100 % test coverage

Author: tuj

src/Privacy/AuditScrubber.php

@@ -185,12 +185,9 @@ private function clearDiffValues(array $diffs): array
     private function discoverAuditTables(): array
     {
         $tables = [];
+        /** @var DoctrineAuditConfiguration $configuration */
         $configuration = $this->auditProvider->getConfiguration();
-        \assert($configuration instanceof DoctrineAuditConfiguration);
         foreach ($configuration->getEntities() as $entry) {
-            if (!\is_array($entry) || !isset($entry['audit_table_name'])) {
-                continue;
-            }
             $tables[] = (string) $entry['audit_table_name'];
         }
 

tests/Fixtures/Entity/OrphanAnonymizableEntity.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace ITKDev\EntityBundle\Tests\Fixtures\Entity;
+
+use Doctrine\ORM\Mapping as ORM;
+use ITKDev\EntityBundle\Audit\Attribute\Auditable;
+use ITKDev\EntityBundle\Entity\AbstractITKDevEntity;
+use ITKDev\EntityBundle\Entity\Contract\AnonymizationStatusInterface;
+use ITKDev\EntityBundle\Entity\Contract\TimestampableInterface;
+use ITKDev\EntityBundle\Entity\Trait\AnonymizationStatusTrait;
+use ITKDev\EntityBundle\Entity\Trait\TimestampableTrait;
+use ITKDev\EntityBundle\Privacy\Attribute\Anonymize;
+use ITKDev\EntityBundle\Privacy\Strategy;
+
+/**
+ * Anonymizable entity with no foreign key to TestUser, exercising SubjectAnonymizer's
+ * "skip class that has no user FK" branch.
+ */
+#[ORM\Entity]
+#[ORM\Table(name: 'test_orphan_anonymizable')]
+#[Auditable]
+class OrphanAnonymizableEntity extends AbstractITKDevEntity implements TimestampableInterface, AnonymizationStatusInterface
+{
+    use TimestampableTrait;
+    use AnonymizationStatusTrait;
+
+    #[ORM\Column(type: 'string', length: 64, nullable: true)]
+    #[Anonymize(strategy: Strategy::Redact)]
+    private ?string $payload = null;
+
+    public function setPayload(?string $payload): void
+    {
+        $this->payload = $payload;
+    }
+
+    public function getPayload(): ?string
+    {
+        return $this->payload;
+    }
+}

tests/Fixtures/Entity/TestUser.php

@@ -7,13 +7,26 @@
 use Doctrine\ORM\Mapping as ORM;
 use ITKDev\EntityBundle\Audit\Attribute\Auditable;
 use ITKDev\EntityBundle\Entity\AbstractITKDevEntity;
+use ITKDev\EntityBundle\Entity\Contract\AnonymizationStatusInterface;
+use ITKDev\EntityBundle\Entity\Contract\TimestampableInterface;
+use ITKDev\EntityBundle\Entity\Trait\AnonymizationStatusTrait;
+use ITKDev\EntityBundle\Entity\Trait\TimestampableTrait;
+use ITKDev\EntityBundle\Privacy\Attribute\Anonymize;
+use ITKDev\EntityBundle\Privacy\Strategy;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 #[ORM\Entity]
 #[ORM\Table(name: 'test_user')]
 #[Auditable]
-class TestUser extends AbstractITKDevEntity implements UserInterface
+class TestUser extends AbstractITKDevEntity implements UserInterface, TimestampableInterface, AnonymizationStatusInterface
 {
+    use TimestampableTrait;
+    use AnonymizationStatusTrait;
+
+    #[ORM\Column(type: 'string', length: 191, nullable: true)]
+    #[Anonymize(strategy: Strategy::Redact)]
+    private ?string $email = null;
+
     public function getUserIdentifier(): string
     {
         return (string) $this->getId();
@@ -27,4 +40,14 @@ public function getRoles(): array
     public function eraseCredentials(): void
     {
     }
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+
+    public function setEmail(?string $email): void
+    {
+        $this->email = $email;
+    }
 }

tests/Integration/AbstractITKDevEntityIntegrationTest.php

@@ -7,7 +7,9 @@
 use Doctrine\ORM\EntityManagerInterface;
 use Doctrine\ORM\Tools\SchemaTool;
 use ITKDev\EntityBundle\Entity\Contract\IdentifiableInterface;
+use ITKDev\EntityBundle\Tests\Fixtures\Entity\AttributeOnlyEntity;
 use ITKDev\EntityBundle\Tests\Fixtures\Entity\FixtureEntity;
+use ITKDev\EntityBundle\Tests\Fixtures\Entity\NonAuditableEntity;
 use ITKDev\EntityBundle\Tests\Fixtures\Entity\TestUser;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
@@ -246,6 +248,62 @@ public function testArchivableFilterHidesArchivedRowsWhenEnabled(): void
         self::assertSame('live', $visible[0]->getLabel());
     }
 
+    public function testArchivableFilterReturnsNoConstraintForNonArchivableEntity(): void
+    {
+        $entity = new AttributeOnlyEntity();
+        $this->em->persist($entity);
+        $this->em->flush();
+        $this->em->clear();
+
+        $this->em->getFilters()->enable('archivable');
+
+        // AttributeOnlyEntity does not implement ArchivableInterface, so the filter must
+        // short-circuit with an empty constraint — otherwise the query would emit SQL
+        // referencing a non-existent archived_at column on test_attribute_only.
+        $rows = $this->em->getRepository(AttributeOnlyEntity::class)->findAll();
+        self::assertCount(1, $rows);
+    }
+
+    public function testSoftDeleteFilterReturnsNoConstraintForNonSoftDeletableEntity(): void
+    {
+        $entity = new AttributeOnlyEntity();
+        $this->em->persist($entity);
+        $this->em->flush();
+        $this->em->clear();
+
+        // soft_delete is enabled by default. AttributeOnlyEntity does not implement
+        // SoftDeletableInterface, so the filter must short-circuit rather than reference
+        // a non-existent deleted_at column.
+        $rows = $this->em->getRepository(AttributeOnlyEntity::class)->findAll();
+        self::assertCount(1, $rows);
+    }
+
+    public function testListenersSkipEntitiesWithoutTheirRespectiveInterface(): void
+    {
+        // NonAuditableEntity implements none of Timestampable/Blameable/SoftDeletable, so
+        // every per-feature onFlush listener must `continue` past it during insert, update
+        // and delete flushes. Exercises the skip-branches of all three listeners and the
+        // soft-delete filter's empty-constraint path for the same entity.
+        $alice = new TestUser();
+        $this->em->persist($alice);
+        $this->em->flush();
+        $this->loginAs($alice);
+
+        $entity = new NonAuditableEntity();
+        $entity->setLabel('initial');
+        $this->em->persist($entity);
+        $this->em->flush();
+
+        $entity->setLabel('changed');
+        $this->em->flush();
+
+        $this->em->remove($entity);
+        $this->em->flush();
+        $this->em->clear();
+
+        self::assertCount(0, $this->em->getRepository(NonAuditableEntity::class)->findAll());
+    }
+
     /**
      * @param list<FixtureEntity> $entities
      *

tests/Integration/Privacy/AnonymizerTest.php

@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace ITKDev\EntityBundle\Tests\Integration\Privacy;
+
+use Doctrine\ORM\EntityManagerInterface;
+use Doctrine\ORM\Tools\SchemaTool;
+use ITKDev\EntityBundle\Privacy\Anonymizer;
+use ITKDev\EntityBundle\Tests\Fixtures\Entity\FixtureEntity;
+use ITKDev\EntityBundle\Tests\Fixtures\Entity\NonAuditableEntity;
+use ITKDev\EntityBundle\Tests\Integration\IntegrationTestCase;
+
+final class AnonymizerTest extends IntegrationTestCase
+{
+    private EntityManagerInterface $em;
+    private Anonymizer $anonymizer;
+
+    protected function setUp(): void
+    {
+        self::bootKernel();
+        $container = static::getContainer();
+
+        $this->em = $container->get(EntityManagerInterface::class);
+        $this->anonymizer = $container->get(Anonymizer::class);
+
+        $tool = new SchemaTool($this->em);
+        $metadata = $this->em->getMetadataFactory()->getAllMetadata();
+        $tool->dropSchema($metadata);
+        $tool->createSchema($metadata);
+    }
+
+    public function testReturnsFalseWhenEntityClassHasNoRules(): void
+    {
+        $entity = new NonAuditableEntity();
+        $entity->setLabel('untouched');
+        $this->em->persist($entity);
+        $this->em->flush();
+
+        // NonAuditableEntity carries no #[Anonymize] attributes, so the registry has
+        // no rules for it and anonymize() must return false without flushing changes.
+        self::assertFalse($this->anonymizer->anonymize($entity));
+        self::assertSame('untouched', $entity->getLabel());
+    }
+
+    public function testReturnsFalseWhenEntityIsAlreadyAnonymized(): void
+    {
+        $entity = new FixtureEntity();
+        $entity->setLabel('original');
+        $entity->markAnonymized(new \DateTimeImmutable('2025-01-01'));
+        $this->em->persist($entity);
+        $this->em->flush();
+
+        // Rules exist for FixtureEntity but isAnonymized() is true, so anonymize()
+        // must short-circuit with false and leave the label untouched.
+        self::assertFalse($this->anonymizer->anonymize($entity));
+        self::assertSame('original', $entity->getLabel());
+    }
+}

tests/Integration/Privacy/AuditScrubberTest.php

@@ -8,6 +8,9 @@
 use Doctrine\DBAL\Connection;
 use Doctrine\ORM\EntityManagerInterface;
 use Doctrine\ORM\Tools\SchemaTool;
+use ITKDev\EntityBundle\Privacy\AnonymizationRule;
+use ITKDev\EntityBundle\Privacy\AuditScrubber;
+use ITKDev\EntityBundle\Privacy\Strategy;
 use ITKDev\EntityBundle\Privacy\SubjectAnonymizer;
 use ITKDev\EntityBundle\Tests\Fixtures\Entity\FixtureEntity;
 use ITKDev\EntityBundle\Tests\Fixtures\Entity\TestUser;
@@ -143,6 +146,94 @@ public function testNullsIpOnAuditRowsWhereSubjectWasActor(): void
         self::assertSame('198.51.100.20', $bobIp, "other users' IPs must stay intact");
     }
 
+    public function testScrubEntityHistoryIsANoopWhenNoRules(): void
+    {
+        $alice = $this->aUser();
+        $this->loginAs($alice);
+
+        $entity = new FixtureEntity();
+        $entity->setLabel('keepme');
+        $this->em->persist($entity);
+        $this->em->flush();
+
+        $before = $this->concatAuditDiffs((string) $entity->getId());
+        $this->scrubber()->scrubEntityHistory($entity, []);
+        $after = $this->concatAuditDiffs((string) $entity->getId());
+
+        self::assertSame($before, $after);
+        self::assertStringContainsString('keepme', $after);
+    }
+
+    public function testScrubEntityHistorySkipsRowsWithInvalidJsonOrNullSideValues(): void
+    {
+        $alice = $this->aUser();
+        $this->loginAs($alice);
+
+        $entity = new FixtureEntity();
+        $entity->setLabel('pii');
+        $this->em->persist($entity);
+        $this->em->flush();
+
+        // Row 1: diffs is not valid JSON. Row 2: label side values are null.
+        // Both must be left untouched (no error, no DB update) by the scrubber.
+        $this->conn->executeStatement(
+            "INSERT INTO test_fixture_entity_audit (type, object_id, diffs, blame_id, created_at) VALUES ('update', :oid, 'null', :uid, NOW())",
+            ['oid' => (string) $entity->getId(), 'uid' => (string) $alice->getId()],
+        );
+        $this->conn->executeStatement(
+            "INSERT INTO test_fixture_entity_audit (type, object_id, diffs, blame_id, created_at) VALUES ('update', :oid, :diffs, :uid, NOW())",
+            [
+                'oid' => (string) $entity->getId(),
+                'uid' => (string) $alice->getId(),
+                'diffs' => json_encode(['label' => ['old' => null, 'new' => null]], JSON_THROW_ON_ERROR),
+            ],
+        );
+
+        $this->scrubber()->scrubEntityHistory($entity, [
+            new AnonymizationRule('label', Strategy::Redact, '[REDACTED]'),
+        ]);
+
+        $rows = $this->conn->fetchAllAssociative(
+            'SELECT diffs FROM test_fixture_entity_audit WHERE object_id = :oid AND type = :t',
+            ['oid' => (string) $entity->getId(), 't' => 'update'],
+        );
+        $diffs = array_column($rows, 'diffs');
+        self::assertContains('null', $diffs);
+        self::assertContains('{"label":{"old":null,"new":null}}', $diffs);
+    }
+
+    public function testScrubAuditOlderThanPreservesScalarDiffEntries(): void
+    {
+        $alice = $this->aUser();
+        $this->loginAs($alice);
+
+        $entity = new FixtureEntity();
+        $entity->setLabel('pii');
+        $this->em->persist($entity);
+        $this->em->flush();
+
+        // Inject a row whose `diffs` JSON has a scalar (non-shape) entry. clearDiffValues
+        // must copy the scalar through verbatim rather than treat it as an old/new shape.
+        $this->conn->executeStatement(
+            "INSERT INTO test_fixture_entity_audit (type, object_id, diffs, blame_id, created_at) VALUES ('insert', :oid, :diffs, :uid, '2020-01-01 00:00:00')",
+            [
+                'oid' => (string) $entity->getId(),
+                'uid' => (string) $alice->getId(),
+                'diffs' => json_encode(['note' => 'scalar-marker', 'label' => ['old' => 'pii', 'new' => null]], JSON_THROW_ON_ERROR),
+            ],
+        );
+
+        $touched = $this->scrubber()->scrubAuditOlderThan(FixtureEntity::class, new \DateTimeImmutable('2025-01-01'));
+        self::assertGreaterThan(0, $touched);
+
+        $row = $this->conn->fetchAssociative(
+            "SELECT diffs FROM test_fixture_entity_audit WHERE object_id = :oid AND created_at = '2020-01-01 00:00:00'",
+            ['oid' => (string) $entity->getId()],
+        );
+        self::assertIsArray($row);
+        self::assertStringContainsString('scalar-marker', (string) $row['diffs']);
+    }
+
     public function testLeavesNonAnonymizableFieldsIntact(): void
     {
         $alice = $this->aUser();
@@ -169,6 +260,11 @@ public function testLeavesNonAnonymizableFieldsIntact(): void
         self::assertStringContainsString('updatedAt', $allDiffs, 'updatedAt change is recorded and kept');
     }
 
+    private function scrubber(): AuditScrubber
+    {
+        return self::getContainer()->get(AuditScrubber::class);
+    }
+
     private function aUser(): TestUser
     {
         $user = new TestUser();

tests/Integration/Privacy/PrivacyAnonymizeCommandTest.php

@@ -54,7 +54,8 @@ public function testHappyPath(): void
         $exit = $this->tester->execute(['subject' => (string) $alice->getId()]);
 
         self::assertSame(Command::SUCCESS, $exit);
-        self::assertStringContainsString('Anonymized 1 row(s)', $this->tester->getDisplay());
+        // Subject (TestUser is anonymizable) + the FixtureEntity it created.
+        self::assertStringContainsString('Anonymized 2 row(s)', $this->tester->getDisplay());
     }
 
     public function testInvalidUlidExitsFailure(): void

tests/Integration/Privacy/SubjectAnonymizerTest.php

@@ -51,8 +51,9 @@ public function testAnonymizesRowsLinkedToSubject(): void
 
         $report = $this->anonymizer->anonymize($alice);
 
-        self::assertSame(1, $report->rowsAnonymized);
-        self::assertSame(1, $report->classesAffected);
+        // alice herself + her one FixtureEntity row.
+        self::assertSame(2, $report->rowsAnonymized);
+        self::assertSame(2, $report->classesAffected);
 
         $this->em->clear();
 
@@ -80,7 +81,9 @@ public function testSkipsAlreadyAnonymizedRows(): void
 
         $report = $this->anonymizer->anonymize($alice);
 
-        self::assertSame(0, $report->rowsAnonymized);
+        // The pre-anonymized FixtureEntity is filtered out by the query (anonymizedAt IS NULL),
+        // so only alice herself is anonymized.
+        self::assertSame(1, $report->rowsAnonymized);
     }
 
     public function testAnonymizesSoftDeletedRows(): void
@@ -97,7 +100,8 @@ public function testAnonymizesSoftDeletedRows(): void
         $this->em->flush();
 
         $report = $this->anonymizer->anonymize($alice);
-        self::assertSame(1, $report->rowsAnonymized);
+        // alice + her soft-deleted FixtureEntity.
+        self::assertSame(2, $report->rowsAnonymized);
 
         $this->em->clear();
         $this->em->getFilters()->disable('soft_delete');