tempFiles as $path) {
|
|
if (is_file($path)) {
|
|
@unlink($path);
|
|
}
|
|
}
|
|
$this->removeDirectory($this->uploadBaseDir);
|
|
}
|
|
|
|
public function testRejectsMimeTypeOutsideWhitelist(): void
|
|
{
|
|
$uploader = $this->createUploader();
|
|
$file = $this->makeUploadedFile('hello world plain text', 'note.txt');
|
|
|
|
$this->expectException(UnsupportedMimeTypeException::class);
|
|
|
|
$uploader->upload($file);
|
|
}
|
|
|
|
public function testRejectsFileLargerThanMaxSize(): void
|
|
{
|
|
$uploader = $this->createUploader();
|
|
|
|
// Contenu PDF valide mais artificiellement gonfle au-dela de la borne.
|
|
$content = "%PDF-1.4\n".str_repeat('A', FileUploader::MAX_SIZE_BYTES + 1);
|
|
$file = $this->makeUploadedFile($content, 'huge.pdf');
|
|
|
|
$this->expectException(FileTooLargeException::class);
|
|
|
|
$uploader->upload($file);
|
|
}
|
|
|
|
public function testStoresPdfAndComputesSha256Checksum(): void
|
|
{
|
|
$content = $this->minimalPdf();
|
|
$clock = new MockClock(new DateTimeImmutable('2026-06-15 10:00:00'));
|
|
$uploader = $this->createUploader($clock);
|
|
$file = $this->makeUploadedFile($content, 'facture.pdf');
|
|
|
|
$document = $uploader->upload($file);
|
|
|
|
self::assertSame('facture.pdf', $document->getOriginalFilename());
|
|
self::assertSame('application/pdf', $document->getMimeType());
|
|
self::assertSame(\strlen($content), $document->getSizeBytes());
|
|
self::assertSame(hash('sha256', $content), $document->getChecksum());
|
|
self::assertSame(64, \strlen($document->getChecksum()));
|
|
|
|
// Chemin relatif date selon l'horloge injectee (2026/06).
|
|
self::assertStringStartsWith('2026/06/', $document->getStoredPath());
|
|
self::assertFileExists($this->uploadBaseDir.'/'.$document->getStoredPath());
|
|
|
|
// Le fichier ecrit a bien le contenu d'origine (checksum coherent).
|
|
self::assertSame(
|
|
$document->getChecksum(),
|
|
hash_file('sha256', $this->uploadBaseDir.'/'.$document->getStoredPath()),
|
|
);
|
|
}
|
|
|
|
private function createUploader(?MockClock $clock = null): FileUploader
|
|
{
|
|
return new FileUploader($this->uploadBaseDir, $clock ?? new MockClock());
|
|
}
|
|
|
|
/**
|
|
* Cree un UploadedFile en mode test (move() autorise hors contexte HTTP).
|
|
*/
|
|
private function makeUploadedFile(string $content, string $clientName): UploadedFile
|
|
{
|
|
$path = sys_get_temp_dir().'/erp154-src-'.bin2hex(random_bytes(4));
|
|
file_put_contents($path, $content);
|
|
$this->tempFiles[] = $path;
|
|
|
|
// Le 5e argument `test: true` court-circuite move_uploaded_file().
|
|
return new UploadedFile($path, $clientName, null, null, true);
|
|
}
|
|
|
|
/**
|
|
* Contenu PDF minimal valide — l'entete `%PDF-1.4` suffit a faire detecter
|
|
* `application/pdf` par finfo (getMimeType server-side).
|
|
*/
|
|
private function minimalPdf(): string
|
|
{
|
|
return "%PDF-1.4\n"
|
|
."1 0 obj<</Type/Catalog/Pages 2 0 R>>endobj\n"
|
|
."2 0 obj<</Type/Pages/Kids[3 0 R]/Count 1>>endobj\n"
|
|
."3 0 obj<</Type/Page/Parent 2 0 R/MediaBox[0 0 612 792]>>endobj\n"
|
|
."trailer<</Root 1 0 R/Size 4>>\n"
|
|
."%%EOF\n";
|
|
}
|
|
|
|
private function removeDirectory(string $dir): void
|
|
{
|
|
if (!is_dir($dir)) {
|
|
return;
|
|
}
|
|
|
|
$items = scandir($dir) ?: [];
|
|
foreach ($items as $item) {
|
|
if ('.' === $item || '..' === $item) {
|
|
continue;
|
|
}
|
|
$path = $dir.'/'.$item;
|
|
is_dir($path) ? $this->removeDirectory($path) : @unlink($path);
|
|
}
|
|
@rmdir($dir);
|
|
}
|
|
}
|