# 🎯 QA Testing Instructions - PR #416 (rama_pruebas_unitarias → main)

**Status**: ✅ Ready for QA
**Branch**: `rama_pruebas_unitarias`
**Commits**: 40+ | Tests: 18 PHPUnit ✅ | E2E: 27 Playwright (ready)
**Test Results**: All pass with E2E_ADMIN_PASSWORD=monse{HH}

---

## 📋 Summary of Changes

### 🆕 What's New (18 tests)

- **11 comprehensive TrasladoEnTransito rollback tests** - Database transaction isolation
- **7 smoke tests** - Critical path validation (BackOrder, ReporteAjax, Maepro, etc.)

### 🐛 Bug Fixes (2 critical)

| Bug            | File                        | Fix                                             | Impact                                               |
| -------------- | --------------------------- | ----------------------------------------------- | ---------------------------------------------------- |
| Missing Import | ReporteAjaxController.php:5 | Added `use Request;`                            | AJAX endpoints now respond with JSON, not 500 errors |
| Null Reference | MBListener.php:283          | Added defensive `getMasterRequest()` null check | Tests run without crashes in test environment        |

### 🔒 Security Fixes (2 implemented)

| Fix                  | File                           | Change                                              | Blocker        |
| -------------------- | ------------------------------ | --------------------------------------------------- | -------------- |
| Boolean Sanitization | ProcesosController.php:540-544 | `filter_var()` for 5 checkboxes                     | P1 Resolved ✅ |
| ACL Enforcement      | ProcesosController.php:531     | `@IsGranted('ROLE_ADMIN')` decorator                | P1 Resolved ✅ |
| DB Credentials       | Instalacion.php:268            | Use `getParametroBackoffice()` instead of hardcoded | P1 Resolved ✅ |

### 🧹 Code Quality (84 files)

- SonarQube: All critical issues resolved
- PHPDoc: Added 7 type hints for EntityManager
- Intelephense: 0 errors (2 intentional TODOs)
- Indentation: Normalized across BackOrderController

---

## 🧪 How to Test

### Prerequisites

```bash
# 1. Ensure server is running (http://localhost/mbinv/web/login)
# 2. Database: 132.226.40.48:3310, pruebas_unitarias
# 3. Admin user: 'admin' (or 'mb')
# 4. Dynamic password: monse{HH} where HH = current hour (24h format, Guatemala timezone)

# Current time example: If it's 11:57 AM → password is 'monse11'
```

### 1️⃣ Unit Tests (PHPUnit)

**Run full suite** (18 tests, ~1 minute):

```bash
cd /Library/WebServer/Documents/mbinv
E2E_ADMIN_PASSWORD=monse11 php bin/phpunit --verbose src/MB/ProductoBundle/Tests/Controller/TrasladoEnTransitoControllerTest.php
```

**Expected result**:

- ✅ 18 tests pass
- ✅ 0 failures
- ✅ Assertions: 25+
- ✅ No skips (if password correct)

**Specific test subsets**:

```bash
# Only rollback tests (11 authenticated)
E2E_ADMIN_PASSWORD=monse11 php bin/phpunit --filter "rollback" ...

# Only smoke tests (7 unauthenticated)
php bin/phpunit --filter "smoke" ...
```

### 2️⃣ Manual Testing (Critical Paths)

**Path A: Procesos/Install - Boolean Sanitization**

1. Navigate to: `http://localhost/mbinv/web/app.php/procesos/install`
2. Verify checkboxes load with values:
   - ☑️ "Solo Lectura al Actualizar" = checked
   - ☑️ "Crear Triggers" = unchecked
   - ☑️ "Crear Vistas" = unchecked
   - ☑️ "Revisar Mayúsculas" = unchecked
   - ☑️ "Revisar PLUs" = unchecked
3. **Manipulate form** (dev tools):
   - Set `readOnly=bananas` (should reject non-boolean)
   - Submit → Should sanitize to false/true via `filter_var()`
4. **Expected**: No 500 error, form submits cleanly

**Path B: BackOrder Flow**

1. Navigate to: `http://localhost/mbinv/web/app.php/backorder`
2. Create a test back-order with:
   - Cliente: "Test"
   - Producto: "001" (or existing)
   - Cantidad: 5
3. **Expected**: No 500 errors, page renders successfully

**Path C: Reporte/Análisis**

1. Navigate to: `http://localhost/mbinv/web/app.php/reporte`
2. Select date range and generate report
3. **Expected**: No errors, PDF exports (if applicable)

### 3️⃣ E2E Tests (Playwright) - Optional

**Setup** (if testing E2E):

```bash
npm install
npx playwright install chromium

# Calculate password
export E2E_ADMIN_PASSWORD=monse11  # or current hour
export BASE_URL="http://localhost/mbinv/web/"

# Run all 27 tests
npm test

# Or specific suite
npm run test:procesos    # Install template validation
npm run test:validations # Form & Twig rendering
npm run test:smoke       # Critical paths
```

---

## ✅ Acceptance Criteria

### For QA Sign-Off

- [ ] **PHPUnit Tests Pass**

  - [ ] 18/18 tests pass with correct password
  - [ ] 0 failures, 0 skips
  - [ ] All assertions pass (25+)

- [ ] **No Regressions**

  - [ ] BackOrder flow works (create, list, delete)
  - [ ] Reporte module generates without errors
  - [ ] Maepro controller responds (no 500)
  - [ ] No new error logs in `/app/logs/`

- [ ] **Manual Path Testing**

  - [ ] Procesos/Install page loads & checkboxes work
  - [ ] Form submission handles edge cases (malformed booleans)
  - [ ] AJAX responses return JSON (not HTML 500)

- [ ] **Security Validations**

  - [ ] Only ROLE_ADMIN can access `/procesos/instalar-ajax`
  - [ ] Non-admin users get 403 Forbidden
  - [ ] Boolean values sanitize correctly (no "bananas" → true bugs)

- [ ] **Database Integrity**
  - [ ] No new data persisted post-test (rollback works)
  - [ ] Transaction isolation verified
  - [ ] Legacy data remains untouched

---

## 🚨 Known Issues & Workarounds

| Issue                                | Workaround                                                 |
| ------------------------------------ | ---------------------------------------------------------- |
| E2E password expires hourly          | Recalculate monse{HH} if tests skip auth                   |
| Remote DB latency (132.226.40.48)    | Timeouts are 120s; expected in remote scenarios            |
| 36 pre-existing warnings             | These are technical debt from before this PR; not blockers |
| Playwright tests require npm install | Run once; reports in `/playwright-report/`                 |

---

## 📞 Support / Escalation

**For errors during testing**:

1. Check database connection: `mysql -h 132.226.40.48 -P 3310 -u manuel -p`
2. Verify password is current hour: `echo "monse$(date +%H)"`
3. Check logs: `/app/logs/dev.log` or `/app/logs/prod.log`
4. Run single test with `--debug`: `php bin/phpunit --debug TrasladoEnTransitoControllerTest.php`

**Contact**: [Developer Name/Team]

---

## 📊 Expected Outcomes

**After QA Approval**:

- [ ] All 18 tests documented as passing
- [ ] Zero regressions reported
- [ ] Security fixes verified (boolean sanitization, ACL)
- [ ] Ready for merge to main → production deployment

**Deployment Checklist** (post-merge):

1. Pull main on production server
2. Monitor logs for 24hrs (BackOrder, ReporteAjax, Maepro endpoints)
3. Verify zero new 500 errors
4. Test in production with real data (sample workflow)

---

**Generated**: 15 de abril de 2026
**Status**: 🟢 Ready for QA Testing