feat: add connection diagnostics

tests/Unit/Admin/ConnectionTestControllerTest.php

@@ -0,0 +1,106 @@
+<?php
+/**
+ * Tests for admin REST connection diagnostics.
+ *
+ * @package WPContentSync
+ */
+
+namespace WPContentSync\Tests\Unit\Admin;
+
+use PHPUnit\Framework\TestCase;
+use WPContentSync\Admin\ConnectionTestController;
+use WPContentSync\Logging\OptionLogger;
+use WPContentSync\Settings\SettingsRepository;
+use WPContentSync\Transport\RestTransportClient;
+
+class ConnectionTestControllerTest extends TestCase {
+	protected function tearDown(): void {
+		unset(
+			$GLOBALS['wpcs_current_user_can'],
+			$GLOBALS['wpcs_nonce_valid'],
+			$GLOBALS['wpcs_redirect_location'],
+			$GLOBALS['wpcs_test_options'],
+			$GLOBALS['wpcs_test_option_autoloads'],
+			$GLOBALS['wpcs_http_response'],
+			$GLOBALS['wpcs_last_http_request']
+		);
+
+		$_POST = array();
+
+		parent::tearDown();
+	}
+
+	public function test_it_tests_a_configured_pair_with_nonce_and_capability(): void {
+		$this->storePair();
+		$GLOBALS['wpcs_current_user_can']['manage_options']                           = true;
+		$GLOBALS['wpcs_nonce_valid']['wpcs_test_connection']['wpcs_connection_nonce'] = true;
+		$_POST['pair_index'] = '0';
+
+		$this->controller()->handleTest();
+
+		self::assertStringContainsString( 'wpcs_connection_ok=1', $GLOBALS['wpcs_redirect_location'] );
+		self::assertSame( 'GET', $GLOBALS['wpcs_last_http_request']['method'] );
+		self::assertSame( 'https://destination.test/wp-json/wp-content-sync/v1/status', $GLOBALS['wpcs_last_http_request']['url'] );
+	}
+
+	public function test_it_rejects_users_without_manage_options(): void {
+		$GLOBALS['wpcs_current_user_can']['manage_options'] = false;
+
+		$this->expectException( \RuntimeException::class );
+		$this->expectExceptionMessage( 'You do not have permission to test WP Content Sync connections.' );
+
+		$this->controller()->handleTest();
+	}
+
+	public function test_it_rejects_invalid_nonces(): void {
+		$GLOBALS['wpcs_nonce_valid']['wpcs_test_connection']['wpcs_connection_nonce'] = false;
+
+		$this->expectException( \RuntimeException::class );
+		$this->expectExceptionMessage( 'The connection test request could not be verified.' );
+
+		$this->controller()->handleTest();
+	}
+
+	public function test_it_redirects_failures_without_leaking_application_passwords(): void {
+		$this->storePair();
+		$GLOBALS['wpcs_current_user_can']['manage_options']                           = true;
+		$GLOBALS['wpcs_nonce_valid']['wpcs_test_connection']['wpcs_connection_nonce'] = true;
+		$GLOBALS['wpcs_http_response'] = array(
+			'response' => array( 'code' => 401 ),
+			'body'     => '{"message":"Unauthorized"}',
+		);
+		$_POST['pair_index']           = '0';
+
+		$this->controller()->handleTest();
+
+		self::assertStringContainsString( 'wpcs_connection_error=', $GLOBALS['wpcs_redirect_location'] );
+		self::assertStringNotContainsString( 'app-pass', $GLOBALS['wpcs_redirect_location'] );
+		self::assertStringNotContainsString( 'app-pass', wp_json_encode( $GLOBALS['wpcs_test_options'][ OptionLogger::OPTION_NAME ] ) );
+	}
+
+	private function controller(): ConnectionTestController {
+		return new ConnectionTestController(
+			new SettingsRepository(),
+			new RestTransportClient(),
+			new OptionLogger()
+		);
+	}
+
+	private function storePair(): void {
+		update_option(
+			SettingsRepository::OPTION_NAME,
+			array(
+				'sync_pairs' => array(
+					array(
+						'name'                 => 'Staging',
+						'source_url'           => 'https://source.test',
+						'destination_url'      => 'https://destination.test',
+						'username'             => 'codex',
+						'application_password' => 'app-pass',
+					),
+				),
+			),
+			false
+		);
+	}
+}