🐛 (Issue) fixed issue 32

when we were making a request on PATCH /users/{id}, we couldn't pass the "address" tag without the server producing an error. When the old addresses were
removed, they were not deleted, it was only the link which was. So I simply set the parameter orphanRemoval to true in the call to the annotation OneToMany
on top of the address field in the User entity. Now, when an address is removed, it is also deleted from the database

Closes #32

Author: Teddy Roncin

src/Entity/User.php

@@ -276,7 +276,7 @@ class User implements UserInterface
     /**
      * The relation to the Addresses of the User.
      *
-     * @ORM\OneToMany(targetEntity=UserAddress::class, mappedBy="user", cascade={"persist", "remove"})
+     * @ORM\OneToMany(targetEntity=UserAddress::class, mappedBy="user", cascade={"persist", "remove"}, orphanRemoval=true)
      *
      * @Assert\Valid()
      */

src/Entity/UserAddress.php

@@ -32,7 +32,7 @@ class UserAddress
     /**
      * The relation to the User which live at this address.
      *
-     * @ORM\ManyToOne(targetEntity=User::class, inversedBy="addresses")
+     * @ORM\ManyToOne(targetEntity=User::class, inversedBy="addresses", cascade={"persist", "remove"})
      * @ORM\JoinColumn(nullable=false)
      */
     private $user;

src/Repository/UserAdressRepository.php

@@ -2,21 +2,21 @@
 
 namespace App\Repository;
 
-use App\Entity\UserAdress;
+use App\Entity\UserAddress;
 use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
 use Doctrine\Persistence\ManagerRegistry;
 
 /**
- * @method null|UserAdress find($id, $lockMode = null, $lockVersion = null)
- * @method null|UserAdress findOneBy(array $criteria, array $orderBy = null)
- * @method UserAdress[]    findAll()
- * @method UserAdress[]    findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
+ * @method null|UserAddress find($id, $lockMode = null, $lockVersion = null)
+ * @method null|UserAddress findOneBy(array $criteria, array $orderBy = null)
+ * @method UserAddress[]    findAll()
+ * @method UserAddress[]    findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
  */
 class UserAdressRepository extends ServiceEntityRepository
 {
     public function __construct(ManagerRegistry $registry)
     {
-        parent::__construct($registry, UserAdress::class);
+        parent::__construct($registry, UserAddress::class);
     }
 
     // /**

tests/Users/DeleteUser.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace App\Tests\Users;
+
+use App\Entity\User;
+use App\Tests\EtuUTTApiTestCase;
+use Faker\Provider\Uuid;
+use Symfony\Component\HttpFoundation\Response;
+
+class DeleteUser extends EtuUTTApiTestCase
+{
+
+    public function testNormal() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test' ]]);
+        $tempUser = new User();
+        $tempUser->setLogin('foobar');
+        $tempUser->setFirstName('foo');
+        $tempUser->setLastName('bar');
+        $this->em->persist($tempUser);
+        $this->em->flush();
+        $client->request('DELETE', '/users/'.$tempUser->getId());
+        $this->assertResponseStatusCodeSame(Response::HTTP_NO_CONTENT);
+        $users = $this->em->createQueryBuilder()
+            ->select('user.id')
+            ->from(User::class, 'user')
+            ->where('user.id=\''.$tempUser->getId().'\'')
+            ->getQuery()
+            ->execute();
+        $this->assertEmpty($users);
+    }
+
+    public function testNoPermission() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test' ]]);
+        $this->user->removeRole('ROLE_ADMIN');
+        $tempUser = new User();
+        $tempUser->setLogin('foobar');
+        $tempUser->setFirstName('foo');
+        $tempUser->setLastName('bar');
+        $this->em->persist($tempUser);
+        $this->em->flush();
+        // Test with non existing user
+        $client->request('DELETE', '/users/'.Uuid::uuid());
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+        // Test with existing user
+        $client->request('DELETE', '/users/'.$tempUser->getId());
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+        $users = $this->em->createQueryBuilder()
+            ->select('user.id')
+            ->from(User::class, 'user')
+            ->where('user.id=\''.$tempUser->getId().'\'')
+            ->getQuery()
+            ->execute();
+        $this->assertNotEmpty($users);
+    }
+
+    public function testNotConnected() : void
+    {
+        $client = static::createClient();
+        $testUser = $this->em->createQueryBuilder()
+            ->select('user.id')
+            ->from(User::class, 'user')
+            ->where('user.login = \'test\'')
+            ->getQuery()
+            ->execute();
+        $client->request('DELETE', '/users/'.($testUser[0]['id']->jsonSerialize()));
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+        $client->request('DELETE', '/users/'.(Uuid::uuid()));
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function testNonExistingUser() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test' ]]);
+        $client->request('DELETE', '/users/'.Uuid::uuid());
+        $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
+    }
+
+    public function testSQLInjection() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test' ]]);
+        $client->request('DELETE', '/users/\'');
+        $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
+        $client->request('DELETE', '/users/"');
+        $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
+    }
+
+}

tests/Users/UpdateUser.php

@@ -0,0 +1,157 @@
+<?php
+
+namespace App\Tests\Users;
+
+use App\DataFixtures\UserSeeder;
+use App\Entity\User;
+use App\Entity\UserAddress;
+use App\Repository\UserRepository;
+use App\Tests\EtuUTTApiTestCase;
+use DateTimeInterface;
+use Faker\Provider\Address;
+use Faker\Provider\Uuid;
+use Symfony\Component\HttpFoundation\Response;
+
+class UpdateUser extends EtuUTTApiTestCase
+{
+
+    public function testNormal() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
+        $testUser = $this->createUser('foo', 'bar', 'foobar');
+        $testUserId = $testUser->getId();
+        $testUserBirthday = $testUser->getInfos()->getBirthday();
+        $crawler = $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => json_encode([
+            'socialNetwork' => [
+                'facebook' => 'https://facebook.com/foobar',
+                'twitter' => 'https://twitter.com/foobar',
+                'instagram' => 'https://instagram.com/foobar',
+                'linkedin' => 'https://linkedin.com/foobar',
+                'pseudoDiscord' => 'foobar',
+                'wantDiscordUTT' => true
+            ],
+            'RGPD' => [
+                'isKeepingAccount' => true,
+                'isDeletingEverything' => true
+            ],
+            'preferences' => [
+                'birthdayDisplayOnlyAge' => false,
+                'language' => 'en',
+                'wantDaymail' => false,
+                'wantDayNotif' => false
+            ],
+            'infos' => [
+                'sex' => 'Féminin',
+                'nickname' => 'foobar',
+                'passions' => 'I have no passions :(',
+                'website' => 'https://foobar.com'
+            ],
+            'addresses' => [
+                [
+                    'street' => 'avenue Foobar',
+                    'postalCode' => '00 000',
+                    'city' => 'Foobar City',
+                    'country' => 'United States of Foobar'
+                ]
+            ],
+            'mailsPhones' => [
+                'mailPersonal' => '[email protected]',
+                'phoneNumber' => '0123456789'
+            ]
+        ])]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+        $response = json_decode($crawler->getContent());
+        // User checks
+        $this->assertEquals($testUserId, $response->{'id'});
+        $this->assertEquals('foobar', $response->{'login'});
+        $this->assertEquals(null, $response->{'studentId'});
+        $this->assertEquals('foo', $response->{'firstName'});
+        $this->assertEquals('bar', $response->{'lastName'});
+        // Social network checks
+        $this->assertEquals('https://facebook.com/foobar', $response->{'socialNetwork'}->{'facebook'});
+        $this->assertEquals('https://twitter.com/foobar', $response->{'socialNetwork'}->{'twitter'});
+        $this->assertEquals('https://instagram.com/foobar', $response->{'socialNetwork'}->{'instagram'});
+        $this->assertEquals('https://linkedin.com/foobar', $response->{'socialNetwork'}->{'linkedin'});
+        $this->assertEquals('foobar', $response->{'socialNetwork'}->{'pseudoDiscord'});
+        $this->assertEquals(true, $response->{'socialNetwork'}->{'wantDiscordUTT'});
+        // RGPD checks
+        $this->assertEmpty($response->{'RGPD'});
+        // Badges checks
+        $this->assertEmpty($response->{'badges'});
+        // Badges checks
+        //$this->assertEmpty($response->{'branche'});
+        // Formation checks
+        //$this->assertEmpty($response->{'formation'});
+        // Preference checks
+        $this->assertEmpty($response->{'preference'});
+        // Infos checks
+        $this->assertEquals('Féminin', $response->{'infos'}->{'sex'});
+        $this->assertNull($response->{'infos'}->{'nationality'});
+        $this->assertEquals($testUserBirthday->format(DateTimeInterface::RFC3339), $response->{'infos'}->{'birthday'});
+        $this->assertEquals('/default_user_avatar.png', $response->{'infos'}->{'avatar'});
+        $this->assertEquals('foobar', $response->{'infos'}->{'nickname'});
+        $this->assertEquals('I have no passions :(', $response->{'infos'}->{'passions'});
+        $this->assertEquals('https://foobar.com', $response->{'infos'}->{'website'});
+        // Addresses checks
+        $this->assertEmpty($response->{'addresses'});
+        $this->assertEquals(1, $response->{'addresses'}->length());
+        $this->assertEquals("avenue Foobar", $response->{'addresses'}[0]->{'street'});
+        $this->assertEquals("00 000", $response->{'addresses'}[0]->{'street'});
+        $this->assertEquals("Foobar City", $response->{'addresses'}[0]->{'street'});
+        $this->assertEquals("United States of Foobar", $response->{'addresses'}[0]->{'street'});
+        // Mails-phones checks
+        $this->assertEquals(1, $response->{'mailsPhones'}->length());
+        $this->assertEquals('[email protected]', $response->{'mailsPhones'}->{'mailPersonal'});
+        $this->assertEquals('0123456789', $response->{'mailsPhones'}->{'phoneNumber'});
+    }
+
+    public function testNotConnected() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => ['Content-Type' => 'application/merge-patch+json' ]]);
+        $client->request('PATCH', '/users/'.$this->user->getId(), [ 'body' => []]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+        $client->request('PATCH', '/users/'.Uuid::uuid(), [ 'body' => []]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNAUTHORIZED);
+    }
+
+    public function testNonExistingUser() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
+        $client->request('PATCH', '/users/'.Uuid::uuid(), [ 'body' => []]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
+    }
+
+    public function testNoParameter() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
+        $client->request('PATCH', '/users/'.$this->user->getId());
+        $this->assertResponseStatusCodeSame(Response::HTTP_BAD_REQUEST);
+    }
+
+    public function testSQLInjection() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
+        $testUser = $this->createUser('foo', 'bar', 'foobar');
+        $client->request('PATCH', '/users/\'', [ 'body' => '{}' ]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
+        $client->request('PATCH', '/users/"', [ 'body' => '{}' ]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_NOT_FOUND);
+        $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => json_encode([ 'socialNetwork' => ['facebook' => '\''] ])]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
+        $client->request('PATCH', '/users/'.$testUser->getId(), [ 'body' => json_encode([ 'socialNetwork' => ['facebook' => '"'] ])]);
+        $this->assertResponseStatusCodeSame(Response::HTTP_UNPROCESSABLE_ENTITY);
+    }
+
+    public function testInvalidFieldContent() : void
+    {
+        $client = static::createClient();
+        $client->setDefaultOptions([ 'headers' => [ 'CAS-LOGIN' => 'test', 'Content-Type' => 'application/merge-patch+json' ]]);
+        $testUser = $this->createUser('foo', 'bar', 'foobar');
+    }
+
+}