mirror of
https://github.com/MarijnDoeve/TijdVoorDeTest.git
synced 2026-07-11 12:28:23 +02:00
test: expand coverage, dedupe data-driven tests, extract shared WebTestCase base (#201)
* test: expand coverage, dedupe data-driven tests, extract shared WebTestCase base - Add #[CoversClass] to Base64Test and FilenameSanitizerTest - Merge near-duplicate test methods into #[DataProvider] cases across ResetPasswordControllerTest, SettingsControllerTest, ClaimSeasonCommandTest, FilenameSanitizerTest, Base64Test, and SeasonRepositoryTest - Add integration tests for previously untested controllers: public QuizController (quiz-taking flow), LoginController, RegistrationController, EliminationController, and PrepareEliminationController - Add unit tests for Elimination and BankQuestion entity logic - Extract shared WebTestCase setup/helpers (client, entityManager, login, entity lookups, CSRF token scraping) into AbstractControllerWebTestCase, removing duplicated boilerplate from all 14 WebTestCase files * test: address PR review feedback - Scope AbstractControllerWebTestCase::getCandidate/getQuizByName by season code (both Candidate and Quiz are only unique per season, not system-wide) and add a CandidateRepository regression test guarding against same-named candidates in different seasons - Add missing entityManager->clear() before verifying DB state after a POST in PrepareEliminationControllerTest and QuestionBankControllerTest - Add non-owner denial tests for BackofficeController::exportQuiz and QuizQuestionController::edit/reorder, which had IsGranted checks with no test coverage * ci: publish PHPUnit coverage to GitHub code coverage - Generate a Cobertura report alongside the existing JUnit report and upload it with actions/upload-code-coverage so coverage shows up on PRs and the default branch via GitHub's code coverage feature - Add a step to copy both reports out of the php container before publishing them, since var/ is a Docker volume (see the Dockerfile's VOLUME /app/var/) and isn't bind-mounted to the runner — this also fixes the existing JUnit report publishing step, which was silently looking at a path that never had contets on the runner * ci: fix coverage report paths and tolerate Code Quality not yet enabled - Write PHPUnit's JUnit and Cobertura reports to reports/ instead of var/, since var/ is a Docker volume (Dockerfile's VOLUME /app/var/) that isn't bind-mounted to the runner - reports written there never reached the host, which is also why the prior junit.xml publish step had nothing to read. reports/ is a plain path under the project's bind mount, so no extra copy-out step is needed - Set fail-on-error: false on the coverage upload step: it 404s until "Code Quality" is turned on for the repo under Settings > Code security > Code quality, a one-time manual step
This commit is contained in:
@@ -4,47 +4,18 @@ declare(strict_types=1);
|
||||
|
||||
namespace Tvdt\Tests\Controller\Backoffice;
|
||||
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use PHPUnit\Framework\Attributes\CoversClass;
|
||||
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
|
||||
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Tvdt\Controller\Backoffice\QuizQuestionController;
|
||||
use Tvdt\Entity\Question;
|
||||
use Tvdt\Entity\Quiz;
|
||||
use Tvdt\Entity\User;
|
||||
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
|
||||
|
||||
#[CoversClass(QuizQuestionController::class)]
|
||||
final class QuizQuestionControllerTest extends WebTestCase
|
||||
final class QuizQuestionControllerTest extends AbstractControllerWebTestCase
|
||||
{
|
||||
private KernelBrowser $client;
|
||||
|
||||
private EntityManagerInterface $entityManager;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
$this->client = self::createClient();
|
||||
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
|
||||
}
|
||||
|
||||
private function loginAsOwner(): void
|
||||
{
|
||||
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'krtek-admin@example.org']);
|
||||
$this->assertInstanceOf(User::class, $user);
|
||||
$this->client->loginUser($user);
|
||||
}
|
||||
|
||||
private function getQuizByName(string $name): Quiz
|
||||
{
|
||||
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => $name]);
|
||||
$this->assertInstanceOf(Quiz::class, $quiz);
|
||||
|
||||
return $quiz;
|
||||
}
|
||||
|
||||
public function testEditPreservesAnswerOrdering(): void
|
||||
{
|
||||
$this->loginAsOwner();
|
||||
$this->loginAs('krtek-admin@example.org');
|
||||
|
||||
$quiz = $this->getQuizByName('Quiz 2');
|
||||
$question = null;
|
||||
@@ -111,7 +82,7 @@ final class QuizQuestionControllerTest extends WebTestCase
|
||||
|
||||
public function testReorderQuestionsWithinQuiz(): void
|
||||
{
|
||||
$this->loginAsOwner();
|
||||
$this->loginAs('krtek-admin@example.org');
|
||||
|
||||
$quiz = $this->getQuizByName('Quiz 2');
|
||||
$originalQuestions = $quiz->questions->toArray();
|
||||
@@ -144,4 +115,43 @@ final class QuizQuestionControllerTest extends WebTestCase
|
||||
$this->assertSame($originalLastId, (string) $reorderedQuestions[0]->id);
|
||||
$this->assertSame($originalFirstId, (string) $reorderedQuestions[\count($reorderedQuestions) - 1]->id);
|
||||
}
|
||||
|
||||
public function testEditIsDeniedForNonOwner(): void
|
||||
{
|
||||
$this->loginAs('test@example.org');
|
||||
|
||||
$quiz = $this->getQuizByName('Quiz 2');
|
||||
$question = $quiz->questions->first();
|
||||
$this->assertInstanceOf(Question::class, $question);
|
||||
|
||||
$this->client->request(Request::METHOD_GET, \sprintf(
|
||||
'/backoffice/season/krtek/quiz/%s/question/%s/edit',
|
||||
$quiz->id,
|
||||
$question->id,
|
||||
));
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testReorderIsDeniedForNonOwner(): void
|
||||
{
|
||||
$quiz = $this->getQuizByName('Quiz 2');
|
||||
|
||||
// Scrape a valid CSRF token as the owner before switching to the non-owner account,
|
||||
// since the token is bound to the session, not the logged-in user.
|
||||
$this->loginAs('krtek-admin@example.org');
|
||||
$crawler = $this->client->request(Request::METHOD_GET, \sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id));
|
||||
self::assertResponseIsSuccessful();
|
||||
$csrfToken = $crawler->filter('[data-bo--question-list-csrf-value]')->attr('data-bo--question-list-csrf-value');
|
||||
$this->assertNotEmpty($csrfToken);
|
||||
|
||||
$this->loginAs('test@example.org');
|
||||
|
||||
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/quiz/%s/questions/reorder', $quiz->id), [
|
||||
'_token' => $csrfToken,
|
||||
'ordering' => array_map(static fn (Question $q): string => (string) $q->id, $quiz->questions->toArray()),
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user