Compare commits

...

10 Commits

Author SHA1 Message Date
Marijn 07ce8f79e6 ci: publish PHPUnit coverage to GitHub code coverage
- Generate a Cobertura report alongside the existing JUnit report and
  upload it with actions/upload-code-coverage so coverage shows up on
  PRs and the default branch via GitHub's code coverage feature
- Add a step to copy both reports out of the php container before
  publishing them, since var/ is a Docker volume (see the Dockerfile's
  VOLUME /app/var/) and isn't bind-mounted to the runner — this also
  fixes the existing JUnit report publishing step, which was silently
  looking at a path that never had contets on the runner
2026-07-10 09:27:57 +02:00
Marijn b1f68425cd test: address PR review feedback
- Scope AbstractControllerWebTestCase::getCandidate/getQuizByName by
  season code (both Candidate and Quiz are only unique per season, not
  system-wide) and add a CandidateRepository regression test guarding
  against same-named candidates in different seasons
- Add missing entityManager->clear() before verifying DB state after a
  POST in PrepareEliminationControllerTest and QuestionBankControllerTest
- Add non-owner denial tests for BackofficeController::exportQuiz and
  QuizQuestionController::edit/reorder, which had IsGranted checks with
  no test coverage
2026-07-10 09:09:52 +02:00
Marijn 0aa15415de test: expand coverage, dedupe data-driven tests, extract shared WebTestCase base
- Add #[CoversClass] to Base64Test and FilenameSanitizerTest
- Merge near-duplicate test methods into #[DataProvider] cases across
  ResetPasswordControllerTest, SettingsControllerTest, ClaimSeasonCommandTest,
  FilenameSanitizerTest, Base64Test, and SeasonRepositoryTest
- Add integration tests for previously untested controllers: public
  QuizController (quiz-taking flow), LoginController, RegistrationController,
  EliminationController, and PrepareEliminationController
- Add unit tests for Elimination and BankQuestion entity logic
- Extract shared WebTestCase setup/helpers (client, entityManager, login,
  entity lookups, CSRF token scraping) into AbstractControllerWebTestCase,
  removing duplicated boilerplate from all 14 WebTestCase files
2026-07-10 00:14:00 +02:00
Marijn 0ee15e3cbb feat: add GDPR data export (download data) button (#198)
* feat: add GDPR data export (download data) button

Wires up the previously disabled "Download data" button on the settings
page. Downloads a zip with a profile.xlsx (account + owned seasons), and
per owned season a folder with each quiz's xlsx (questions, results,
eliminations tabs) and a candidates.xlsx (candidates + season info tabs).
Soft-deleted rows are included and flagged so the export reflects
everything the app still holds about the user.

* feat: include question bank in GDPR data export

Adds a question-bank.xlsx per season folder with Questions (bank
questions, answers, reusable/complete flags, labels, and which quizzes
they've been used in) and Labels tabs, since BankQuestion/BankAnswer
content was previously missing from the export.

* fix: hard-delete quiz/audit-log data when deleting an account

QuizCandidate, GivenAnswer, and Elimination are Gedmo\SoftDeleteable, so
cascading their removal through Season -> Quiz/Candidate only set
deletedAt instead of physically deleting the row. Since Candidate and
Answer are hard-deleted via orphanRemoval, this broke their foreign keys
and rolled back the entire account deletion whenever a candidate had
actually participated in a quiz. Bulk DQL deletes now purge these rows
before the cascade runs.

Also purge BankQuestion audit-log rows (ext_log_entries), which store
the editor's username/email but aren't foreign-keyed to the entity they
log, so they were never cleaned up and would otherwise keep a deleted
user's email around indefinitely.

* style: make the download data button primary (blue)

* feat: add raw answers crosstab to quiz export

Adds a "Raw answers" tab to each quiz xlsx: one row per candidate, one
column per question, with the given answer text in each cell — the raw
data behind the aggregated Results tab.

* i18n: translate new settings page string to Dutch

* refactor: sanitize filenames with Symfony's AsciiSlugger instead of a hand-rolled regex

Extracts a shared Tvdt\Helpers\FilenameSanitizer (backed by
symfony/string's AsciiSlugger) and uses it everywhere user-controlled
text (season/quiz names, account email) ends up in a zip entry path or
a downloaded filename. AsciiSlugger is allowlist-based (only A-Z/0-9
survive; everything else, including unicode and path-traversal
sequences, is folded or stripped) rather than a denylist of "unsafe"
characters, and it's an officially maintained Symfony component already
present as a transitive dependency.

Also fixes BackofficeController::exportQuiz(), a pre-existing endpoint
that built its Content-Disposition filename directly from an
unsanitized quiz name — the same class of risk the data export already
guarded against.

Naming note: sanitized names are now slugs (spaces become dashes,
unicode is ASCII-transliterated), e.g. "Krtek Weekend" -> "Krtek-Weekend".

* fix: check ZipArchive open/close results and clean up temp files on failure

Addresses CodeRabbit findings on the GDPR export:
- ZipArchive::open() and close() can both return false without
  throwing; neither was checked, so a failure silently produced an
  empty or corrupt zip, and the temp zip path was never cleaned up on
  a mid-build exception.
- writeToTempFile() leaked its tempnam()'d file if Writer\Xlsx::save()
  threw before the caller could track it for cleanup.

* fix: drop public link identifier from the candidates export sheet

The nameHash is a public quiz-access token, not something a data
export should hand out — remove it from candidates.xlsx.

* feat: add Quiz info tab covering dropouts, finalization, and disabled questions

An entity-by-entity audit of the export vs. delete flows found the
delete flow fully covered, but three Quiz/Question fields missing from
the export: dropouts, finalizedAt, and Question.enabled. Adds a new
"Quiz info" tab (first sheet) to each quiz's xlsx with this data,
without touching the shared fillQuestionsSheet() used by the existing
single-quiz template export/import feature.

Deliberately left out per user decision: the BankQuestion audit log
(would leak other owners' emails, consistent with hiding co-owner
identities elsewhere in this export) and a few low-value timestamp
fields already covered by existing Started/time-taken columns.

* feat: require a confirmed email before exporting data

Antispam measure: both the full data export (SettingsController::downloadData)
and the single-quiz export (BackofficeController::exportQuiz) now redirect
with a flash warning instead of exporting when the account's email isn't
verified yet. Adds a matching hint on the settings page next to the
download button.
2026-07-09 20:28:10 +00:00
Marijn 352e34a428 feat: add candidate rename and delete (#194)
Adds per-candidate rename and delete actions to the candidates tab,
guarded by confirmation modals since deletion also discards the
candidate's given answers.

Closes #18
2026-07-09 19:00:47 +02:00
Marijn b1a959fdc6 feat: show active/ready badges on quiz list (#193)
* feat: show active/ready badges on quiz list

Adds an "Active" badge for the season's currently selected quiz and
renames the "Finalized" badge to "Ready" for finalized quizzes, so
both states are visible at a glance.

* fix: hide Ready badge on the active quiz, translate to Voorbereid

An active quiz is finalized by definition, so showing both badges was
redundant.

* fix: align quiz status badges to the left of the row

Previously the badge trailed the quiz name, so its position shifted
with the name's length. Placing it first keeps it at a consistent
left edge across all rows.

* fix: right-align quiz status badges

Puts the badge at the end of the row via ms-auto instead of leading
the quiz name.
2026-07-09 18:31:30 +02:00
Marijn 27d3d64154 feat: add button to regenerate season code (#192)
Adds a "regenerate season code" action to the season settings page,
allowing owners to invalidate the current code (e.g. if it was shared
by mistake) and get a fresh one for candidates to join with.

Closes #14
2026-07-09 18:30:46 +02:00
dependabot[bot] e7586c2d6b build(deps): bump guzzlehttp/psr7 from 2.12.3 to 2.12.4 (#196)
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 2.12.3 to 2.12.4.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.12/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/2.12.3...2.12.4)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-version: 2.12.4
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-09 18:30:08 +02:00
dependabot[bot] a49d32e8ff build(deps): bump phpstan/phpdoc-parser from 2.3.2 to 2.3.3 (#197)
Bumps [phpstan/phpdoc-parser](https://github.com/phpstan/phpdoc-parser) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/phpstan/phpdoc-parser/releases)
- [Commits](https://github.com/phpstan/phpdoc-parser/compare/2.3.2...2.3.3)

---
updated-dependencies:
- dependency-name: phpstan/phpdoc-parser
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-09 18:29:45 +02:00
dependabot[bot] 4547a43199 build(deps-dev): bump phpunit/phpunit in the dev-dependencies group (#195)
Bumps the dev-dependencies group with 1 update: [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit).


Updates `phpunit/phpunit` from 13.2.3 to 13.2.4
- [Release notes](https://github.com/sebastianbergmann/phpunit/releases)
- [Changelog](https://github.com/sebastianbergmann/phpunit/blob/13.2.4/ChangeLog-13.2.md)
- [Commits](https://github.com/sebastianbergmann/phpunit/compare/13.2.3...13.2.4)

---
updated-dependencies:
- dependency-name: phpunit/phpunit
  dependency-version: 13.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-08 23:55:07 +00:00
42 changed files with 2547 additions and 358 deletions
+18 -1
View File
@@ -123,6 +123,7 @@ jobs:
checks: write
pull-requests: write
contents: read
code-quality: write
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
@@ -150,13 +151,29 @@ jobs:
- name: Load fixtures
run: docker compose exec -T php bin/console -e test doctrine:fixtures:load --no-interaction --group=test
- name: Run PHPUnit
run: docker compose exec -T -e MAILER_DSN=null://null php vendor/bin/phpunit --log-junit var/phpunit/junit.xml
run: docker compose exec -T -e MAILER_DSN=null://null php vendor/bin/phpunit --log-junit var/phpunit/junit.xml --coverage-cobertura var/coverage/cobertura.xml
- name: Copy test reports out of the container
# var/ is a Docker volume (see Dockerfile's VOLUME /app/var/), not bind-mounted to the
# runner, so reports written there by PHPUnit must be copied out explicitly.
if: always()
continue-on-error: true
run: |
mkdir -p var/phpunit var/coverage
docker compose cp php:/app/var/phpunit/junit.xml var/phpunit/junit.xml
docker compose cp php:/app/var/coverage/cobertura.xml var/coverage/cobertura.xml
- name: Publish PHPUnit test results
if: always()
uses: mikepenz/action-junit-report@d9f48fc87bc235f7e214acf696ca5abc0a986f16 # v6
with:
report_paths: var/phpunit/junit.xml
check_name: PHPUnit
- name: Upload code coverage
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
uses: actions/upload-code-coverage@82c7aee3fb2ad768e00b00a0a8d749c5815085b6 # v1
with:
file: var/coverage/cobertura.xml
language: PHP
label: phpunit
- name: Doctrine Schema Validator
run: docker compose exec -T php bin/console -e test doctrine:schema:validate
+1
View File
@@ -35,6 +35,7 @@
"symfony/security-bundle": "8.1.*",
"symfony/security-csrf": "8.1.*",
"symfony/serializer": "8.1.*",
"symfony/string": "8.1.*",
"symfony/translation": "8.1.*",
"symfony/twig-bundle": "8.1.*",
"symfony/uid": "8.1.*",
Generated
+20 -20
View File
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "010a4456ebc1a8ebaf73c6db051d3d09",
"content-hash": "ccae654dd9c952e8920d9cb9c0f35ff5",
"packages": [
{
"name": "composer/pcre",
@@ -1475,16 +1475,16 @@
},
{
"name": "guzzlehttp/psr7",
"version": "2.12.3",
"version": "2.12.4",
"source": {
"type": "git",
"url": "https://github.com/guzzle/psr7.git",
"reference": "7ec62dc3f44aa218487dbed81a9bf9bc647be55d"
"reference": "51e27f9e2b332ab3e72f4520d5ff4f3c68c3577c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/7ec62dc3f44aa218487dbed81a9bf9bc647be55d",
"reference": "7ec62dc3f44aa218487dbed81a9bf9bc647be55d",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/51e27f9e2b332ab3e72f4520d5ff4f3c68c3577c",
"reference": "51e27f9e2b332ab3e72f4520d5ff4f3c68c3577c",
"shasum": ""
},
"require": {
@@ -1574,7 +1574,7 @@
],
"support": {
"issues": "https://github.com/guzzle/psr7/issues",
"source": "https://github.com/guzzle/psr7/tree/2.12.3"
"source": "https://github.com/guzzle/psr7/tree/2.12.4"
},
"funding": [
{
@@ -1590,7 +1590,7 @@
"type": "tidelift"
}
],
"time": "2026-06-23T15:21:08+00:00"
"time": "2026-07-08T15:56:20+00:00"
},
{
"name": "jean85/pretty-package-versions",
@@ -2253,16 +2253,16 @@
},
{
"name": "phpstan/phpdoc-parser",
"version": "2.3.2",
"version": "2.3.3",
"source": {
"type": "git",
"url": "https://github.com/phpstan/phpdoc-parser.git",
"reference": "a004701b11273a26cd7955a61d67a7f1e525a45a"
"reference": "fb19eedd2bb67ff8cf7a5502ad329e701d6398a3"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/a004701b11273a26cd7955a61d67a7f1e525a45a",
"reference": "a004701b11273a26cd7955a61d67a7f1e525a45a",
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/fb19eedd2bb67ff8cf7a5502ad329e701d6398a3",
"reference": "fb19eedd2bb67ff8cf7a5502ad329e701d6398a3",
"shasum": ""
},
"require": {
@@ -2294,9 +2294,9 @@
"description": "PHPDoc parser with support for nullable, intersection and generic types",
"support": {
"issues": "https://github.com/phpstan/phpdoc-parser/issues",
"source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.2"
"source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.3"
},
"time": "2026-01-25T14:56:51+00:00"
"time": "2026-07-08T07:01:06+00:00"
},
{
"name": "psr/cache",
@@ -10452,16 +10452,16 @@
},
{
"name": "phpunit/phpunit",
"version": "13.2.3",
"version": "13.2.4",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
"reference": "d76d0e24225e587d6a5f0c6f6d9fef0d90712b54"
"reference": "8f5180f4627fc1978be2f61d8d9979dbe37e0c10"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/d76d0e24225e587d6a5f0c6f6d9fef0d90712b54",
"reference": "d76d0e24225e587d6a5f0c6f6d9fef0d90712b54",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/8f5180f4627fc1978be2f61d8d9979dbe37e0c10",
"reference": "8f5180f4627fc1978be2f61d8d9979dbe37e0c10",
"shasum": ""
},
"require": {
@@ -10475,7 +10475,7 @@
"phar-io/manifest": "^2.0.4",
"phar-io/version": "^3.2.1",
"php": ">=8.4.1",
"phpunit/php-code-coverage": "^14.2.2",
"phpunit/php-code-coverage": "^14.2.3",
"phpunit/php-file-iterator": "^7.0.0",
"phpunit/php-invoker": "^7.0.0",
"phpunit/php-text-template": "^6.0.0",
@@ -10532,7 +10532,7 @@
"support": {
"issues": "https://github.com/sebastianbergmann/phpunit/issues",
"security": "https://github.com/sebastianbergmann/phpunit/security/policy",
"source": "https://github.com/sebastianbergmann/phpunit/tree/13.2.3"
"source": "https://github.com/sebastianbergmann/phpunit/tree/13.2.4"
},
"funding": [
{
@@ -10540,7 +10540,7 @@
"type": "other"
}
],
"time": "2026-07-06T14:55:56+00:00"
"time": "2026-07-08T08:36:51+00:00"
},
{
"name": "react/cache",
@@ -14,10 +14,13 @@ use Symfony\Component\HttpKernel\Attribute\AsController;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Routing\Requirement\Requirement;
use Symfony\Component\Security\Http\Attribute\IsGranted;
use Symfony\Contracts\Translation\TranslatorInterface;
use Tvdt\Controller\AbstractController;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\Season;
use Tvdt\Enum\FlashType;
use Tvdt\Form\CreateSeasonFormType;
use Tvdt\Helpers\FilenameSanitizer;
use Tvdt\Repository\SeasonRepository;
use Tvdt\Security\Voter\SeasonVoter;
use Tvdt\Service\QuizSpreadsheetService;
@@ -31,6 +34,7 @@ final class BackofficeController extends AbstractController
private readonly Security $security,
private readonly QuizSpreadsheetService $excel,
private readonly EntityManagerInterface $em,
private readonly TranslatorInterface $translator,
) {}
#[Route('/backoffice/', name: 'tvdt_backoffice_index')]
@@ -83,11 +87,17 @@ final class BackofficeController extends AbstractController
requirements: ['quiz' => Requirement::UUID],
methods: ['GET'],
)]
public function exportQuiz(Quiz $quiz): StreamedResponse
public function exportQuiz(Quiz $quiz): Response
{
if (!$this->authenticatedUser->isVerified) {
$this->addFlash(FlashType::Warning, $this->translator->trans('Please confirm your email address before exporting a quiz.'));
return $this->redirectToRoute('tvdt_backoffice_season', ['seasonCode' => $quiz->season->seasonCode]);
}
$response = new StreamedResponse($this->excel->quizToXlsx($quiz));
$response->headers->set('Content-Type', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet');
$response->headers->set('Content-Disposition', HeaderUtils::makeDisposition(HeaderUtils::DISPOSITION_ATTACHMENT, $quiz->name.'.xlsx'));
$response->headers->set('Content-Disposition', HeaderUtils::makeDisposition(HeaderUtils::DISPOSITION_ATTACHMENT, FilenameSanitizer::sanitize($quiz->name).'.xlsx'));
return $response;
}
@@ -10,10 +10,13 @@ use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\FormError;
use Symfony\Component\HttpFoundation\File\UploadedFile;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Attribute\AsController;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Routing\Requirement\Requirement;
use Symfony\Component\Security\Http\Attribute\IsCsrfTokenValid;
use Symfony\Component\Security\Http\Attribute\IsGranted;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
@@ -26,6 +29,7 @@ use Tvdt\Enum\FlashType;
use Tvdt\Form\AddCandidatesFormType;
use Tvdt\Form\SettingsForm;
use Tvdt\Form\UploadQuizFormType;
use Tvdt\Repository\CandidateRepository;
use Tvdt\Security\Voter\SeasonVoter;
use Tvdt\Service\QuizSpreadsheetService;
@@ -37,6 +41,7 @@ class SeasonController extends AbstractController
private readonly TranslatorInterface $translator,
private readonly EntityManagerInterface $em,
private readonly QuizSpreadsheetService $quizSpreadsheet,
private readonly CandidateRepository $candidateRepository,
) {}
#[IsGranted(SeasonVoter::EDIT, subject: 'season')]
@@ -97,6 +102,24 @@ class SeasonController extends AbstractController
]);
}
#[IsCsrfTokenValid('regenerate_season_code')]
#[IsGranted(SeasonVoter::EDIT, subject: 'season')]
#[Route(
'/backoffice/season/{seasonCode:season}/settings/regenerate-code',
name: 'tvdt_backoffice_season_regenerate_code',
requirements: ['seasonCode' => self::SEASON_CODE_REGEX],
methods: ['POST'],
)]
public function regenerateSeasonCode(Season $season): RedirectResponse
{
$season->generateSeasonCode();
$this->em->flush();
$this->addFlash(FlashType::Success, $this->translator->trans('Season code regenerated'));
return $this->redirectToRoute('tvdt_backoffice_season_settings', ['seasonCode' => $season->seasonCode]);
}
#[IsGranted(SeasonVoter::EDIT, subject: 'season')]
#[Route(
'/backoffice/season/{seasonCode:season}/add-candidate',
@@ -123,6 +146,56 @@ class SeasonController extends AbstractController
return $this->render('backoffice/season_add_candidates.html.twig', ['form' => $form, 'season' => $season]);
}
#[IsCsrfTokenValid('rename_candidate')]
#[IsGranted(SeasonVoter::EDIT, subject: 'candidate')]
#[Route(
'/backoffice/season/{seasonCode:season}/candidate/{candidate}/rename',
name: 'tvdt_backoffice_candidate_rename',
requirements: ['seasonCode' => self::SEASON_CODE_REGEX, 'candidate' => Requirement::UUID],
methods: ['POST'],
)]
public function renameCandidate(Season $season, Candidate $candidate, Request $request): RedirectResponse
{
$name = mb_trim($request->request->getString('name'));
if ('' === $name || mb_strlen($name) > 16) {
$this->addFlash(FlashType::Danger, $this->translator->trans('The candidate name must be between 1 and 16 characters'));
return $this->redirectToRoute('tvdt_backoffice_season_candidates', ['seasonCode' => $season->seasonCode]);
}
$candidate->name = $name;
try {
$this->em->flush();
} catch (UniqueConstraintViolationException) {
$this->addFlash(FlashType::Danger, $this->translator->trans('A candidate with this name already exists in this season'));
return $this->redirectToRoute('tvdt_backoffice_season_candidates', ['seasonCode' => $season->seasonCode]);
}
$this->addFlash(FlashType::Success, $this->translator->trans('Candidate renamed'));
return $this->redirectToRoute('tvdt_backoffice_season_candidates', ['seasonCode' => $season->seasonCode]);
}
#[IsCsrfTokenValid('delete_candidate')]
#[IsGranted(SeasonVoter::DELETE, subject: 'candidate')]
#[Route(
'/backoffice/season/{seasonCode:season}/candidate/{candidate}/delete',
name: 'tvdt_backoffice_candidate_delete',
requirements: ['seasonCode' => self::SEASON_CODE_REGEX, 'candidate' => Requirement::UUID],
methods: ['POST'],
)]
public function deleteCandidate(Season $season, Candidate $candidate): RedirectResponse
{
$this->candidateRepository->deleteCandidate($candidate);
$this->addFlash(FlashType::Success, $this->translator->trans('Candidate deleted'));
return $this->redirectToRoute('tvdt_backoffice_season_candidates', ['seasonCode' => $season->seasonCode]);
}
#[IsGranted(SeasonVoter::EDIT, subject: 'season')]
#[Route(
'/backoffice/season/{seasonCode:season}/add-quiz',
@@ -6,9 +6,12 @@ namespace Tvdt\Controller\Backoffice;
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
use Doctrine\ORM\EntityManagerInterface;
use Safe\DateTimeImmutable;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Form\FormError;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
use Symfony\Component\HttpFoundation\HeaderUtils;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
@@ -21,8 +24,10 @@ use Tvdt\Entity\User;
use Tvdt\Enum\FlashType;
use Tvdt\Form\ChangeEmailFormType;
use Tvdt\Form\ChangeUserPasswordFormType;
use Tvdt\Helpers\FilenameSanitizer;
use Tvdt\Repository\UserRepository;
use Tvdt\Security\EmailVerifier;
use Tvdt\Service\DataExportService;
final class SettingsController extends AbstractController
{
@@ -33,6 +38,7 @@ final class SettingsController extends AbstractController
private readonly EmailVerifier $emailVerifier,
private readonly Security $security,
private readonly TranslatorInterface $translator,
private readonly DataExportService $dataExportService,
) {}
#[Route('/backoffice/settings', name: 'tvdt_backoffice_settings', methods: ['GET'])]
@@ -148,6 +154,34 @@ final class SettingsController extends AbstractController
return $this->redirectToRoute('tvdt_backoffice_settings');
}
#[Route('/backoffice/settings/download-data', name: 'tvdt_backoffice_settings_download_data', methods: ['GET'])]
public function downloadData(): Response
{
if (!$this->authenticatedUser->isVerified) {
$this->addFlash(FlashType::Warning, $this->translator->trans('Please confirm your email address before downloading your data.'));
return $this->redirectToRoute('tvdt_backoffice_settings');
}
$zipPath = $this->dataExportService->exportForUser($this->authenticatedUser);
$filename = \sprintf(
'tijd-voor-de-test-data-%s-%s.zip',
FilenameSanitizer::sanitize($this->authenticatedUser->email),
new DateTimeImmutable()->format('Y-m-d_H-i-s'),
);
$response = new BinaryFileResponse($zipPath);
$response->deleteFileAfterSend(true);
$response->headers->set('Content-Type', 'application/zip');
$response->headers->set(
'Content-Disposition',
HeaderUtils::makeDisposition(HeaderUtils::DISPOSITION_ATTACHMENT, $filename),
);
return $response;
}
#[IsCsrfTokenValid('delete_account')]
#[Route('/backoffice/settings/delete', name: 'tvdt_backoffice_settings_delete', methods: ['POST'])]
public function deleteAccount(Request $request): Response
+18
View File
@@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace Tvdt\Helpers;
use Symfony\Component\String\Slugger\AsciiSlugger;
class FilenameSanitizer
{
/** Slugs user-supplied text (e.g. a season/quiz name) into a string safe to use as a zip entry path segment or a downloaded filename. */
public static function sanitize(string $value): string
{
$slug = new AsciiSlugger()->slug($value)->toString();
return '' === $slug ? 'unnamed' : $slug;
}
}
+6
View File
@@ -19,6 +19,12 @@ class CandidateRepository extends ServiceEntityRepository
parent::__construct($registry, Candidate::class);
}
public function deleteCandidate(Candidate $candidate): void
{
$this->getEntityManager()->remove($candidate);
$this->getEntityManager()->flush();
}
public function getCandidateByHash(Season $season, string $hash): ?Candidate
{
try {
+63
View File
@@ -5,9 +5,15 @@ declare(strict_types=1);
namespace Tvdt\Repository;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\ORM\EntityManagerInterface;
use Doctrine\Persistence\ManagerRegistry;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\PasswordUpgraderInterface;
use Tvdt\Entity\BankQuestion;
use Tvdt\Entity\Elimination;
use Tvdt\Entity\GivenAnswer;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Entity\Season;
use Tvdt\Entity\User;
/** @extends ServiceEntityRepository<User> */
@@ -44,8 +50,11 @@ class UserRepository extends ServiceEntityRepository implements PasswordUpgrader
$em->wrapInTransaction(function () use ($em, $user): void {
$this->invalidateResetPasswordRequests($user);
$bankQuestionIds = [];
foreach ($user->seasons->toArray() as $season) {
if (1 === $season->owners->count()) {
$this->purgeSoftDeletableData($em, $season);
array_push($bankQuestionIds, ...$this->bankQuestionIds($season));
$em->remove($season);
continue;
@@ -56,9 +65,63 @@ class UserRepository extends ServiceEntityRepository implements PasswordUpgrader
$em->remove($user);
$em->flush();
// Gedmo\Loggable writes its own "removed" log entry as part of the flush above, so the
// audit-log purge must happen after — purging first would just leave that final row behind.
$this->purgeBankQuestionAuditLog($em, $bankQuestionIds);
});
}
/**
* QuizCandidate, GivenAnswer, and Elimination are Gedmo\SoftDeleteable, so cascading their
* removal through the season/quiz/candidate relations only sets deletedAt — it never removes
* the row. That leaves personal data behind indefinitely and, since Candidate/Answer are hard
* deleted via orphanRemoval, it also breaks their foreign keys and rolls back the whole
* deletion. Bulk DQL deletes bypass the Gedmo listener and physically remove these rows first.
*/
private function purgeSoftDeletableData(EntityManagerInterface $em, Season $season): void
{
foreach ([QuizCandidate::class, GivenAnswer::class, Elimination::class] as $class) {
$em->createQuery(<<<DQL
delete from {$class} e
where e.quiz in (select q from Tvdt\Entity\Quiz q where q.season = :season)
DQL)
->setParameter('season', $season)
->execute();
}
}
/** @return list<string> */
private function bankQuestionIds(Season $season): array
{
return array_values(array_map(
static fn (BankQuestion $bankQuestion): string => $bankQuestion->id->toString(),
$season->bankQuestions->toArray(),
));
}
/**
* Gedmo\Loggable audit rows (ext_log_entries) aren't foreign-keyed to the entity they log —
* object_id is a plain string — so removing a BankQuestion never cleans up its history, and
* the editor's username/email would otherwise remain in those rows forever.
*
* @param list<string> $bankQuestionIds
*/
private function purgeBankQuestionAuditLog(EntityManagerInterface $em, array $bankQuestionIds): void
{
if ([] === $bankQuestionIds) {
return;
}
$em->createQuery(<<<'DQL'
delete from Tvdt\Entity\LogEntry l
where l.objectClass = :class and l.objectId in (:ids)
DQL)
->setParameter('class', BankQuestion::class)
->setParameter('ids', $bankQuestionIds)
->execute();
}
public function makeAdmin(string $email): void
{
$user = $this->findOneBy(['email' => $email]);
+444
View File
@@ -0,0 +1,444 @@
<?php
declare(strict_types=1);
namespace Tvdt\Service;
use Doctrine\ORM\EntityManagerInterface;
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
use PhpOffice\PhpSpreadsheet\Worksheet\Worksheet;
use PhpOffice\PhpSpreadsheet\Writer;
use Safe\Exceptions\FilesystemException;
use Tvdt\Dto\Result;
use Tvdt\Entity\BankQuestionUsage;
use Tvdt\Entity\Candidate;
use Tvdt\Entity\Question;
use Tvdt\Entity\QuestionLabel;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\Season;
use Tvdt\Entity\User;
use Tvdt\Helpers\FilenameSanitizer;
use Tvdt\Repository\QuizRepository;
use function Safe\tempnam;
use function Safe\unlink;
/** Builds a GDPR data-portability export (a zip of xlsx files) for everything owned by a single user. */
class DataExportService
{
public function __construct(
private readonly EntityManagerInterface $entityManager,
private readonly QuizSpreadsheetService $quizSpreadsheetService,
private readonly QuizRepository $quizRepository,
) {}
/** @throws FilesystemException @return string path to a temp zip file; caller is responsible for removing it */
public function exportForUser(User $user): string
{
$filter = $this->entityManager->getFilters();
$filter->disable('softdeleteable');
try {
return $this->buildZip($user);
} finally {
$filter->enable('softdeleteable');
}
}
private function buildZip(User $user): string
{
$zipPath = tempnam(sys_get_temp_dir(), 'tvdt_export_');
$tempXlsxFiles = [];
$zip = new \ZipArchive();
if (true !== $zip->open($zipPath, \ZipArchive::OVERWRITE)) {
unlink($zipPath);
throw new \RuntimeException('Could not create the export zip archive.');
}
try {
$profilePath = $this->writeToTempFile($this->buildProfileWorkbook($user));
$tempXlsxFiles[] = $profilePath;
$zip->addFile($profilePath, 'profile.xlsx');
foreach ($user->seasons as $season) {
$folder = FilenameSanitizer::sanitize($season->seasonCode.'-'.$season->name).'/';
foreach ($season->quizzes as $quiz) {
$quizPath = $this->writeToTempFile($this->buildQuizWorkbook($quiz));
$tempXlsxFiles[] = $quizPath;
$zip->addFile($quizPath, $folder.FilenameSanitizer::sanitize($quiz->name).'.xlsx');
}
$candidatesPath = $this->writeToTempFile($this->buildCandidatesWorkbook($season));
$tempXlsxFiles[] = $candidatesPath;
$zip->addFile($candidatesPath, $folder.'candidates.xlsx');
$questionBankPath = $this->writeToTempFile($this->buildQuestionBankWorkbook($season));
$tempXlsxFiles[] = $questionBankPath;
$zip->addFile($questionBankPath, $folder.'question-bank.xlsx');
}
if (!$zip->close()) {
throw new \RuntimeException('Could not finalize the export zip archive.');
}
} catch (\Throwable $throwable) {
unlink($zipPath);
throw $throwable;
} finally {
foreach ($tempXlsxFiles as $tempXlsxFile) {
unlink($tempXlsxFile);
}
}
return $zipPath;
}
private function buildProfileWorkbook(User $user): Spreadsheet
{
$spreadsheet = new Spreadsheet();
$account = $spreadsheet->getActiveSheet();
$account->setTitle('Account');
$account->getStyle('A:A')->getFont()->setBold(true);
$account->fromArray([
['Email', $user->email],
['Roles', implode(', ', $user->getRoles())],
['Email verified', $user->isVerified ? 'Yes' : 'No'],
['Account ID', $user->id->toString()],
], null, 'A1');
$account->getColumnDimension('A')->setAutoSize(true);
$account->getColumnDimension('B')->setAutoSize(true);
$seasons = $spreadsheet->createSheet();
$seasons->setTitle('Seasons');
$seasons->fromArray(['Season', 'Season code', 'Quizzes', 'Candidates', 'Shared with other owners'], null, 'A1');
$seasons->getStyle('1:1')->getFont()->setBold(true);
$row = 2;
foreach ($user->seasons as $season) {
$seasons->fromArray([
$season->name,
$season->seasonCode,
$season->quizzes->count(),
$season->candidates->count(),
$season->owners->count() > 1 ? 'Yes' : 'No',
], null, 'A'.$row);
++$row;
}
foreach (['A', 'B', 'C', 'D', 'E'] as $column) {
$seasons->getColumnDimension($column)->setAutoSize(true);
}
$spreadsheet->setActiveSheetIndex(0);
return $spreadsheet;
}
private function buildQuizWorkbook(Quiz $quiz): Spreadsheet
{
$spreadsheet = new Spreadsheet();
$info = $spreadsheet->getActiveSheet();
$info->setTitle('Quiz info');
$this->fillQuizInfoSheet($info, $quiz);
$questions = $spreadsheet->createSheet();
$questions->setTitle('Questions');
$this->quizSpreadsheetService->fillQuestionsSheet($questions, $quiz);
$rawAnswers = $spreadsheet->createSheet();
$rawAnswers->setTitle('Raw answers');
$this->fillRawAnswersSheet($rawAnswers, $quiz);
$results = $spreadsheet->createSheet();
$results->setTitle('Results');
$this->fillResultsSheet($results, $quiz);
$eliminations = $spreadsheet->createSheet();
$eliminations->setTitle('Eliminations');
$this->fillEliminationsSheet($eliminations, $quiz);
$spreadsheet->setActiveSheetIndex(0);
return $spreadsheet;
}
private function fillQuizInfoSheet(Worksheet $sheet, Quiz $quiz): void
{
$disabledQuestions = $quiz->questions
->filter(static fn (Question $question): bool => !$question->enabled)
->map(static fn (Question $question): string => $question->question)
->toArray();
$sheet->getStyle('A:A')->getFont()->setBold(true);
$sheet->fromArray([
['Quiz name', $quiz->name],
['Number of dropouts', $quiz->dropouts],
['Finalized', $quiz->isFinalized ? 'Yes' : 'No'],
['Finalized at', $quiz->finalizedAt?->format(\DateTimeInterface::ATOM) ?? ''],
['Disabled questions', implode(', ', $disabledQuestions)],
], null, 'A1');
$sheet->getColumnDimension('A')->setAutoSize(true);
$sheet->getColumnDimension('B')->setAutoSize(true);
}
private function fillResultsSheet(Worksheet $sheet, Quiz $quiz): void
{
$sheet->fromArray(['Candidate', 'Correct answers', 'Corrections', 'Penalty (s)', 'Score', 'Time', 'Started', 'Active', 'Deleted'], null, 'A1');
$sheet->getStyle('1:1')->getFont()->setBold(true);
/** @var array<string, Result> $scoresByCandidateId */
$scoresByCandidateId = [];
foreach ($this->quizRepository->getScores($quiz) as $result) {
$scoresByCandidateId[$result->id->toString()] = $result;
}
$row = 2;
foreach ($quiz->candidateData as $quizCandidate) {
$candidate = $quizCandidate->candidate;
$result = $scoresByCandidateId[$candidate->id->toString()] ?? null;
$sheet->fromArray([
$candidate->name,
$result?->correct,
$result?->corrections,
$result?->penaltySeconds,
$result?->score,
$result instanceof Result ? $result->time->format('%i:%S') : null,
$quizCandidate->started?->format(\DateTimeInterface::ATOM),
$quizCandidate->active ? 'Yes' : 'No',
$quizCandidate->getDeletedAt()?->format(\DateTimeInterface::ATOM) ?? '',
], null, 'A'.$row);
++$row;
}
foreach (range('A', 'I') as $column) {
$sheet->getColumnDimension($column)->setAutoSize(true);
}
}
/** Raw crosstab: one row per candidate, one column per question, cell = the answer text they gave. */
private function fillRawAnswersSheet(Worksheet $sheet, Quiz $quiz): void
{
/** @var list<Question> $questions */
$questions = $quiz->questions->toArray();
$header = ['Candidate'];
foreach ($questions as $question) {
$header[] = $question->question;
}
$sheet->fromArray($header, null, 'A1');
$sheet->getStyle('1:1')->getFont()->setBold(true);
$sheet->getStyle('1:1')->getAlignment()->setWrapText(true);
/** @var array<string, array<string, string>> $answersByCandidateAndQuestion */
$answersByCandidateAndQuestion = [];
foreach ($questions as $question) {
foreach ($question->answers as $answer) {
foreach ($answer->givenAnswers as $givenAnswer) {
$candidateId = $givenAnswer->candidate->id->toString();
$answersByCandidateAndQuestion[$candidateId][$question->id->toString()] = $answer->text;
}
}
}
$row = 2;
foreach ($quiz->candidateData as $quizCandidate) {
$candidate = $quizCandidate->candidate;
$line = [$candidate->name];
foreach ($questions as $question) {
$line[] = $answersByCandidateAndQuestion[$candidate->id->toString()][$question->id->toString()] ?? '';
}
$sheet->fromArray($line, null, 'A'.$row);
++$row;
}
$lastColumnIndex = 1 + \count($questions);
foreach (range('A', Coordinate::stringFromColumnIndex($lastColumnIndex)) as $column) {
$sheet->getColumnDimension($column)->setWidth(30);
$sheet->getStyle($column.':'.$column)->getAlignment()->setWrapText(true);
}
}
private function fillEliminationsSheet(Worksheet $sheet, Quiz $quiz): void
{
/** @var list<Candidate> $candidates */
$candidates = $quiz->season->candidates->toArray();
$header = ['Prepared at', 'Deleted'];
foreach ($candidates as $candidate) {
$header[] = $candidate->name;
}
$sheet->fromArray($header, null, 'A1');
$sheet->getStyle('1:1')->getFont()->setBold(true);
$row = 2;
foreach ($quiz->eliminations as $elimination) {
$line = [
$elimination->getCreatedAt()?->format(\DateTimeInterface::ATOM) ?? '',
$elimination->getDeletedAt()?->format(\DateTimeInterface::ATOM) ?? '',
];
foreach ($candidates as $candidate) {
$line[] = $elimination->getScreenColour($candidate->name) ?? '';
}
$sheet->fromArray($line, null, 'A'.$row);
++$row;
}
foreach (range('A', Coordinate::stringFromColumnIndex(2 + \count($candidates))) as $column) {
$sheet->getColumnDimension($column)->setAutoSize(true);
}
}
private function buildCandidatesWorkbook(Season $season): Spreadsheet
{
$spreadsheet = new Spreadsheet();
$candidatesSheet = $spreadsheet->getActiveSheet();
$candidatesSheet->setTitle('Candidates');
$candidatesSheet->fromArray(['Name'], null, 'A1');
$candidatesSheet->getStyle('1:1')->getFont()->setBold(true);
$row = 2;
foreach ($season->candidates as $candidate) {
$candidatesSheet->fromArray([$candidate->name], null, 'A'.$row);
++$row;
}
$candidatesSheet->getColumnDimension('A')->setAutoSize(true);
$infoSheet = $spreadsheet->createSheet();
$infoSheet->setTitle('Season info');
$infoSheet->getStyle('A:A')->getFont()->setBold(true);
$infoSheet->fromArray([
['Season name', $season->name],
['Season code', $season->seasonCode],
['Number of quizzes', $season->quizzes->count()],
['Number of candidates', $season->candidates->count()],
['Active quiz', $season->activeQuiz instanceof Quiz ? $season->activeQuiz->name : ''],
['Show numbers', $season->settings?->showNumbers ? 'Yes' : 'No'],
['Confirm answers', $season->settings?->confirmAnswers ? 'Yes' : 'No'],
['Shared with other owners', $season->owners->count() > 1 ? 'Yes' : 'No'],
], null, 'A1');
$infoSheet->getColumnDimension('A')->setAutoSize(true);
$infoSheet->getColumnDimension('B')->setAutoSize(true);
$spreadsheet->setActiveSheetIndex(0);
return $spreadsheet;
}
private function buildQuestionBankWorkbook(Season $season): Spreadsheet
{
$spreadsheet = new Spreadsheet();
$questions = $spreadsheet->getActiveSheet();
$questions->setTitle('Questions');
$this->fillBankQuestionsSheet($questions, $season);
$labels = $spreadsheet->createSheet();
$labels->setTitle('Labels');
$this->fillQuestionLabelsSheet($labels, $season);
$spreadsheet->setActiveSheetIndex(0);
return $spreadsheet;
}
private function fillBankQuestionsSheet(Worksheet $sheet, Season $season): void
{
$metaColumns = ['Question', 'Reusable', 'Complete for quiz', 'Labels', 'Used in quizzes'];
$sheet->fromArray($metaColumns, null, 'A1');
$sheet->getStyle('1:1')->getFont()->setBold(true);
$answerStartColumnIndex = \count($metaColumns);
$maxAnswers = 0;
$row = 2;
foreach ($season->bankQuestions as $bankQuestion) {
$labels = implode(', ', array_map(
static fn (QuestionLabel $label): string => $label->name,
$bankQuestion->labels->toArray(),
));
$usedInQuizzes = implode(', ', array_map(
static fn (BankQuestionUsage $usage): string => $usage->quiz->name,
$bankQuestion->usages->toArray(),
));
$sheet->fromArray([
$bankQuestion->question,
$bankQuestion->reusable ? 'Yes' : 'No',
$bankQuestion->isCompleteForQuiz ? 'Yes' : 'No',
$labels,
$usedInQuizzes,
], null, 'A'.$row);
$col = 0;
foreach ($bankQuestion->answers as $answer) {
$sheet->setCellValue(Coordinate::stringFromColumnIndex($answerStartColumnIndex + 1 + 2 * $col).$row, $answer->text);
$sheet->setCellValue(Coordinate::stringFromColumnIndex($answerStartColumnIndex + 2 + 2 * $col).$row, $answer->isRightAnswer);
++$col;
}
$maxAnswers = max($maxAnswers, $col);
++$row;
}
for ($i = 0; $i < $maxAnswers; ++$i) {
$answerCol = Coordinate::stringFromColumnIndex($answerStartColumnIndex + 1 + 2 * $i);
$correctCol = Coordinate::stringFromColumnIndex($answerStartColumnIndex + 2 + 2 * $i);
$sheet->setCellValue($answerCol.'1', 'Answer '.($i + 1));
$sheet->setCellValue($correctCol.'1', 'Correct');
}
$lastColumnIndex = $answerStartColumnIndex + max(1, 2 * $maxAnswers);
foreach (range('A', Coordinate::stringFromColumnIndex($lastColumnIndex)) as $column) {
$sheet->getColumnDimension($column)->setAutoSize(true);
}
}
private function fillQuestionLabelsSheet(Worksheet $sheet, Season $season): void
{
$sheet->fromArray(['Name', 'Colour', 'Slug'], null, 'A1');
$sheet->getStyle('1:1')->getFont()->setBold(true);
$row = 2;
foreach ($season->questionLabels as $label) {
$sheet->fromArray([$label->name, $label->colour->name, $label->slug], null, 'A'.$row);
++$row;
}
foreach (['A', 'B', 'C'] as $column) {
$sheet->getColumnDimension($column)->setAutoSize(true);
}
}
/** @throws FilesystemException */
private function writeToTempFile(Spreadsheet $spreadsheet): string
{
$path = tempnam(sys_get_temp_dir(), 'tvdt_export_sheet_');
try {
new Writer\Xlsx($spreadsheet)->save($path);
} catch (\Throwable $throwable) {
unlink($path);
throw $throwable;
}
return $path;
}
}
+8 -4
View File
@@ -7,6 +7,7 @@ namespace Tvdt\Service;
use PhpOffice\PhpSpreadsheet\Cell\Coordinate;
use PhpOffice\PhpSpreadsheet\Reader;
use PhpOffice\PhpSpreadsheet\Spreadsheet;
use PhpOffice\PhpSpreadsheet\Worksheet\Worksheet;
use PhpOffice\PhpSpreadsheet\Writer;
use Symfony\Component\HttpFoundation\File\File;
use Tvdt\Entity\Answer;
@@ -117,8 +118,13 @@ class QuizSpreadsheetService
public function quizToXlsx(Quiz $quiz): \Closure
{
$spreadsheet = new Spreadsheet();
$sheet = $spreadsheet->getActiveSheet();
$this->fillQuestionsSheet($spreadsheet->getActiveSheet(), $quiz);
return $this->toXlsx($spreadsheet);
}
public function fillQuestionsSheet(Worksheet $sheet, Quiz $quiz): void
{
// Write data rows first so we know the maximum answer count.
$maxAnswers = 0;
$row = 2;
@@ -153,11 +159,9 @@ class QuizSpreadsheetService
$sheet->setCellValue($correctCol.'1', 'Correct');
$sheet->getColumnDimension($correctCol)->setAutoSize(true);
}
return $this->toXlsx($spreadsheet);
}
private function toXlsx(Spreadsheet $spreadsheet): \Closure
public function toXlsx(Spreadsheet $spreadsheet): \Closure
{
$writer = new Writer\Xlsx($spreadsheet);
@@ -1,3 +1,4 @@
<h6>Kandidaten</h6>
<p>Dit zijn de spelers van dit seizoen. Voeg alle deelnemers toe voordat je de eerste test start, kandidaten worden automatisch aan nieuwe testen gekoppeld.</p>
<p>Namen zijn vrij in te voeren, gebruik dezelfde schrijfwijze die je in het spel gebruikt.</p>
<p>Gebruik het potlood-icoon om een kandidaat te hernoemen en het prullenbak-icoon om er een te verwijderen. Verwijderen gooit ook alle gegeven antwoorden van die kandidaat weg.</p>
@@ -1,3 +1,4 @@
<h6>Seizoensinstellingen</h6>
<p>Pas hier de weergave-instellingen van dit seizoen aan.</p>
<p><strong>Nummers tonen:</strong> toont vraagnummers tijdens de test. <strong>Antwoord bevestigen:</strong> vraagt kandidaten om hun antwoord te bevestigen voordat ze doorgaan.</p>
<p><strong>Seizoenscode:</strong> de code waarmee kandidaten dit seizoen kunnen vinden. Genereer een nieuwe code als de huidige per ongeluk gedeeld is, de oude code werkt daarna niet meer.</p>
@@ -4,9 +4,67 @@
<a class="btn btn-sm btn-outline-primary"
href="{{ path('tvdt_backoffice_add_candidates', {seasonCode: season.seasonCode}) }}">{{ 'Add Candidate'|trans }}</a>
</div>
<ul class="mb-3">
<ul class="list-group mb-3">
{% for candidate in season.candidates %}
<li>{{ candidate.name }}</li>
<li class="list-group-item d-flex align-items-center justify-content-between gap-2">
{{ candidate.name }}
<div class="btn-group btn-group-sm" role="group">
<button type="button" class="btn btn-outline-secondary" data-bs-toggle="modal"
data-bs-target="#renameCandidate-{{ candidate.id }}"
title="{{ 'Rename'|trans }}"><i class="bi bi-pencil"></i></button>
<button type="button" class="btn btn-outline-danger" data-bs-toggle="modal"
data-bs-target="#deleteCandidate-{{ candidate.id }}"
title="{{ 'Delete'|trans }}"><i class="bi bi-trash"></i></button>
</div>
<div class="modal fade" id="renameCandidate-{{ candidate.id }}" data-bs-backdrop="static"
tabindex="-1" aria-labelledby="renameCandidate-{{ candidate.id }}Label" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<form action="{{ path('tvdt_backoffice_candidate_rename', {seasonCode: season.seasonCode, candidate: candidate.id}) }}"
method="POST">
<div class="modal-header">
<h1 class="modal-title fs-5" id="renameCandidate-{{ candidate.id }}Label">{{ 'Rename candidate'|trans }}</h1>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body text-start">
<input type="hidden" name="_token" value="{{ csrf_token('rename_candidate') }}">
<label class="form-label" for="renameCandidateName-{{ candidate.id }}">{{ 'Name'|trans }}</label>
<input type="text" class="form-control" id="renameCandidateName-{{ candidate.id }}"
name="name" value="{{ candidate.name }}" maxlength="16" required autofocus>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">{{ 'Cancel'|trans }}</button>
<button type="submit" class="btn btn-primary">{{ 'Rename'|trans }}</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="deleteCandidate-{{ candidate.id }}" data-bs-backdrop="static"
tabindex="-1" aria-labelledby="deleteCandidate-{{ candidate.id }}Label" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h1 class="modal-title fs-5" id="deleteCandidate-{{ candidate.id }}Label">{{ 'Please Confirm'|trans }}</h1>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body text-start">
{{ 'Are you sure you want to delete this candidate? All their answers will be lost.'|trans }}
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">{{ 'No'|trans }}</button>
<form action="{{ path('tvdt_backoffice_candidate_delete', {seasonCode: season.seasonCode, candidate: candidate.id}) }}"
method="POST">
<input type="hidden" name="_token" value="{{ csrf_token('delete_candidate') }}">
<button type="submit" class="btn btn-danger">{{ 'Yes'|trans }}</button>
</form>
</div>
</div>
</div>
</div>
</li>
{% else %}
{{ 'No candidates'|trans }}
{% endfor %}
@@ -1,8 +1,40 @@
<div class="row">
<div class="col-md-6 col-12">
{{ form(form) }}
<hr>
<h4 class="text-danger">{{ 'Season code'|trans }}</h4>
<p>{{ 'The season code is used by candidates to join this season. Regenerating it invalidates the current code, so make sure to share the new one.'|trans }}</p>
<p><strong>{{ 'Current code:'|trans }}</strong> {{ season.seasonCode }}</p>
<button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#regenerateSeasonCodeModal">
{{ 'Regenerate season code...'|trans }}
</button>
</div>
<div class="col-md-6 col-12">
{{ include('backoffice/help/season_settings.html.twig') }}
</div>
</div>
<div class="modal fade" id="regenerateSeasonCodeModal" data-bs-backdrop="static"
tabindex="-1"
aria-labelledby="regenerateSeasonCodeModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<form action="{{ path('tvdt_backoffice_season_regenerate_code', {seasonCode: season.seasonCode}) }}" method="POST">
<div class="modal-header">
<h1 class="modal-title fs-5" id="regenerateSeasonCodeModalLabel">{{ 'Regenerate season code'|trans }}</h1>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body">
<p>{{ 'This invalidates the current season code. Anyone using the old code will no longer be able to join this season.'|trans }}</p>
<input type="hidden" name="_token" value="{{ csrf_token('regenerate_season_code') }}">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">{{ 'Cancel'|trans }}</button>
<button type="submit" class="btn btn-danger">{{ 'Regenerate season code'|trans }}</button>
</div>
</form>
</div>
</div>
</div>
@@ -8,11 +8,13 @@
</div>
<div class="list-group mb-3">
{% for quiz in season.quizzes %}
<a class="list-group-item list-group-item-action{% if season.activeQuiz == quiz %} active{% endif %}"
<a class="list-group-item list-group-item-action d-flex align-items-center gap-2{% if season.activeQuiz == quiz %} active{% endif %}"
href="{{ path('tvdt_backoffice_quiz', {seasonCode: season.seasonCode, quiz: quiz.id}) }}">
{{ quiz.name }}
{% if quiz.isFinalized %}
<span class="badge text-bg-success">{{ 'Finalized'|trans }}</span>
{% if season.activeQuiz == quiz %}
<span class="badge text-bg-light ms-auto">{{ 'Active'|trans }}</span>
{% elseif quiz.isFinalized %}
<span class="badge text-bg-success ms-auto">{{ 'Ready'|trans }}</span>
{% endif %}
</a>
{% else %}
@@ -55,14 +55,13 @@
{{ form(emailForm, {action: path('tvdt_backoffice_settings_email')}) }}
</section>
<section class="mb-5" data-controller="bo--popover">
<section class="mb-5">
<h4>{{ 'Your data'|trans }}</h4>
<span class="d-inline-block" tabindex="0"
data-bs-toggle="popover"
data-bs-trigger="hover focus"
data-bs-content="{{ 'Soon™'|trans }}">
<button type="button" class="btn btn-secondary pe-none" disabled>{{ 'Download data'|trans }}</button>
</span>
<p>{{ 'Download an archive of everything stored under your account: your profile, the seasons you own, their quizzes, results and candidates.'|trans }}</p>
{% if not app.user.isVerified %}
<p class="text-warning">{{ 'Confirm your email address to enable this feature.'|trans }}</p>
{% endif %}
<a class="btn btn-primary" href="{{ path('tvdt_backoffice_settings_download_data') }}">{{ 'Download data'|trans }}</a>
</section>
<section class="mb-5">
+9 -10
View File
@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace Tvdt\Tests\Command;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
use Symfony\Bundle\FrameworkBundle\Console\Application;
use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
use Symfony\Component\Console\Command\Command;
@@ -48,21 +49,19 @@ final class ClaimSeasonCommandTest extends KernelTestCase
$this->assertCount(3, $season->owners);
}
public function testInvalidEmailFails(): void
/** @return iterable<string, array{string, string}> */
public static function invalidArgumentsProvider(): iterable
{
$this->commandTester->execute([
'season-code' => 'krtek',
'email' => 'nonexisting@example.org',
]);
$this->assertSame(Command::FAILURE, $this->commandTester->getStatusCode());
yield 'unknown email' => ['krtek', 'nonexisting@example.org'];
yield 'unknown season' => ['dhadk', 'test@example.org'];
}
public function testInvalidSeasonCodeFails(): void
#[DataProvider('invalidArgumentsProvider')]
public function testInvalidArgumentFails(string $seasonCode, string $email): void
{
$this->commandTester->execute([
'season-code' => 'dhadk',
'email' => 'test@example.org',
'season-code' => $seasonCode,
'email' => $email,
]);
$this->assertSame(Command::FAILURE, $this->commandTester->getStatusCode());
@@ -0,0 +1,102 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\DomCrawler\Crawler;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Entity\Candidate;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\Season;
use Tvdt\Entity\User;
abstract class AbstractControllerWebTestCase extends WebTestCase
{
protected KernelBrowser $client;
protected EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
}
protected function getUserByEmail(string $email): User
{
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $email]);
$this->assertInstanceOf(User::class, $user);
return $user;
}
protected function loginAs(string $email): void
{
$this->client->loginUser($this->getUserByEmail($email));
}
/** Quiz names are only unique per season (see Quiz's UniqueConstraint), so this is scoped by season code. */
protected function getQuizByName(string $name, string $seasonCode = 'krtek'): Quiz
{
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => $name, 'season' => $this->getSeasonByCode($seasonCode)]);
$this->assertInstanceOf(Quiz::class, $quiz);
return $quiz;
}
/** Candidate names are only unique per season (see Candidate's UniqueConstraint), so this is scoped by season code. */
protected function getCandidate(string $name, string $seasonCode = 'krtek'): Candidate
{
$candidate = $this->entityManager->getRepository(Candidate::class)->findOneBy(['name' => $name, 'season' => $this->getSeasonByCode($seasonCode)]);
$this->assertInstanceOf(Candidate::class, $candidate);
return $candidate;
}
protected function getSeasonByCode(string $seasonCode): Season
{
$season = $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => $seasonCode]);
$this->assertInstanceOf(Season::class, $season);
return $season;
}
/** GETs $url and extracts the CSRF token from a form whose action contains $formActionContains. */
protected function getCsrfTokenFromPage(string $url, string $formActionContains, string $tokenFieldName = '_token'): string
{
$crawler = $this->client->request(Request::METHOD_GET, $url);
self::assertResponseIsSuccessful();
return $this->getCsrfTokenFromCrawler($crawler, $formActionContains, $tokenFieldName);
}
/** Extracts the CSRF token from a form on the page already loaded in the client. */
protected function getCsrfTokenFromCurrentPage(string $formActionContains, string $tokenFieldName = '_token'): string
{
return $this->getCsrfTokenFromCrawler($this->client->getCrawler(), $formActionContains, $tokenFieldName);
}
/** GETs $url and extracts the CSRF token input, regardless of which form it belongs to. */
protected function getTokenFromPage(string $url, string $tokenFieldName = '_token'): string
{
$crawler = $this->client->request(Request::METHOD_GET, $url);
self::assertResponseIsSuccessful();
$input = $crawler->filter(\sprintf('input[name="%s"]', $tokenFieldName));
$this->assertGreaterThan(0, $input->count(), \sprintf('No input named "%s" found on the page', $tokenFieldName));
return (string) $input->first()->attr('value');
}
private function getCsrfTokenFromCrawler(Crawler $crawler, string $formActionContains, string $tokenFieldName): string
{
$input = $crawler->filter(\sprintf('form[action*="%s"] input[name="%s"]', $formActionContains, $tokenFieldName));
$this->assertGreaterThan(0, $input->count(), \sprintf('No form found with action containing "%s"', $formActionContains));
return (string) $input->first()->attr('value');
}
}
@@ -0,0 +1,56 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\BackofficeController;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(BackofficeController::class)]
final class BackofficeControllerTest extends AbstractControllerWebTestCase
{
public function testExportQuizFilenameIsSanitized(): void
{
$user = $this->getUserByEmail('user2@example.org');
$user->isVerified = true;
$this->entityManager->flush();
$this->client->loginUser($user);
$quiz = $this->getQuizByName('Quiz 1');
$this->client->request(Request::METHOD_GET, \sprintf('/backoffice/quiz/%s/export', $quiz->id));
self::assertResponseIsSuccessful();
$disposition = (string) $this->client->getResponse()->headers->get('Content-Disposition');
$this->assertStringContainsString('filename=Quiz-1.xlsx', $disposition);
$this->assertStringNotContainsString('Quiz 1.xlsx', $disposition);
}
public function testExportQuizRequiresVerifiedEmail(): void
{
$user = $this->getUserByEmail('user2@example.org');
$this->assertFalse($user->isVerified);
$this->client->loginUser($user);
$quiz = $this->getQuizByName('Quiz 1');
$this->client->request(Request::METHOD_GET, \sprintf('/backoffice/quiz/%s/export', $quiz->id));
self::assertResponseRedirects(\sprintf('/backoffice/season/%s', $quiz->season->seasonCode));
}
public function testExportQuizIsDeniedForNonOwner(): void
{
$this->loginAs('test@example.org');
$quiz = $this->getQuizByName('Quiz 1');
$this->client->request(Request::METHOD_GET, \sprintf('/backoffice/quiz/%s/export', $quiz->id));
self::assertResponseStatusCodeSame(403);
}
}
@@ -0,0 +1,120 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use PHPUnit\Framework\Attributes\CoversClass;
use Safe\DateTimeImmutable;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\PrepareEliminationController;
use Tvdt\Entity\Answer;
use Tvdt\Entity\Elimination;
use Tvdt\Entity\GivenAnswer;
use Tvdt\Entity\Question;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(PrepareEliminationController::class)]
final class PrepareEliminationControllerTest extends AbstractControllerWebTestCase
{
protected function setUp(): void
{
parent::setUp();
$this->loginAs('krtek-admin@example.org');
}
public function testIndexCreatesEliminationAndRedirectsToView(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$candidate = $this->getCandidate('Tom');
$quizCandidate = new QuizCandidate($quiz, $candidate);
$quizCandidate->started = new DateTimeImmutable();
$this->entityManager->persist($quizCandidate);
$firstQuestion = $quiz->questions->first();
$this->assertInstanceOf(Question::class, $firstQuestion);
$answer = $firstQuestion->answers->first();
$this->assertInstanceOf(Answer::class, $answer);
$this->entityManager->persist(new GivenAnswer($candidate, $quiz, $answer));
$this->entityManager->flush();
$token = $this->getCsrfTokenFromPage(\sprintf('/backoffice/season/krtek/quiz/%s/result', $quiz->id), '/elimination/prepare');
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/quiz/%s/elimination/prepare', $quiz->id), [
'_token' => $token,
]);
$response = $this->client->getResponse();
$this->assertTrue($response->isRedirect());
$this->assertStringContainsString('/backoffice/elimination/', (string) $response->headers->get('Location'));
$this->entityManager->clear();
$quiz = $this->getQuizByName('Quiz 1');
$elimination = $this->entityManager->getRepository(Elimination::class)->findOneBy(['quiz' => $quiz]);
$this->assertInstanceOf(Elimination::class, $elimination);
$this->assertArrayHasKey('Tom', $elimination->data);
}
public function testViewEliminationPageLoads(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$elimination = new Elimination($quiz);
$elimination->data = ['Tom' => Elimination::SCREEN_GREEN];
$this->entityManager->persist($elimination);
$this->entityManager->flush();
$this->client->request(Request::METHOD_GET, \sprintf('/backoffice/elimination/%s', $elimination->id));
self::assertResponseIsSuccessful();
self::assertSelectorExists('form');
}
public function testViewEliminationSavesUpdatedColours(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$elimination = new Elimination($quiz);
$elimination->data = ['Tom' => Elimination::SCREEN_GREEN];
$this->entityManager->persist($elimination);
$this->entityManager->flush();
$token = $this->getTokenFromPage(\sprintf('/backoffice/elimination/%s', $elimination->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/elimination/%s', $elimination->id), [
'_token' => $token,
'colour-tom' => Elimination::SCREEN_RED,
'start' => '0',
]);
self::assertResponseRedirects(\sprintf('/backoffice/elimination/%s', $elimination->id));
$this->entityManager->clear();
$updated = $this->entityManager->getRepository(Elimination::class)->find($elimination->id);
$this->assertInstanceOf(Elimination::class, $updated);
$this->assertSame(Elimination::SCREEN_RED, $updated->data['Tom']);
}
public function testViewEliminationWithStartRedirectsToPublicElimination(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$elimination = new Elimination($quiz);
$elimination->data = ['Tom' => Elimination::SCREEN_GREEN];
$this->entityManager->persist($elimination);
$this->entityManager->flush();
$token = $this->getTokenFromPage(\sprintf('/backoffice/elimination/%s', $elimination->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/elimination/%s', $elimination->id), [
'_token' => $token,
'start' => '1',
]);
self::assertResponseRedirects(\sprintf('/elimination/%s', $elimination->id));
}
}
@@ -4,39 +4,18 @@ declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use Doctrine\ORM\EntityManagerInterface;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\QuestionBankController;
use Tvdt\Entity\BankAnswer;
use Tvdt\Entity\BankQuestion;
use Tvdt\Entity\Question;
use Tvdt\Entity\QuestionLabel;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\User;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(QuestionBankController::class)]
final class QuestionBankControllerTest extends WebTestCase
final class QuestionBankControllerTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
private EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
}
private function loginAsOwner(): void
{
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'krtek-admin@example.org']);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
}
private function getBankQuestion(string $question): BankQuestion
{
$bankQuestion = $this->entityManager->getRepository(BankQuestion::class)->findOneBy(['question' => $question]);
@@ -45,26 +24,9 @@ final class QuestionBankControllerTest extends WebTestCase
return $bankQuestion;
}
private function getQuizByName(string $name): Quiz
{
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => $name]);
$this->assertInstanceOf(Quiz::class, $quiz);
return $quiz;
}
private function getCsrfToken(string $formActionContains): string
{
$crawler = $this->client->getCrawler();
$input = $crawler->filter(\sprintf('form[action*="%s"] input[name="_token"]', $formActionContains));
$this->assertGreaterThan(0, $input->count(), \sprintf('No form found with action containing "%s"', $formActionContains));
return (string) $input->first()->attr('value');
}
public function testIndexListsBankQuestions(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$this->assertResponseIsSuccessful();
@@ -75,7 +37,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testIndexFiltersByLabel(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$label = $this->entityManager->getRepository(QuestionLabel::class)->findOneBy(['name' => 'Locatie']);
$this->assertInstanceOf(QuestionLabel::class, $label);
@@ -89,9 +51,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testNonOwnerIsDenied(): void
{
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'test@example.org']);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
@@ -100,7 +60,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testCreateBankQuestion(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$crawler = $this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank/new');
$this->assertResponseIsSuccessful();
@@ -129,7 +89,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testCreateAllowedWithoutCorrectAnswer(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$crawler = $this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank/new');
$token = (string) $crawler->filter('input[name="bank_question_form[_token]"]')->attr('value');
@@ -145,6 +105,7 @@ final class QuestionBankControllerTest extends WebTestCase
]);
$this->assertResponseRedirects();
$this->entityManager->clear();
$saved = $this->entityManager->getRepository(BankQuestion::class)->findOneBy(['question' => 'Vraag zonder goed antwoord']);
$this->assertInstanceOf(BankQuestion::class, $saved);
$this->assertFalse($saved->isCompleteForQuiz);
@@ -152,7 +113,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testEditBankQuestion(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Wat at de Krtek als ontbijt?');
$url = \sprintf('/backoffice/season/krtek/question-bank/%s/edit', $bankQuestion->id);
@@ -181,12 +142,12 @@ final class QuestionBankControllerTest extends WebTestCase
public function testDeleteUsedBankQuestionLeavesQuizIntact(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Waar sliep de Krtek?');
$quiz2QuestionCount = $this->getQuizByName('Quiz 2')->questions->count();
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$token = $this->getCsrfToken(\sprintf('%s/delete', $bankQuestion->id));
$token = $this->getCsrfTokenFromCurrentPage(\sprintf('%s/delete', $bankQuestion->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/question-bank/%s/delete', $bankQuestion->id), [
'_token' => $token,
@@ -201,13 +162,13 @@ final class QuestionBankControllerTest extends WebTestCase
public function testAssignCopiesQuestionIntoQuiz(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Wat at de Krtek als ontbijt?');
$quiz = $this->getQuizByName('Quiz 2');
$questionCount = $quiz->questions->count();
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$token = $this->getCsrfToken(\sprintf('%s/assign', $bankQuestion->id));
$token = $this->getCsrfTokenFromCurrentPage(\sprintf('%s/assign', $bankQuestion->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/question-bank/%s/assign', $bankQuestion->id), [
'_token' => $token,
@@ -240,7 +201,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testAssignUsedNonReusableQuestionIsRefused(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Waar sliep de Krtek?');
$quiz = $this->getQuizByName('Quiz 2');
$questionCount = $quiz->questions->count();
@@ -248,7 +209,7 @@ final class QuestionBankControllerTest extends WebTestCase
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
// The assign form is not rendered for used questions, so post with another form's token
$token = $this->getCsrfToken('/assign');
$token = $this->getCsrfTokenFromCurrentPage('/assign');
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/question-bank/%s/assign', $bankQuestion->id), [
'_token' => $token,
'quiz' => (string) $quiz->id,
@@ -262,13 +223,13 @@ final class QuestionBankControllerTest extends WebTestCase
public function testAssignSameReusableQuestionTwiceToSameQuizIsRefused(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Wie is de Krtek?');
$quiz = $this->getQuizByName('Quiz 2');
$questionCount = $quiz->questions->count();
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$token = $this->getCsrfToken(\sprintf('%s/assign', $bankQuestion->id));
$token = $this->getCsrfTokenFromCurrentPage(\sprintf('%s/assign', $bankQuestion->id));
$url = \sprintf('/backoffice/season/krtek/question-bank/%s/assign', $bankQuestion->id);
$this->client->request(Request::METHOD_POST, $url, ['_token' => $token, 'quiz' => (string) $quiz->id]);
@@ -283,13 +244,13 @@ final class QuestionBankControllerTest extends WebTestCase
public function testAssignIntoFinalizedQuizIsDenied(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Wie is de Krtek?');
$finalizedQuiz = $this->getQuizByName('Quiz 1');
$this->assertTrue($finalizedQuiz->isFinalized);
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$token = $this->getCsrfToken(\sprintf('%s/assign', $bankQuestion->id));
$token = $this->getCsrfTokenFromCurrentPage(\sprintf('%s/assign', $bankQuestion->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/question-bank/%s/assign', $bankQuestion->id), [
'_token' => $token,
@@ -301,7 +262,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testCreateBankQuestionPreservesAnswerOrdering(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$crawler = $this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank/new');
$this->assertResponseIsSuccessful();
$token = (string) $crawler->filter('input[name="bank_question_form[_token]"]')->attr('value');
@@ -334,7 +295,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testEditBankQuestionPreservesAnswerOrdering(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$bankQuestion = $this->getBankQuestion('Wat at de Krtek als ontbijt?');
// Fixture answers in insertion order (all have ordering=0): Brood (correct), Yoghurt, Niks
@@ -374,7 +335,7 @@ final class QuestionBankControllerTest extends WebTestCase
public function testAddAndDeleteLabel(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$crawler = $this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$token = (string) $crawler->filter('form[action$="/question-bank/labels"] input[name="_token"]')->attr('value');
@@ -389,7 +350,7 @@ final class QuestionBankControllerTest extends WebTestCase
$this->assertInstanceOf(QuestionLabel::class, $label);
$this->client->request(Request::METHOD_GET, '/backoffice/season/krtek/question-bank');
$deleteToken = $this->getCsrfToken(\sprintf('labels/%s/delete', $label->slug));
$deleteToken = $this->getCsrfTokenFromCurrentPage(\sprintf('labels/%s/delete', $label->slug));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/question-bank/labels/%s/delete', $label->slug), [
'_token' => $deleteToken,
@@ -4,11 +4,8 @@ declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use Doctrine\ORM\EntityManagerInterface;
use PHPUnit\Framework\Attributes\CoversClass;
use Safe\DateTimeImmutable;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\QuizController;
use Tvdt\Entity\Answer;
@@ -17,51 +14,21 @@ use Tvdt\Entity\GivenAnswer;
use Tvdt\Entity\Question;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Entity\Season;
use Tvdt\Entity\User;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(QuizController::class)]
final class QuizControllerTest extends WebTestCase
final class QuizControllerTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
private EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
parent::setUp();
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'krtek-admin@example.org']);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
}
private function getQuizByName(string $name): Quiz
{
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => $name]);
$this->assertInstanceOf(Quiz::class, $quiz);
return $quiz;
}
private function getCandidate(string $name): Candidate
{
$candidate = $this->entityManager->getRepository(Candidate::class)->findOneBy(['name' => $name]);
$this->assertInstanceOf(Candidate::class, $candidate);
return $candidate;
$this->loginAs('krtek-admin@example.org');
}
private function getCsrfTokenFromOverview(Quiz $quiz, string $formActionContains): string
{
$crawler = $this->client->request(Request::METHOD_GET, \sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id));
self::assertResponseIsSuccessful();
$input = $crawler->filter(\sprintf('form[action*="%s"] input[name="_token"]', $formActionContains));
$this->assertGreaterThan(0, $input->count(), \sprintf('No form found with action containing "%s"', $formActionContains));
return (string) $input->first()->attr('value');
return $this->getCsrfTokenFromPage(\sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id), $formActionContains);
}
public function testIndexRedirectsToOverview(): void
@@ -296,9 +263,7 @@ final class QuizControllerTest extends WebTestCase
public function testNonOwnerIsDenied(): void
{
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'test@example.org']);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
$this->loginAs('test@example.org');
$quiz = $this->getQuizByName('Quiz 1');
$this->client->request(Request::METHOD_GET, \sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id));
@@ -308,8 +273,7 @@ final class QuizControllerTest extends WebTestCase
public function testOverviewLoadsForEmptyQuiz(): void
{
$season = $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => 'krtek']);
$this->assertInstanceOf(Season::class, $season);
$season = $this->getSeasonByCode('krtek');
$emptyQuiz = new Quiz();
$emptyQuiz->name = 'Empty Quiz';
@@ -326,8 +290,7 @@ final class QuizControllerTest extends WebTestCase
public function testAnswerMappingRedirectsWithFlashWhenNoQuestions(): void
{
$season = $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => 'krtek']);
$this->assertInstanceOf(Season::class, $season);
$season = $this->getSeasonByCode('krtek');
$emptyQuiz = new Quiz();
$emptyQuiz->name = 'Empty Quiz';
@@ -4,63 +4,29 @@ declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use Doctrine\ORM\EntityManagerInterface;
use PHPUnit\Framework\Attributes\CoversClass;
use Safe\DateTimeImmutable;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\QuizController;
use Tvdt\Entity\Answer;
use Tvdt\Entity\Candidate;
use Tvdt\Entity\Question;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Entity\Season;
use Tvdt\Entity\User;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(QuizController::class)]
final class QuizFinalizeTest extends WebTestCase
final class QuizFinalizeTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
private EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
parent::setUp();
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'krtek-admin@example.org']);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
}
private function getQuizByName(string $name): Quiz
{
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => $name]);
$this->assertInstanceOf(Quiz::class, $quiz);
return $quiz;
}
private function getKrtekSeason(): Season
{
$season = $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => 'krtek']);
$this->assertInstanceOf(Season::class, $season);
return $season;
$this->loginAs('krtek-admin@example.org');
}
private function getCsrfTokenFromOverview(Quiz $quiz, string $formActionContains): string
{
$crawler = $this->client->request(Request::METHOD_GET, \sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id));
$this->assertResponseIsSuccessful();
$input = $crawler->filter(\sprintf('form[action*="%s"] input[name="_token"]', $formActionContains));
$this->assertGreaterThan(0, $input->count(), \sprintf('No form found with action containing "%s"', $formActionContains));
return (string) $input->first()->attr('value');
return $this->getCsrfTokenFromPage(\sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id), $formActionContains);
}
public function testFinalizeSetsFinalizedAt(): void
@@ -79,7 +45,7 @@ final class QuizFinalizeTest extends WebTestCase
public function testFinalizeRefusedWhenQuizHasErrors(): void
{
$season = $this->getKrtekSeason();
$season = $this->getSeasonByCode('krtek');
$invalidQuiz = new Quiz();
$invalidQuiz->name = 'Invalid Quiz';
@@ -116,7 +82,7 @@ final class QuizFinalizeTest extends WebTestCase
$this->assertResponseRedirects();
$this->entityManager->clear();
$season = $this->getKrtekSeason();
$season = $this->getSeasonByCode('krtek');
$this->assertInstanceOf(Quiz::class, $season->activeQuiz);
$this->assertSame('Quiz 1', $season->activeQuiz->name);
}
@@ -134,7 +100,7 @@ final class QuizFinalizeTest extends WebTestCase
$this->assertResponseRedirects();
$this->entityManager->clear();
$season = $this->getKrtekSeason();
$season = $this->getSeasonByCode('krtek');
$this->assertInstanceOf(Quiz::class, $season->activeQuiz);
$this->assertSame('Quiz 2', $season->activeQuiz->name);
}
@@ -183,8 +149,7 @@ final class QuizFinalizeTest extends WebTestCase
// Scrape the token before a candidate starts, since the button disappears afterwards
$token = $this->getCsrfTokenFromOverview($quiz, '/unfinalize');
$candidate = $this->entityManager->getRepository(Candidate::class)->findOneBy(['name' => 'Tom']);
$this->assertInstanceOf(Candidate::class, $candidate);
$candidate = $this->getCandidate('Tom');
$quizCandidate = new QuizCandidate($quiz, $candidate);
$quizCandidate->started = new DateTimeImmutable();
@@ -229,6 +194,6 @@ final class QuizFinalizeTest extends WebTestCase
self::assertResponseRedirects(\sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz2->id));
$this->entityManager->clear();
$this->assertNotInstanceOf(Quiz::class, $this->getKrtekSeason()->activeQuiz);
$this->assertNotInstanceOf(Quiz::class, $this->getSeasonByCode('krtek')->activeQuiz);
}
}
@@ -4,47 +4,18 @@ declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use Doctrine\ORM\EntityManagerInterface;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\QuizQuestionController;
use Tvdt\Entity\Question;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\User;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(QuizQuestionController::class)]
final class QuizQuestionControllerTest extends WebTestCase
final class QuizQuestionControllerTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
private EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
}
private function loginAsOwner(): void
{
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'krtek-admin@example.org']);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
}
private function getQuizByName(string $name): Quiz
{
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => $name]);
$this->assertInstanceOf(Quiz::class, $quiz);
return $quiz;
}
public function testEditPreservesAnswerOrdering(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$quiz = $this->getQuizByName('Quiz 2');
$question = null;
@@ -111,7 +82,7 @@ final class QuizQuestionControllerTest extends WebTestCase
public function testReorderQuestionsWithinQuiz(): void
{
$this->loginAsOwner();
$this->loginAs('krtek-admin@example.org');
$quiz = $this->getQuizByName('Quiz 2');
$originalQuestions = $quiz->questions->toArray();
@@ -144,4 +115,43 @@ final class QuizQuestionControllerTest extends WebTestCase
$this->assertSame($originalLastId, (string) $reorderedQuestions[0]->id);
$this->assertSame($originalFirstId, (string) $reorderedQuestions[\count($reorderedQuestions) - 1]->id);
}
public function testEditIsDeniedForNonOwner(): void
{
$this->loginAs('test@example.org');
$quiz = $this->getQuizByName('Quiz 2');
$question = $quiz->questions->first();
$this->assertInstanceOf(Question::class, $question);
$this->client->request(Request::METHOD_GET, \sprintf(
'/backoffice/season/krtek/quiz/%s/question/%s/edit',
$quiz->id,
$question->id,
));
self::assertResponseStatusCodeSame(403);
}
public function testReorderIsDeniedForNonOwner(): void
{
$quiz = $this->getQuizByName('Quiz 2');
// Scrape a valid CSRF token as the owner before switching to the non-owner account,
// since the token is bound to the session, not the logged-in user.
$this->loginAs('krtek-admin@example.org');
$crawler = $this->client->request(Request::METHOD_GET, \sprintf('/backoffice/season/krtek/quiz/%s/overview', $quiz->id));
self::assertResponseIsSuccessful();
$csrfToken = $crawler->filter('[data-bo--question-list-csrf-value]')->attr('data-bo--question-list-csrf-value');
$this->assertNotEmpty($csrfToken);
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/quiz/%s/questions/reorder', $quiz->id), [
'_token' => $csrfToken,
'ordering' => array_map(static fn (Question $q): string => (string) $q->id, $quiz->questions->toArray()),
]);
self::assertResponseStatusCodeSame(403);
}
}
@@ -0,0 +1,121 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\Backoffice\SeasonController;
use Tvdt\Entity\Candidate;
use Tvdt\Entity\Season;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(SeasonController::class)]
final class SeasonControllerTest extends AbstractControllerWebTestCase
{
protected function setUp(): void
{
parent::setUp();
$this->loginAs('krtek-admin@example.org');
}
public function testRegenerateSeasonCodeChangesTheCode(): void
{
$oldCode = 'krtek';
$token = $this->getCsrfTokenFromPage(\sprintf('/backoffice/season/%s/settings', $oldCode), '/regenerate-code');
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/%s/settings/regenerate-code', $oldCode), [
'_token' => $token,
]);
self::assertResponseRedirects();
$this->entityManager->clear();
$this->assertNotInstanceOf(Season::class, $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => $oldCode]));
$location = (string) $this->client->getResponse()->headers->get('Location');
$this->assertMatchesRegularExpression('#^/backoffice/season/[a-z]{5}/settings$#', $location);
}
public function testRegenerateSeasonCodeIsDeniedForNonOwner(): void
{
$token = $this->getCsrfTokenFromPage('/backoffice/season/krtek/settings', '/regenerate-code');
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_POST, '/backoffice/season/krtek/settings/regenerate-code', [
'_token' => $token,
]);
self::assertResponseStatusCodeSame(403);
}
public function testRenameCandidate(): void
{
$candidate = $this->getCandidate('Tom');
$token = $this->getCsrfTokenFromPage('/backoffice/season/krtek/candidates', \sprintf('/candidate/%s/rename', $candidate->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/candidate/%s/rename', $candidate->id), [
'_token' => $token,
'name' => 'Tommy',
]);
self::assertResponseRedirects('/backoffice/season/krtek/candidates');
$this->entityManager->clear();
$renamed = $this->entityManager->getRepository(Candidate::class)->find($candidate->id);
$this->assertInstanceOf(Candidate::class, $renamed);
$this->assertSame('Tommy', $renamed->name);
}
public function testRenameCandidateToExistingNameShowsError(): void
{
$candidate = $this->getCandidate('Tom');
$token = $this->getCsrfTokenFromPage('/backoffice/season/krtek/candidates', \sprintf('/candidate/%s/rename', $candidate->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/candidate/%s/rename', $candidate->id), [
'_token' => $token,
'name' => 'Claudia',
]);
self::assertResponseRedirects('/backoffice/season/krtek/candidates');
$this->entityManager->clear();
$unchanged = $this->entityManager->getRepository(Candidate::class)->find($candidate->id);
$this->assertInstanceOf(Candidate::class, $unchanged);
$this->assertSame('Tom', $unchanged->name);
}
public function testDeleteCandidate(): void
{
$candidate = $this->getCandidate('Tom');
$candidateId = $candidate->id;
$token = $this->getCsrfTokenFromPage('/backoffice/season/krtek/candidates', \sprintf('/candidate/%s/delete', $candidate->id));
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/candidate/%s/delete', $candidate->id), [
'_token' => $token,
]);
self::assertResponseRedirects('/backoffice/season/krtek/candidates');
$this->entityManager->clear();
$this->assertNotInstanceOf(Candidate::class, $this->entityManager->getRepository(Candidate::class)->find($candidateId));
}
public function testRenameCandidateIsDeniedForNonOwner(): void
{
$candidate = $this->getCandidate('Tom');
$token = $this->getCsrfTokenFromPage('/backoffice/season/krtek/candidates', \sprintf('/candidate/%s/rename', $candidate->id));
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_POST, \sprintf('/backoffice/season/krtek/candidate/%s/rename', $candidate->id), [
'_token' => $token,
'name' => 'Tommy',
]);
self::assertResponseStatusCodeSame(403);
}
}
@@ -4,11 +4,9 @@ declare(strict_types=1);
namespace Tvdt\Tests\Controller\Backoffice;
use Doctrine\ORM\EntityManagerInterface;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
use Safe\DateTimeImmutable;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Tvdt\Controller\Backoffice\SettingsController;
@@ -17,43 +15,21 @@ use Tvdt\Entity\Quiz;
use Tvdt\Entity\ResetPasswordRequest;
use Tvdt\Entity\Season;
use Tvdt\Entity\User;
use Tvdt\Tests\Controller\AbstractControllerWebTestCase;
#[CoversClass(SettingsController::class)]
final class SettingsControllerTest extends WebTestCase
final class SettingsControllerTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
private EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
parent::setUp();
$this->loginAs('test@example.org');
}
private function loginAs(string $email): void
{
$user = $this->getUserByEmail($email);
$this->assertInstanceOf(User::class, $user);
$this->client->loginUser($user);
}
private function getUserByEmail(string $email): ?User
{
return $this->entityManager->getRepository(User::class)->findOneBy(['email' => $email]);
}
private function getCsrfTokenFromSettings(string $formActionContains): string
{
$crawler = $this->client->request(Request::METHOD_GET, '/backoffice/settings');
self::assertResponseIsSuccessful();
$input = $crawler->filter(\sprintf('form[action*="%s"] input[name="_token"]', $formActionContains));
$this->assertGreaterThan(0, $input->count(), \sprintf('No form found with action containing "%s"', $formActionContains));
return (string) $input->first()->attr('value');
return $this->getCsrfTokenFromPage('/backoffice/settings', $formActionContains);
}
public function testSettingsPageLoadsAndNavContainsSettingsLink(): void
@@ -98,7 +74,6 @@ final class SettingsControllerTest extends WebTestCase
$this->entityManager->clear();
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$hasher = self::getContainer()->get(UserPasswordHasherInterface::class);
$this->assertTrue($hasher->isPasswordValid($user, 'NewPass123!'));
@@ -107,32 +82,21 @@ final class SettingsControllerTest extends WebTestCase
self::assertResponseIsSuccessful();
}
public function testChangePasswordWithWrongCurrentPasswordIsRejected(): void
/** @return iterable<string, array{string, string, string}> */
public static function invalidPasswordChangeProvider(): iterable
{
$this->client->request(Request::METHOD_GET, '/backoffice/settings');
$form = $this->client->getCrawler()->filter('form[action*="/backoffice/settings/password"]')->form([
'change_user_password_form[currentPassword]' => 'wrong-password',
'change_user_password_form[plainPassword][first]' => 'NewPass123!',
'change_user_password_form[plainPassword][second]' => 'NewPass123!',
]);
$this->client->submit($form);
self::assertResponseStatusCodeSame(422);
$this->entityManager->clear();
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$hasher = self::getContainer()->get(UserPasswordHasherInterface::class);
$this->assertTrue($hasher->isPasswordValid($user, TestFixtures::PASSWORD));
yield 'wrong current password' => ['wrong-password', 'NewPass123!', 'NewPass123!'];
yield 'mismatched repeat' => [TestFixtures::PASSWORD, 'NewPass123!', 'SomethingElse!'];
}
public function testChangePasswordWithMismatchedRepeatIsRejected(): void
#[DataProvider('invalidPasswordChangeProvider')]
public function testChangePasswordIsRejected(string $currentPassword, string $first, string $second): void
{
$this->client->request(Request::METHOD_GET, '/backoffice/settings');
$form = $this->client->getCrawler()->filter('form[action*="/backoffice/settings/password"]')->form([
'change_user_password_form[currentPassword]' => TestFixtures::PASSWORD,
'change_user_password_form[plainPassword][first]' => 'NewPass123!',
'change_user_password_form[plainPassword][second]' => 'SomethingElse!',
'change_user_password_form[currentPassword]' => $currentPassword,
'change_user_password_form[plainPassword][first]' => $first,
'change_user_password_form[plainPassword][second]' => $second,
]);
$this->client->submit($form);
@@ -140,7 +104,6 @@ final class SettingsControllerTest extends WebTestCase
$this->entityManager->clear();
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$hasher = self::getContainer()->get(UserPasswordHasherInterface::class);
$this->assertTrue($hasher->isPasswordValid($user, TestFixtures::PASSWORD));
}
@@ -157,9 +120,8 @@ final class SettingsControllerTest extends WebTestCase
self::assertEmailCount(1);
$this->entityManager->clear();
$this->assertNotInstanceOf(User::class, $this->getUserByEmail('test@example.org'));
$this->assertNotInstanceOf(User::class, $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'test@example.org']));
$user = $this->getUserByEmail('new-address@example.org');
$this->assertInstanceOf(User::class, $user);
$this->assertFalse($user->isVerified);
// User stays logged in
@@ -179,7 +141,7 @@ final class SettingsControllerTest extends WebTestCase
self::assertEmailCount(0);
$this->entityManager->clear();
$this->assertInstanceOf(User::class, $this->getUserByEmail('test@example.org'));
$this->getUserByEmail('test@example.org');
}
public function testResendConfirmationEmailSendsEmail(): void
@@ -200,8 +162,8 @@ final class SettingsControllerTest extends WebTestCase
$token = $this->getCsrfTokenFromSettings('/backoffice/settings/resend-confirmation');
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$user->isVerified = true;
$this->entityManager->flush();
$crawler = $this->client->request(Request::METHOD_GET, '/backoffice/settings');
@@ -242,7 +204,6 @@ final class SettingsControllerTest extends WebTestCase
public function testChangePasswordInvalidatesResetPasswordRequests(): void
{
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$this->createResetPasswordRequest($user);
$this->client->request(Request::METHOD_GET, '/backoffice/settings');
@@ -257,14 +218,12 @@ final class SettingsControllerTest extends WebTestCase
$this->entityManager->clear();
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$this->assertSame(0, $this->entityManager->getRepository(ResetPasswordRequest::class)->count(['user' => $user]));
}
public function testChangeEmailInvalidatesResetPasswordRequests(): void
{
$user = $this->getUserByEmail('test@example.org');
$this->assertInstanceOf(User::class, $user);
$this->createResetPasswordRequest($user);
$this->client->request(Request::METHOD_GET, '/backoffice/settings');
@@ -277,7 +236,6 @@ final class SettingsControllerTest extends WebTestCase
$this->entityManager->clear();
$user = $this->getUserByEmail('new-address@example.org');
$this->assertInstanceOf(User::class, $user);
$this->assertSame(0, $this->entityManager->getRepository(ResetPasswordRequest::class)->count(['user' => $user]));
}
@@ -293,7 +251,7 @@ final class SettingsControllerTest extends WebTestCase
self::assertResponseRedirects('/backoffice/settings');
$this->entityManager->clear();
$this->assertInstanceOf(User::class, $this->getUserByEmail('test@example.org'));
$this->getUserByEmail('test@example.org');
}
public function testDeleteAccountRemovesSoleOwnerSeasonsAndKeepsSharedSeasons(): void
@@ -309,7 +267,7 @@ final class SettingsControllerTest extends WebTestCase
self::assertResponseRedirects();
$this->entityManager->clear();
$this->assertNotInstanceOf(User::class, $this->getUserByEmail('sole-owner@example.org'));
$this->assertNotInstanceOf(User::class, $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'sole-owner@example.org']));
// Sole-owner season is removed, including its quiz
$this->assertNotInstanceOf(Season::class, $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => 'doomd']));
@@ -340,7 +298,7 @@ final class SettingsControllerTest extends WebTestCase
self::assertResponseRedirects();
$this->entityManager->clear();
$this->assertNotInstanceOf(User::class, $this->getUserByEmail('user2@example.org'));
$this->assertNotInstanceOf(User::class, $this->entityManager->getRepository(User::class)->findOneBy(['email' => 'user2@example.org']));
foreach (['krtek', 'bbbbb'] as $seasonCode) {
$season = $this->entityManager->getRepository(Season::class)->findOneBy(['seasonCode' => $seasonCode]);
@@ -350,4 +308,46 @@ final class SettingsControllerTest extends WebTestCase
$this->assertNotEmpty($ownerEmails);
}
}
public function testDownloadDataRequiresAuthentication(): void
{
$this->client->restart();
$this->client->request(Request::METHOD_GET, '/backoffice/settings/download-data');
self::assertResponseRedirects();
}
public function testDownloadDataReturnsAZipWithATimestampedAccountFilename(): void
{
$this->markUserVerified('test@example.org');
$this->client->request(Request::METHOD_GET, '/backoffice/settings/download-data');
self::assertResponseIsSuccessful();
self::assertResponseHeaderSame('Content-Type', 'application/zip');
$disposition = (string) $this->client->getResponse()->headers->get('Content-Disposition');
$this->assertMatchesRegularExpression(
'/filename=tijd-voor-de-test-data-test-example-org-\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2}\.zip/',
$disposition,
);
}
public function testDownloadDataRequiresVerifiedEmail(): void
{
$user = $this->getUserByEmail('test@example.org');
$this->assertFalse($user->isVerified);
$this->client->request(Request::METHOD_GET, '/backoffice/settings/download-data');
self::assertResponseRedirects('/backoffice/settings');
}
private function markUserVerified(string $email): void
{
$user = $this->getUserByEmail($email);
$user->isVerified = true;
$this->entityManager->flush();
}
}
@@ -0,0 +1,86 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\EliminationController;
use Tvdt\Entity\Elimination;
use Tvdt\Helpers\Base64;
#[CoversClass(EliminationController::class)]
final class EliminationControllerTest extends AbstractControllerWebTestCase
{
private Elimination $elimination;
protected function setUp(): void
{
parent::setUp();
$quiz = $this->getQuizByName('Quiz 1');
$this->elimination = new Elimination($quiz);
$this->elimination->data = ['Tom' => Elimination::SCREEN_GREEN];
$this->entityManager->persist($this->elimination);
$this->entityManager->flush();
$this->loginAs('krtek-admin@example.org');
}
public function testIndexIsDeniedForNonOwner(): void
{
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_GET, \sprintf('/elimination/%s', $this->elimination->id));
self::assertResponseStatusCodeSame(403);
}
public function testIndexPageLoads(): void
{
$this->client->request(Request::METHOD_GET, \sprintf('/elimination/%s', $this->elimination->id));
self::assertResponseIsSuccessful();
self::assertSelectorExists('form');
}
public function testIndexRedirectsToCandidateScreen(): void
{
$crawler = $this->client->request(Request::METHOD_GET, \sprintf('/elimination/%s', $this->elimination->id));
$form = $crawler->filter('form')->form([
'elimination_enter_name[name]' => 'Tom',
]);
$this->client->submit($form);
self::assertResponseRedirects(\sprintf('/elimination/%s/%s', $this->elimination->id, Base64::base64UrlEncode('Tom')));
}
public function testCandidateScreenUnknownCandidateRedirectsWithFlash(): void
{
$this->client->request(Request::METHOD_GET, \sprintf('/elimination/%s/%s', $this->elimination->id, Base64::base64UrlEncode('Nobody')));
self::assertResponseRedirects(\sprintf('/elimination/%s', $this->elimination->id));
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Kon kandidaat met naam Nobody niet vinden');
}
public function testCandidateScreenCandidateNotInEliminationDataRedirectsWithFlash(): void
{
$this->client->request(Request::METHOD_GET, \sprintf('/elimination/%s/%s', $this->elimination->id, Base64::base64UrlEncode('Claudia')));
self::assertResponseRedirects(\sprintf('/elimination/%s', $this->elimination->id));
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Kon geen kandidaat vinden met de naam Claudia in de eliminatie');
}
public function testCandidateScreenRendersColour(): void
{
$this->client->request(Request::METHOD_GET, \sprintf('/elimination/%s/%s', $this->elimination->id, Base64::base64UrlEncode('Tom')));
self::assertResponseIsSuccessful();
self::assertSelectorExists(\sprintf('#%s', Elimination::SCREEN_GREEN));
}
}
+53
View File
@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\LoginController;
#[CoversClass(LoginController::class)]
final class LoginControllerTest extends AbstractControllerWebTestCase
{
public function testLoginPageLoadsWhenNotAuthenticated(): void
{
$this->client->request(Request::METHOD_GET, '/login');
self::assertResponseIsSuccessful();
self::assertSelectorExists('form');
}
public function testLoginRedirectsToBackofficeWhenAlreadyAuthenticated(): void
{
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_GET, '/login');
self::assertResponseRedirects('/backoffice/');
}
public function testLoginWithInvalidCredentialsShowsFlash(): void
{
$this->client->request(Request::METHOD_GET, '/login');
$form = $this->client->getCrawler()->filter('form')->form([
'_username' => 'test@example.org',
'_password' => 'wrong-password',
]);
$this->client->submit($form);
self::assertResponseRedirects('/login');
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Ongeldige inloggegevens.');
}
public function testLogoutIsInterceptedByFirewall(): void
{
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_GET, '/logout');
self::assertResponseRedirects();
}
}
+209
View File
@@ -0,0 +1,209 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\QuizController;
use Tvdt\Entity\Answer;
use Tvdt\Entity\Candidate;
use Tvdt\Entity\GivenAnswer;
use Tvdt\Entity\Question;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Helpers\Base64;
#[CoversClass(QuizController::class)]
final class QuizControllerTest extends AbstractControllerWebTestCase
{
private function answerQuestion(Question $question): void
{
$tomHash = Base64::base64UrlEncode('Tom');
$url = \sprintf('/krtek/%s', $tomHash);
$crawler = $this->client->request(Request::METHOD_GET, $url);
self::assertResponseIsSuccessful();
$token = (string) $crawler->filter('input[name="token"]')->first()->attr('value');
$answer = $question->answers->first();
$this->assertInstanceOf(Answer::class, $answer);
$this->client->request(Request::METHOD_POST, $url, [
'token' => $token,
'answer' => (string) $answer->id,
]);
self::assertResponseRedirects($url);
}
public function testSelectSeasonPageLoads(): void
{
$this->client->request(Request::METHOD_GET, '/');
self::assertResponseIsSuccessful();
self::assertSelectorExists('form');
}
public function testSelectSeasonWithInvalidCodeRedirectsWithFlash(): void
{
$crawler = $this->client->request(Request::METHOD_GET, '/');
$form = $crawler->filter('form')->form([
'select_season[season_code]' => 'aaaaa',
]);
$this->client->submit($form);
self::assertResponseRedirects('/');
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Ongeldige seizoencode');
}
public function testSelectSeasonWithValidCodeRedirectsToEnterName(): void
{
$crawler = $this->client->request(Request::METHOD_GET, '/');
$form = $crawler->filter('form')->form([
'select_season[season_code]' => 'krtek',
]);
$this->client->submit($form);
self::assertResponseRedirects('/krtek');
}
public function testEnterNamePageLoads(): void
{
$this->client->request(Request::METHOD_GET, '/krtek');
self::assertResponseIsSuccessful();
self::assertSelectorExists('form');
}
public function testEnterNameRedirectsToQuizPage(): void
{
$crawler = $this->client->request(Request::METHOD_GET, '/krtek');
$form = $crawler->filter('form')->form([
'enter_name[name]' => 'Tom',
]);
$this->client->submit($form);
self::assertResponseRedirects(\sprintf('/krtek/%s', Base64::base64UrlEncode('Tom')));
}
public function testQuizPageUnknownCandidateRedirectsWithFlash(): void
{
$this->client->request(Request::METHOD_GET, \sprintf('/krtek/%s', Base64::base64UrlEncode('Nobody')));
self::assertResponseRedirects('/krtek');
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Kandidaat niet gevonden');
}
public function testQuizPageWithoutActiveQuizRedirectsWithFlash(): void
{
$season = $this->getSeasonByCode('bbbbb');
$season->addCandidate(new Candidate('Nienke'));
$this->entityManager->flush();
$this->client->request(Request::METHOD_GET, \sprintf('/bbbbb/%s', Base64::base64UrlEncode('Nienke')));
self::assertResponseRedirects('/bbbbb');
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Er is geen test actief');
}
public function testQuizPageRendersFirstQuestion(): void
{
$this->client->request(Request::METHOD_GET, \sprintf('/krtek/%s', Base64::base64UrlEncode('Tom')));
self::assertResponseIsSuccessful();
self::assertSelectorTextContains('body', 'Is de Krtek een man of een vrouw?');
}
public function testQuizPageAnsweringPersistsGivenAnswerAndRedirects(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$firstQuestion = $quiz->questions->first();
$this->assertInstanceOf(Question::class, $firstQuestion);
$answer = $firstQuestion->answers->first();
$this->assertInstanceOf(Answer::class, $answer);
$this->answerQuestion($firstQuestion);
$this->entityManager->clear();
$candidate = $this->getCandidate('Tom');
$givenAnswer = $this->entityManager->getRepository(GivenAnswer::class)->findOneBy(['candidate' => $candidate]);
$this->assertInstanceOf(GivenAnswer::class, $givenAnswer);
$this->assertTrue($answer->id->equals($givenAnswer->answer->id));
}
public function testQuizPageInvalidAnswerIdShowsFlash(): void
{
$url = \sprintf('/krtek/%s', Base64::base64UrlEncode('Tom'));
$crawler = $this->client->request(Request::METHOD_GET, $url);
$token = (string) $crawler->filter('input[name="token"]')->first()->attr('value');
$this->client->request(Request::METHOD_POST, $url, [
'token' => $token,
'answer' => '00000000-0000-0000-0000-000000000000',
]);
self::assertResponseRedirects($url);
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Selecteer een antwoorden alsjeblieft');
}
public function testQuizPageOutOfOrderAnswerShowsFlash(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$secondQuestion = $quiz->questions->get(1);
$this->assertInstanceOf(Question::class, $secondQuestion);
$answer = $secondQuestion->answers->first();
$this->assertInstanceOf(Answer::class, $answer);
$url = \sprintf('/krtek/%s', Base64::base64UrlEncode('Tom'));
$crawler = $this->client->request(Request::METHOD_GET, $url);
$token = (string) $crawler->filter('input[name="token"]')->first()->attr('value');
$this->client->request(Request::METHOD_POST, $url, [
'token' => $token,
'answer' => (string) $answer->id,
]);
self::assertResponseRedirects($url);
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Je kan deze vraag niet beantwoorden');
}
public function testQuizPageCompletedShowsFlashAndRedirects(): void
{
$quiz = $this->getQuizByName('Quiz 1');
foreach ($quiz->questions as $question) {
$this->answerQuestion($question);
}
$this->client->request(Request::METHOD_GET, \sprintf('/krtek/%s', Base64::base64UrlEncode('Tom')));
self::assertResponseRedirects('/krtek');
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Test voltooid');
}
public function testQuizPageInactiveCandidateIsBlocked(): void
{
$quiz = $this->getQuizByName('Quiz 1');
$candidate = $this->getCandidate('Tom');
$quizCandidate = new QuizCandidate($quiz, $candidate);
$quizCandidate->active = false;
$this->entityManager->persist($quizCandidate);
$this->entityManager->flush();
$this->client->request(Request::METHOD_GET, \sprintf('/krtek/%s', Base64::base64UrlEncode('Tom')));
self::assertResponseRedirects('/krtek');
$this->client->followRedirect();
self::assertSelectorTextContains('body', 'Je mag deze test niet beantwoorden');
}
}
@@ -0,0 +1,90 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Controller;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\HttpFoundation\Request;
use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
use Tvdt\Controller\RegistrationController;
#[CoversClass(RegistrationController::class)]
final class RegistrationControllerTest extends AbstractControllerWebTestCase
{
public function testRegisterPageLoadsWhenNotAuthenticated(): void
{
$this->client->request(Request::METHOD_GET, '/register');
self::assertResponseIsSuccessful();
self::assertSelectorExists('form');
}
public function testRegisterRedirectsToBackofficeWhenAlreadyAuthenticated(): void
{
$this->loginAs('test@example.org');
$this->client->request(Request::METHOD_GET, '/register');
self::assertResponseRedirects('/backoffice/');
}
public function testRegisterCreatesUserSendsConfirmationAndLogsIn(): void
{
$crawler = $this->client->request(Request::METHOD_GET, '/register');
$form = $crawler->filter('form')->form([
'registration_form[email]' => 'newuser@example.org',
'registration_form[plainPassword][first]' => 'NewPass123!',
'registration_form[plainPassword][second]' => 'NewPass123!',
]);
$this->client->submit($form);
self::assertResponseRedirects('/backoffice/');
self::assertEmailCount(1);
$this->entityManager->clear();
$user = $this->getUserByEmail('newuser@example.org');
$this->assertFalse($user->isVerified);
}
public function testVerifyEmailWithoutIdRedirectsToRegister(): void
{
$this->client->request(Request::METHOD_GET, '/verify/email');
self::assertResponseRedirects('/register');
}
public function testVerifyEmailWithUnknownIdRedirectsToRegister(): void
{
$this->client->request(Request::METHOD_GET, '/verify/email', ['id' => '00000000-0000-0000-0000-000000000000']);
self::assertResponseRedirects('/register');
}
public function testVerifyEmailWithValidSignatureMarksUserVerified(): void
{
$user = $this->getUserByEmail('test@example.org');
$this->assertFalse($user->isVerified);
/** @var VerifyEmailHelperInterface $helper */
$helper = self::getContainer()->get(VerifyEmailHelperInterface::class);
$signature = $helper->generateSignature('tvdt_verify_email', $user->id->toRfc4122(), $user->email, ['id' => $user->id]);
$this->client->request(Request::METHOD_GET, $signature->getSignedUrl());
self::assertResponseRedirects('/backoffice/');
$this->entityManager->clear();
$updatedUser = $this->getUserByEmail('test@example.org');
$this->assertTrue($updatedUser->isVerified);
}
public function testVerifyEmailWithInvalidSignatureShowsErrorAndRedirects(): void
{
$user = $this->getUserByEmail('test@example.org');
$this->client->request(Request::METHOD_GET, '/verify/email', ['id' => (string) $user->id, 'expires' => '9999999999', 'signature' => 'invalid']);
self::assertResponseRedirects('/register');
}
}
@@ -4,10 +4,8 @@ declare(strict_types=1);
namespace Tvdt\Tests\Controller;
use Doctrine\ORM\EntityManagerInterface;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use PHPUnit\Framework\Attributes\DataProvider;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
@@ -15,18 +13,8 @@ use Tvdt\Controller\ResetPasswordController;
use Tvdt\Entity\User;
#[CoversClass(ResetPasswordController::class)]
final class ResetPasswordControllerTest extends WebTestCase
final class ResetPasswordControllerTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
private EntityManagerInterface $entityManager;
protected function setUp(): void
{
$this->client = self::createClient();
$this->entityManager = self::getContainer()->get(EntityManagerInterface::class);
}
public function testRequestPageLoads(): void
{
$this->client->request(Request::METHOD_GET, '/reset-password');
@@ -35,22 +23,19 @@ final class ResetPasswordControllerTest extends WebTestCase
$this->assertSelectorExists('form');
}
public function testRequestWithUnknownEmailRedirectsToCheckEmail(): void
/** @return iterable<string, array{string}> */
public static function emailProvider(): iterable
{
$this->client->request(Request::METHOD_GET, '/reset-password');
$form = $this->client->getCrawler()->filter('form')->form([
'reset_password_request_form[email]' => 'unknown@example.org',
]);
$this->client->submit($form);
$this->assertResponseRedirects('/reset-password/check-email');
yield 'unknown email' => ['unknown@example.org'];
yield 'known email' => ['test@example.org'];
}
public function testRequestWithKnownEmailRedirectsToCheckEmail(): void
#[DataProvider('emailProvider')]
public function testRequestRedirectsToCheckEmail(string $email): void
{
$this->client->request(Request::METHOD_GET, '/reset-password');
$form = $this->client->getCrawler()->filter('form')->form([
'reset_password_request_form[email]' => 'test@example.org',
'reset_password_request_form[email]' => $email,
]);
$this->client->submit($form);
+1 -10
View File
@@ -6,21 +6,12 @@ namespace Tvdt\Tests\Controller;
use PHPUnit\Framework\Attributes\CoversClass;
use Safe\DateTimeImmutable;
use Symfony\Bundle\FrameworkBundle\KernelBrowser;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\HttpFoundation\Request;
use Tvdt\Controller\WellKnownController;
#[CoversClass(WellKnownController::class)]
final class WellKnownControllerTest extends WebTestCase
final class WellKnownControllerTest extends AbstractControllerWebTestCase
{
private KernelBrowser $client;
protected function setUp(): void
{
$this->client = self::createClient();
}
public function testChangePasswordRedirectsToSettings(): void
{
$this->client->request(Request::METHOD_GET, '/.well-known/change-password');
+100
View File
@@ -0,0 +1,100 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Entity;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\TestCase;
use Tvdt\Entity\BankAnswer;
use Tvdt\Entity\BankQuestion;
use Tvdt\Entity\BankQuestionUsage;
use Tvdt\Entity\Quiz;
#[CoversClass(BankQuestion::class)]
final class BankQuestionTest extends TestCase
{
public function testIsCompleteForQuizIsFalseWithoutTwoAnswers(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->addAnswer(new BankAnswer('Only answer', true));
$this->assertFalse($bankQuestion->isCompleteForQuiz);
}
public function testIsCompleteForQuizIsFalseWithoutCorrectAnswer(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->addAnswer(new BankAnswer('Wrong 1'));
$bankQuestion->addAnswer(new BankAnswer('Wrong 2'));
$this->assertFalse($bankQuestion->isCompleteForQuiz);
}
public function testIsCompleteForQuizIsFalseWithMultipleCorrectAnswers(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->addAnswer(new BankAnswer('Right 1', true));
$bankQuestion->addAnswer(new BankAnswer('Right 2', true));
$this->assertFalse($bankQuestion->isCompleteForQuiz);
}
public function testIsCompleteForQuizIsTrueWithTwoAnswersAndOneCorrect(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->addAnswer(new BankAnswer('Right', true));
$bankQuestion->addAnswer(new BankAnswer('Wrong'));
$this->assertTrue($bankQuestion->isCompleteForQuiz);
}
public function testCanBeAssignedIsTrueWhenUnused(): void
{
$bankQuestion = new BankQuestion();
$this->assertTrue($bankQuestion->canBeAssigned);
}
public function testCanBeAssignedIsTrueWhenReusableEvenIfUsed(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->reusable = true;
$bankQuestion->addUsage(new BankQuestionUsage($bankQuestion, new Quiz()));
$this->assertTrue($bankQuestion->canBeAssigned);
}
public function testCanBeAssignedIsFalseWhenSingleUseAndUsed(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->addUsage(new BankQuestionUsage($bankQuestion, new Quiz()));
$this->assertFalse($bankQuestion->canBeAssigned);
}
public function testIsUsedInQuizIsTrueForQuizWithUsage(): void
{
$bankQuestion = new BankQuestion();
$quiz = new Quiz();
$bankQuestion->addUsage(new BankQuestionUsage($bankQuestion, $quiz));
$this->assertTrue($bankQuestion->isUsedInQuiz($quiz));
}
public function testIsUsedInQuizIsFalseForDifferentQuiz(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->addUsage(new BankQuestionUsage($bankQuestion, new Quiz()));
$this->assertFalse($bankQuestion->isUsedInQuiz(new Quiz()));
}
public function testToStringReturnsQuestionText(): void
{
$bankQuestion = new BankQuestion();
$bankQuestion->question = 'Wie is de Krtek?';
$this->assertSame('Wie is de Krtek?', (string) $bankQuestion);
}
}
+89
View File
@@ -0,0 +1,89 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Entity;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\InputBag;
use Tvdt\Entity\Elimination;
use Tvdt\Entity\Quiz;
#[CoversClass(Elimination::class)]
final class EliminationTest extends TestCase
{
public function testGetScreenColourReturnsNullForNullName(): void
{
$elimination = new Elimination(new Quiz());
$this->assertNull($elimination->getScreenColour(null));
}
public function testGetScreenColourReturnsNullForUnknownName(): void
{
$elimination = new Elimination(new Quiz());
$elimination->data = $this->colours(['Tom' => Elimination::SCREEN_GREEN]);
$this->assertNull($elimination->getScreenColour('Claudia'));
}
public function testGetScreenColourReturnsColourForKnownName(): void
{
$elimination = new Elimination(new Quiz());
$elimination->data = $this->colours(['Tom' => Elimination::SCREEN_GREEN, 'Claudia' => Elimination::SCREEN_RED]);
$this->assertSame(Elimination::SCREEN_RED, $elimination->getScreenColour('Claudia'));
}
public function testUpdateFromInputBagUpdatesKnownColours(): void
{
$elimination = new Elimination(new Quiz());
$elimination->data = $this->colours(['Tom' => Elimination::SCREEN_GREEN, 'Claudia' => Elimination::SCREEN_RED]);
$elimination->updateFromInputBag($this->inputBag(['colour-tom' => Elimination::SCREEN_RED]));
$this->assertSame(Elimination::SCREEN_RED, $elimination->data['Tom']);
$this->assertSame(Elimination::SCREEN_RED, $elimination->data['Claudia']);
}
public function testUpdateFromInputBagIgnoresMissingInput(): void
{
$elimination = new Elimination(new Quiz());
$elimination->data = $this->colours(['Tom' => Elimination::SCREEN_GREEN]);
$elimination->updateFromInputBag($this->inputBag([]));
$this->assertSame(Elimination::SCREEN_GREEN, $elimination->data['Tom']);
}
public function testUpdateFromInputBagReturnsSelf(): void
{
$elimination = new Elimination(new Quiz());
$this->assertSame($elimination, $elimination->updateFromInputBag($this->inputBag([])));
}
/**
* @param array<string, string> $colours
*
* @return array<string, string>
*/
private function colours(array $colours): array
{
return $colours;
}
/**
* @param array<string, string> $parameters
*
* @return InputBag<bool|float|int|string>
*/
private function inputBag(array $parameters): InputBag
{
/** @var InputBag<bool|float|int|string> $inputBag */
$inputBag = new InputBag($parameters);
return $inputBag;
}
}
+17 -11
View File
@@ -4,28 +4,34 @@ declare(strict_types=1);
namespace Tvdt\Tests\Helpers;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
use PHPUnit\Framework\TestCase;
use Safe\Exceptions\UrlException;
use Tvdt\Helpers\Base64;
#[CoversClass(Base64::class)]
final class Base64Test extends TestCase
{
public function testBase64UrlEncode(): void
/** @return iterable<string, array{string, string}> */
public static function pairProvider(): iterable
{
$this->assertSame('TWFyaWpu', Base64::base64UrlEncode('Marijn'));
$this->assertSame('UGhpbGluZQ', Base64::base64UrlEncode('Philine'));
$this->assertSame('_g', Base64::base64UrlEncode(\chr(254)));
$this->assertSame('-g', Base64::base64UrlEncode(\chr(250)));
yield 'Marijn' => ['Marijn', 'TWFyaWpu'];
yield 'Philine' => ['Philine', 'UGhpbGluZQ'];
yield 'byte 254' => [\chr(254), '_g'];
yield 'byte 250' => [\chr(250), '-g'];
}
public function testBase64UrlDecode(): void
#[DataProvider('pairProvider')]
public function testBase64UrlEncode(string $decoded, string $encoded): void
{
$this->assertSame('Marijn', Base64::base64UrlDecode('TWFyaWpu'));
$this->assertSame('Philine', Base64::base64UrlDecode('UGhpbGluZQ'));
$this->assertSame($encoded, Base64::base64UrlEncode($decoded));
}
$this->assertSame(\chr(254), Base64::base64UrlDecode('_g'));
$this->assertSame(\chr(250), Base64::base64UrlDecode('-g'));
#[DataProvider('pairProvider')]
public function testBase64UrlDecode(string $decoded, string $encoded): void
{
$this->assertSame($decoded, Base64::base64UrlDecode($encoded));
}
public function testBase64UrlDecodeCanHandlePadding(): void
+34
View File
@@ -0,0 +1,34 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Helpers;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
use PHPUnit\Framework\TestCase;
use Tvdt\Helpers\FilenameSanitizer;
#[CoversClass(FilenameSanitizer::class)]
final class FilenameSanitizerTest extends TestCase
{
/** @return iterable<string, array{string, string}> */
public static function sanitizeProvider(): iterable
{
yield 'replaces spaces with dashes' => ['Krtek Weekend', 'Krtek-Weekend'];
yield 'strips path traversal' => ['../../etc/passwd', 'etc-passwd'];
yield 'strips forward slash' => ['a/b', 'a-b'];
yield 'strips backslash' => ['a\\b', 'a-b'];
yield 'strips control characters and special symbols' => ["Quiz #1 <script>\0", 'Quiz-1-script'];
yield 'transliterates unicode to ascii' => ['Wéird Ñame', 'Weird-Name'];
yield 'transliterates at sign in email' => ['test@example.org', 'test-example-org'];
yield 'returns unnamed for empty input' => ['', 'unnamed'];
yield 'returns unnamed for fully stripped input' => ['///', 'unnamed'];
}
#[DataProvider('sanitizeProvider')]
public function testSanitize(string $input, string $expected): void
{
$this->assertSame($expected, FilenameSanitizer::sanitize($input));
}
}
@@ -53,4 +53,22 @@ final class CandidateRepositoryTest extends DatabaseTestCase
);
$this->assertNotInstanceOf(Candidate::class, $result);
}
/** Candidate names are only unique per season, so a same-named candidate in another season must not leak in. */
public function testGetCandidateByHashScopesByCandidateSeasonNotJustName(): void
{
$krtekSeason = $this->getSeasonByCode('krtek');
$anotherSeason = $this->getSeasonByCode('bbbbb');
$duplicateNamedCandidate = new Candidate('Claudia');
$anotherSeason->addCandidate($duplicateNamedCandidate);
$this->entityManager->persist($duplicateNamedCandidate);
$this->entityManager->flush();
$candidate = $this->candidateRepository->getCandidateByHash($krtekSeason, 'Q2xhdWRpYQ');
$this->assertInstanceOf(Candidate::class, $candidate);
$this->assertSame($krtekSeason, $candidate->season);
$this->assertNotSame($duplicateNamedCandidate, $candidate);
}
}
+12 -9
View File
@@ -5,25 +5,28 @@ declare(strict_types=1);
namespace Tvdt\Tests\Repository;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\DataProvider;
use Tvdt\Entity\Season;
use Tvdt\Repository\SeasonRepository;
#[CoversClass(SeasonRepository::class)]
final class SeasonRepositoryTest extends DatabaseTestCase
{
public function testGetSeasonsForUser(): void
/** @return iterable<string, array{string, string}> */
public static function userSeasonsProvider(): iterable
{
$user = $this->getUserByEmail('krtek-admin@example.org');
yield 'krtek admin' => ['krtek-admin@example.org', 'krtek'];
yield 'user1' => ['user1@example.org', 'bbbbb'];
}
#[DataProvider('userSeasonsProvider')]
public function testGetSeasonsForUser(string $email, string $expectedSeasonCode): void
{
$user = $this->getUserByEmail($email);
$seasons = $this->seasonRepository->getSeasonsForUser($user);
$this->assertCount(1, $seasons);
$this->assertSame('krtek', $seasons[0]->seasonCode);
$user = $this->getUserByEmail('user1@example.org');
$seasons = $this->seasonRepository->getSeasonsForUser($user);
$this->assertCount(1, $seasons);
$this->assertSame('bbbbb', $seasons[0]->seasonCode);
$this->assertSame($expectedSeasonCode, $seasons[0]->seasonCode);
}
public function testUserWithMultipleSeasons(): void
+91
View File
@@ -7,6 +7,12 @@ namespace Tvdt\Tests\Repository;
use PHPUnit\Framework\Attributes\CoversClass;
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
use Tvdt\DataFixtures\TestFixtures;
use Tvdt\Entity\BankQuestion;
use Tvdt\Entity\Elimination;
use Tvdt\Entity\GivenAnswer;
use Tvdt\Entity\Question;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Repository\UserRepository;
use function PHPUnit\Framework\assertEmpty;
@@ -42,4 +48,89 @@ final class UserRepositoryTest extends DatabaseTestCase
$this->expectException(\InvalidArgumentException::class);
$this->userRepository->makeAdmin('invalid@example.org');
}
/**
* GDPR right-to-erasure: deleting the sole owner of a season must physically remove every
* row tied to it, not merely soft-delete it. QuizCandidate, GivenAnswer, and Elimination are
* all Gedmo\SoftDeleteable, so a naive $em->remove($season) cascade leaves them (or the
* transaction itself) behind. Assertions bypass the softdeleteable filter and read raw SQL,
* since a soft-deleted row would otherwise still be invisible to a filtered ORM query.
*/
public function testDeleteUserHardDeletesQuizCandidateGivenAnswerAndElimination(): void
{
$user = $this->getUserByEmail('sole-owner@example.org');
$season = $this->getSeasonByCode('doomd');
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => 'Doomed Quiz', 'season' => $season]);
$this->assertInstanceOf(Quiz::class, $quiz);
$candidate = $this->getCandidateBySeasonAndName($season, 'Vera');
/** @var Question $question */
$question = $quiz->questions->first();
$rightAnswer = $question->answers->first();
$this->assertNotFalse($rightAnswer);
$this->quizCandidateRepository->createIfNotExist($quiz, $candidate);
$quizCandidate = $this->quizCandidateRepository->findOneBy(['quiz' => $quiz, 'candidate' => $candidate]);
$this->assertInstanceOf(QuizCandidate::class, $quizCandidate);
$givenAnswer = new GivenAnswer($candidate, $quiz, $rightAnswer);
$this->entityManager->persist($givenAnswer);
$elimination = new Elimination($quiz);
$elimination->data = ['Vera' => Elimination::SCREEN_GREEN];
$this->entityManager->persist($elimination);
$this->entityManager->flush();
$quizCandidateId = $quizCandidate->id->toString();
$givenAnswerId = $givenAnswer->id->toString();
$eliminationId = $elimination->id->toString();
$this->userRepository->deleteUser($user);
$this->entityManager->clear();
$connection = $this->entityManager->getConnection();
$this->assertSame(0, (int) $connection->fetchOne('select count(*) from quiz_candidate where id = ?', [$quizCandidateId]));
$this->assertSame(0, (int) $connection->fetchOne('select count(*) from given_answer where id = ?', [$givenAnswerId]));
$this->assertSame(0, (int) $connection->fetchOne('select count(*) from elimination where id = ?', [$eliminationId]));
}
/**
* Gedmo\Loggable writes an audit row (including the editor's username/email) to
* ext_log_entries for every change to a Versioned field. Those rows aren't linked via a
* foreign key (object_id is a plain string), so deleting the season/BankQuestion never
* cleans them up on its own — the deleted account's email would otherwise live on forever.
*/
public function testDeleteUserPurgesBankQuestionAuditLogEntries(): void
{
$user = $this->getUserByEmail('sole-owner@example.org');
$season = $this->getSeasonByCode('doomd');
$bankQuestion = new BankQuestion();
$bankQuestion->question = 'Wie is de Krtek eigenlijk?';
$bankQuestion->season = $season;
$this->entityManager->persist($bankQuestion);
$this->entityManager->flush();
$bankQuestionId = $bankQuestion->id->toString();
$connection = $this->entityManager->getConnection();
$logCountBefore = (int) $connection->fetchOne(
'select count(*) from ext_log_entries where object_class = ? and object_id = ?',
[BankQuestion::class, $bankQuestionId],
);
$this->assertGreaterThan(0, $logCountBefore);
$this->userRepository->deleteUser($user);
$this->entityManager->clear();
$logCountAfter = (int) $connection->fetchOne(
'select count(*) from ext_log_entries where object_class = ? and object_id = ?',
[BankQuestion::class, $bankQuestionId],
);
$this->assertSame(0, $logCountAfter);
}
}
+286
View File
@@ -0,0 +1,286 @@
<?php
declare(strict_types=1);
namespace Tvdt\Tests\Service;
use PhpOffice\PhpSpreadsheet\Reader;
use PhpOffice\PhpSpreadsheet\Worksheet\Worksheet;
use PHPUnit\Framework\Attributes\CoversClass;
use Tvdt\Entity\Answer;
use Tvdt\Entity\GivenAnswer;
use Tvdt\Entity\Question;
use Tvdt\Entity\Quiz;
use Tvdt\Entity\QuizCandidate;
use Tvdt\Entity\User;
use Tvdt\Service\DataExportService;
use Tvdt\Tests\Repository\DatabaseTestCase;
use function Safe\file_put_contents;
use function Safe\tempnam;
use function Safe\unlink;
#[CoversClass(DataExportService::class)]
final class DataExportServiceTest extends DatabaseTestCase
{
private DataExportService $subject;
/** @var list<string> */
private array $tempFiles = [];
protected function setUp(): void
{
parent::setUp();
$this->subject = self::getContainer()->get(DataExportService::class);
}
protected function tearDown(): void
{
foreach ($this->tempFiles as $path) {
if (file_exists($path)) {
unlink($path);
}
}
parent::tearDown();
}
public function testExportForUserWithNoSeasonsContainsOnlyProfile(): void
{
$zip = $this->openZip($this->getUserByEmail('test@example.org'));
$this->assertSame(1, $zip->numFiles);
$this->assertNotFalse($zip->locateName('profile.xlsx'));
$zip->close();
}
public function testExportForUserIncludesOwnedSeasonsQuizzesAndCandidates(): void
{
$zip = $this->openZip($this->getUserByEmail('user2@example.org'));
$names = $this->entryNames($zip);
$this->assertContains('profile.xlsx', $names);
$this->assertContains('krtek-Krtek-Weekend/Quiz-1.xlsx', $names);
$this->assertContains('krtek-Krtek-Weekend/Quiz-2.xlsx', $names);
$this->assertContains('krtek-Krtek-Weekend/candidates.xlsx', $names);
$this->assertContains('krtek-Krtek-Weekend/question-bank.xlsx', $names);
$this->assertContains('bbbbb-Another-Season/candidates.xlsx', $names);
$this->assertContains('bbbbb-Another-Season/question-bank.xlsx', $names);
// Another Season has no quizzes, so no quiz xlsx should be present for it.
foreach ($names as $name) {
$this->assertStringStartsNotWith('bbbbb-Another-Season/Quiz', $name);
}
$quizContent = $zip->getFromName('krtek-Krtek-Weekend/Quiz-1.xlsx');
$this->assertIsString($quizContent);
$this->assertSame(['Quiz info', 'Questions', 'Raw answers', 'Results', 'Eliminations'], $this->sheetNames($quizContent));
$candidatesContent = $zip->getFromName('krtek-Krtek-Weekend/candidates.xlsx');
$this->assertIsString($candidatesContent);
$this->assertSame(['Candidates', 'Season info'], $this->sheetNames($candidatesContent));
$questionBankContent = $zip->getFromName('krtek-Krtek-Weekend/question-bank.xlsx');
$this->assertIsString($questionBankContent);
$this->assertSame(['Questions', 'Labels'], $this->sheetNames($questionBankContent));
$zip->close();
}
public function testQuestionBankSheetIncludesBankQuestionsAndUsage(): void
{
$zip = $this->openZip($this->getUserByEmail('user2@example.org'));
$questionBankContent = $zip->getFromName('krtek-Krtek-Weekend/question-bank.xlsx');
$this->assertIsString($questionBankContent);
$zip->close();
$rows = $this->loadSheet($questionBankContent, 'Questions')->toArray();
$header = $rows[0];
$dataRows = \array_slice($rows, 1);
$questionIndex = array_search('Question', $header, true);
$reusableIndex = array_search('Reusable', $header, true);
$labelsIndex = array_search('Labels', $header, true);
$usedInQuizzesIndex = array_search('Used in quizzes', $header, true);
$reusableRow = current(array_filter($dataRows, static fn (array $row): bool => 'Wie is de Krtek?' === $row[$questionIndex]));
$this->assertIsArray($reusableRow);
$this->assertSame('Yes', $reusableRow[$reusableIndex]);
$this->assertSame('Finale', $reusableRow[$labelsIndex]);
$usedRow = current(array_filter($dataRows, static fn (array $row): bool => 'Waar sliep de Krtek?' === $row[$questionIndex]));
$this->assertIsArray($usedRow);
$this->assertSame('Quiz 2', $usedRow[$usedInQuizzesIndex]);
$labelRows = $this->loadSheet($questionBankContent, 'Labels')->toArray();
$labelNames = array_column(\array_slice($labelRows, 1), 0);
$this->assertContains('Locatie', $labelNames);
$this->assertContains('Finale', $labelNames);
}
public function testProfileSheetDoesNotContainPasswordHash(): void
{
$user = $this->getUserByEmail('user2@example.org');
$zip = $this->openZip($user);
$profileContent = $zip->getFromName('profile.xlsx');
$this->assertIsString($profileContent);
$zip->close();
$rows = $this->loadSheet($profileContent, 'Account')->toArray();
$flattened = implode(' ', array_merge(...$rows));
$this->assertStringNotContainsString($user->password, $flattened);
}
public function testResultsSheetIncludesSoftDeletedQuizCandidates(): void
{
$season = $this->getSeasonByCode('krtek');
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => 'Quiz 1', 'season' => $season]);
$this->assertInstanceOf(Quiz::class, $quiz);
$candidate = $this->getCandidateBySeasonAndName($season, 'Claudia');
$quizCandidate = new QuizCandidate($quiz, $candidate);
$this->entityManager->persist($quizCandidate);
$this->entityManager->flush();
$this->entityManager->remove($quizCandidate);
$this->entityManager->flush();
$this->entityManager->clear();
$zip = $this->openZip($this->getUserByEmail('user2@example.org'));
$quizContent = $zip->getFromName('krtek-Krtek-Weekend/Quiz-1.xlsx');
$this->assertIsString($quizContent);
$zip->close();
$rows = $this->loadSheet($quizContent, 'Results')->toArray();
$deletedColumnIndex = array_search('Deleted', $rows[0], true);
$this->assertIsInt($deletedColumnIndex);
$hasDeletedRow = array_any(\array_slice($rows, 1), static fn (array $row): bool => null !== $row[$deletedColumnIndex] && '' !== $row[$deletedColumnIndex]);
$this->assertTrue($hasDeletedRow, 'Expected the soft-deleted QuizCandidate to still appear with a Deleted timestamp');
}
public function testRawAnswersSheetShowsCandidatesByQuestionsGrid(): void
{
$season = $this->getSeasonByCode('krtek');
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => 'Quiz 1', 'season' => $season]);
$this->assertInstanceOf(Quiz::class, $quiz);
$candidate = $this->getCandidateBySeasonAndName($season, 'Claudia');
/** @var Question $firstQuestion */
$firstQuestion = $quiz->questions->first();
$chosenAnswer = $firstQuestion->answers->filter(static fn (Answer $answer): bool => 'Man' === $answer->text)->first();
$this->assertInstanceOf(Answer::class, $chosenAnswer);
$this->quizCandidateRepository->createIfNotExist($quiz, $candidate);
$givenAnswer = new GivenAnswer($candidate, $quiz, $chosenAnswer);
$this->entityManager->persist($givenAnswer);
$this->entityManager->flush();
$zip = $this->openZip($this->getUserByEmail('user2@example.org'));
$quizContent = $zip->getFromName('krtek-Krtek-Weekend/Quiz-1.xlsx');
$this->assertIsString($quizContent);
$zip->close();
$rows = $this->loadSheet($quizContent, 'Raw answers')->toArray();
$header = $rows[0];
$this->assertSame('Candidate', $header[0]);
$questionColumnIndex = array_search($firstQuestion->question, $header, true);
$this->assertIsInt($questionColumnIndex);
$claudiaRow = current(array_filter(
\array_slice($rows, 1),
static fn (array $row): bool => 'Claudia' === $row[0],
));
$this->assertIsArray($claudiaRow);
$this->assertSame('Man', $claudiaRow[$questionColumnIndex]);
}
public function testQuizInfoSheetShowsDropoutsFinalizationAndDisabledQuestions(): void
{
$season = $this->getSeasonByCode('krtek');
$quiz = $this->entityManager->getRepository(Quiz::class)->findOneBy(['name' => 'Quiz 1', 'season' => $season]);
$this->assertInstanceOf(Quiz::class, $quiz);
$this->assertTrue($quiz->isFinalized);
/** @var Question $disabledQuestion */
$disabledQuestion = $quiz->questions->first();
$disabledQuestion->enabled = false;
$this->entityManager->flush();
$zip = $this->openZip($this->getUserByEmail('user2@example.org'));
$quizContent = $zip->getFromName('krtek-Krtek-Weekend/Quiz-1.xlsx');
$this->assertIsString($quizContent);
$zip->close();
$rows = $this->loadSheet($quizContent, 'Quiz info')->toArray();
$values = [];
foreach ($rows as $row) {
$values[$row[0]] = $row[1];
}
$this->assertSame('Quiz 1', $values['Quiz name']);
$this->assertSame($quiz->dropouts, (int) $values['Number of dropouts']);
$this->assertSame('Yes', $values['Finalized']);
$this->assertNotEmpty($values['Finalized at']);
$this->assertStringContainsString($disabledQuestion->question, (string) $values['Disabled questions']);
}
private function openZip(User $user): \ZipArchive
{
$zipPath = $this->subject->exportForUser($user);
$this->tempFiles[] = $zipPath;
$zip = new \ZipArchive();
$this->assertTrue($zip->open($zipPath));
return $zip;
}
/** @return list<string> */
private function entryNames(\ZipArchive $zip): array
{
$names = [];
for ($i = 0; $i < $zip->numFiles; ++$i) {
$name = $zip->getNameIndex($i);
$this->assertIsString($name);
$names[] = $name;
}
return $names;
}
/** @return list<string> */
private function sheetNames(string $xlsxContent): array
{
$path = $this->createTempPath();
file_put_contents($path, $xlsxContent);
return array_values(new Reader\Xlsx()->load($path)->getSheetNames());
}
private function loadSheet(string $xlsxContent, string $sheetName): Worksheet
{
$path = $this->createTempPath();
file_put_contents($path, $xlsxContent);
$sheet = new Reader\Xlsx()->load($path)->getSheetByName($sheetName);
$this->assertInstanceOf(Worksheet::class, $sheet);
return $sheet;
}
private function createTempPath(): string
{
$path = tempnam(sys_get_temp_dir(), 'tvdt_export_test_');
$this->tempFiles[] = $path;
return $path;
}
}
+96 -8
View File
@@ -5,6 +5,10 @@
<tool tool-id="symfony" tool-name="Symfony"/>
</header>
<body>
<trans-unit id="QcFeGZy" resname="A candidate with this name already exists in this season">
<source>A candidate with this name already exists in this season</source>
<target>Er bestaat al een kandidaat met deze naam in dit seizoen</target>
</trans-unit>
<trans-unit id="VNxXghX" resname="A label with a similar name already exists">
<source>A label with a similar name already exists</source>
<target>Er bestaat al een label met deze naam</target>
@@ -101,6 +105,10 @@
<source>Are you sure you want to clear all the results? This will also delete all the eliminations.</source>
<target>Weet je zeker dat je de resultaten wilt leegmaken? Dit gooit ook alle eliminaties weg.</target>
</trans-unit>
<trans-unit id="zisWo9d" resname="Are you sure you want to delete this candidate? All their answers will be lost.">
<source>Are you sure you want to delete this candidate? All their answers will be lost.</source>
<target>Weet je zeker dat je deze kandidaat wilt verwijderen? Alle gegeven antwoorden gaan dan verloren.</target>
</trans-unit>
<trans-unit id="8HZ5s3T" resname="Are you sure you want to delete this question from the question bank?">
<source>Are you sure you want to delete this question from the question bank?</source>
<target>Weet je zeker dat je deze vraag uit de vragenbank wilt verwijderen?</target>
@@ -145,10 +153,18 @@
<source>Candidate answers saved</source>
<target>Kandidaatantwoorden opgeslagen</target>
</trans-unit>
<trans-unit id="tggdgJl" resname="Candidate deleted">
<source>Candidate deleted</source>
<target>Kandidaat verwijderd</target>
</trans-unit>
<trans-unit id="TiTLBGW" resname="Candidate not found">
<source>Candidate not found</source>
<target>Kandidaat niet gevonden</target>
</trans-unit>
<trans-unit id="QH4e_Ho" resname="Candidate renamed">
<source>Candidate renamed</source>
<target>Kandidaat hernoemd</target>
</trans-unit>
<trans-unit id="6QiGbuz" resname="Candidate status updated">
<source>Candidate status updated</source>
<target>Kandidaatstatus bijgewerkt</target>
@@ -189,6 +205,14 @@
<source>Confirm Answers</source>
<target>Bevestig antwoorden</target>
</trans-unit>
<trans-unit id="T1Z6nI1" resname="Confirm your email address to enable this feature.">
<source>Confirm your email address to enable this feature.</source>
<target>Bevestig je e-mailadres om deze functie te kunnen gebruiken.</target>
</trans-unit>
<trans-unit id="QZfvKMx" resname="Confirm your email address to enable this.">
<source>Confirm your email address to enable this.</source>
<target>Bevestig je e-mailadres om dit te gebruiken.</target>
</trans-unit>
<trans-unit id="PiAVEe9" resname="Confirmed">
<source>Confirmed</source>
<target>Bevestigd</target>
@@ -221,6 +245,10 @@
<source>Create an empty quiz and add questions from the question bank.</source>
<target>Maak een lege quiz aan en voeg vragen toe vanuit de vragenbank.</target>
</trans-unit>
<trans-unit id="jrXhJOR" resname="Current code:">
<source>Current code:</source>
<target>Huidige code:</target>
</trans-unit>
<trans-unit id="3leUyoA" resname="Current email address:">
<source>Current email address:</source>
<target>Huidig e-mailadres:</target>
@@ -273,6 +301,10 @@
<source>Download Template</source>
<target>Download sjabloon</target>
</trans-unit>
<trans-unit id="43g0Dc8" resname="Download an archive of everything stored under your account: your profile, the seasons you own, their quizzes, results and candidates.">
<source>Download an archive of everything stored under your account: your profile, the seasons you own, their quizzes, results and candidates.</source>
<target>Download een archief met alles wat onder je account is opgeslagen: je profiel, de seizoenen die je bezit, met de bijbehorende testen, resultaten en kandidaten.</target>
</trans-unit>
<trans-unit id="58e2QWG" resname="Download data">
<source>Download data</source>
<target>Gegevens downloaden</target>
@@ -537,6 +569,18 @@
<source>Please Confirm your Email</source>
<target>Bevestig je e-mailadres alsjeblieft</target>
</trans-unit>
<trans-unit id="7osID7L" resname="Please confirm your email address before downloading your data.">
<source>Please confirm your email address before downloading your data.</source>
<target>Bevestig eerst je e-mailadres voordat je je gegevens downloadt.</target>
</trans-unit>
<trans-unit id="XS4opCD" resname="Please confirm your email address before exporting a quiz.">
<source>Please confirm your email address before exporting a quiz.</source>
<target>Bevestig je e-mailadres voordat je een quiz exporteert.</target>
</trans-unit>
<trans-unit id="y4TgBCP" resname="Please confirm your email address before exporting data.">
<source>Please confirm your email address before exporting data.</source>
<target>Bevestig eerst je e-mailadres voordat je gegevens exporteert.</target>
</trans-unit>
<trans-unit id="mq1QYAv" resname="Please select an answer">
<source>Please select an answer</source>
<target>Selecteer een antwoorden alsjeblieft</target>
@@ -661,6 +705,10 @@
<source>Re-opens the quiz for editing. Candidates will no longer be able to take the quiz until it is finalized again.</source>
<target>Heropent de test voor bewerking. Deelnemers kunnen de test niet meer afnemen totdat deze opnieuw is afgerond.</target>
</trans-unit>
<trans-unit id="MuwD4xO" resname="Ready">
<source>Ready</source>
<target>Voorbereid</target>
</trans-unit>
<trans-unit id="P1HcfAu" resname="Red">
<source>Red</source>
<target>Rood</target>
@@ -669,6 +717,14 @@
<source>Refresh the page to try again.</source>
<target>Ververs de pagina om het opnieuw te proberen.</target>
</trans-unit>
<trans-unit id="EGW_4W_" resname="Regenerate season code">
<source>Regenerate season code</source>
<target>Seizoenscode opnieuw genereren</target>
</trans-unit>
<trans-unit id="EWuNNNu" resname="Regenerate season code...">
<source>Regenerate season code...</source>
<target>Seizoenscode opnieuw genereren...</target>
</trans-unit>
<trans-unit id="fGfBzt6" resname="Register">
<source>Register</source>
<target>Registreren</target>
@@ -681,6 +737,14 @@
<source>Remove label</source>
<target>Label verwijderen</target>
</trans-unit>
<trans-unit id="WHywg0z" resname="Rename">
<source>Rename</source>
<target>Hernoemen</target>
</trans-unit>
<trans-unit id="K2RP6H8" resname="Rename candidate">
<source>Rename candidate</source>
<target>Kandidaat hernoemen</target>
</trans-unit>
<trans-unit id="Z9CSKpk" resname="Repeat Password">
<source>Repeat Password</source>
<target>Herhaal wachtwoord</target>
@@ -729,6 +793,14 @@
<source>Season Name</source>
<target>Seizoennaam</target>
</trans-unit>
<trans-unit id="IxKDF4a" resname="Season code">
<source>Season code</source>
<target>Seizoenscode</target>
</trans-unit>
<trans-unit id="iigT2eM" resname="Season code regenerated">
<source>Season code regenerated</source>
<target>Seizoenscode opnieuw gegenereerd</target>
</trans-unit>
<trans-unit id="kc_J96C" resname="Seasons">
<source>Seasons</source>
<target>Seizoenen</target>
@@ -769,6 +841,18 @@
<source>Sync latest changes to this quiz</source>
<target>Laatste wijzigingen synchroniseren naar deze quiz</target>
</trans-unit>
<trans-unit id="cug5d45" resname="The candidate name must be between 1 and 16 characters">
<source>The candidate name must be between 1 and 16 characters</source>
<target>De naam van de kandidaat moet tussen de 1 en 16 tekens zijn</target>
</trans-unit>
<trans-unit id="XwQ1Fav" resname="The confirmation email could not be sent. Please try again later.">
<source>The confirmation email could not be sent. Please try again later.</source>
<target>De bevestigingsmail kon niet worden verzonden. Probeer het later opnieuw.</target>
</trans-unit>
<trans-unit id="mMDwcxj" resname="The confirmation email could not be sent. Please use the resend button to try again.">
<source>The confirmation email could not be sent. Please use the resend button to try again.</source>
<target>De bevestigingsmail kon niet worden verzonden. Gebruik de knop om het opnieuw te proberen.</target>
</trans-unit>
<trans-unit id="_z4el3Z" resname="The password fields must match.">
<source>The password fields must match.</source>
<target>De wachtwoorden moeten overeen komen.</target>
@@ -793,6 +877,10 @@
<source>The quiz must be finalized before it can be activated</source>
<target>De test moet afgerond zijn voordat deze geactiveerd kan worden</target>
</trans-unit>
<trans-unit id="IKPt_Pf" resname="The season code is used by candidates to join this season. Regenerating it invalidates the current code, so make sure to share the new one.">
<source>The season code is used by candidates to join this season. Regenerating it invalidates the current code, so make sure to share the new one.</source>
<target>De seizoenscode wordt door kandidaten gebruikt om dit seizoen te vinden. Als je een nieuwe code genereert, werkt de oude niet meer, dus deel de nieuwe code opnieuw.</target>
</trans-unit>
<trans-unit id="HuzRgeN" resname="There are no answers for this question">
<source>There are no answers for this question</source>
<target>Er zijn geen antwoorden voor deze vraag</target>
@@ -809,6 +897,10 @@
<source>This deletes your account and every season you are the only owner of. Enter your password to confirm.</source>
<target>Dit verwijdert je account en alle seizoenen waarvan jij de enige eigenaar bent. Vul je wachtwoord in om te bevestigen.</target>
</trans-unit>
<trans-unit id="EBWUWJu" resname="This invalidates the current season code. Anyone using the old code will no longer be able to join this season.">
<source>This invalidates the current season code. Anyone using the old code will no longer be able to join this season.</source>
<target>Hiermee wordt de huidige seizoenscode ongeldig. Iedereen die de oude code gebruikt, kan dit seizoen niet meer vinden.</target>
</trans-unit>
<trans-unit id="YueaA2f" resname="This link will expire in %count%.">
<source>This link will expire in %count%.</source>
<target>Deze link verloopt over %count%.</target>
@@ -901,18 +993,14 @@
<source>Your data</source>
<target>Je gegevens</target>
</trans-unit>
<trans-unit id="sAb9l8I" resname="Your email address has been changed.">
<source>Your email address has been changed.</source>
<target>Je e-mailadres is gewijzigd.</target>
</trans-unit>
<trans-unit id="OqDtnJw" resname="Your email address has been changed. Please check your inbox to confirm it.">
<source>Your email address has been changed. Please check your inbox to confirm it.</source>
<target>Je e-mailadres is gewijzigd. Check je inbox om het te bevestigen.</target>
</trans-unit>
<trans-unit id="kWpL7Rn" resname="The confirmation email could not be sent. Please use the resend button to try again.">
<source>The confirmation email could not be sent. Please use the resend button to try again.</source>
<target>De bevestigingsmail kon niet worden verzonden. Gebruik de knop om het opnieuw te proberen.</target>
</trans-unit>
<trans-unit id="mQxV2Jf" resname="The confirmation email could not be sent. Please try again later.">
<source>The confirmation email could not be sent. Please try again later.</source>
<target>De bevestigingsmail kon niet worden verzonden. Probeer het later opnieuw.</target>
</trans-unit>
<trans-unit id="m80cBv0" resname="Your email address has been verified.">
<source>Your email address has been verified.</source>
<target>Je e-mailadres is geverifieerd.</target>