don't perform user check if SUPER ADMIN

2026-01-26 13:58:38 +01:00 · 2026-01-26 13:58:38 +01:00 · df9f102ecf
parent a1b92aebce
commit df9f102ecf
5 changed files with 142 additions and 14 deletions
--- a/.env.test
+++ b/.env.test
@ -4,3 +4,4 @@ APP_SECRET='$ecretf0rt3st'
 SYMFONY_DEPRECATIONS_HELPER=999999
 PANTHER_APP_ENV=panther
 PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
+DATABASE_URL="postgresql://postgres:12345@127.0.0.1:5432/Easy_solution?serverVersion=17charset=utf8"
--- a/.phpunit.cache/test-results
+++ b/.phpunit.cache/test-results
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@ -9,9 +9,17 @@
        <ini name="display_errors" value="1" />
        <ini name="error_reporting" value="-1" />
        <server name="APP_ENV" value="test" force="true" />
+        <server name="APPLICATION" value="solutions" force="true" />
+        <server name="AWS_S3_PORTAL_URL" value="solutions" force="true" />
+        <env name="S3_PORTAL_BUCKET" value="test-bucket-placeholder" force="true" />
+        <server name="AWS_ENDPOINT" value="solutions" force="true" />
        <server name="SHELL_VERBOSITY" value="-1" />
    </php>

+    <extensions>
+        <bootstrap class="DAMA\DoctrineTestBundle\PHPUnit\PHPUnitExtension" />
+    </extensions>
+
    <testsuites>
        <testsuite name="Project Test Suite">
            <directory>tests</directory>
--- a/src/Security/UserChecker.php
+++ b/src/Security/UserChecker.php
@ -21,20 +21,25 @@ class UserChecker implements UserCheckerInterface

    public function checkPostAuth(UserInterface $user): void
    {
-        // runs after credentials are validated
-        if (method_exists($user, 'isDeleted') && $user->isDeleted()) {
-            throw new CustomUserMessageAccountStatusException('Votre compte a été supprimé.');
+        //if not Super admin, perform checks
+        if (!in_array('ROLE_SUPER_ADMIN', $user->getRoles(), true))
+        {
+            // runs after credentials are validated
+            if (method_exists($user, 'isDeleted') && $user->isDeleted()) {
+                throw new CustomUserMessageAccountStatusException('Votre compte a été supprimé.');
+            }
+
+            // check if the user account is active
+            if (method_exists($user, 'isActive') && !$user->isActive()) {
+                throw new CustomUserMessageAccountStatusException('Votre compte est désactivé.');
+            }
+
+            //check if the user is in an organization
+            $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $user, 'isActive' => true]);
+            if (!$uo) {
+                throw new CustomUserMessageAccountStatusException('Vous n\'êtes pas relié à une organisation. veuillez contacter un administrateur.');
+            }
        }

-        // check if the user account is active
-        if (method_exists($user, 'isActive') && !$user->isActive()) {
-            throw new CustomUserMessageAccountStatusException('Votre compte est désactivé.');
-        }
-
-        //check if the user is in an organization
-        $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $user, 'isActive' => true]);
-        if (!$uo) {
-            throw new CustomUserMessageAccountStatusException('Vous n\'êtes pas relié à une organisation. veuillez contacter un administrateur.');
-        }
    }
 }
--- a/tests/Controller/SecurityControllerTest.php
+++ b/tests/Controller/SecurityControllerTest.php
@ -0,0 +1,113 @@
+<?php
+
+namespace App\Tests\Controller;
+
+
+use App\Tests\Functional\AbstractFunctionalTest;
+use PHPUnit\Framework\Attributes\Test;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
+
+class SecurityControllerTest extends AbstractFunctionalTest{
+
+    //region login tests
+
+    #[Test]
+    public function test_login_page_is_accessible(): void
+    {
+        $this->client->request('GET', '/login');
+        self::assertResponseIsSuccessful();
+    }
+
+    #[Test]
+    public function test_login_page_contains_login_form(): void
+    {
+        $this->client->request('GET', '/login');
+        $crawler = $this->client->getCrawler();
+        self::assertGreaterThanOrEqual(
+            0,
+            $crawler->filter('form[name="login_form"]')->count(),
+            'The login page does not contain a login form.'
+        );
+    }
+
+    #[Test]
+    public function test_login_with_invalid_credentials_shows_error(): void
+    {
+        $this->client->request('GET', '/login');
+//        dd($this->client->getResponse()->getContent());
+        $this->client->submitForm('Connexion', [
+            '_username' => 'l@l.com',
+            '_password' => 'invalid_password',
+        ]);
+
+        self::assertResponseStatusCodeSame(302);
+        $crawler = $this->client->getCrawler();
+        self::assertGreaterThanOrEqual(
+            0,
+            $crawler->filter('.alert-danger')->count(),
+
+        );
+    }
+
+//    PHPLeague OAuth2 Server causes issues with functional tests involving authentication.
+//    #[Test]
+//    public function test_login_with_valid_credentials_redirects(): void
+//    {
+//        /** @var UserPasswordHasherInterface $passwordHasher */
+//        $passwordHasher = $this->client->getContainer()->get('security.user_password_hasher');
+//
+//        $userEmail = 'user@email.com';
+//        $plainPassword = 'valid_password';
+//
+//        $user = $this->createUser($userEmail);
+//
+//        $hashedPassword = $passwordHasher->hashPassword($user, $plainPassword);
+//        $user->setPassword($hashedPassword);
+//        $organization = $this->createOrganization("orga");
+//        $uo = $this->createUOLink($user, $organization);
+//        $app = $this->createApp("app");
+//        $role = $this->createRole("USER");
+//        $uoa = $this->createUOALink($uo, $app, $role);
+//
+//        $this->entityManager->persist($user);
+//        $this->entityManager->flush();
+//
+//        // 3. Attempt login
+//        $this->client->request('GET', '/login');
+//
+//        $this->client->submitForm('Connexion', [
+//            '_username' => $userEmail,
+//            '_password' => $plainPassword,
+//        ]);
+//
+//        self::assertResponseRedirects('/application/');
+//        $this->client->followRedirect();
+//
+//
+//        self::assertResponseIsSuccessful();
+//    }
+
+    //endregion
+
+    //region logout tests
+//
+//    #[Test]
+//    public function test_logout_redirects_to_login(): void
+//    {
+//        $user = $this->createUser('user@user.com');
+//        $this->client->loginUser($user);
+//        // 1. Generate a valid CSRF token for the 'logout' intent
+//        $container = $this->client->getContainer();
+//        $token = $container->get('security.csrf.token_manager')->getToken('logout')->getValue();
+//
+//        // 2. Pass the token as a parameter named '_csrf_token'
+//        $this->client->request('POST', '/sso_logout', [
+//            '_csrf_token' => $token
+//        ]);
+//
+//        $this->client->followRedirect();
+//
+//        self::assertResponseRedirects('/login');
+//        self::assertResponseIsSuccessful();
+//    }
+}