ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

063-entra-signin #76

Merged
ahmido merged 5 commits from 063-entra-signin into dev 2026-01-27 16:38:54 +00:00
Conversation 0 Commits 5 Files Changed 49 +2764 -546
ahmido commented 2026-01-27 16:35:35 +00:00
Owner
Copy Link

Key changes

Adds Entra OIDC redirect + callback endpoints under /auth/entra/* (token exchange only there).
Upserts tenant users keyed by (entra_tenant_id = tid, entra_object_id = oid); regenerates session; never stores tokens.
Blocks disabled / soft-deleted users with a generic error and safe logging.
Membership-based post-login routing:
0 memberships → /admin/no-access
1 membership → tenant dashboard (via Filament URL helpers)

1 memberships → /admin/choose-tenant
Adds Filament pages:
/admin/choose-tenant (tenant selection + redirect)
/admin/no-access (tenantless-safe)
Both use simple layout to avoid tenant-required UI.
Guards / tests

Adds DbOnlyPagesDoNotMakeHttpRequestsTest to enforce DB-only render/hydration for:
/admin/login, /admin/no-access, /admin/choose-tenant
with Http::preventStrayRequests()
Adds session separation smoke coverage to ensure tenant session doesn’t access system and vice versa.
Runs: vendor/bin/sail artisan test --compact tests/Feature/Auth

Key changes Adds Entra OIDC redirect + callback endpoints under /auth/entra/* (token exchange only there). Upserts tenant users keyed by (entra_tenant_id = tid, entra_object_id = oid); regenerates session; never stores tokens. Blocks disabled / soft-deleted users with a generic error and safe logging. Membership-based post-login routing: 0 memberships → /admin/no-access 1 membership → tenant dashboard (via Filament URL helpers) >1 memberships → /admin/choose-tenant Adds Filament pages: /admin/choose-tenant (tenant selection + redirect) /admin/no-access (tenantless-safe) Both use simple layout to avoid tenant-required UI. Guards / tests Adds DbOnlyPagesDoNotMakeHttpRequestsTest to enforce DB-only render/hydration for: /admin/login, /admin/no-access, /admin/choose-tenant with Http::preventStrayRequests() Adds session separation smoke coverage to ensure tenant session doesn’t access system and vice versa. Runs: vendor/bin/sail artisan test --compact tests/Feature/Auth
ahmido added 4 commits 2026-01-27 16:35:36 +00:00 
This commit incorporates clarifications into the 063-entra-signin feature specification.

Key clarifications include:
- Multi-tenant login flow: Users with multiple memberships will be redirected to a dedicated chooser page.
- Disabled user login: Logins for disabled/soft-deleted users will be blocked, and they will be redirected with a generic error.
- Data model column sizing:  and  columns will be  (or UUID type for PostgreSQL).

These updates ensure a more precise and robust specification, covering critical UX, security, and data modeling aspects.
This commit adds the initial technical plan for the 063-entra-signin feature. The plan outlines the high-level architecture, key components, database changes, test plan, and deployment considerations based on the clarified feature specification.

The plan addresses:
- Authentication flow via Laravel Socialite and Entra ID.
- User provisioning and upsert logic.
- Post-login routing based on tenant memberships, including a dedicated chooser page for multiple memberships.
- Handling of disabled user logins.
- Database schema details for Entra ID fields.
- Comprehensive test coverage using Pest (unit, feature, browser tests).
This commit adds a detailed breakdown of tasks for the 063-entra-signin feature. The tasks are categorized into phases: Setup & Core Authentication Flow, Filament Panel Integration & UX, Testing, and Documentation & Deployment.

This task list serves as a guide for implementing the feature based on the technical plan.
ahmido added 1 commit 2026-01-27 16:37:26 +00:00
ahmido merged commit c5fbcaa692 into dev 2026-01-27 16:38:54 +00:00
ahmido referenced this issue from a commit 2026-01-27 16:38:55 +00:00
063-entra-signin (#76)
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#76
No description provided.
Delete Branch "063-entra-signin"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?