ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
4ff0d91a2e
TenantAtlas/tests/Unit/Audit/AuditContextSanitizerTest.php
ahmido 28cfe38ba4 feat: lay audit log foundation (#163) 
## Summary
- turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface
- introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution
- add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage

## Included
- canonical `/admin/audit-log` list and detail inspection UI
- audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services
- operation terminal audit writes and purge command retention changes
- spec 134 design artifacts and focused Pest coverage for audit foundation behavior

## Validation
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php`

## Notes
- Livewire v4.0+ compliance is preserved within the existing Filament v5 application.
- No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`.
- No new globally searchable resource was introduced.
- The audit page remains read-only; no destructive actions were added.
- No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #163
2026-03-11 09:39:37 +00:00

36 lines
1.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Support\Audit\AuditContextSanitizer;
it('redacts protected audit fields recursively', function (): void {
$sanitized = AuditContextSanitizer::sanitize([
'token' => 'super-secret',
'nested' => [
'client_secret' => 'another-secret',
],
'notes' => 'Authorization: Bearer abc.def.ghi',
]);
expect(data_get($sanitized, 'token'))->toBe('[REDACTED]')
->and(data_get($sanitized, 'nested.client_secret'))->toBe('[REDACTED]')
->and(data_get($sanitized, 'notes'))->toBe('[REDACTED]');
});
it('truncates oversized strings and arrays before they reach the audit log', function (): void {
$items = collect(range(1, 55))
->mapWithKeys(static fn (int $index): array => ["key_{$index}" => "value_{$index}"])
->all();
$sanitized = AuditContextSanitizer::sanitize([
'message' => str_repeat('x', 600),
'items' => $items,
]);
expect((string) data_get($sanitized, 'message'))->toEndWith(' [truncated]')
->and(data_get($sanitized, 'items.truncated'))->toBeTrue()
->and(array_key_exists('key_50', $sanitized['items']))->toBeTrue()
->and(array_key_exists('key_51', $sanitized['items']))->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink