add test batches
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\V1\FullSurface;
|
||||
|
||||
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
|
||||
|
||||
class ApiBusinessRuleEdgeCaseContractTest extends FullSurfaceE2EContractCase
|
||||
{
|
||||
public function test_school_year_semester_and_class_mismatch_payloads_fail_without_crashing(): void
|
||||
{
|
||||
$routes = $this->apiRoutesContainingAny(['students', 'class', 'attendance', 'scores', 'report-card', 'teacher']);
|
||||
|
||||
foreach ($routes as $route) {
|
||||
$method = $this->primaryMethod($route);
|
||||
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$uri = $route->uri();
|
||||
$payload = $this->payloadFor($method, $uri) + [
|
||||
'school_year' => '1900-1901',
|
||||
'semester' => 'Summer-Does-Not-Exist',
|
||||
'class_section_id' => 999999,
|
||||
'student_id' => 999999,
|
||||
];
|
||||
|
||||
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $payload);
|
||||
$this->assertNoServerError($response, "$method $uri mismatched academic context");
|
||||
$this->assertStatusIn($response, [200, 201, 202, 204, 302, 400, 401, 403, 404, 409, 419, 422], "$method $uri mismatched academic context");
|
||||
$this->assertStringNotContainsStringIgnoringCase('foreign key constraint', $response->getContent(), $uri . ' should validate academic context before DB failure leaks.');
|
||||
}
|
||||
}
|
||||
|
||||
public function test_financial_amount_rules_reject_zero_negative_and_precision_abuse_cleanly(): void
|
||||
{
|
||||
$routes = $this->apiRoutesContainingAny(['finance', 'payment', 'refund', 'invoice', 'fee', 'installment', 'charge']);
|
||||
$amounts = [0, -0.01, -999999, '0.0000000000001', '1000000000000000000000000.99'];
|
||||
|
||||
foreach ($routes as $route) {
|
||||
$method = $this->primaryMethod($route);
|
||||
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach ($amounts as $amount) {
|
||||
$uri = $route->uri();
|
||||
$payload = $this->payloadFor($method, $uri);
|
||||
$payload['amount'] = $amount;
|
||||
$payload['total'] = $amount;
|
||||
$payload['balance'] = $amount;
|
||||
|
||||
$response = $this->requestAs($this->admin, $method, $uri, $payload);
|
||||
$this->assertNoServerError($response, "$method $uri amount $amount");
|
||||
$this->assertStringNotContainsStringIgnoringCase('decimal', $response->getContent(), $uri . ' should not leak decimal cast internals.');
|
||||
$this->assertStringNotContainsStringIgnoringCase('SQLSTATE', $response->getContent(), $uri . ' should not leak SQLSTATE for financial edge cases.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function test_attendance_status_and_time_edge_cases_are_controlled(): void
|
||||
{
|
||||
$routes = $this->apiRoutesContainingAny(['attendance', 'late', 'dismissal', 'absence']);
|
||||
$statuses = ['present', 'absent', 'late', 'excused', 'early_dismissal', 'not-a-real-status'];
|
||||
|
||||
foreach ($routes as $route) {
|
||||
$method = $this->primaryMethod($route);
|
||||
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach ($statuses as $status) {
|
||||
$uri = $route->uri();
|
||||
$payload = $this->payloadFor($method, $uri) + [
|
||||
'status' => $status,
|
||||
'arrival_time' => '25:99',
|
||||
'dismissal_time' => '-01:00',
|
||||
];
|
||||
|
||||
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $payload);
|
||||
$this->assertNoServerError($response, "$method $uri status $status");
|
||||
$this->assertControlled($response, $method, $uri);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user