Files
alrahma_sunday_school_api/tests/Feature/Api/V1/FullSurface/ApiBatch17ExternalIdAndNaturalKeyCollisionContractTest.php
T
2026-06-09 01:25:14 -04:00

38 lines
1.6 KiB
PHP

<?php
namespace Tests\Feature\Api\V1\FullSurface;
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
class ApiBatch17ExternalIdAndNaturalKeyCollisionContractTest extends FullSurfaceE2EContractCase
{
public function test_external_ids_student_numbers_and_emails_are_not_cross_domain_authority(): void
{
$routes = $this->apiRoutesContainingAny(['students', 'parents', 'users', 'family', 'guardian', 'enrollment', 'finance']);
$payload = [
'external_id' => 'EXT-'.$this->ids['studentId'],
'student_number' => '9701',
'email' => $this->admin->email,
'parent_email' => $this->parent->email,
'user_email' => $this->teacher->email,
'natural_key' => '9701|'.$this->parent->email,
'sync_key' => 'administrator:'.$this->admin->id,
];
foreach (array_slice($routes, 0, 90) as $route) {
$method = $this->primaryMethod($route);
if ($method === 'GET') {
continue;
}
$uri = $route->uri();
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $this->payloadFor($method, $uri) + $payload);
$this->assertControlled($response, $method, $uri);
$body = strtolower($response->getContent());
$this->assertStringNotContainsString('duplicate entry', $body, $method.' '.$uri.' leaked duplicate key internals.');
$this->assertStringNotContainsString('integrity constraint', $body, $method.' '.$uri.' leaked integrity internals.');
}
}
}