thatguygriff
1d6ac46ba3
CI / No Debug Code (pull_request) Successful in 3s
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
CI / Tests (PHP 8.3) (pull_request) Successful in 52s
CI / Coding Standards (pull_request) Successful in 57s
CI / Tests (PHP 8.1) (pull_request) Successful in 1m1s
CI / PHPStan (pull_request) Successful in 1m11s
CI / Build Plugin Zip (pull_request) Has been skipped
- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0 - Move the analysis level into phpstan.neon (single source) and raise it to 10 - Add Val, a runtime coercion helper that narrows untyped WordPress boundary values (wpdb rows, REST params, superglobals, options) with explicit checks instead of blind casts, plus unit tests - Type value-object fromRow() params as stdClass (what wpdb returns) and map columns through Val so unexpected shapes degrade safely - Use %i identifier placeholders for table names in all wpdb::prepare() calls so every query string is a literal and identifiers are escaped by WordPress; raises the minimum WordPress version to 6.2 where %i was introduced - Guard wpdb::prepare() null result before wpdb::query() in updateTax() - Fix nullable get_permalink()/strtotime() handling, list types at REST and capability call sites, dead null-coalescing on checked superglobals, and narrow get_users() results before mapping - Register Val method names with the ValidatedSanitizedInput sniff so it validates the real sanitizer around each superglobal read - Update repository unit tests for the %i placeholder arguments Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
139 lines
4.4 KiB
PHP
139 lines
4.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Unsupervised\Schedular\Tests\Unit\Auth;
|
|
|
|
use Brain\Monkey\Functions;
|
|
use Mockery;
|
|
use Unsupervised\Schedular\Auth\Invite;
|
|
use Unsupervised\Schedular\Auth\InviteRepository;
|
|
use Unsupervised\Schedular\Tests\Unit\TestCase;
|
|
|
|
class InviteRepositoryTest extends TestCase
|
|
{
|
|
private \wpdb $db;
|
|
private InviteRepository $repo;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
$this->db = Mockery::mock(\wpdb::class);
|
|
$this->db->prefix = 'wp_';
|
|
$this->repo = new InviteRepository($this->db);
|
|
}
|
|
|
|
public function testInsertReturnsId(): void
|
|
{
|
|
Functions\expect('current_time')->with('mysql')->andReturn('2026-06-02 09:00:00');
|
|
|
|
$this->db->shouldReceive('insert')
|
|
->once()
|
|
->with(
|
|
'wp_us_invites',
|
|
Mockery::on(static function (array $d): bool {
|
|
return $d['email'] === 'a@b.test'
|
|
&& $d['token'] === 'tok123'
|
|
&& $d['status'] === Invite::STATUS_PENDING
|
|
&& $d['invited_by'] === 2;
|
|
}),
|
|
['%s', '%s', '%s', '%s', '%d', '%d', '%s', '%s']
|
|
);
|
|
$this->db->insert_id = 5;
|
|
|
|
self::assertSame(5, $this->repo->insert(new Invite('a@b.test', 'tok123', invitedBy: 2)));
|
|
}
|
|
|
|
public function testFindByTokenReturnsInvite(): void
|
|
{
|
|
$this->db->shouldReceive('prepare')
|
|
->once()
|
|
->with(Mockery::pattern('/token = %s/'), 'wp_us_invites', 'tok123')
|
|
->andReturn('SELECT ...');
|
|
|
|
$this->db->shouldReceive('get_row')->andReturn($this->row());
|
|
|
|
$invite = $this->repo->findByToken('tok123');
|
|
|
|
self::assertInstanceOf(Invite::class, $invite);
|
|
self::assertSame('a@b.test', $invite->email);
|
|
}
|
|
|
|
public function testFindByTokenReturnsNullWhenMissing(): void
|
|
{
|
|
$this->db->shouldReceive('prepare')->andReturn('SELECT ...');
|
|
$this->db->shouldReceive('get_row')->andReturn(null);
|
|
|
|
self::assertNull($this->repo->findByToken('nope'));
|
|
}
|
|
|
|
public function testFindPendingByEmailFiltersStatus(): void
|
|
{
|
|
$this->db->shouldReceive('prepare')
|
|
->once()
|
|
->with(Mockery::pattern('/email = %s AND status = %s/'), 'wp_us_invites', 'a@b.test', Invite::STATUS_PENDING)
|
|
->andReturn('SELECT ...');
|
|
|
|
$this->db->shouldReceive('get_row')->andReturn($this->row());
|
|
|
|
self::assertInstanceOf(Invite::class, $this->repo->findPendingByEmail('a@b.test'));
|
|
}
|
|
|
|
public function testFindPendingMapsRows(): void
|
|
{
|
|
$this->db->shouldReceive('prepare')
|
|
->once()
|
|
->with(Mockery::pattern('/status = %s/'), 'wp_us_invites', Invite::STATUS_PENDING)
|
|
->andReturn('SELECT ...');
|
|
|
|
$this->db->shouldReceive('get_results')->andReturn([$this->row()]);
|
|
|
|
$pending = $this->repo->findPending();
|
|
|
|
self::assertCount(1, $pending);
|
|
self::assertInstanceOf(Invite::class, $pending[0]);
|
|
}
|
|
|
|
public function testMarkAcceptedUpdatesRow(): void
|
|
{
|
|
Functions\expect('current_time')->with('mysql')->andReturn('2026-06-02 10:00:00');
|
|
|
|
$this->db->shouldReceive('update')
|
|
->once()
|
|
->with(
|
|
'wp_us_invites',
|
|
Mockery::on(static fn (array $d): bool => $d['status'] === Invite::STATUS_ACCEPTED && $d['accepted_user_id'] === 9),
|
|
['id' => 5],
|
|
['%s', '%d', '%s'],
|
|
['%d']
|
|
)
|
|
->andReturn(1);
|
|
|
|
self::assertTrue($this->repo->markAccepted(5, 9));
|
|
}
|
|
|
|
public function testRevokeUpdatesStatus(): void
|
|
{
|
|
$this->db->shouldReceive('update')
|
|
->once()
|
|
->with('wp_us_invites', ['status' => Invite::STATUS_REVOKED], ['id' => 5], ['%s'], ['%d'])
|
|
->andReturn(1);
|
|
|
|
self::assertTrue($this->repo->revoke(5));
|
|
}
|
|
|
|
private function row(): object
|
|
{
|
|
return (object) [
|
|
'id' => '5',
|
|
'email' => 'a@b.test',
|
|
'token' => 'tok123',
|
|
'role' => 'us_student',
|
|
'status' => Invite::STATUS_PENDING,
|
|
'invited_by' => '2',
|
|
'accepted_user_id' => null,
|
|
'accepted_at' => null,
|
|
];
|
|
}
|
|
}
|