ai-lib/tests/Integration/Controller/ProfileControllerTest.php at 9b37b234b5f1e20f3b46ca817e93aa148929ee88 · itk-dev/ai-lib · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php

declare(strict_types=1);

namespace App\Tests\Integration\Controller;

use App\Repository\UserRepository;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;

/**
 * End-to-end profile view + edit flow for an authenticated user.
 *
 * Relies on the baseline `UserFixtures` (alice + bob with display
 * names "Alice" / "Bob", password `password`, `status = Approved`).
 */
final class ProfileControllerTest extends WebTestCase
{
    private KernelBrowser $client;

    protected function setUp(): void
    {
        $this->client = self::createClient();
    }

    // Tests that an anonymous visitor is redirected to /login when hitting /profile.
    public function testProfilePageRedirectsAnonymousToLogin(): void
    {
        $this->client->request('GET', '/profile');

        self::assertResponseRedirects();
        self::assertStringContainsString('/login', (string) $this->client->getResponse()->headers->get('Location'));
    }

    // Tests that an anonymous visitor is redirected to /login when hitting /profile/edit.
    public function testEditPageRedirectsAnonymousToLogin(): void
    {
        $this->client->request('GET', '/profile/edit');

        self::assertResponseRedirects();
        self::assertStringContainsString('/login', (string) $this->client->getResponse()->headers->get('Location'));
    }

    // Tests that the profile page renders the signed-in user's name and email.
    public function testShowRendersTheCurrentUsersNameAndEmail(): void
    {
        $this->loginAsAlice();

        $crawler = $this->client->request('GET', '/profile');

        self::assertResponseIsSuccessful();
        $body = $crawler->filter('body')->text();
        self::assertStringContainsString('Alice', $body);
        self::assertStringContainsString('alice@example.test', $body);
    }

    // Ensures the edit form is pre-filled with the user's current name on GET.
    public function testEditRendersFormPrefilledWithTheCurrentName(): void
    {
        $this->loginAsAlice();

        $crawler = $this->client->request('GET', '/profile/edit');

        self::assertResponseIsSuccessful();
        self::assertSame('Alice', $crawler->filter('input[name="name"]')->attr('value'));
    }

    // Verifies a successful edit persists the new name and surfaces the success flash.
    public function testEditPersistsTheNewNameAndShowsTheFlash(): void
    {
        $this->loginAsAlice();

        $crawler = $this->client->request('GET', '/profile/edit');
        $form = $crawler->filter('form')->form();
        $form['name'] = 'Alice Andersen';
        $this->client->submit($form);

        self::assertResponseRedirects('/profile');
        $crawler = $this->client->followRedirect();
        self::assertResponseIsSuccessful();

        $body = $crawler->filter('body')->text();
        self::assertStringContainsString('Alice Andersen', $body);
        self::assertStringContainsString('gemt', $body);

        $reloaded = self::getContainer()
            ->get(UserRepository::class)
            ->findOneBy(['email' => 'alice@example.test']);
        self::assertNotNull($reloaded);
        self::assertSame('Alice Andersen', $reloaded->getName());
    }

    // Ensures a whitespace-only name is rejected with 422 and the persisted name is unchanged.
    public function testEditRejectsEmptyNameAndKeepsTheCurrentValue(): void
    {
        $this->loginAsAlice();

        $crawler = $this->client->request('GET', '/profile/edit');
        $form = $crawler->filter('form')->form();
        // Bypass HTML5 `required` by clearing the input value programmatically.
        $form->setValues(['name' => '   ']);
        $crawler = $this->client->submit($form);

        self::assertResponseStatusCodeSame(422);
        $body = $crawler->filter('body')->text();
        self::assertStringContainsString('Navnet må ikke være tomt', $body);

        $reloaded = self::getContainer()
            ->get(UserRepository::class)
            ->findOneBy(['email' => 'alice@example.test']);
        self::assertNotNull($reloaded);
        self::assertSame('Alice', $reloaded->getName(), 'Empty submit must not have mutated the persisted name.');
    }

    // Ensures an invalid CSRF token yields 403 and the persisted name is unchanged.
    public function testEditRejectsInvalidCsrfTokenAndDoesNotUpdate(): void
    {
        $this->loginAsAlice();

        $this->client->request('POST', '/profile/edit', [
            'name' => 'Hacker',
            '_token' => 'nope',
        ]);

        self::assertResponseStatusCodeSame(403);

        $reloaded = self::getContainer()
            ->get(UserRepository::class)
            ->findOneBy(['email' => 'alice@example.test']);
        self::assertNotNull($reloaded);
        self::assertSame('Alice', $reloaded->getName(), 'CSRF rejection must not have mutated the persisted name.');
    }

    private function loginAsAlice(): void
    {
        $crawler = $this->client->request('GET', '/login');
        $form = $crawler->filter('form')->form();
        $form['_username'] = 'alice@example.test';
        $form['_password'] = 'password';
        $this->client->submit($form);
        $this->client->followRedirect();
    }
}