test(auth): add 33 unit tests for AuthService and RememberMeService

AuthServiceTest (17 tests): canLoginToTenant, refreshSessionAuthState,
loginUserById, login email-not-verified branch.
RememberMeServiceTest (16 tests): rememberUser, autoLoginFromCookie
(all 11 branches), forgetCurrentUser, forgetAllForUser,
expireAllTokensByAdmin.

Also fixes: 3 PHPStan errors in FrontendTelemetryIngestService,
8 CS-Fixer violations in out-of-scope files (ordered_imports,
braces_position).

All quality gates green: QG-001 (429 tests/0 failures),
QG-002 (0 errors), QG-003 (11 arch tests pass), QG-006 (0 violations).

Task: AUTH-LOGIN-REVIEW-001

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-06 11:43:31 +01:00
parent 205da203cc
commit 549d9dd6f4
17 changed files with 1360 additions and 16 deletions

View File

@@ -453,8 +453,8 @@ class FrontendTelemetryIngestService
*/
private function applyBurstLimit(array &$state, int $now): bool
{
$windowStart = (int) ($state['burst']['window_start'] ?? 0);
$count = max(0, (int) ($state['burst']['count'] ?? 0));
$windowStart = $state['burst']['window_start'];
$count = max(0, $state['burst']['count']);
if ($windowStart <= 0 || ($now - $windowStart) >= self::FAST_DROP_WINDOW_SECONDS) {
$windowStart = $now;
@@ -481,10 +481,7 @@ class FrontendTelemetryIngestService
*/
private function isDuplicateAndTouch(array &$state, string $fingerprintHash, int $now): bool
{
$seen = $state['dedupe'] ?? [];
if (!is_array($seen)) {
$seen = [];
}
$seen = $state['dedupe'];
$cutoff = $now - self::DEDUPE_WINDOW_SECONDS;
foreach ($seen as $key => $timestamp) {