37 lines
1.2 KiB
PHP
37 lines
1.2 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\ProviderCredential;
|
|
use App\Services\Providers\CredentialManager;
|
|
|
|
test('provider credentials are encrypted at rest and never rendered in the UI', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
|
|
|
$connection = ProviderConnection::factory()->create([
|
|
'tenant_id' => $tenant->getKey(),
|
|
]);
|
|
|
|
$this->actingAs($user);
|
|
|
|
/** @var CredentialManager $manager */
|
|
$manager = app(CredentialManager::class);
|
|
$manager->upsertClientSecretCredential(
|
|
connection: $connection,
|
|
clientId: 'client-id',
|
|
clientSecret: 'super-secret',
|
|
);
|
|
|
|
$credential = ProviderCredential::query()
|
|
->where('provider_connection_id', $connection->getKey())
|
|
->first();
|
|
|
|
expect($credential)->not->toBeNull();
|
|
expect((string) $credential->getRawOriginal('payload'))->not->toContain('super-secret');
|
|
|
|
$this->get(ProviderConnectionResource::getUrl('edit', ['record' => $connection], tenant: $tenant))
|
|
->assertOk()
|
|
->assertDontSee('super-secret')
|
|
->assertDontSee('client_secret');
|
|
});
|