PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: prevent duplicate TFE submissions with logging and user feedback

Browse Source 
- Add DuplicateThesisException (typed, carries existing thesis metadata)
- Add Database::findDuplicateThesis(): matches on year + author + normalised
  title (exact, prefix, Levenshtein ≤10% of longer string)
- ThesisCreateController::submit() runs duplicate check before any DB write
  and throws DuplicateThesisException on match
- AppLogger::logDuplicate() writes status=duplicate entries to the JSON-lines
  log for audit purposes
- App::flash/consumeFlash extended to support 'warning' flash type
- admin/actions/formulaire.php: catches DuplicateThesisException, logs it,
  flashes an HTML warning toast with a clickable link to the existing thesis,
  and repopulates the form fields
- partage/index.php: same catch block; surfaces a plain-text flash-warning
  banner on the student form with identifier, title, and year of the match;
  form is repopulated via session
- toast.php: renders toast--warning variant
- admin.css: .toast--warning + link colour rules
- form.css: .flash-warning style for the partage form
This commit is contained in:
Pontoporeia
2026-05-04 16:29:31 +02:00
parent 0a05f3911c
commit a2cba6d3c0
35 changed files with 1726 additions and 1302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/tests/Integration/SearchTest.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Search Functionality Test
* Tests search queries and results
@@ -18,9 +19,9 @@ try {
echo "Test 1: Empty Search Query\n";
$results = $db->searchTheses([]);
if (is_array($results)) {
echo "✓ PASS: Empty query handled (returned " . count($results) . " results)\n\n";
echo '✓ PASS: Empty query handled (returned ' . count($results) . " results)\n\n";
} else {
throw new Exception("Invalid results for empty query");
throw new Exception('Invalid results for empty query');
}
// Test 2: Search for specific term
@@ -30,7 +31,7 @@ try {
if (is_array($results)) {
echo "✓ PASS: Search for '$searchTerm' returned " . count($results) . " results\n\n";
} else {
throw new Exception("Invalid search results");
throw new Exception('Invalid search results');
}
// Test 3: Search with special characters
@@ -39,7 +40,7 @@ try {
if (is_array($results)) {
echo "✓ PASS: Special characters handled safely\n\n";
} else {
throw new Exception("Failed to handle special characters");
throw new Exception('Failed to handle special characters');
}
// Test 4: Tag-filter search using the new EXISTS subquery
@@ -48,11 +49,11 @@ try {
if (is_array($tagResults)) {
echo "✓ PASS: Tag search for 'urbanisme' returned " . count($tagResults) . " result(s)\n";
foreach ($tagResults as $r) {
echo " - " . $r['title'] . " (" . $r['year'] . ")\n";
echo ' - ' . $r['title'] . ' (' . $r['year'] . ")\n";
}
echo "\n";
} else {
throw new Exception("Tag search returned non-array");
throw new Exception('Tag search returned non-array');
}
// Test 5: Tag search in full-text query (query touches tag subquery)
@@ -61,7 +62,7 @@ try {
if (is_array($allResults)) {
echo "✓ PASS: Query 'narration' returned " . count($allResults) . " result(s)\n\n";
} else {
throw new Exception("Full-text query with tag subquery failed");
throw new Exception('Full-text query with tag subquery failed');
}
// Test 6: countSearchResults matches searchTheses
@@ -72,13 +73,13 @@ try {
if ($count === count($rows)) {
echo "✓ PASS: count=$count matches row count\n\n";
} else {
throw new Exception("countSearchResults ($count) != searchTheses row count (" . count($rows) . ")");
throw new Exception("countSearchResults ($count) != searchTheses row count (" . count($rows) . ')');
}
echo "✅ All search tests passed!\n";
return true;
} catch (Exception $e) {
echo "❌ FAIL: " . $e->getMessage() . "\n";
echo '❌ FAIL: ' . $e->getMessage() . "\n";
return false;
}

13
app/tests/Security/SecurityTest.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Security Test Suite
* Tests SQL injection protection and input sanitization
@@ -31,22 +32,22 @@ try {
try {
$results = $db->searchTheses(['query' => $query]);
// Should return a (possibly empty) result set without throwing
echo " ✓ Handled safely: " . substr($query, 0, 40) . "\n";
echo ' ✓ Handled safely: ' . substr($query, 0, 40) . "\n";
} catch (Exception $e) {
// A thrown exception is also acceptable (query rejected upstream)
echo " ✓ Exception (safe): " . substr($query, 0, 40) . "\n";
echo ' ✓ Exception (safe): ' . substr($query, 0, 40) . "\n";
}
}
echo "✓ PASS: SQL injection attempts handled safely\n\n";
// Test 2: Invalid thesis ID
echo "Test 2: Invalid Thesis ID\n";
$invalidIds = ["abc", "'; DROP TABLE theses;", "-1", "999999"];
$invalidIds = ['abc', "'; DROP TABLE theses;", '-1', '999999'];
foreach ($invalidIds as $id) {
$result = $db->getThesisById($id);
if ($result === null || $result === false) {
echo " ✓ Rejected: " . $id . "\n";
echo ' ✓ Rejected: ' . $id . "\n";
} else {
throw new Exception("Invalid ID '$id' was not rejected");
}
@@ -69,6 +70,6 @@ try {
return true;
} catch (Exception $e) {
echo "❌ FAIL: " . $e->getMessage() . "\n";
echo '❌ FAIL: ' . $e->getMessage() . "\n";
return false;
}

23
app/tests/Unit/DatabaseTest.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Database Connection Test
* Tests basic database connectivity and query functionality
@@ -24,16 +25,16 @@ try {
if ($count >= 0) {
echo "✓ PASS: Found {$count} published theses\n\n";
} else {
throw new Exception("Invalid count returned");
throw new Exception('Invalid count returned');
}
// Test 3: Get published theses
echo "Test 3: Get Published Theses\n";
$theses = $db->getPublishedTheses(5, 0);
if (is_array($theses)) {
echo "✓ PASS: Retrieved " . count($theses) . " theses\n\n";
echo '✓ PASS: Retrieved ' . count($theses) . " theses\n\n";
} else {
throw new Exception("Invalid theses array returned");
throw new Exception('Invalid theses array returned');
}
// Test 4: Get single thesis (if any exist)
@@ -41,14 +42,14 @@ try {
echo "Test 4: Get Single Thesis\n";
$first = $theses[0];
$thesis = $db->getThesisById($first['id']);
if ($thesis && isset($thesis['id'])) {
echo "✓ PASS: Successfully retrieved thesis #{$first['id']}\n";
echo " Title: " . $thesis['title'] . "\n";
echo " Author(s): " . ($thesis['authors'] ?? 'N/A') . "\n";
echo " Year: " . $thesis['year'] . "\n\n";
echo ' Title: ' . $thesis['title'] . "\n";
echo ' Author(s): ' . ($thesis['authors'] ?? 'N/A') . "\n";
echo ' Year: ' . $thesis['year'] . "\n\n";
} else {
throw new Exception("Failed to retrieve thesis by ID");
throw new Exception('Failed to retrieve thesis by ID');
}
}
@@ -69,15 +70,15 @@ try {
echo "Test 6: getUsedTags returns name column\n";
$tags = $db->getUsedTags();
if (is_array($tags) && (empty($tags) || isset($tags[0]['name']))) {
echo "✓ PASS: getUsedTags returned " . count($tags) . " tags with 'name' column\n\n";
echo '✓ PASS: getUsedTags returned ' . count($tags) . " tags with 'name' column\n\n";
} else {
throw new Exception("getUsedTags did not return expected structure: " . json_encode($tags[0] ?? []));
throw new Exception('getUsedTags did not return expected structure: ' . json_encode($tags[0] ?? []));
}
echo "✅ All database tests passed!\n";
return true;
} catch (Exception $e) {
echo "❌ FAIL: " . $e->getMessage() . "\n";
echo '❌ FAIL: ' . $e->getMessage() . "\n";
return false;
}

9
app/tests/Unit/RateLimitTest.php
View File

@@ -1,4 +1,5 @@
<?php
/**
* Rate Limit Test
* Tests rate limiting functionality
@@ -19,9 +20,9 @@ try {
echo "Test 2: Check Method\n";
$allowed = $rateLimit->check();
if (is_bool($allowed)) {
echo "✓ PASS: check() returns boolean (allowed: " . ($allowed ? 'yes' : 'no') . ")\n\n";
echo '✓ PASS: check() returns boolean (allowed: ' . ($allowed ? 'yes' : 'no') . ")\n\n";
} else {
throw new Exception("check() did not return boolean");
throw new Exception('check() did not return boolean');
}
// Test 3: Headers method
@@ -37,7 +38,7 @@ try {
if (is_int($resetTime) && $resetTime >= 0) {
echo "✓ PASS: getResetTime() returns valid value ($resetTime seconds)\n\n";
} else {
throw new Exception("Invalid reset time");
throw new Exception('Invalid reset time');
}
// Test 5: Cleanup method
@@ -49,6 +50,6 @@ try {
return true;
} catch (Exception $e) {
echo "❌ FAIL: " . $e->getMessage() . "\n";
echo '❌ FAIL: ' . $e->getMessage() . "\n";
return false;
}

17
app/tests/run-tests.php
View File

@@ -1,5 +1,6 @@
#!/usr/bin/env php
<?php
/**
* XAMXAM Test Runner
* Runs all tests in the tests/ directory
@@ -23,7 +24,7 @@ $skippedTests = 0;
foreach ($testFiles as $test) {
echo "┌─────────────────────────────────────────┐\n";
echo "" . str_pad($test['name'], 41) . "\n";
echo '│ ' . str_pad($test['name'], 41) . "\n";
echo "└─────────────────────────────────────────┘\n\n";
$totalTests++;
@@ -42,17 +43,17 @@ foreach ($testFiles as $test) {
try {
$testResult = include $path;
// Check if test returned false or had error indicators in output
$output = ob_get_contents();
if ($testResult === false ||
if ($testResult === false ||
strpos($output, '❌') !== false ||
strpos($output, 'FAIL:') !== false) {
$exitCode = 1;
}
} catch (Exception $e) {
$exitCode = 1;
echo "❌ EXCEPTION: " . $e->getMessage() . "\n";
echo '❌ EXCEPTION: ' . $e->getMessage() . "\n";
}
$output = ob_get_clean();
@@ -70,11 +71,11 @@ foreach ($testFiles as $test) {
echo "╔════════════════════════════════════════════╗\n";
echo "║ Test Summary ║\n";
echo "╠════════════════════════════════════════════╣\n";
echo "║ Total: " . str_pad($totalTests, 34) . "\n";
echo "║ Passed: " . str_pad($passedTests . "", 35) . "\n";
echo "║ Failed: " . str_pad($failedTests . ($failedTests > 0 ? "" : ""), 35) . "\n";
echo '║ Total: ' . str_pad($totalTests, 34) . "\n";
echo '║ Passed: ' . str_pad($passedTests . ' ✅', 35) . "\n";
echo '║ Failed: ' . str_pad($failedTests . ($failedTests > 0 ? ' ❌' : ''), 35) . "\n";
if ($skippedTests > 0) {
echo "║ Skipped: " . str_pad($skippedTests . " ⚠️", 36) . "\n";
echo '║ Skipped: ' . str_pad($skippedTests . ' ⚠️', 36) . "\n";
}
echo "╚════════════════════════════════════════════╝\n\n";