Add tests using PHPUnit

Tests generated by Junie AI. Might not have the best possible quality
but at least we got something, and if it turns out to be complete
rubbish, we can just throw it out again without any issues, as this is
independent of the actual code base.

1 files changed, 120 insertions, 0 deletions

diff --git a/tests/Inc/UserTest.php b/tests/Inc/UserTest.php
new file mode 100644
index 00000000..e9ca2210
--- /dev/null
+++ b/tests/Inc/UserTest.php
@@ -0,0 +1,120 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Demonstrates how to test a real class when a stub exists: opt out of the stub
+ * via the stub autoloader allowlist and let the normal inc/ autoloader load the
+ * production class instead. Now adapted to use the SQLite-backed Database test
+ * backend so we assert against real SQL, not stub call logs.
+ *
+ * @runTestsInSeparateProcesses
+ * @preserveGlobalState disabled
+ */
+class UserTest extends TestCase
+{
+	protected function setUp(): void
+	{
+		$GLOBALS['__TEST_USE_REAL_CLASSES'] = ['User'];
+
+		Database::resetSchema();
+		Session::reset();
+	}
+
+	public function testBasicAccessorsLoggedOutAndLoggedIn(): void
+	{
+		// Sanity: manipulate private static User::$user via reflection
+		$ref = new ReflectionClass('User');
+		$prop = $ref->getProperty('user');
+		$prop->setAccessible(true);
+
+		// Start logged out
+		$prop->setValue(null, false);
+		$this->assertFalse(User::isLoggedIn());
+		$this->assertNull(User::getId());
+		$this->assertFalse(User::getName());
+		$this->assertNull(User::getLogin());
+
+		// Now set a minimal user record
+		$user = [
+			'userid' => 42,
+			'fullname' => 'Alice Doe',
+			'login' => 'alice',
+			'permissions' => 0,
+			'lasteventid' => null,
+		];
+		$prop->setValue(null, $user);
+
+		$this->assertTrue(User::isLoggedIn());
+		$this->assertSame(42, User::getId());
+		$this->assertSame('Alice Doe', User::getName());
+		$this->assertSame('alice', User::getLogin());
+	}
+
+	public function testSetAndGetLastSeenEventUpdatesDatabaseAndMemory(): void
+	{
+		$ref = new ReflectionClass('User');
+		$prop = $ref->getProperty('user');
+		$prop->setAccessible(true);
+		// Use an existing seeded user (id=1)
+		$prop->setValue(null, [
+			'userid' => 1,
+			'fullname' => 'Alice Doe',
+			'login' => 'alice',
+			'permissions' => 0,
+			'lasteventid' => 1,
+		]);
+
+		User::setLastSeenEvent(1234);
+
+		// Assert DB has been updated
+		$row = Database::queryFirst('SELECT lasteventid FROM user WHERE userid = :u', ['u' => 1]);
+		$this->assertNotFalse($row);
+		$this->assertSame(1234, (int)$row['lasteventid']);
+
+		// And memory updated too
+		$this->assertSame(1234, User::getLastSeenEvent());
+	}
+
+	public function testUpdatePasswordUsesCryptoAndExecutesUpdate(): void
+	{
+		$ref = new ReflectionClass('User');
+		$prop = $ref->getProperty('user');
+		$prop->setAccessible(true);
+		// Use seeded user id=1
+		$prop->setValue(null, [
+			'userid' => 1,
+			'fullname' => 'Alice Doe',
+			'login' => 'alice',
+			'permissions' => 0,
+			'lasteventid' => null,
+		]);
+
+		// Act
+		$ret = User::updatePassword('secret');
+		$this->assertTrue($ret);
+
+		// Assert DB updated with hashed password from Crypto stub
+		$row = Database::queryFirst('SELECT passwd FROM user WHERE userid = :u', ['u' => 1]);
+		$this->assertNotFalse($row);
+		$this->assertSame('HASHED-secret', $row['passwd']);
+	}
+
+	public function testLoginVerifiesPasswordAndCreatesSession(): void
+	{
+		$_SERVER['REMOTE_ADDR'] = '192.168.127.12';
+		$_SERVER['REMOTE_PORT'] = 12345;
+		$_SERVER['HTTP_USER_AGENT'] = 'foobar';
+		Session::reset();
+
+		// Good password (Crypto::verify will accept 'ok' against 'STORED' from seed)
+		$this->assertTrue(User::login('alice', 'ok', true));
+		$this->assertNotNull(Session::$lastCreate);
+		$this->assertSame(1, Session::$lastCreate['userId']);
+
+		// Bad password
+		Session::reset();
+		$this->assertFalse(User::login('alice', 'bad', false));
+		$this->assertNull(Session::$lastCreate);
+	}
+}