migrant-web/tests/Feature/EmployerProfileWebTest.php

116 lines
4.0 KiB
PHP

<?php
namespace Tests\Feature;
use App\Models\User;
use App\Models\EmployerProfile;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Facades\Storage;
use Tests\TestCase;
class EmployerProfileWebTest extends TestCase
{
use RefreshDatabase;
protected $employer;
protected function setUp(): void
{
parent::setUp();
$this->employer = User::create([
'name' => 'Jane Sponsor',
'email' => 'sponsor@example.com',
'password' => bcrypt('password'),
'role' => 'employer',
]);
EmployerProfile::create([
'user_id' => $this->employer->id,
'company_name' => 'Sponsor Co',
'phone' => '+971501112222',
'verification_status' => 'pending',
'language' => 'English',
'notifications' => true,
]);
}
/**
* Test displaying the employer profile update form.
*/
public function test_employer_can_view_web_profile()
{
$response = $this->actingAs($this->employer)
->withSession(['user' => $this->employer])
->get('/employer/profile');
$response->assertStatus(200);
}
/**
* Test uploading Emirates ID from Web UI: extracts OCR details and purges files.
*/
public function test_employer_upload_emirates_id_ocr_and_purge()
{
Storage::fake('local');
$fakeFront = UploadedFile::fake()->create('emirates_id_front.jpg', 500, 'image/jpeg');
$fakeBack = UploadedFile::fake()->create('emirates_id_back.jpg', 500, 'image/jpeg');
$response = $this->actingAs($this->employer)
->withSession(['user' => $this->employer])
->post('/employer/profile/update', [
'name' => 'Jane Sponsor Updated',
'email' => 'sponsor@example.com',
'phone' => '+971509999999',
'company_name' => 'Sponsor Co Updated',
'language' => 'English',
'notifications' => true,
'emirates_id_front' => $fakeFront,
'emirates_id_back' => $fakeBack,
]);
$response->assertRedirect();
// 1. Verify physical files were deleted (purged)
$files = Storage::disk('local')->allFiles('temp/employer');
$this->assertEmpty($files, 'Emirates ID physical files were not purged.');
// 2. Verify database records updated with placeholders and extracted details
$profile = $this->employer->fresh()->employerProfile;
$this->assertEquals('[DELETED_FOR_PDPL_COMPLIANCE]', $profile->emirates_id_front);
$this->assertEquals('[DELETED_FOR_PDPL_COMPLIANCE]', $profile->emirates_id_back);
$this->assertNotNull($profile->emirates_id_number);
$this->assertNotNull($profile->emirates_id_expiry);
$this->assertEquals('approved', $profile->verification_status);
}
/**
* Test that a stale session with an invalid user ID does not cause a redirect loop.
*/
public function test_stale_session_does_not_cause_redirect_loop()
{
// 1. Visit with a session user object containing a non-existent ID
$staleUser = (object)[
'id' => 999999, // Doesn't exist
'name' => 'Stale User',
'email' => 'stale@example.com',
'role' => 'employer',
'subscription_status' => 'active',
'verification_status' => 'approved',
];
// Accessing dashboard should fail auth, clear session, and redirect to login
$response = $this->withSession(['user' => $staleUser])
->get('/employer/dashboard');
$response->assertRedirect(route('employer.login'));
$this->assertNull(session('user')); // Session must be cleared
// Subsequent access to login page should render successfully (no redirect)
$loginResponse = $this->get('/employer/login');
$loginResponse->assertStatus(200);
}
}