ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
073-unified-managed-tenant-onboarding-wizard
TenantAtlas/tests/Feature/Auth/AdminPanelAuthTest.php
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

40 lines
1.5 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('renders an Entra-only admin login page', function () {
$response = $this->get('/admin/login');
$response->assertSuccessful();
$response->assertSee('Sign in with Microsoft');
$response->assertSee(route('auth.entra.redirect'), escape: false);
$response->assertDontSee('type="password"', escape: false);
$response->assertDontSee('Break-glass mode', escape: false);
});
it('redirects to the Entra authorize endpoint when configured', function () {
config()->set('services.microsoft.client_id', 'test-client-id');
config()->set('services.microsoft.client_secret', 'test-client-secret');
config()->set('services.microsoft.redirect', 'https://example.test/auth/entra/callback');
config()->set('services.microsoft.tenant', 'organizations');
$response = $this->get(route('auth.entra.redirect'));
$response->assertRedirect();
$response->assertSessionHas('entra_state');
$location = (string) $response->headers->get('Location');
expect($location)->toContain('https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize');
expect($location)->toContain('client_id=test-client-id');
expect($location)->toContain('redirect_uri='.urlencode('https://example.test/auth/entra/callback'));
expect($location)->toContain('response_type=code');
expect($location)->toContain('scope=openid+profile+email');
});
Reference in New Issue View Git Blame Copy Permalink