╔══════════════════════════════════════════════╗ ║ PHASE 8 — User Profile & Settings Tests ║ ║ Test User: canopussoft@gmail.com  ╚══════════════════════════════════════════════╝ ═══ 1. Profile View & Update ═══ ✔ Read user profile from DB ✔ Update profile name ✔ Update profile phone ✔ Update profile language ✔ Validate name required (ValidationHelper) ✔ Validate name min length ✔ Validate name max length ✔ Valid profile update passes validation ✔ Security::escape prevents XSS in name ✔ ActivityHelper::log profile_update correct signature ═══ 2. Password Change ═══ ✘ Verify current password (correct) — Password verify failed ✔ Verify current password (incorrect) rejects ✔ Strong password validation — too short ✔ Strong password validation — no uppercase ✔ Strong password validation — no lowercase ✔ Strong password validation — no number ✔ Strong password validation — no special char ✔ Strong password validation — valid password passes ✔ Password confirm must match ✔ Password confirm matches ✔ Hash and verify new password ✔ Password change with DB update & restore ✔ ActivityHelper::passwordChanged convenience method ═══ 3. Two-Factor Authentication (2FA) ═══ ✔ TotpHelper::generateSecret returns 16-char base32 ✔ TotpHelper::generate creates 6-digit code ✔ TotpHelper::verify valid code ✔ TotpHelper::verify invalid code rejects ✔ Enable 2FA — store secret in DB ✔ Verify TOTP code against stored secret ✔ Disable 2FA — clear secret ✔ ActivityHelper::log 2fa_enabled correct params ✔ ActivityHelper::log 2fa_disabled correct params ═══ 4. API Key Management ═══ ✔ Generate API key (Security::generateApiKey) ✔ Hash API key (Security::hashApiKey) ✔ API key preview fits VARCHAR(10) ✔ OLD preview format would overflow VARCHAR(10) ✔ Create API key in DB ✔ List active API keys for user ✔ Max 5 active keys limit check ✔ Revoke API key ✔ Revoked key not in active list ✔ Key ownership check prevents cross-user access ✔ ActivityHelper::log api_key_created correct params ═══ 5. Notifications ═══ ✔ Create notification ✔ Get unread count ✔ Get unread notifications (limit) ✔ Get all notifications (paginated) ✔ Mark single notification as read ✔ Mark all notifications as read ✔ Notification types: info, success, warning, error ✔ Convenience: paymentApproved notification ✔ Convenience: lowCredits notification ═══ 6. User Settings ═══ ✔ Languages table has data ✔ Languages table has code and name columns ✔ Language update validates format (2-letter code) ✔ Update language in DB ✔ Session::set/get for notification preferences ✔ ActivityHelper::log settings_updated correct params ═══ 7. Controller Method Verification ═══ ✔ UserController has all required methods ✔ ProfileController has all required methods ✔ NotificationController has all required methods ✔ SettingsController has all required methods ✔ UserController uses Session class (not raw $_SESSION) ✔ SettingsController uses Session class (not raw $_SESSION) ═══ 8. ActivityHelper Param Order Regression ═══ ✔ UserController::updateProfile log uses (action, entityType, entityId, details, userId) ✔ UserController::changePassword log uses password_changed action ✔ UserController::enable2fa log uses (2fa_enabled, users) ✔ UserController::disable2fa log uses (2fa_disabled, users) ✔ UserController::createApiKey log uses (api_key_created, api_keys) ✔ UserController::revokeApiKey log uses (api_key_revoked, api_keys) ✔ SettingsController::update log uses (settings_updated, users) not (userId, ...) ═══ 9. API Key Preview Regression ═══ ✔ UserController createApiKey uses correct preview format ✔ UserController enable2fa uses execute() not query() ✔ UserController disable2fa uses execute() not query() ✔ SettingsController update uses execute() not query() ═══ 10. HTTP Page Loading ═══ ✘ GET profile returns 200 or 302 (auth redirect) — Got HTTP 404 ✘ GET profile/security returns 200 or 302 (auth redirect) — Got HTTP 404 ✘ GET profile/api-keys returns 200 or 302 (auth redirect) — Got HTTP 404 ✘ GET settings returns 200 or 302 (auth redirect) — Got HTTP 404 ✘ GET notifications returns 200 or 302 (auth redirect) — Got HTTP 404 ✘ GET /notifications/unread-count returns 200/302 — Got HTTP 404 ═══ 11. Route Definitions ═══ ✔ Route GET profile → UserController::profile ✔ Route POST profile/update → UserController::updateProfile ✔ Route POST profile/password → UserController::changePassword ✔ Route GET profile/security → UserController::security ✔ Route POST profile/2fa/enable → UserController::enable2fa ✔ Route POST profile/2fa/disable → UserController::disable2fa ✔ Route GET profile/api-keys → UserController::apiKeys ✔ Route POST profile/api-keys/create → UserController::createApiKey ✔ Route POST profile/api-keys/revoke/{id} → UserController::revokeApiKey ✔ Route GET settings → SettingsController::index ✔ Route POST settings/update → SettingsController::update ✔ Route GET notifications → NotificationController::index ✔ Route POST notifications/read/{id} → NotificationController::markRead ✔ Route POST notifications/read-all → NotificationController::markAllRead ✔ Route GET notifications/unread-count → NotificationController::unreadCount ═══ Cleanup ═══ Cleanup complete. ╔══════════════════════════════════════════════╗ ║ Phase 8 Results ║ ╠══════════════════════════════════════════════╣ ║ Total: 96 Passed: 89 Failed: 7 ║ ╚══════════════════════════════════════════════╝ *** 7 TESTS FAILED ***