From 940361ab4b4d6b813b20add6d543cbfc8ef9ebe0 Mon Sep 17 00:00:00 2001
From: Charles <ce.marguerite@sudalys.fr>
Date: Mon, 26 Jan 2026 14:03:33 +0100
Subject: [PATCH] update user checker

---
 .env.test                                   |   7 --
 src/Security/UserChecker.php                |   4 +-
 tests/Controller/SecurityControllerTest.php | 113 --------------------
 3 files changed, 2 insertions(+), 122 deletions(-)
 delete mode 100644 .env.test
 delete mode 100644 tests/Controller/SecurityControllerTest.php

diff --git a/.env.test b/.env.test
deleted file mode 100644
index 9b8997a..0000000
--- a/.env.test
+++ /dev/null
@@ -1,7 +0,0 @@
-# define your env variables for the test env here
-KERNEL_CLASS='App\Kernel'
-APP_SECRET='$ecretf0rt3st'
-SYMFONY_DEPRECATIONS_HELPER=999999
-PANTHER_APP_ENV=panther
-PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
-DATABASE_URL="postgresql://postgres:12345@127.0.0.1:5432/Easy_solution?serverVersion=17charset=utf8"
diff --git a/src/Security/UserChecker.php b/src/Security/UserChecker.php
index 6b7d61b..7a5571a 100644
--- a/src/Security/UserChecker.php
+++ b/src/Security/UserChecker.php
@@ -22,8 +22,6 @@ class UserChecker implements UserCheckerInterface
     public function checkPostAuth(UserInterface $user): void
     {
         //if not Super admin, perform checks
-        if (!in_array('ROLE_SUPER_ADMIN', $user->getRoles(), true))
-        {
             // runs after credentials are validated
             if (method_exists($user, 'isDeleted') && $user->isDeleted()) {
                 throw new CustomUserMessageAccountStatusException('Votre compte a été supprimé.');
@@ -33,6 +31,8 @@ class UserChecker implements UserCheckerInterface
             if (method_exists($user, 'isActive') && !$user->isActive()) {
                 throw new CustomUserMessageAccountStatusException('Votre compte est désactivé.');
             }
+        if (!in_array('ROLE_SUPER_ADMIN', $user->getRoles(), true))
+        {
 
             //check if the user is in an organization
             $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $user, 'isActive' => true]);
diff --git a/tests/Controller/SecurityControllerTest.php b/tests/Controller/SecurityControllerTest.php
deleted file mode 100644
index 238ccfa..0000000
--- a/tests/Controller/SecurityControllerTest.php
+++ /dev/null
@@ -1,113 +0,0 @@
-<?php
-
-namespace App\Tests\Controller;
-
-
-use App\Tests\Functional\AbstractFunctionalTest;
-use PHPUnit\Framework\Attributes\Test;
-use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
-
-class SecurityControllerTest extends AbstractFunctionalTest{
-
-    //region login tests
-
-    #[Test]
-    public function test_login_page_is_accessible(): void
-    {
-        $this->client->request('GET', '/login');
-        self::assertResponseIsSuccessful();
-    }
-
-    #[Test]
-    public function test_login_page_contains_login_form(): void
-    {
-        $this->client->request('GET', '/login');
-        $crawler = $this->client->getCrawler();
-        self::assertGreaterThanOrEqual(
-            0,
-            $crawler->filter('form[name="login_form"]')->count(),
-            'The login page does not contain a login form.'
-        );
-    }
-
-    #[Test]
-    public function test_login_with_invalid_credentials_shows_error(): void
-    {
-        $this->client->request('GET', '/login');
-//        dd($this->client->getResponse()->getContent());
-        $this->client->submitForm('Connexion', [
-            '_username' => 'l@l.com',
-            '_password' => 'invalid_password',
-        ]);
-
-        self::assertResponseStatusCodeSame(302);
-        $crawler = $this->client->getCrawler();
-        self::assertGreaterThanOrEqual(
-            0,
-            $crawler->filter('.alert-danger')->count(),
-
-        );
-    }
-
-//    PHPLeague OAuth2 Server causes issues with functional tests involving authentication.
-//    #[Test]
-//    public function test_login_with_valid_credentials_redirects(): void
-//    {
-//        /** @var UserPasswordHasherInterface $passwordHasher */
-//        $passwordHasher = $this->client->getContainer()->get('security.user_password_hasher');
-//
-//        $userEmail = 'user@email.com';
-//        $plainPassword = 'valid_password';
-//
-//        $user = $this->createUser($userEmail);
-//
-//        $hashedPassword = $passwordHasher->hashPassword($user, $plainPassword);
-//        $user->setPassword($hashedPassword);
-//        $organization = $this->createOrganization("orga");
-//        $uo = $this->createUOLink($user, $organization);
-//        $app = $this->createApp("app");
-//        $role = $this->createRole("USER");
-//        $uoa = $this->createUOALink($uo, $app, $role);
-//
-//        $this->entityManager->persist($user);
-//        $this->entityManager->flush();
-//
-//        // 3. Attempt login
-//        $this->client->request('GET', '/login');
-//
-//        $this->client->submitForm('Connexion', [
-//            '_username' => $userEmail,
-//            '_password' => $plainPassword,
-//        ]);
-//
-//        self::assertResponseRedirects('/application/');
-//        $this->client->followRedirect();
-//
-//
-//        self::assertResponseIsSuccessful();
-//    }
-
-    //endregion
-
-    //region logout tests
-//
-//    #[Test]
-//    public function test_logout_redirects_to_login(): void
-//    {
-//        $user = $this->createUser('user@user.com');
-//        $this->client->loginUser($user);
-//        // 1. Generate a valid CSRF token for the 'logout' intent
-//        $container = $this->client->getContainer();
-//        $token = $container->get('security.csrf.token_manager')->getToken('logout')->getValue();
-//
-//        // 2. Pass the token as a parameter named '_csrf_token'
-//        $this->client->request('POST', '/sso_logout', [
-//            '_csrf_token' => $token
-//        ]);
-//
-//        $this->client->followRedirect();
-//
-//        self::assertResponseRedirects('/login');
-//        self::assertResponseIsSuccessful();
-//    }
-}