ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2752515da5
TenantAtlas/apps/platform/tests/Feature/AdminConsentCallbackTest.php
ahmido 2752515da5
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Details
Spec 235: harden baseline truth and onboarding flows (#271) 
## Summary
- harden baseline capture truth, compare readiness, and monitoring explanations around latest inventory eligibility, blocked prerequisites, and zero-subject outcomes
- improve onboarding verification and bootstrap recovery handling, including admin-consent callback invalidation and queued execution legitimacy/report behavior
- align workspace findings/workspace overview signals and refresh the related spec, roadmap, and spec-candidate artifacts

## Validation
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php tests/Feature/Baselines/BaselineCaptureTest.php tests/Feature/Baselines/BaselineCompareFindingsTest.php tests/Feature/Baselines/BaselineSnapshotBackfillTest.php tests/Feature/Filament/BaselineCaptureResultExplanationSurfaceTest.php tests/Feature/Filament/BaselineCompareLandingStartSurfaceTest.php tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php tests/Feature/Notifications/OperationRunNotificationTest.php tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Operations/QueuedExecutionAuditTrailTest.php tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php`

## Notes
- browser validation was not re-run in this pass

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #271
2026-04-24 05:44:54 +00:00

181 lines
6.6 KiB
PHP
Raw Blame History

<?php
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\TenantOnboardingSession;
use App\Models\Workspace;
use App\Models\OperationRun;
use App\Support\Providers\ProviderReasonCodes;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('stores successful admin consent on provider connection canonical state', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-1',
'name' => 'Contoso',
]);
$response = $this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'admin_consent' => 'true',
]));
$response->assertOk();
$response->assertSeeText('Verification state:');
$response->assertSeeText('Needs verification');
$response->assertSee(
route('filament.admin.resources.tenants.view', ['tenant' => $tenant->external_id, 'record' => $tenant]),
false,
);
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->first();
expect($connection)->not->toBeNull()
->and($connection?->is_enabled)->toBeTrue()
->and($connection?->consent_status?->value ?? $connection?->consent_status)->toBe('granted')
->and($connection?->verification_status?->value ?? $connection?->verification_status)->toBe('unknown')
->and($connection?->last_error_reason_code)->toBeNull();
$this->assertDatabaseHas('audit_logs', [
'tenant_id' => $tenant->id,
'action' => 'tenant.consent.callback',
'status' => 'success',
]);
});
it('links back to onboarding when tenant is onboarding', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-3',
'name' => 'Onboarding Tenant',
'status' => Tenant::STATUS_ONBOARDING,
]);
$response = $this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'admin_consent' => 'true',
]));
$response->assertOk();
$response->assertSee(route('admin.onboarding'), false);
});
it('invalidates resumable onboarding verification state for the same platform connection after a successful callback', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-verify-reset',
'name' => 'Reset Tenant',
'status' => Tenant::STATUS_ONBOARDING,
]);
$connection = ProviderConnection::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'provider' => 'microsoft',
'entra_tenant_id' => $tenant->graphTenantId(),
'is_default' => true,
]);
$run = OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'type' => 'provider.connection.check',
]);
$draft = TenantOnboardingSession::query()->create([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
'entra_tenant_id' => (string) $tenant->tenant_id,
'current_step' => 'verify',
'state' => [
'provider_connection_id' => (int) $connection->getKey(),
'verification_operation_run_id' => (int) $run->getKey(),
'verification_run_id' => (int) $run->getKey(),
'bootstrap_operation_runs' => [123, 456],
'bootstrap_operation_types' => ['inventory_sync'],
'bootstrap_run_ids' => [123, 456],
],
]);
$this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'admin_consent' => 'true',
]))->assertOk();
$draft->refresh();
expect($draft->state['verification_operation_run_id'] ?? null)->toBeNull()
->and($draft->state['verification_run_id'] ?? null)->toBeNull()
->and($draft->state['bootstrap_operation_runs'] ?? null)->toBeNull()
->and($draft->state['bootstrap_operation_types'] ?? null)->toBeNull()
->and($draft->state['bootstrap_run_ids'] ?? null)->toBeNull()
->and($draft->state['connection_recently_updated'] ?? null)->toBeTrue();
});
it('creates tenant and provider connection when callback tenant does not exist', function () {
$workspace = Workspace::factory()->create();
$response = $this->withSession([
'tenant_onboard_workspace_id' => (int) $workspace->getKey(),
'tenant_onboard_state' => 'state-456',
])->get(route('admin.consent.callback', [
'tenant' => 'new-tenant',
'state' => 'state-456',
]));
$response->assertOk();
$tenant = Tenant::where('tenant_id', 'new-tenant')->first();
expect($tenant)->not->toBeNull();
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->id)
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->first();
expect($connection)->not->toBeNull()
->and($connection?->is_enabled)->toBeTrue()
->and($connection?->consent_status?->value ?? $connection?->consent_status)->toBe('required')
->and($connection?->verification_status?->value ?? $connection?->verification_status)->toBe('unknown')
->and($connection?->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderConsentMissing);
});
it('records consent callback errors on provider connection canonical state', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-2',
'name' => 'Fabrikam',
]);
$response = $this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'error' => 'access_denied',
]));
$response->assertOk();
$response->assertSeeText('Verification state:');
$response->assertSeeText('Not verified');
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->first();
expect($connection)->not->toBeNull()
->and($connection?->is_enabled)->toBeTrue()
->and($connection?->consent_status?->value ?? $connection?->consent_status)->toBe('failed')
->and($connection?->verification_status?->value ?? $connection?->verification_status)->toBe('unknown')
->and($connection?->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderAuthFailed)
->and($connection?->last_error_message)->toBe('access_denied');
$this->assertDatabaseHas('audit_logs', [
'tenant_id' => $tenant->id,
'action' => 'tenant.consent.callback',
'status' => 'failed',
]);
});
Reference in New Issue View Git Blame Copy Permalink