ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
2952e5ad3e
TenantAtlas/apps/platform/tests/Feature/Auth/SystemPanelAuthTest.php
ahmido e64bae9cfc feat: cut over tenant core to managed environments (#335) 
## Summary
- replace the legacy Tenant and TenantMembership core models with ManagedEnvironment and ManagedEnvironmentMembership
- propagate the managed environment naming and key changes across Filament resources, pages, controllers, jobs, models, and supporting runtime paths
- add feature 279 spec artifacts and focused managed-environment test coverage for model behavior, route binding, panel context, authorization, and legacy guardrails

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentAuthorizationTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentContextResolverTest.php tests/Unit/ManagedEnvironment/ManagedEnvironmentModelTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- branch pushed from commit `1123b122`
- browser smoke test file was added but not run in this pass

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #335
2026-05-07 06:38:14 +00:00

164 lines
5.0 KiB
PHP
Raw Blame History

<?php
use App\Filament\System\Pages\Auth\Login;
use App\Models\AuditLog;
use App\Models\PlatformUser;
use App\Models\ManagedEnvironment;
use App\Support\Auth\PlatformCapabilities;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function () {
Filament::setCurrentPanel('system');
Filament::bootCurrentPanel();
});
it('serves the system login page', function () {
$this->get('/system/login')->assertSuccessful();
});
it('authenticates a platform user and audits success', function () {
$platformTenant = ManagedEnvironment::factory()->create([
'managed_environment_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
$user = PlatformUser::factory()->create([
'email' => 'operator@tenantpilot.io',
'is_active' => true,
'last_login_at' => null,
]);
Livewire::test(Login::class)
->set('data.email', $user->email)
->set('data.password', 'password')
->call('authenticate');
expect(auth('platform')->check())->toBeTrue();
expect(auth('platform')->id())->toBe($user->getKey());
expect($user->fresh()->last_login_at)->not->toBeNull();
$audit = AuditLog::query()
->where('managed_environment_id', $platformTenant->getKey())
->where('action', 'platform.auth.login')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit->status)->toBe('success');
expect($audit->actor_id)->toBe($user->getKey());
expect($audit->metadata['attempted_email'] ?? null)->toBe($user->email);
});
it('rejects invalid credentials and audits failure', function () {
$platformTenant = ManagedEnvironment::factory()->create([
'managed_environment_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
$user = PlatformUser::factory()->create([
'email' => 'operator@tenantpilot.io',
'is_active' => true,
]);
Livewire::test(Login::class)
->set('data.email', $user->email)
->set('data.password', 'wrong-password')
->call('authenticate')
->assertHasErrors(['data.email']);
expect(auth('platform')->check())->toBeFalse();
$audit = AuditLog::query()
->where('managed_environment_id', $platformTenant->getKey())
->where('action', 'platform.auth.login')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit->status)->toBe('failed');
expect($audit->metadata['attempted_email'] ?? null)->toBe($user->email);
expect($audit->metadata['reason'] ?? null)->toBe('invalid_credentials');
});
it('rejects inactive platform users and audits failure', function () {
$platformTenant = ManagedEnvironment::factory()->create([
'managed_environment_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
$user = PlatformUser::factory()->create([
'email' => 'operator@tenantpilot.io',
'is_active' => false,
'last_login_at' => null,
]);
Livewire::test(Login::class)
->set('data.email', $user->email)
->set('data.password', 'password')
->call('authenticate')
->assertHasErrors(['data.email']);
expect(auth('platform')->check())->toBeFalse();
expect($user->fresh()->last_login_at)->toBeNull();
$audit = AuditLog::query()
->where('managed_environment_id', $platformTenant->getKey())
->where('action', 'platform.auth.login')
->latest('id')
->first();
expect($audit)->not->toBeNull();
expect($audit->status)->toBe('failed');
expect($audit->metadata['attempted_email'] ?? null)->toBe($user->email);
expect($audit->metadata['reason'] ?? null)->toBe('inactive');
});
it('denies system panel access (403) for platform users without the required capability', function () {
ManagedEnvironment::factory()->create([
'managed_environment_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
$user = PlatformUser::factory()->create([
'capabilities' => [],
'is_active' => true,
]);
Livewire::test(Login::class)
->set('data.email', $user->email)
->set('data.password', 'password')
->call('authenticate');
expect(auth('platform')->check())->toBeTrue();
$this->get('/system')->assertForbidden();
});
it('allows system panel access for platform users with the required capability', function () {
ManagedEnvironment::factory()->create([
'managed_environment_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
$user = PlatformUser::factory()->create([
'capabilities' => [
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
PlatformCapabilities::CONSOLE_VIEW,
],
'is_active' => true,
]);
$this->actingAs($user, 'platform');
$this->get('/system')->assertSuccessful();
});
Reference in New Issue View Git Blame Copy Permalink