25551603694

Committed 08 May 2026 10:49AM UTC coverage: 71.592% (+12.6%) from 59.035%

Build # 25551603694

Build Type

push

github

Committed by

daycry

Commit Message

tests: bring coverage from 58% to 71% with 180 new tests

Adds 22 new test files covering services, models, filters, traits, commands,
exceptions, and password validators. Test count goes from 732 to 912.

Bug fixes uncovered while writing tests:
- Totp2FA::verifyCodeForUser: was passing the encrypted+base64 secret to
  TOTP::verify, which then tried to base32-decode binary garbage. Now uses
  the user's getTotpSecret() so the decrypted base32 secret reaches verify.
- HasAccessTokens trait: accessTokens() and revokeAllAccessTokens() called
  non-existent plural method names on UserIdentityModel; refactored the
  trait to delegate to AccessTokenRepository (the architectural direction).
- PasswordChangeRecorder::stampChangedAt: silently dropped the timestamp
  because password_changed_at isn't in UserModel::$allowedFields. Switched
  to a direct query builder update.
- Five admin commands (audit, sessions, tokens, totp, gdpr): used the static
  CLI::write/error/getOption helpers, which bypass the MockInputOutput
  interceptor used by tests. Switched to instance helpers and \$params.

Baseline regenerated to absorb the new (and legitimate) deprecated-method
and internal-helper warnings raised by tests that intentionally exercise
deprecated APIs and the BaseCommand setInputOutput hook.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Coverage Stats

59 of 69 new or added lines in 8 files covered. (85.51%)

1 existing line in 1 file now uncovered.

4453 of 6220 relevant lines covered (71.59%)

62.43 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

87.5

/src/Commands/SessionsCommand.php

<?php

declare(strict_types=1);

/**
 * This file is part of Daycry Auth.
 *
 * (c) Daycry <daycry9@proton.me>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Daycry\Auth\Commands;

use CodeIgniter\CLI\CLI;
use Daycry\Auth\Models\DeviceSessionModel;
use Daycry\Auth\Models\UserModel;
use Throwable;

/**
 * Admin CLI to terminate a user's active device sessions.
 *
 * Usage:
 *   php spark auth:sessions terminate -e user@example.com
 *   php spark auth:sessions terminate -i 42
 */
class SessionsCommand extends BaseCommand
{
    protected $name        = 'auth:sessions';
    protected $description = 'Terminate active device sessions for a user.';
    protected $usage       = 'auth:sessions terminate -e <email> | -i <id>';

    /**
     * Command's Options
     *
     * @var array<string, string>
     */
    protected $options = [
        '-e' => 'Target user email.',
        '-i' => 'Target user id.',
    ];

    public function run(array $params): int
    {
        $action = $params[0] ?? '';

        if ($action !== 'terminate') {
            $this->error('Unsupported action. Supported: terminate.');

            return 1;
        }

        $email = (string) ($params['e'] ?? '');
        $id    = (string) ($params['i'] ?? '');

        if ($email === '' && $id === '') {
            $this->error('Specify -e <email> or -i <id>.');

            return 1;
        }

        /** @var UserModel $userModel */
        $userModel = model(UserModel::class);
        $user      = $id !== ''
            ? $userModel->findById((int) $id)
            : $userModel->findByCredentials(['email' => $email]);

        if ($user === null) {
            $this->error('User not found.');

            return 1;
        }

        try {
            /** @var DeviceSessionModel $deviceModel */
            $deviceModel = model(DeviceSessionModel::class);
            $deviceModel->terminateAllForUser($user);

            $this->write('Terminated all device sessions for user ' . $user->id, 'green');

            return 0;
        } catch (Throwable $e) {
            $this->error('Session termination failed: ' . $e->getMessage());

            return 1;
        }
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of Daycry Auth.
7	*
8	* (c) Daycry <daycry9@proton.me>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace Daycry\Auth\Commands;
15
16	use CodeIgniter\CLI\CLI;
17	use Daycry\Auth\Models\DeviceSessionModel;
18	use Daycry\Auth\Models\UserModel;
19	use Throwable;
20
21	/**
22	* Admin CLI to terminate a user's active device sessions.
23	*
24	* Usage:
25	* php spark auth:sessions terminate -e user@example.com
26	* php spark auth:sessions terminate -i 42
27	*/
28	class SessionsCommand extends BaseCommand
29	{
30	protected $name = 'auth:sessions';
31	protected $description = 'Terminate active device sessions for a user.';
32	protected $usage = 'auth:sessions terminate -e <email> \| -i <id>';
33
34	/**
35	* Command's Options
36	*
37	* @var array<string, string>
38	*/
39	protected $options = [
40	'-e' => 'Target user email.',
41	'-i' => 'Target user id.',
42	];
43
44	public function run(array $params): int	5✔
45	{
46	$action = $params[0] ?? '';	5✔
47
48	if ($action !== 'terminate') {	5✔
49	$this->error('Unsupported action. Supported: terminate.');	1✔
50
51	return 1;	1✔
52	}
53
54	$email = (string) ($params['e'] ?? '');	4✔
55	$id = (string) ($params['i'] ?? '');	4✔
56
57	if ($email === '' && $id === '') {	4✔
58	$this->error('Specify -e <email> or -i <id>.');	1✔
59
60	return 1;	1✔
61	}
62
63	/** @var UserModel $userModel */
64	$userModel = model(UserModel::class);	3✔
65	$user = $id !== ''	3✔
66	? $userModel->findById((int) $id)	1✔
67	: $userModel->findByCredentials(['email' => $email]);	2✔
68
69	if ($user === null) {	3✔
70	$this->error('User not found.');	1✔
71
72	return 1;	1✔
73	}
74
75	try {
76	/** @var DeviceSessionModel $deviceModel */
77	$deviceModel = model(DeviceSessionModel::class);	2✔
78	$deviceModel->terminateAllForUser($user);	2✔
79
80	$this->write('Terminated all device sessions for user ' . $user->id, 'green');	2✔
81
82	return 0;	2✔
83	} catch (Throwable $e) {	×
NEW 84	$this->error('Session termination failed: ' . $e->getMessage());	×
85
86	return 1;	×
87	}
88	}
89	}

daycry / auth / 25551603694

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous