ahmido
bab01f07a9
## Summary - standardize Microsoft provider connections around explicit platform vs dedicated identity modes - centralize admin-consent URL and runtime identity resolution so platform flows no longer fall back to tenant-local credentials - add migration classification, richer consent and verification state handling, dedicated override management, and focused regression coverage ## Validation - focused repo test coverage was added across provider identity, onboarding, audit, policy, guard, and migration flows - latest explicit passing run in the workspace: `vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Audit/ProviderConnectionConsentAuditTest.php` ## Notes - branch includes the full Spec 137 artifact set under `specs/137-platform-provider-identity/` - target base branch: `dev` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #166
66 lines
1.9 KiB
PHP
66 lines
1.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\AuditLog;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('keeps provider connection identity audit payloads aligned across consent and migration flows', function (): void {
|
|
config()->set('graph.client_id', 'platform-client-id');
|
|
config()->set('graph.client_secret', 'platform-client-secret');
|
|
|
|
$user = User::factory()->create();
|
|
$tenant = Tenant::factory()->create([
|
|
'tenant_id' => 'identity-audit-tenant-id',
|
|
]);
|
|
|
|
[$user, $tenant] = createUserWithTenant(tenant: $tenant, user: $user, role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
|
|
|
|
$response = $this->actingAs($user)->get(route('admin.consent.start', [
|
|
'tenant' => $tenant->external_id,
|
|
]));
|
|
|
|
$response->assertRedirect();
|
|
|
|
$state = session('tenant_onboard_state');
|
|
|
|
$this->get(route('admin.consent.callback', [
|
|
'tenant' => $tenant->tenant_id,
|
|
'state' => $state,
|
|
'admin_consent' => 'True',
|
|
]))->assertSuccessful();
|
|
|
|
$this->artisan('tenantpilot:provider-connections:classify', ['--write' => true])
|
|
->assertSuccessful();
|
|
|
|
$logs = AuditLog::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->whereIn('action', [
|
|
'provider_connection.consent_started',
|
|
'provider_connection.consent_result',
|
|
'provider_connection.migration_classification_applied',
|
|
])
|
|
->orderBy('id')
|
|
->get();
|
|
|
|
expect($logs)->toHaveCount(3);
|
|
|
|
foreach ($logs as $log) {
|
|
expect($log->resource_type)->toBe('provider_connection')
|
|
->and($log->resource_id)->not->toBeNull();
|
|
|
|
$metadata = is_array($log->metadata) ? $log->metadata : [];
|
|
|
|
expect($metadata)->toHaveKeys([
|
|
'provider_connection_id',
|
|
'provider',
|
|
'connection_type',
|
|
'source',
|
|
]);
|
|
}
|
|
});
|