ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
add1e3fe2f
TenantAtlas/tests/Feature/Onboarding/AdminConsentCallbackPlatformConnectionTest.php
ahmido bab01f07a9 feat: standardize platform provider identity (#166) 
## Summary
- standardize Microsoft provider connections around explicit platform vs dedicated identity modes
- centralize admin-consent URL and runtime identity resolution so platform flows no longer fall back to tenant-local credentials
- add migration classification, richer consent and verification state handling, dedicated override management, and focused regression coverage

## Validation
- focused repo test coverage was added across provider identity, onboarding, audit, policy, guard, and migration flows
- latest explicit passing run in the workspace: `vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Audit/ProviderConnectionConsentAuditTest.php`

## Notes
- branch includes the full Spec 137 artifact set under `specs/137-platform-provider-identity/`
- target base branch: `dev`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #166
2026-03-13 16:29:08 +00:00

64 lines
2.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Support\Providers\ProviderConnectionType;
use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderReasonCodes;
use App\Support\Providers\ProviderVerificationStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('stores a successful callback as a platform connection with separate consent and verification states', function (): void {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-platform-ok',
'name' => 'Contoso Platform',
]);
$this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'admin_consent' => 'true',
]))->assertOk();
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->firstOrFail();
expect($connection->connection_type)->toBe(ProviderConnectionType::Platform)
->and($connection->status)->toBe('connected')
->and($connection->consent_status)->toBe(ProviderConsentStatus::Granted)
->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown)
->and($connection->credential()->exists())->toBeFalse()
->and($connection->last_error_reason_code)->toBeNull();
});
it('stores callback failures without promoting the platform connection to a verified state', function (): void {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-platform-error',
'name' => 'Fabrikam Platform',
]);
$this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'error' => 'access_denied',
]))->assertOk();
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->firstOrFail();
expect($connection->connection_type)->toBe(ProviderConnectionType::Platform)
->and($connection->status)->toBe('error')
->and($connection->consent_status)->toBe(ProviderConsentStatus::Failed)
->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown)
->and($connection->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderAuthFailed)
->and($connection->credential()->exists())->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink