chiappa
/
sprint_planer_web
mirror of https://git.snix.ch/chiappa/sprint_planer_web.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							<?php

declare(strict_types=1);

namespace App\Tests\Repositories;

use App\Repositories\UserRepository;
use App\Tests\TestCase;

/**
 * Covers the first-user-is-admin bootstrap rule from spec §4.
 */
final class UserRepositoryTest extends TestCase
{
    public function testFirstUserBecomesAdminWhenPromoted(): void
    {
        $pdo   = $this->makeDb();
        $users = new UserRepository($pdo);

        $this->assertSame(0, $users->count());

        $r = $users->upsertFromOidc(
            oid:            'oid-alice',
            email:          'alice@example.com',
            name:           'Alice',
            promoteToAdmin: true, // caller's decision — normally based on count === 0
        );

        $this->assertTrue($r['user']->isAdmin);
        $this->assertNull($r['before']);
    }

    public function testSecondUserDoesNotBecomeAdmin(): void
    {
        $pdo   = $this->makeDb();
        $users = new UserRepository($pdo);

        $users->upsertFromOidc('oid-alice', 'alice@x', 'Alice', true);
        $secondPromote = $users->count() === 0;  // false
        $r2 = $users->upsertFromOidc('oid-bob', 'bob@x', 'Bob', $secondPromote);

        $this->assertFalse($r2['user']->isAdmin);
    }

    public function testReLoginDoesNotRegressAdminStatus(): void
    {
        $pdo   = $this->makeDb();
        $users = new UserRepository($pdo);

        $users->upsertFromOidc('oid-alice', 'alice@x', 'Alice', true);
        // simulate a later login: count > 0 so promoteToAdmin=false
        $r = $users->upsertFromOidc('oid-alice', 'alice@x', 'Alice', false);

        $this->assertTrue($r['user']->isAdmin, 're-login must not demote admin');
        $this->assertNotNull($r['before']);
    }

    public function testForceAdminPromotesEvenOnUpdate(): void
    {
        // Local-admin login path sets forceAdmin=true so a demoted user gets
        // promoted back on next sign-in.
        $pdo   = $this->makeDb();
        $users = new UserRepository($pdo);

        $r1 = $users->upsertFromOidc('local:admin@x', 'admin@x', 'Admin', true, true);
        $this->assertTrue($r1['user']->isAdmin);

        // Manually demote.
        $pdo->exec('UPDATE users SET is_admin = 0 WHERE id = ' . $r1['user']->id);

        $r2 = $users->upsertFromOidc('local:admin@x', 'admin@x', 'Admin', false, true);
        $this->assertTrue($r2['user']->isAdmin, 'forceAdmin must re-promote on update');
    }

    public function testUpsertUpdatesEmailAndName(): void
    {
        $pdo   = $this->makeDb();
        $users = new UserRepository($pdo);

        $users->upsertFromOidc('oid-alice', 'old@x', 'Old Name', true);
        $r = $users->upsertFromOidc('oid-alice', 'new@x', 'New Name', false);

        $this->assertSame('new@x',    $r['user']->email);
        $this->assertSame('New Name', $r['user']->displayName);
    }

    public function testCountReflectsInsertedUsers(): void
    {
        $pdo   = $this->makeDb();
        $users = new UserRepository($pdo);

        $this->assertSame(0, $users->count());
        $users->upsertFromOidc('oid-1', 'a@x', 'A', true);
        $this->assertSame(1, $users->count());
        $users->upsertFromOidc('oid-2', 'b@x', 'B', false);
        $this->assertSame(2, $users->count());
        // Re-upsert existing user shouldn't add a row.
        $users->upsertFromOidc('oid-1', 'a@x', 'A', false);
        $this->assertSame(2, $users->count());
    }
}