TenantAtlas/apps/platform/tests/Feature/Workspaces/WorkspaceIntendedUrlTest.php

<?php

declare(strict_types=1);

use App\Support\Workspaces\WorkspaceContext;
use App\Support\Workspaces\WorkspaceIntendedUrl;
use Illuminate\Foundation\Testing\RefreshDatabase;

uses(RefreshDatabase::class);

it('stores and consumes an intended admin URL (path + query)', function (): void {
    session()->forget(WorkspaceContext::INTENDED_URL_SESSION_KEY);

    WorkspaceIntendedUrl::store('/admin/operations?tab=active');

    expect(session(WorkspaceContext::INTENDED_URL_SESSION_KEY))->toBe('/admin/operations?tab=active');

    $consumed = WorkspaceIntendedUrl::consume();

    expect($consumed)->toBe('/admin/operations?tab=active');
    expect(session()->has(WorkspaceContext::INTENDED_URL_SESSION_KEY))->toBeFalse();
});

it('rejects non-admin intended URLs', function (): void {
    session()->forget(WorkspaceContext::INTENDED_URL_SESSION_KEY);

    WorkspaceIntendedUrl::store('/logout');

    expect(session()->has(WorkspaceContext::INTENDED_URL_SESSION_KEY))->toBeFalse();
});

it('rejects absolute URLs and protocol-relative URLs', function (): void {
    session()->forget(WorkspaceContext::INTENDED_URL_SESSION_KEY);

    WorkspaceIntendedUrl::store('https://example.com/admin/operations');
    expect(session()->has(WorkspaceContext::INTENDED_URL_SESSION_KEY))->toBeFalse();

    WorkspaceIntendedUrl::store('//example.com/admin/operations');
    expect(session()->has(WorkspaceContext::INTENDED_URL_SESSION_KEY))->toBeFalse();
});