get('/system/login')->assertSuccessful(); }); it('authenticates a platform user and audits success', function () { $platformTenant = Tenant::factory()->create([ 'tenant_id' => null, 'external_id' => 'platform', 'name' => 'Platform', ]); $user = PlatformUser::factory()->create([ 'email' => 'operator@tenantpilot.io', 'is_active' => true, 'last_login_at' => null, ]); Livewire::test(Login::class) ->set('data.email', $user->email) ->set('data.password', 'password') ->call('authenticate'); expect(auth('platform')->check())->toBeTrue(); expect(auth('platform')->id())->toBe($user->getKey()); expect($user->fresh()->last_login_at)->not->toBeNull(); $audit = AuditLog::query() ->where('tenant_id', $platformTenant->getKey()) ->where('action', 'platform.auth.login') ->latest('id') ->first(); expect($audit)->not->toBeNull(); expect($audit->status)->toBe('success'); expect($audit->actor_id)->toBe($user->getKey()); expect($audit->metadata['attempted_email'] ?? null)->toBe($user->email); }); it('rejects invalid credentials and audits failure', function () { $platformTenant = Tenant::factory()->create([ 'tenant_id' => null, 'external_id' => 'platform', 'name' => 'Platform', ]); $user = PlatformUser::factory()->create([ 'email' => 'operator@tenantpilot.io', 'is_active' => true, ]); Livewire::test(Login::class) ->set('data.email', $user->email) ->set('data.password', 'wrong-password') ->call('authenticate') ->assertHasErrors(['data.email']); expect(auth('platform')->check())->toBeFalse(); $audit = AuditLog::query() ->where('tenant_id', $platformTenant->getKey()) ->where('action', 'platform.auth.login') ->latest('id') ->first(); expect($audit)->not->toBeNull(); expect($audit->status)->toBe('failure'); expect($audit->metadata['attempted_email'] ?? null)->toBe($user->email); expect($audit->metadata['reason'] ?? null)->toBe('invalid_credentials'); }); it('rejects inactive platform users and audits failure', function () { $platformTenant = Tenant::factory()->create([ 'tenant_id' => null, 'external_id' => 'platform', 'name' => 'Platform', ]); $user = PlatformUser::factory()->create([ 'email' => 'operator@tenantpilot.io', 'is_active' => false, 'last_login_at' => null, ]); Livewire::test(Login::class) ->set('data.email', $user->email) ->set('data.password', 'password') ->call('authenticate') ->assertHasErrors(['data.email']); expect(auth('platform')->check())->toBeFalse(); expect($user->fresh()->last_login_at)->toBeNull(); $audit = AuditLog::query() ->where('tenant_id', $platformTenant->getKey()) ->where('action', 'platform.auth.login') ->latest('id') ->first(); expect($audit)->not->toBeNull(); expect($audit->status)->toBe('failure'); expect($audit->metadata['attempted_email'] ?? null)->toBe($user->email); expect($audit->metadata['reason'] ?? null)->toBe('inactive'); }); it('denies system panel access (404) for platform users without the required capability', function () { Tenant::factory()->create([ 'tenant_id' => null, 'external_id' => 'platform', 'name' => 'Platform', ]); $user = PlatformUser::factory()->create([ 'capabilities' => [], 'is_active' => true, ]); Livewire::test(Login::class) ->set('data.email', $user->email) ->set('data.password', 'password') ->call('authenticate'); expect(auth('platform')->check())->toBeTrue(); $this->get('/system')->assertNotFound(); }); it('allows system panel access for platform users with the required capability', function () { Tenant::factory()->create([ 'tenant_id' => null, 'external_id' => 'platform', 'name' => 'Platform', ]); $user = PlatformUser::factory()->create([ 'capabilities' => [PlatformCapabilities::ACCESS_SYSTEM_PANEL], 'is_active' => true, ]); $this->actingAs($user, 'platform'); $this->get('/system')->assertSuccessful(); });