61 lines
1.8 KiB
PHP
61 lines
1.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Http;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
if (! function_exists('entra_build_jwt')) {
|
|
function entra_build_jwt(array $claims): string
|
|
{
|
|
$encode = static fn (array $data): string => rtrim(
|
|
strtr(base64_encode(json_encode($data, JSON_UNESCAPED_SLASHES) ?: ''), '+/', '-_'),
|
|
'='
|
|
);
|
|
|
|
return $encode(['alg' => 'none', 'typ' => 'JWT']).'.'.$encode($claims).'.';
|
|
}
|
|
}
|
|
|
|
it('blocks login for soft-deleted users', function () {
|
|
config()->set('services.microsoft.client_id', 'test-client');
|
|
config()->set('services.microsoft.client_secret', 'test-secret');
|
|
config()->set('services.microsoft.redirect', 'http://localhost/auth/entra/callback');
|
|
config()->set('services.microsoft.tenant', 'organizations');
|
|
|
|
$user = User::factory()->create([
|
|
'entra_tenant_id' => 'tenant-1',
|
|
'entra_object_id' => 'object-1',
|
|
'email' => 'user@example.com',
|
|
'name' => 'Disabled User',
|
|
]);
|
|
|
|
$user->delete();
|
|
|
|
$state = 'state-123';
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/*/oauth2/v2.0/token' => Http::response([
|
|
'id_token' => entra_build_jwt([
|
|
'tid' => 'tenant-1',
|
|
'oid' => 'object-1',
|
|
'preferred_username' => 'user@example.com',
|
|
'name' => 'Disabled User',
|
|
]),
|
|
]),
|
|
]);
|
|
|
|
$response = $this
|
|
->withSession(['entra_state' => $state])
|
|
->get(route('auth.entra.callback', ['code' => 'code-123', 'state' => $state]));
|
|
|
|
$response->assertRedirect('/admin/login');
|
|
$response->assertSessionHas('error');
|
|
|
|
expect(User::withTrashed()->count())->toBe(1);
|
|
expect(User::withTrashed()->first()?->trashed())->toBeTrue();
|
|
});
|