test: added more controller tests

Author: thorsten

tests/phpMyFAQ/Controller/AbstractControllerTest.php

@@ -8,6 +8,8 @@
 use phpMyFAQ\Permission\BasicPermission;
 use phpMyFAQ\User\CurrentUser;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
@@ -20,6 +22,8 @@
 use Twig\TwigFilter;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(AbstractController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class AbstractControllerTest extends TestCase
 {
     private AbstractController $abstractController;

tests/phpMyFAQ/Controller/Administration/Api/ApiKeyControllerTest.php

@@ -8,6 +8,7 @@
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Database;
+use phpMyFAQ\Database\DatabaseDriver;
 use phpMyFAQ\Database\Sqlite3;
 use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Language;
@@ -332,6 +333,76 @@ public function testCreateReturnsBadRequestForInvalidExpiresAtWhenAuthenticated(
         self::assertSame('Invalid expiresAt value.', $payload['error']);
     }
 
+    /**
+     * @throws \Exception
+     */
+    public function testCreateReturnsUnauthorizedForInvalidCsrfWhenAuthenticated(): void
+    {
+        $controller = $this->createController();
+        $controller->setContainer($this->createAuthenticatedContainer());
+
+        $response = $controller->create(new Request([], [], [], [], [], [], json_encode([
+            'csrf' => 'invalid-token',
+            'name' => 'Generated key',
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+        self::assertSame(Translation::get('msgNoPermission'), $payload['error']);
+    }
+
+    /**
+     * @throws \Exception
+     */
+    public function testCreateReturnsBadRequestForMissingNameWhenAuthenticated(): void
+    {
+        $controller = $this->createController();
+        $container = $this->createAuthenticatedContainer();
+        $session = $container->get('session');
+        self::assertInstanceOf(Session::class, $session);
+        $token = $this->createValidCsrfToken($session, 'api-key-create');
+        $controller->setContainer($container);
+
+        $response = $controller->create(new Request([], [], [], [], [], [], json_encode([
+            'csrf' => $token,
+            'name' => '',
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_BAD_REQUEST, $response->getStatusCode());
+        self::assertSame('API key name is required.', $payload['error']);
+    }
+
+    /**
+     * @throws \Exception
+     */
+    public function testCreateReturnsInternalServerErrorWhenInsertFails(): void
+    {
+        $db = $this->createMock(DatabaseDriver::class);
+        $db->method('escape')->willReturnCallback(static fn(string $value): string => $value);
+        $db->method('nextId')->willReturn(5);
+        $db->method('now')->willReturn("'2026-03-15 12:00:00'");
+        $db->method('query')->willReturn(false);
+        $db->method('error')->willReturn('insert failed');
+
+        $controller = $this->createController();
+        $container = $this->createAuthenticatedContainerWithDb($db);
+        $session = $container->get('session');
+        self::assertInstanceOf(Session::class, $session);
+        $token = $this->createValidCsrfToken($session, 'api-key-create');
+        $controller->setContainer($container);
+
+        $response = $controller->create(new Request([], [], [], [], [], [], json_encode([
+            'csrf' => $token,
+            'name' => 'Generated key',
+            'scopes' => ['faq.read'],
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_INTERNAL_SERVER_ERROR, $response->getStatusCode());
+        self::assertSame('insert failed', $payload['error']);
+    }
+
     /**
      * @throws \Exception
      */
@@ -386,6 +457,85 @@ public function testUpdateReturnsUpdatedApiKeyWhenAuthenticated(): void
         self::assertSame('2026-04-01 12:00:00', $payload['expiresAt']);
     }
 
+    /**
+     * @throws \Exception
+     */
+    public function testUpdateReturnsBadRequestForMissingIdWhenAuthenticated(): void
+    {
+        $controller = $this->createController();
+        $container = $this->createAuthenticatedContainer();
+        $session = $container->get('session');
+        self::assertInstanceOf(Session::class, $session);
+        $token = $this->createValidCsrfToken($session, 'api-key-update');
+        $controller->setContainer($container);
+
+        $response = $controller->update(new Request([], [], [], [], [], [], json_encode([
+            'csrf' => $token,
+            'name' => 'Updated key',
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_BAD_REQUEST, $response->getStatusCode());
+        self::assertSame('API key ID is required.', $payload['error']);
+    }
+
+    /**
+     * @throws \Exception
+     */
+    public function testUpdateReturnsBadRequestForInvalidExpiresAtWhenAuthenticated(): void
+    {
+        $this->seedApiKeyRow();
+
+        $controller = $this->createController();
+        $container = $this->createAuthenticatedContainer();
+        $session = $container->get('session');
+        self::assertInstanceOf(Session::class, $session);
+        $token = $this->createValidCsrfToken($session, 'api-key-update');
+        $controller->setContainer($container);
+
+        $response = $controller->update(new Request([], [], ['id' => 1], [], [], [], json_encode([
+            'csrf' => $token,
+            'name' => 'Updated key',
+            'expiresAt' => 'not-a-date',
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_BAD_REQUEST, $response->getStatusCode());
+        self::assertSame('Invalid expiresAt value.', $payload['error']);
+    }
+
+    /**
+     * @throws \Exception
+     */
+    public function testUpdateReturnsInternalServerErrorWhenUpdateFails(): void
+    {
+        $db = $this->createMock(DatabaseDriver::class);
+        $db->method('escape')->willReturnCallback(static fn(string $value): string => $value);
+        $db->method('query')->willReturnMap([
+            [$this->stringContains('SELECT id FROM faqapi_keys'), 0, 0, new \stdClass()],
+            [$this->stringContains('UPDATE faqapi_keys'), 0, 0, false],
+        ]);
+        $db->method('numRows')->willReturn(1);
+        $db->method('error')->willReturn('update failed');
+
+        $controller = $this->createController();
+        $container = $this->createAuthenticatedContainerWithDb($db);
+        $session = $container->get('session');
+        self::assertInstanceOf(Session::class, $session);
+        $token = $this->createValidCsrfToken($session, 'api-key-update');
+        $controller->setContainer($container);
+
+        $response = $controller->update(new Request([], [], ['id' => 1], [], [], [], json_encode([
+            'csrf' => $token,
+            'name' => 'Updated key',
+            'scopes' => ['faq.read'],
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_INTERNAL_SERVER_ERROR, $response->getStatusCode());
+        self::assertSame('update failed', $payload['error']);
+    }
+
     /**
      * @throws \Exception
      */
@@ -403,6 +553,31 @@ public function testDeleteReturnsUnauthorizedForInvalidCsrfWhenAuthenticated():
         self::assertSame(Translation::get('msgNoPermission'), $payload['error']);
     }
 
+    /**
+     * @throws \Exception
+     */
+    public function testDeleteReturnsInternalServerErrorWhenDeleteFails(): void
+    {
+        $db = $this->createMock(DatabaseDriver::class);
+        $db->method('query')->willReturn(false);
+        $db->method('error')->willReturn('delete failed');
+
+        $controller = $this->createController();
+        $container = $this->createAuthenticatedContainerWithDb($db);
+        $session = $container->get('session');
+        self::assertInstanceOf(Session::class, $session);
+        $token = $this->createValidCsrfToken($session, 'api-key-delete');
+        $controller->setContainer($container);
+
+        $response = $controller->delete(new Request([], [], ['id' => 1], [], [], [], json_encode([
+            'csrf' => $token,
+        ], JSON_THROW_ON_ERROR)));
+        $payload = json_decode((string) $response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+
+        self::assertSame(Response::HTTP_INTERNAL_SERVER_ERROR, $response->getStatusCode());
+        self::assertSame('delete failed', $payload['error']);
+    }
+
     private function seedApiKeyRow(): void
     {
         $this->dbHandle->query('DELETE FROM faqapi_keys');
@@ -425,6 +600,11 @@ private function createValidCsrfToken(Session $session, string $page): string
     }
 
     private function createAuthenticatedContainer(): ContainerInterface
+    {
+        return $this->createAuthenticatedContainerWithDb($this->configuration->getDb());
+    }
+
+    private function createAuthenticatedContainerWithDb(DatabaseDriver $db): ContainerInterface
     {
         $permission = $this->createMock(PermissionInterface::class);
         $permission
@@ -443,13 +623,17 @@ private function createAuthenticatedContainer(): ContainerInterface
 
         $session = new Session(new MockArraySessionStorage());
         $adminLog = $this->createStub(AdminLog::class);
+        $configuration = $this->createMock(Configuration::class);
+        $configuration->method('getDb')->willReturn($db);
+        $configuration->method('get')->willReturn(false);
+        $configuration->method('getTemplateSet')->willReturn('default');
 
         $container = $this->createStub(ContainerInterface::class);
         $container
             ->method('get')
-            ->willReturnCallback(function (string $id) use ($currentUser, $session, $adminLog) {
+            ->willReturnCallback(function (string $id) use ($currentUser, $session, $adminLog, $configuration) {
                 return match ($id) {
-                    'phpmyfaq.configuration' => $this->configuration,
+                    'phpmyfaq.configuration' => $configuration,
                     'phpmyfaq.user.current_user' => $currentUser,
                     'session' => $session,
                     'phpmyfaq.admin.admin-log' => $adminLog,

tests/phpMyFAQ/Controller/Api/CommentControllerTest.php

@@ -7,12 +7,16 @@
 use Exception;
 use phpMyFAQ\Comments;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(CommentController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class CommentControllerTest extends TestCase
 {
     /**

tests/phpMyFAQ/Controller/Api/FaqControllerTest.php

@@ -16,12 +16,16 @@
 use phpMyFAQ\Tags;
 use phpMyFAQ\Translation;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Session\Session;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(FaqController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class FaqControllerTest extends TestCase
 {
     private Configuration $configuration;

tests/phpMyFAQ/Controller/Api/GlossaryControllerTest.php

@@ -7,6 +7,8 @@
 use phpMyFAQ\Glossary;
 use phpMyFAQ\Language;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\MockObject\Exception;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -15,6 +17,8 @@
 use Symfony\Component\HttpFoundation\Session\Session;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(GlossaryController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class GlossaryControllerTest extends TestCase
 {
     private Configuration $configuration;

tests/phpMyFAQ/Controller/Api/LanguageControllerTest.php

@@ -5,12 +5,16 @@
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Language;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\MockObject\Exception;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Session\Session;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(LanguageController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class LanguageControllerTest extends TestCase
 {
     /**

tests/phpMyFAQ/Controller/Api/LoginControllerTest.php

@@ -11,13 +11,17 @@
 use phpMyFAQ\Strings;
 use phpMyFAQ\Translation;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Session\Session;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(LoginController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class LoginControllerTest extends TestCase
 {
     private Configuration $configuration;

tests/phpMyFAQ/Controller/Api/NewsControllerTest.php

@@ -7,6 +7,8 @@
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Language;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\MockObject\Exception as MockException;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -15,6 +17,8 @@
 use Symfony\Component\HttpFoundation\Session\Session;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(NewsController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class NewsControllerTest extends TestCase
 {
     private Configuration $configuration;

tests/phpMyFAQ/Controller/Api/OAuth2ControllerTest.php

@@ -15,13 +15,17 @@
 use phpMyFAQ\Translation;
 use phpMyFAQ\User\CurrentUser;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(OAuth2Controller::class)]
+#[UsesNamespace('phpMyFAQ')]
 class OAuth2ControllerTest extends TestCase
 {
     private Configuration $configuration;

tests/phpMyFAQ/Controller/Api/OpenQuestionControllerTest.php

@@ -9,12 +9,16 @@
 use phpMyFAQ\Database\Sqlite3;
 use phpMyFAQ\Question;
 use PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\UsesNamespace;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 #[AllowMockObjectsWithoutExpectations]
+#[CoversClass(OpenQuestionController::class)]
+#[UsesNamespace('phpMyFAQ')]
 class OpenQuestionControllerTest extends TestCase
 {
     private Configuration $configuration;