Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions src/AppBundle/Controller/TaskController.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,16 @@ public function createAction(Request $request)
*/
public function editAction(Task $task, Request $request)
{
$form = $this->createForm(TaskType::class, $task);
// 1. Save the original user before handling the request
$originalUser = $task->getUser();

$form = $this->createForm(TaskType::class, $task);
$form->handleRequest($request);

if ($form->isValid()) {
if ($form->isSubmitted() && $form->isValid()) {
// 2. Enforce immutability: bypass any falsified request data by restoring the original user
$task->setUser($originalUser);

$this->getDoctrine()->getManager()->flush();

$this->addFlash('success', 'La tâche a bien été modifiée.');
Expand Down
51 changes: 51 additions & 0 deletions tests/AppBundle/Controller/TaskControllerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,55 @@ public function testCreateTaskSuccess()
'Expected a success flash message to be displayed.'
);
}

/**
* Test editing a task successfully
* Test that editing a task does not alter or clear its original user
*/
public function testEditTaskUserRemainsImmutable()
{
// 1. Authenticate the client using our robust HTTP Basic Auth setup
$client = static::createClient([], [
'PHP_AUTH_USER' => 'Mike',
'PHP_AUTH_PW' => 'password123', // Replace with your exact fixture password
]);
$container = $client->getContainer();
$em = $container->get('doctrine')->getManager();

// 2. Retrieve a task from the database that already has an author
$task = $em->getRepository('AppBundle:Task')->findOneBy([]);
if (($task !== null) === false) {
$this->fail('No task found in the database to run the edit test.');
}

$originalUser = $task->getUser(); // Save the original entity reference to compare later
$taskId = $task->getId();

// 3. Request the edit page for this specific task
$crawler = $client->request('GET', '/tasks/' . $taskId . '/edit');
$this->assertEquals(200, $client->getResponse()->getStatusCode());

// 4. Submit the form with new details
$form = $crawler->selectButton('Modifier')->form(); // Adjust button text if it's different (e.g. 'Sauvegarder')
$form['task[title]'] = 'Strictly Updated Title';
$form['task[content]'] = 'Verifying author data integrity during POST submission.';

$client->submit($form);
$this->assertEquals(302, $client->getResponse()->getStatusCode());

// 5. Clear the EntityManager to force reload fresh data from the database
$em->clear();

// 6. Fetch the updated task and assert data integrity
$updatedTask = $em->getRepository('AppBundle:Task')->find($taskId);

$this->assertEquals('Strictly Updated Title',
$updatedTask->getTitle()
);
$this->assertEquals($originalUser->getId(),
$updatedTask->getUser()->getId(),
'The task user ID was altered or cleared during the update process.'
);
}

}
Loading