feat(auth): harden login flows and finalize quality-check coverage

This commit is contained in:
2026-03-07 22:54:33 +01:00
parent aefe80457c
commit 7153fec05c
20 changed files with 1769 additions and 28 deletions

View File

@@ -0,0 +1,23 @@
<?php
namespace MintyPHP\Tests\Architecture;
use PHPUnit\Framework\TestCase;
class AuthRegisterSecurityContractTest extends TestCase
{
use ProjectFileAssertionSupport;
public function testRegisterPageVerifiesCsrfBeforeHandlingPostPayload(): void
{
$content = $this->readProjectFile('pages/auth/register().php');
$this->assertStringContainsString("if (\$request->isMethod('POST')) {", $content);
$this->assertStringContainsString("if (!Session::checkCsrfToken()) {", $content);
$this->assertStringContainsString("t('Form expired, please try again')", $content);
$this->assertMatchesRegularExpression(
'/if \(\$request->isMethod\(\'POST\'\)\) \{\s*if \(!Session::checkCsrfToken\(\)\) \{/s',
$content
);
}
}