ahmido
b6343d5c3a
Implements workspace-scoped managed tenant onboarding wizard (Filament v5 / Livewire v4) with strict RBAC (404/403 semantics), resumable sessions, provider connection selection/creation, verification OperationRun, and optional bootstrap. Removes legacy onboarding entrypoints and adds Pest coverage + spec artifacts (073). ## Summary <!-- Kurz: Was ändert sich und warum? --> ## Spec-Driven Development (SDD) - [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/` - [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md` - [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation) - [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert ## Implementation - [ ] Implementierung entspricht der Spec - [ ] Edge cases / Fehlerfälle berücksichtigt - [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes ## Tests - [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit) - [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`) ## Migration / Config / Ops (falls relevant) - [ ] Migration(en) enthalten und getestet - [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration) - [ ] Neue Env Vars dokumentiert (`.env.example` / Doku) - [ ] Queue/cron/storage Auswirkungen geprüft ## UI (Filament/Livewire) (falls relevant) - [ ] UI-Flows geprüft - [ ] Screenshots/Notizen hinzugefügt ## Notes <!-- Links, Screenshots, Follow-ups, offene Punkte --> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box> Reviewed-on: #88
61 lines
1.9 KiB
PHP
61 lines
1.9 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\OperationRunResource;
|
|
use App\Models\Tenant;
|
|
use App\Services\OperationRunService;
|
|
use Illuminate\Notifications\DatabaseNotification;
|
|
|
|
it('sanitizes persisted run failures and terminal notifications', function () {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner');
|
|
|
|
/** @var OperationRunService $runs */
|
|
$runs = app(OperationRunService::class);
|
|
|
|
$run = $runs->ensureRun(
|
|
tenant: $tenant,
|
|
type: 'test.sanitize',
|
|
inputs: [],
|
|
initiator: $user,
|
|
);
|
|
|
|
$rawBearer = 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'.str_repeat('A', 90);
|
|
|
|
$runs->updateRun(
|
|
$run,
|
|
status: 'completed',
|
|
outcome: 'failed',
|
|
failures: [[
|
|
'code' => 'graph_forbidden',
|
|
'message' => "Authorization: {$rawBearer} client_secret=supersecret user=test.user@example.com",
|
|
]],
|
|
);
|
|
|
|
$run->refresh();
|
|
|
|
$failureSummaryJson = json_encode($run->failure_summary, JSON_THROW_ON_ERROR);
|
|
|
|
expect($failureSummaryJson)->not->toContain('client_secret=supersecret');
|
|
expect($failureSummaryJson)->not->toContain($rawBearer);
|
|
expect($failureSummaryJson)->not->toContain('test.user@example.com');
|
|
|
|
expect($run->failure_summary[0]['reason_code'] ?? null)->toBe('permission_denied');
|
|
|
|
$notification = DatabaseNotification::query()
|
|
->where('notifiable_id', $user->getKey())
|
|
->latest('id')
|
|
->first();
|
|
|
|
expect($notification)->not->toBeNull();
|
|
|
|
$notificationJson = json_encode($notification?->data, JSON_THROW_ON_ERROR);
|
|
|
|
expect($notificationJson)->not->toContain('client_secret=supersecret');
|
|
expect($notificationJson)->not->toContain($rawBearer);
|
|
expect($notificationJson)->not->toContain('test.user@example.com');
|
|
|
|
$this->actingAs($user)
|
|
->get(OperationRunResource::getUrl('view', ['record' => $run], tenant: $tenant))
|
|
->assertSuccessful();
|
|
});
|