ahmido
bd26e209de
Some checks failed
Main Confidence / confidence (push) Failing after 57s
## Summary - add the provider boundary catalog, boundary support types, and guardrails for platform-core versus provider-owned seams - harden provider gateway, identity resolution, operation registry, and start-gate behavior to require explicit provider bindings - add unit and feature coverage for boundary classification, runtime preservation, unsupported paths, and platform-core leakage guards - add the full Spec Kit artifact set for spec 237 and update roadmap/spec-candidate tracking ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Providers/ProviderBoundaryClassificationTest.php tests/Unit/Providers/ProviderBoundaryGuardrailTest.php tests/Feature/Providers/ProviderBoundaryHardeningTest.php tests/Feature/Providers/UnsupportedProviderBoundaryPathTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Providers/ProviderGatewayTest.php tests/Unit/Providers/ProviderIdentityResolverTest.php tests/Unit/Providers/ProviderOperationStartGateTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - browser smoke: `http://localhost/admin/provider-connections?tenant_id=18000000-0000-4000-8000-000000000180` loaded with the local smoke user, the empty-state CTA reached the canonical create route, and cancel returned to the scoped list Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #273
72 lines
2.2 KiB
PHP
72 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Providers;
|
|
|
|
use App\Support\Providers\ProviderConnectionType;
|
|
use App\Support\Providers\ProviderReasonCodes;
|
|
|
|
final class ProviderIdentityResolution
|
|
{
|
|
private function __construct(
|
|
public readonly bool $resolved,
|
|
public readonly ProviderConnectionType $connectionType,
|
|
public readonly string $tenantContext,
|
|
public readonly ?string $effectiveClientId,
|
|
public readonly string $credentialSource,
|
|
public readonly ?string $clientSecret,
|
|
public readonly ?string $authorityTenant,
|
|
public readonly ?string $redirectUri,
|
|
public readonly ?string $reasonCode,
|
|
public readonly ?string $message,
|
|
) {}
|
|
|
|
public static function resolved(
|
|
ProviderConnectionType $connectionType,
|
|
string $tenantContext,
|
|
string $effectiveClientId,
|
|
string $credentialSource,
|
|
?string $clientSecret,
|
|
?string $authorityTenant,
|
|
?string $redirectUri,
|
|
): self {
|
|
return new self(
|
|
resolved: true,
|
|
connectionType: $connectionType,
|
|
tenantContext: $tenantContext,
|
|
effectiveClientId: $effectiveClientId,
|
|
credentialSource: $credentialSource,
|
|
clientSecret: $clientSecret,
|
|
authorityTenant: $authorityTenant,
|
|
redirectUri: $redirectUri,
|
|
reasonCode: null,
|
|
message: null,
|
|
);
|
|
}
|
|
|
|
public static function blocked(
|
|
ProviderConnectionType $connectionType,
|
|
string $tenantContext,
|
|
string $credentialSource,
|
|
string $reasonCode,
|
|
?string $message = null,
|
|
): self {
|
|
return new self(
|
|
resolved: false,
|
|
connectionType: $connectionType,
|
|
tenantContext: $tenantContext,
|
|
effectiveClientId: null,
|
|
credentialSource: $credentialSource,
|
|
clientSecret: null,
|
|
authorityTenant: null,
|
|
redirectUri: null,
|
|
reasonCode: ProviderReasonCodes::isKnown($reasonCode) ? $reasonCode : ProviderReasonCodes::UnknownError,
|
|
message: $message,
|
|
);
|
|
}
|
|
|
|
public function effectiveReasonCode(): string
|
|
{
|
|
return $this->reasonCode ?? ProviderReasonCodes::UnknownError;
|
|
}
|
|
}
|