40 lines
1.5 KiB
PHP
40 lines
1.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('renders an Entra-only admin login page', function () {
|
|
$response = $this->get('/admin/login');
|
|
|
|
$response->assertSuccessful();
|
|
|
|
$response->assertSee('Sign in with Microsoft');
|
|
$response->assertSee(route('auth.entra.redirect'), escape: false);
|
|
|
|
$response->assertDontSee('type="password"', escape: false);
|
|
$response->assertDontSee('Break-glass mode', escape: false);
|
|
});
|
|
|
|
it('redirects to the Entra authorize endpoint when configured', function () {
|
|
config()->set('services.microsoft.client_id', 'test-client-id');
|
|
config()->set('services.microsoft.client_secret', 'test-client-secret');
|
|
config()->set('services.microsoft.redirect', 'https://example.test/auth/entra/callback');
|
|
config()->set('services.microsoft.tenant', 'organizations');
|
|
|
|
$response = $this->get(route('auth.entra.redirect'));
|
|
|
|
$response->assertRedirect();
|
|
$response->assertSessionHas('entra_state');
|
|
|
|
$location = (string) $response->headers->get('Location');
|
|
|
|
expect($location)->toContain('https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize');
|
|
expect($location)->toContain('client_id=test-client-id');
|
|
expect($location)->toContain('redirect_uri='.urlencode('https://example.test/auth/entra/callback'));
|
|
expect($location)->toContain('response_type=code');
|
|
expect($location)->toContain('scope=openid+profile+email');
|
|
});
|