Fix #217: Add comprehensive data validation for admin:user:create command with detailed error messages and unit tests

nenes25 · nenes25 · commit 59d494becf3f · 2025-11-15T21:33:24.000+01:00
diff --git a/src/PrestashopConsole/Command/Admin/User/CreateCommand.php b/src/PrestashopConsole/Command/Admin/User/CreateCommand.php
@@ -65,14 +65,13 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         }
 
         if (!Validate::isName($firstname)) {
-            $firstname = $helper->ask($input, $output, $this->getCustomerQuestion('lastname'));
+            $firstname = $helper->ask($input, $output, $this->getCustomerQuestion('firstname'));
         }
 
         if (!Validate::isName($lastname)) {
             $lastname = $helper->ask($input, $output, $this->getCustomerQuestion('lastname'));
         }
 
-        // Error if employee with same email already exists
         if (Employee::employeeExists($email)) {
             $output->writeln('<error>Employee with this email already exists</error>');
 
@@ -101,6 +100,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int
             $employee->default_tab = 1;
             $employee->bo_theme = 'default';
 
+            if (!$this->validateEmployeeData($employee, $output)) {
+                return self::RESPONSE_ERROR;
+            }
+
             if (!$employee->save()) {
                 $output->writeln('<error>Failed to create admin user</error>');
 
@@ -172,13 +175,10 @@ protected function isValidPassword($password): bool
         if (method_exists('Validate', 'isAcceptablePasswordLength')) {
             return Validate::isAcceptablePasswordLength($password);
         }
-
-        // Fallback to old method for older PS versions
         if (method_exists('Validate', 'isPasswdAdmin')) {
             return Validate::isPasswdAdmin($password);
         }
 
-        // Basic validation if neither exists
         return strlen($password) >= 8;
     }
 
@@ -202,4 +202,52 @@ protected function getCustomerQuestion(string $field): Question
 
         return $question;
     }
+
+    /**
+     * Validate employee data before saving
+     *
+     * @param Employee $employee
+     * @param OutputInterface $output
+     *
+     * @return bool
+     */
+    protected function validateEmployeeData(Employee $employee, OutputInterface $output): bool
+    {
+        $errors = [];
+
+        if (empty($employee->email) || !Validate::isEmail($employee->email)) {
+            $errors[] = 'Invalid email format';
+        }
+
+        if (empty($employee->firstname) || !Validate::isName($employee->firstname)) {
+            $errors[] = 'Invalid firstname format';
+        }
+
+        if (empty($employee->lastname) || !Validate::isName($employee->lastname)) {
+            $errors[] = 'Invalid lastname format';
+        }
+
+        if (empty($employee->passwd)) {
+            $errors[] = 'Password is required';
+        }
+
+        if (!Validate::isUnsignedId($employee->id_lang)) {
+            $errors[] = 'Invalid language ID';
+        }
+
+        if (!Validate::isUnsignedId($employee->id_profile)) {
+            $errors[] = 'Invalid profile ID';
+        }
+
+        if (!empty($errors)) {
+            $output->writeln('<error>Validation errors:</error>');
+            foreach ($errors as $error) {
+                $output->writeln('<error>  - ' . $error . '</error>');
+            }
+
+            return false;
+        }
+
+        return true;
+    }
 }
diff --git a/tests/PrestashopConsole/Command/Admin/User/CreateAdminUserCommandTest.php b/tests/PrestashopConsole/Command/Admin/User/CreateAdminUserCommandTest.php
@@ -0,0 +1,126 @@
+<?php
+/**
+ * NOTICE OF LICENSE
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * https://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to contact@h-hennes.fr so we can send you a copy immediately.
+ *
+ * @author    Hennes Hervé <contact@h-hennes.fr>
+ * @copyright since 2016 Hennes Hervé
+ * @license   https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * https://github.com/nenes25/prestashop_console
+ * https://www.h-hennes.fr/blog/
+ */
+
+use PrestashopConsole\Command\Admin\User\CreateCommand;
+use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\Console\Helper\HelperSet;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use PHPUnit\Framework\TestCase;
+
+class CreateAdminUserCommandTest extends TestCase
+{
+    /** @var CommandTester */
+    private $commandTester;
+
+    protected function setUp(): void
+    {
+        $command = new CreateCommand();
+        $command->setHelperSet(new HelperSet([new QuestionHelper()]));
+        $this->commandTester = new CommandTester(
+            $command
+        );
+        parent::setUp();
+    }
+
+    /**
+     * @param array $datas
+     * @dataProvider getCases
+     */
+    public function testExecute($datas): void
+    {
+        if (isset($datas['expect_exception'])) {
+            $this->expectException($datas['expect_exception']);
+            $this->expectExceptionMessage($datas['response_message']);
+            $this->commandTester->execute($datas['params']);
+            return;
+        }
+
+        // Check command status code
+        $this->assertEquals(
+            $datas['response_code'],
+            $this->commandTester->execute(
+                $datas['params']
+            )
+        );
+
+        // Check command message contains expected output
+        $display = trim($this->commandTester->getDisplay());
+        $this->assertStringContainsString(
+            $datas['response_message'],
+            $display
+        );
+    }
+
+    public function getCases(): Generator
+    {
+        $emailOkRandomString = sprintf('unittestadmin-%s@yopmail.com', time() * mt_rand(1, 1000));
+        
+        yield 'Case ok - Valid admin creation' => [
+            [
+                'params' => [
+                    '--email' => $emailOkRandomString,
+                    '--password' => 'prestashop123',
+                    '--firstname' => 'Admin',
+                    '--lastname' => 'Test',
+                ],
+                'response_message' => 'Admin user created successfully!',
+                'response_code' => 0,
+            ]
+        ];
+
+        yield 'Case error - Invalid email' => [
+            [
+                'params' => [
+                    '--email' => 'invalid-email',
+                    '--password' => 'prestashop123',
+                    '--firstname' => 'Admin',
+                    '--lastname' => 'Test',
+                ],
+                'response_message' => 'The email is empty or not valid',
+                'expect_exception' => RuntimeException::class,
+            ]
+        ];
+
+        yield 'Case error - Empty firstname validated at final step' => [
+            [
+                'params' => [
+                    '--email' => sprintf('admin-%s@yopmail.com', time() * mt_rand(1, 1000)),
+                    '--password' => 'prestashop123',
+                    '--firstname' => '',
+                    '--lastname' => 'Test',
+                ],
+                'response_message' => 'Invalid firstname format',
+                'response_code' => 1,
+            ]
+        ];
+
+        yield 'Case error - Empty lastname validated at final step' => [
+            [
+                'params' => [
+                    '--email' => sprintf('admin-%s@yopmail.com', time() * mt_rand(1, 1000)),
+                    '--password' => 'prestashop123',
+                    '--firstname' => 'Admin',
+                    '--lastname' => '',
+                ],
+                'response_message' => 'Invalid lastname format',
+                'response_code' => 1,
+            ]
+        ];
+    }
+}
