ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a5e9c43f1a
TenantAtlas/tests/Feature/Auth/OidcFailureRedirectsSafelyTest.php
Ahmed Darrazi d514550579 feat(063): Entra sign-in (tenant panel) v1
2026-01-27 17:22:33 +01:00

80 lines
2.7 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;
uses(RefreshDatabase::class);
if (! function_exists('entra_build_jwt')) {
function entra_build_jwt(array $claims): string
{
$encode = static fn (array $data): string => rtrim(
strtr(base64_encode(json_encode($data, JSON_UNESCAPED_SLASHES) ?: ''), '+/', '-_'),
'='
);
return $encode(['alg' => 'none', 'typ' => 'JWT']).'.'.$encode($claims).'.';
}
}
it('redirects back to /admin/login if state is invalid without making HTTP requests', function () {
$expectedState = 'expected-state';
Http::preventStrayRequests();
$response = $this
->withSession(['entra_state' => $expectedState])
->get(route('auth.entra.callback', ['code' => 'code-123', 'state' => 'wrong-state']));
$response->assertRedirect('/admin/login');
$response->assertSessionHas('error');
});
it('redirects back to /admin/login if the token exchange fails', function () {
config()->set('services.microsoft.client_id', 'test-client');
config()->set('services.microsoft.client_secret', 'test-secret');
config()->set('services.microsoft.redirect', 'http://localhost/auth/entra/callback');
config()->set('services.microsoft.tenant', 'organizations');
$state = 'state-123';
Http::fake([
'https://login.microsoftonline.com/*/oauth2/v2.0/token' => Http::response([], 500),
]);
$response = $this
->withSession(['entra_state' => $state])
->get(route('auth.entra.callback', ['code' => 'code-123', 'state' => $state]));
$response->assertRedirect('/admin/login');
$response->assertSessionHas('error');
});
it('redirects back to /admin/login if tid/oid claims are missing', function () {
config()->set('services.microsoft.client_id', 'test-client');
config()->set('services.microsoft.client_secret', 'test-secret');
config()->set('services.microsoft.redirect', 'http://localhost/auth/entra/callback');
config()->set('services.microsoft.tenant', 'organizations');
$state = 'state-123';
Http::fake([
'https://login.microsoftonline.com/*/oauth2/v2.0/token' => Http::response([
'id_token' => entra_build_jwt([
'tid' => 'tenant-1',
// oid intentionally missing
'preferred_username' => 'user@example.com',
]),
]),
]);
$response = $this
->withSession(['entra_state' => $state])
->get(route('auth.entra.callback', ['code' => 'code-123', 'state' => $state]));
$response->assertRedirect('/admin/login');
$response->assertSessionHas('error');
});
Reference in New Issue View Git Blame Copy Permalink