Working state

tests/Media/MediaControllerTest.php

@@ -202,7 +202,35 @@ final class MediaControllerTest extends ControllerTestCase
 
         $this->assertStatus($res, 200);
         $this->assertJsonContentType($res);
-        $this->assertJsonContains($res, ['success' => true, 'file' => '/media/abc123.webp']);
+        $this->assertJsonContains($res, [
+            'success' => true,
+            'url' => '/media/abc123.webp',
+            'file' => '/media/abc123.webp',
+        ]);
+    }
+
+    /**
+     * upload() doit utiliser 0 comme identifiant utilisateur de secours si la session ne contient pas d'utilisateur.
+     */
+    public function testUploadUsesZeroAsFallbackUserId(): void
+    {
+        $file = $this->makeValidUploadedFile();
+        $this->sessionManager->method('getUserId')->willReturn(null);
+
+        $this->mediaService->expects($this->once())
+            ->method('store')
+            ->with($file, 0)
+            ->willReturn('/media/fallback-user.webp');
+
+        $req = $this->makePost('/admin/media/upload')->withUploadedFiles(['image' => $file]);
+        $res = $this->controller->upload($req, $this->makeResponse());
+
+        $this->assertStatus($res, 200);
+        $this->assertJsonContains($res, [
+            'success' => true,
+            'url' => '/media/fallback-user.webp',
+            'file' => '/media/fallback-user.webp',
+        ]);
     }
 
     // ── delete ───────────────────────────────────────────────────────

tests/Media/MediaControllerUploadCompatibilityTest.php

@@ -0,0 +1,91 @@
+<?php
+declare(strict_types=1);
+
+namespace Tests\Media;
+
+use App\Media\MediaController;
+use App\Media\MediaServiceInterface;
+use App\Shared\Http\FlashServiceInterface;
+use App\Shared\Http\SessionManagerInterface;
+use PHPUnit\Framework\MockObject\MockObject;
+use Psr\Http\Message\UploadedFileInterface;
+use Tests\ControllerTestCase;
+
+#[\PHPUnit\Framework\Attributes\AllowMockObjectsWithoutExpectations]
+final class MediaControllerUploadCompatibilityTest extends ControllerTestCase
+{
+    /** @var \Slim\Views\Twig&MockObject */
+    private \Slim\Views\Twig $view;
+
+    /** @var MediaServiceInterface&MockObject */
+    private MediaServiceInterface $mediaService;
+
+    /** @var FlashServiceInterface&MockObject */
+    private FlashServiceInterface $flash;
+
+    /** @var SessionManagerInterface&MockObject */
+    private SessionManagerInterface $sessionManager;
+
+    private MediaController $controller;
+
+    protected function setUp(): void
+    {
+        $this->view = $this->makeTwigMock();
+        $this->mediaService = $this->createMock(MediaServiceInterface::class);
+        $this->flash = $this->createMock(FlashServiceInterface::class);
+        $this->sessionManager = $this->createMock(SessionManagerInterface::class);
+
+        $this->controller = new MediaController(
+            $this->view,
+            $this->mediaService,
+            $this->flash,
+            $this->sessionManager,
+        );
+    }
+
+    public function testUploadAcceptsFileFieldNameUsedByTrumbowyg(): void
+    {
+        $file = $this->makeValidUploadedFile();
+        $this->sessionManager->method('getUserId')->willReturn(7);
+        $this->mediaService->expects($this->once())
+            ->method('store')
+            ->with($file, 7)
+            ->willReturn('/media/from-file-field.webp');
+
+        $req = $this->makePost('/admin/media/upload')->withUploadedFiles(['file' => $file]);
+        $res = $this->controller->upload($req, $this->makeResponse());
+
+        $this->assertStatus($res, 200);
+        $this->assertJsonContains($res, [
+            'success' => true,
+            'url' => '/media/from-file-field.webp',
+            'file' => '/media/from-file-field.webp',
+        ]);
+    }
+
+    public function testUploadSuccessResponseContainsBothUrlAndFileKeys(): void
+    {
+        $file = $this->makeValidUploadedFile();
+        $this->sessionManager->method('getUserId')->willReturn(3);
+        $this->mediaService->method('store')->willReturn('/media/dual-key.webp');
+
+        $req = $this->makePost('/admin/media/upload')->withUploadedFiles(['image' => $file]);
+        $res = $this->controller->upload($req, $this->makeResponse());
+
+        $this->assertStatus($res, 200);
+        $this->assertJsonContains($res, [
+            'success' => true,
+            'url' => '/media/dual-key.webp',
+            'file' => '/media/dual-key.webp',
+        ]);
+    }
+
+    /** @return UploadedFileInterface&MockObject */
+    private function makeValidUploadedFile(): UploadedFileInterface
+    {
+        $file = $this->createMock(UploadedFileInterface::class);
+        $file->method('getError')->willReturn(UPLOAD_ERR_OK);
+
+        return $file;
+    }
+}

tests/Shared/ExtensionTest.php

@@ -46,6 +46,21 @@ final class ExtensionTest extends TestCase
         ], $extension->getGlobals());
     }
 
+    public function testSessionExtensionExposesNullDefaultsWhenSessionIsEmpty(): void
+    {
+        $_SESSION = [];
+
+        $extension = new SessionExtension();
+
+        self::assertSame([
+            'session' => [
+                'user_id' => null,
+                'username' => null,
+                'role' => null,
+            ],
+        ], $extension->getGlobals());
+    }
+
     public function testCsrfExtensionExposesTokens(): void
     {
         $storage = [];

tests/Shared/ProvisionerTest.php

@@ -0,0 +1,75 @@
+<?php
+declare(strict_types=1);
+
+namespace Tests\Shared;
+
+use App\Shared\Database\Provisioner;
+use PDO;
+use PHPUnit\Framework\TestCase;
+
+final class ProvisionerTest extends TestCase
+{
+    private PDO $db;
+    private string $lockPath;
+    private bool $lockExistedBefore;
+
+    /** @var array<string, string> */
+    private array $envBackup;
+
+    protected function setUp(): void
+    {
+        $this->db = new PDO('sqlite::memory:', options: [
+            PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+        ]);
+        $this->db->sqliteCreateFunction('strip_tags', 'strip_tags', 1);
+
+        $this->lockPath = dirname(__DIR__, 2) . '/database/.provision.lock';
+        $this->lockExistedBefore = file_exists($this->lockPath);
+
+        $this->envBackup = [
+            'ADMIN_USERNAME' => $_ENV['ADMIN_USERNAME'] ?? '',
+            'ADMIN_EMAIL'    => $_ENV['ADMIN_EMAIL'] ?? '',
+            'ADMIN_PASSWORD' => $_ENV['ADMIN_PASSWORD'] ?? '',
+        ];
+
+        $_ENV['ADMIN_USERNAME'] = 'shared-admin';
+        $_ENV['ADMIN_EMAIL']    = 'shared-admin@example.com';
+        $_ENV['ADMIN_PASSWORD'] = 'strong-secret';
+    }
+
+    protected function tearDown(): void
+    {
+        foreach ($this->envBackup as $key => $value) {
+            $_ENV[$key] = $value;
+        }
+
+        if (!$this->lockExistedBefore && file_exists($this->lockPath)) {
+            @unlink($this->lockPath);
+        }
+    }
+
+    public function testRunAppliesMigrationsSeedsAdminAndCreatesLockFile(): void
+    {
+        Provisioner::run($this->db);
+
+        self::assertFileExists($this->lockPath);
+
+        $migrationCount = (int) $this->db->query('SELECT COUNT(*) FROM migrations')->fetchColumn();
+        self::assertGreaterThan(0, $migrationCount, 'Les migrations doivent être enregistrées');
+
+        $admin = $this->db->query("SELECT username, email, role FROM users WHERE username = 'shared-admin'")->fetch();
+        self::assertIsArray($admin);
+        self::assertSame('shared-admin@example.com', $admin['email']);
+        self::assertSame('admin', $admin['role']);
+    }
+
+    public function testRunIsIdempotentForAdminSeed(): void
+    {
+        Provisioner::run($this->db);
+        Provisioner::run($this->db);
+
+        $adminCount = (int) $this->db->query("SELECT COUNT(*) FROM users WHERE username = 'shared-admin'")->fetchColumn();
+        self::assertSame(1, $adminCount);
+    }
+}

tests/Shared/RoutesTest.php

@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+
+namespace Tests\Shared;
+
+use App\Shared\Routes;
+use PHPUnit\Framework\TestCase;
+use Slim\Factory\AppFactory;
+
+final class RoutesTest extends TestCase
+{
+    public function testRegisterDeclaresExpectedPublicAndProtectedRoutes(): void
+    {
+        $app = AppFactory::create();
+        Routes::register($app);
+
+        $actual = [];
+        foreach ($app->getRouteCollector()->getRoutes() as $route) {
+            $pattern = $route->getPattern();
+            $methods = $route->getMethods();
+
+            if (!isset($actual[$pattern])) {
+                $actual[$pattern] = [];
+            }
+
+            $actual[$pattern] = array_values(array_unique(array_merge($actual[$pattern], $methods)));
+            sort($actual[$pattern]);
+        }
+
+        $expected = [
+            '/' => ['GET'],
+            '/article/{slug}' => ['GET'],
+            '/rss.xml' => ['GET'],
+            '/auth/login' => ['GET', 'POST'],
+            '/auth/logout' => ['POST'],
+            '/password/forgot' => ['GET', 'POST'],
+            '/password/reset' => ['GET', 'POST'],
+            '/account/password' => ['GET', 'POST'],
+            '/admin' => ['GET'],
+            '/admin/posts' => ['GET'],
+            '/admin/posts/edit/{id}' => ['GET', 'POST'],
+            '/admin/posts/create' => ['POST'],
+            '/admin/posts/delete/{id}' => ['POST'],
+            '/admin/media/upload' => ['POST'],
+            '/admin/media' => ['GET'],
+            '/admin/media/delete/{id}' => ['POST'],
+            '/admin/categories' => ['GET'],
+            '/admin/categories/create' => ['POST'],
+            '/admin/categories/delete/{id}' => ['POST'],
+            '/admin/users' => ['GET'],
+            '/admin/users/create' => ['GET', 'POST'],
+            '/admin/users/role/{id}' => ['POST'],
+            '/admin/users/delete/{id}' => ['POST'],
+        ];
+
+        ksort($expected);
+        ksort($actual);
+
+        self::assertSame($expected, $actual);
+    }
+}