add error pages and expand unit tests

Author: jimmitchell

CHANGELOG.md

@@ -5,6 +5,30 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.1] - 2024
+
+### Added
+- **Custom Error Pages**: User-friendly error pages for 404 (Not Found), 500 (Server Error), and 403 (Forbidden) with consistent styling and navigation
+- **Comprehensive Test Coverage**: Expanded unit test suite with 35 new tests covering core functionality
+  - **CsrfTest**: 10 tests for CSRF token generation, validation, expiration, and field generation
+  - **AuthTest**: 13 tests for authentication, login/logout, registration, and user preferences
+  - **FeedParserTest**: 12 tests for feed type detection (RSS/Atom/JSON) and parsing functionality
+
+### Changed
+- **Router Error Handling**: Router now displays custom error pages instead of plain text messages
+- **Test Infrastructure**: Test suite expanded from 24 to 59 tests (146% increase) with 113 total assertions
+
+### Improved
+- **User Experience**: Professional error pages with helpful messages and navigation options
+- **Code Quality**: Significantly improved test coverage for authentication, CSRF protection, and feed parsing
+- **Error Handling**: Better error presentation for users encountering 404, 500, or 403 errors
+
+### Technical Details
+- Error pages follow the same design system as the rest of the application
+- Router's `showErrorPage()` method handles error page rendering
+- All new tests follow existing test patterns and use proper database setup/teardown
+- Test coverage now includes: Config, Logger, FeedService, RateLimiter, Response, Csrf, Auth, and FeedParser
+
 ## [1.1.0] - 2024
 
 ### Added

README.md

@@ -1,6 +1,6 @@
 # VibeReader
 
-**Version:** 1.1.0
+**Version:** 1.1.1
 
 A PHP-based RSS reading platform similar to Google Reader. This application allows you to securely manage and read RSS, Atom, and JSON feeds with a clean three-pane interface.
 

composer.json

@@ -1,7 +1,7 @@
 {
     "name": "php-vibe-reader/reader",
     "description": "A PHP-based RSS reading platform similar to Google Reader",
-    "version": "1.1.0",
+    "version": "1.1.1",
     "type": "project",
     "require": {
         "php": ">=8.0",

src/Router.php

@@ -2,6 +2,8 @@
 
 namespace PhpRss;
 
+use PhpRss\View;
+
 /**
  * Simple HTTP router for handling application routes.
  * 
@@ -126,8 +128,7 @@ public function dispatch(): void
         }
 
         // 404
-        http_response_code(404);
-        echo "Page not found";
+        $this->showErrorPage(404);
     }
 
     /**
@@ -209,18 +210,40 @@ private function handleRoute(string $handler, array $params = []): void
         $controllerClass = "PhpRss\\Controllers\\$controller";
 
         if (!class_exists($controllerClass)) {
-            http_response_code(500);
-            echo "Controller not found";
+            $this->showErrorPage(500);
             return;
         }
 
         $controllerInstance = new $controllerClass();
         if (!method_exists($controllerInstance, $method)) {
-            http_response_code(500);
-            echo "Method not found";
+            $this->showErrorPage(500);
             return;
         }
 
         $controllerInstance->$method($params);
     }
+
+    /**
+     * Show an error page based on the HTTP status code.
+     * 
+     * Renders the appropriate error page template (404, 500, 403) and
+     * sets the corresponding HTTP response code.
+     * 
+     * @param int $statusCode The HTTP status code (404, 500, or 403)
+     * @return void
+     */
+    private function showErrorPage(int $statusCode): void
+    {
+        http_response_code($statusCode);
+        
+        $templateMap = [
+            404 => 'error_404',
+            500 => 'error_500',
+            403 => 'error_403',
+        ];
+        
+        $template = $templateMap[$statusCode] ?? 'error_500';
+        
+        View::render($template);
+    }
 }

src/Version.php

@@ -15,7 +15,7 @@ class Version
      * 
      * @var string
      */
-    public const VERSION = '1.1.0';
+    public const VERSION = '1.1.1';
 
     /**
      * Application name
@@ -27,7 +27,7 @@ class Version
     /**
      * Get the full application version string.
      * 
-     * @return string Version string (e.g., "VibeReader/1.1.0")
+     * @return string Version string (e.g., "VibeReader/1.1.1")
      */
     public static function getVersionString(): string
     {
@@ -37,7 +37,7 @@ public static function getVersionString(): string
     /**
      * Get the version number only.
      * 
-     * @return string Version number (e.g., "1.1.0")
+     * @return string Version number (e.g., "1.1.1")
      */
     public static function getVersion(): string
     {

tests/Unit/AuthTest.php

@@ -0,0 +1,179 @@
+<?php
+
+namespace PhpRss\Tests\Unit;
+
+use PHPUnit\Framework\TestCase;
+use PhpRss\Auth;
+use PhpRss\Database;
+use PDO;
+
+class AuthTest extends TestCase
+{
+    protected function setUp(): void
+    {
+        // Initialize database for testing
+        Database::init();
+        Database::setup();
+        
+        // Start session for Auth tests
+        if (session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+        
+        // Clear session
+        $_SESSION = [];
+    }
+
+    protected function tearDown(): void
+    {
+        // Clean up: remove test users
+        $db = Database::getConnection();
+        $db->exec("DELETE FROM users WHERE username LIKE 'test_%'");
+        
+        // Clear session
+        $_SESSION = [];
+    }
+
+    public function testCheckReturnsFalseWhenNotLoggedIn(): void
+    {
+        $this->assertFalse(Auth::check());
+    }
+
+    public function testCheckReturnsTrueWhenLoggedIn(): void
+    {
+        // Create a test user and login
+        $this->createTestUser('test_user', 'test@example.com', 'password123');
+        $this->assertTrue(Auth::login('test_user', 'password123'));
+        $this->assertTrue(Auth::check());
+    }
+
+    public function testUserReturnsNullWhenNotAuthenticated(): void
+    {
+        $user = Auth::user();
+        $this->assertNull($user);
+    }
+
+    public function testUserReturnsUserDataWhenAuthenticated(): void
+    {
+        $username = 'test_user';
+        $email = 'test@example.com';
+        $this->createTestUser($username, $email, 'password123');
+        
+        Auth::login($username, 'password123');
+        $user = Auth::user();
+        
+        $this->assertNotNull($user);
+        $this->assertEquals($username, $user['username']);
+        $this->assertEquals($email, $user['email']);
+        $this->assertArrayHasKey('id', $user);
+    }
+
+    public function testLoginWithValidCredentials(): void
+    {
+        $username = 'test_user';
+        $this->createTestUser($username, 'test@example.com', 'password123');
+        
+        $result = Auth::login($username, 'password123');
+        $this->assertTrue($result);
+        $this->assertTrue(Auth::check());
+        $this->assertEquals($username, $_SESSION['username'] ?? null);
+    }
+
+    public function testLoginWithInvalidPassword(): void
+    {
+        $username = 'test_user';
+        $this->createTestUser($username, 'test@example.com', 'password123');
+        
+        $result = Auth::login($username, 'wrong_password');
+        $this->assertFalse($result);
+        $this->assertFalse(Auth::check());
+    }
+
+    public function testLoginWithInvalidUsername(): void
+    {
+        $result = Auth::login('nonexistent_user', 'password123');
+        $this->assertFalse($result);
+        $this->assertFalse(Auth::check());
+    }
+
+    public function testLoginWithEmail(): void
+    {
+        $email = 'test@example.com';
+        $this->createTestUser('test_user', $email, 'password123');
+        
+        $result = Auth::login($email, 'password123');
+        $this->assertTrue($result);
+        $this->assertTrue(Auth::check());
+    }
+
+    public function testRegisterWithNewUser(): void
+    {
+        $result = Auth::register('test_new_user', 'newuser@example.com', 'password123');
+        $this->assertTrue($result);
+        
+        // Verify user was created
+        $db = Database::getConnection();
+        $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
+        $stmt->execute(['test_new_user']);
+        $user = $stmt->fetch();
+        $this->assertNotFalse($user);
+        $this->assertEquals('newuser@example.com', $user['email']);
+    }
+
+    public function testRegisterWithDuplicateUsername(): void
+    {
+        $username = 'test_duplicate';
+        $this->createTestUser($username, 'first@example.com', 'password123');
+        
+        // Try to register with same username
+        $result = Auth::register($username, 'second@example.com', 'password456');
+        $this->assertFalse($result);
+    }
+
+    public function testRegisterWithDuplicateEmail(): void
+    {
+        $email = 'duplicate@example.com';
+        $this->createTestUser('test_first', $email, 'password123');
+        
+        // Try to register with same email
+        $result = Auth::register('test_second', $email, 'password456');
+        $this->assertFalse($result);
+    }
+
+    public function testLogout(): void
+    {
+        // Login first
+        $this->createTestUser('test_user', 'test@example.com', 'password123');
+        Auth::login('test_user', 'password123');
+        $this->assertTrue(Auth::check());
+        
+        // Logout
+        Auth::logout();
+        $this->assertFalse(Auth::check());
+    }
+
+    public function testUserLoadsPreferencesIntoSession(): void
+    {
+        $username = 'test_user';
+        $this->createTestUser($username, 'test@example.com', 'password123');
+        
+        Auth::login($username, 'password123');
+        Auth::user(); // Load preferences
+        
+        // Check that preferences are in session
+        $this->assertArrayHasKey('hide_read_items', $_SESSION);
+        $this->assertArrayHasKey('dark_mode', $_SESSION);
+        $this->assertArrayHasKey('timezone', $_SESSION);
+    }
+
+    /**
+     * Helper method to create a test user in the database.
+     */
+    private function createTestUser(string $username, string $email, string $password): void
+    {
+        $db = Database::getConnection();
+        $passwordHash = password_hash($password, PASSWORD_DEFAULT);
+        $stmt = $db->prepare("INSERT INTO users (username, email, password_hash) VALUES (?, ?, ?)");
+        $stmt->execute([$username, $email, $passwordHash]);
+    }
+}