feat: admin panel, Mistral client, attribute management, API key command
- Fix EasyAdmin 5 routing: #[AdminDashboard] attribute + easyadmin.routes loader
- Fix login: _username/_password field names, CSRF stateless token config,
sessions directory, Opcache reload after cache:clear
- Add MistralClient behind OllamaClientInterface — switchable via services.yaml alias
- Add Attribute CRUD with EnumType form + ChoiceField display (enum-safe rendering)
- Add Article Type CRUD with AssociationField for attribute assignments
- Add app:api-keys:create console command (bcrypt-hashed, never stored as plaintext)
- Add redis ext to Docker image + symfony/redis-messenger, start workers
- Translate all UI strings to English
- Add tests: MistralClient, ApiKey, CreateApiKeyCommand, StringArrayType,
ArticleTypeCrudController, AttributeDefinitionCrudController (82 tests total)
- Update design doc: tech stack, AI backend switching guide, ops section
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 20:15:13 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
|
|
namespace App\Tests\Unit\Domain\Auth;
|
|
|
|
|
|
|
|
|
|
use App\Domain\Auth\ApiKey;
|
|
|
|
|
use App\Domain\Auth\User;
|
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
|
|
|
|
|
|
final class ApiKeyTest extends TestCase
|
|
|
|
|
{
|
|
|
|
|
private User $user;
|
|
|
|
|
|
|
|
|
|
protected function setUp(): void
|
|
|
|
|
{
|
|
|
|
|
$this->user = new User('test@example.com', 'hash');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testConstructorSetsFields(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'dev laptop', 'abcd1234', 'hashed-key');
|
|
|
|
|
|
|
|
|
|
self::assertSame('dev laptop', $key->getLabel());
|
|
|
|
|
self::assertSame('abcd1234', $key->getKeyPrefix());
|
|
|
|
|
self::assertSame('hashed-key', $key->getKeyHash());
|
|
|
|
|
self::assertSame($this->user, $key->getUser());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testIsActiveByDefault(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
|
|
|
|
|
self::assertTrue($key->isActive());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCanBeDeactivated(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
$key->setIsActive(false);
|
|
|
|
|
|
|
|
|
|
self::assertFalse($key->isActive());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testIsNotExpiredWithNoExpiry(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
|
|
|
|
|
self::assertFalse($key->isExpired());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testIsExpiredWhenExpiryIsPast(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
$key->setExpiresAt(new \DateTimeImmutable('-1 hour'));
|
|
|
|
|
|
|
|
|
|
self::assertTrue($key->isExpired());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testIsNotExpiredWhenExpiryIsFuture(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
$key->setExpiresAt(new \DateTimeImmutable('+1 hour'));
|
|
|
|
|
|
|
|
|
|
self::assertFalse($key->isExpired());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testMarkUsedSetsLastUsedAt(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
self::assertNull($key->getLastUsedAt());
|
|
|
|
|
|
|
|
|
|
$key->markUsed();
|
|
|
|
|
|
|
|
|
|
self::assertNotNull($key->getLastUsedAt());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGrantAndCheckPermission(): void
|
|
|
|
|
{
|
|
|
|
|
$key = new ApiKey($this->user, 'label', 'abcd1234', 'hash');
|
|
|
|
|
$key->grantPermission('articles.write');
|
|
|
|
|
|
|
|
|
|
self::assertTrue($key->hasPermission('articles.write'));
|
|
|
|
|
self::assertFalse($key->hasPermission('orders.delete'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testRawKeyVerifiesAgainstStoredHash(): void
|
|
|
|
|
{
|
|
|
|
|
$rawKey = bin2hex(random_bytes(24));
|
2026-05-19 10:56:37 +00:00
|
|
|
$hash = password_hash($rawKey, \PASSWORD_BCRYPT);
|
feat: admin panel, Mistral client, attribute management, API key command
- Fix EasyAdmin 5 routing: #[AdminDashboard] attribute + easyadmin.routes loader
- Fix login: _username/_password field names, CSRF stateless token config,
sessions directory, Opcache reload after cache:clear
- Add MistralClient behind OllamaClientInterface — switchable via services.yaml alias
- Add Attribute CRUD with EnumType form + ChoiceField display (enum-safe rendering)
- Add Article Type CRUD with AssociationField for attribute assignments
- Add app:api-keys:create console command (bcrypt-hashed, never stored as plaintext)
- Add redis ext to Docker image + symfony/redis-messenger, start workers
- Translate all UI strings to English
- Add tests: MistralClient, ApiKey, CreateApiKeyCommand, StringArrayType,
ArticleTypeCrudController, AttributeDefinitionCrudController (82 tests total)
- Update design doc: tech stack, AI backend switching guide, ops section
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 20:15:13 +00:00
|
|
|
$prefix = substr($rawKey, 0, 8);
|
|
|
|
|
|
|
|
|
|
$key = new ApiKey($this->user, 'label', $prefix, $hash);
|
|
|
|
|
|
|
|
|
|
self::assertTrue(password_verify($rawKey, $key->getKeyHash()));
|
|
|
|
|
self::assertSame($prefix, $key->getKeyPrefix());
|
|
|
|
|
}
|
|
|
|
|
}
|