ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c13e9e6d11
TenantAtlas/tests/Feature/Auth/BreakGlassModeTest.php
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

106 lines
3.3 KiB
PHP
Raw Blame History

<?php
use App\Filament\System\Pages\Dashboard;
use App\Models\AuditLog;
use App\Models\PlatformUser;
use App\Models\Tenant;
use App\Support\Auth\PlatformCapabilities;
use Carbon\CarbonImmutable;
use Filament\Facades\Filament;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function () {
Filament::setCurrentPanel('system');
Filament::bootCurrentPanel();
Tenant::factory()->create([
'tenant_id' => null,
'external_id' => 'platform',
'name' => 'Platform',
]);
config()->set('tenantpilot.break_glass.enabled', true);
config()->set('tenantpilot.break_glass.ttl_minutes', 15);
});
afterEach(function () {
CarbonImmutable::setTestNow();
});
it('hides the break-glass action when disabled', function () {
config()->set('tenantpilot.break_glass.enabled', false);
$user = PlatformUser::factory()->create([
'capabilities' => [
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
PlatformCapabilities::USE_BREAK_GLASS,
],
]);
$this->actingAs($user, 'platform');
Livewire::test(Dashboard::class)
->assertActionHidden('enter_break_glass');
});
it('can enter and exit break-glass mode and audits transitions', function () {
$user = PlatformUser::factory()->create([
'capabilities' => [
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
PlatformCapabilities::USE_BREAK_GLASS,
],
]);
$this->actingAs($user, 'platform');
Livewire::test(Dashboard::class)
->callAction('enter_break_glass', data: [
'reason' => 'Recovery test',
]);
$this->get('/system')->assertSuccessful()->assertSee('Recovery mode active');
Livewire::test(Dashboard::class)
->callAction('exit_break_glass');
$this->get('/system')->assertSuccessful()->assertDontSee('Recovery mode active');
$tenant = Tenant::query()->where('external_id', 'platform')->firstOrFail();
expect(AuditLog::query()->where('tenant_id', $tenant->getKey())->where('action', 'platform.break_glass.enter')->exists())->toBeTrue();
expect(AuditLog::query()->where('tenant_id', $tenant->getKey())->where('action', 'platform.break_glass.exit')->exists())->toBeTrue();
});
it('expires break-glass mode after TTL and audits expiry', function () {
config()->set('tenantpilot.break_glass.ttl_minutes', 1);
$user = PlatformUser::factory()->create([
'capabilities' => [
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
PlatformCapabilities::USE_BREAK_GLASS,
],
]);
$this->actingAs($user, 'platform');
CarbonImmutable::setTestNow(CarbonImmutable::parse('2026-01-27 12:00:00'));
Livewire::test(Dashboard::class)
->callAction('enter_break_glass', data: [
'reason' => 'TTL test',
]);
$this->get('/system')->assertSuccessful()->assertSee('Recovery mode active');
CarbonImmutable::setTestNow(CarbonImmutable::parse('2026-01-27 12:02:00'));
$this->get('/system')->assertSuccessful()->assertDontSee('Recovery mode active');
$tenant = Tenant::query()->where('external_id', 'platform')->firstOrFail();
expect(AuditLog::query()->where('tenant_id', $tenant->getKey())->where('action', 'platform.break_glass.expired')->exists())->toBeTrue();
});
Reference in New Issue View Git Blame Copy Permalink