ahmido
c5fbcaa692
Key changes Adds Entra OIDC redirect + callback endpoints under /auth/entra/* (token exchange only there). Upserts tenant users keyed by (entra_tenant_id = tid, entra_object_id = oid); regenerates session; never stores tokens. Blocks disabled / soft-deleted users with a generic error and safe logging. Membership-based post-login routing: 0 memberships → /admin/no-access 1 membership → tenant dashboard (via Filament URL helpers) >1 memberships → /admin/choose-tenant Adds Filament pages: /admin/choose-tenant (tenant selection + redirect) /admin/no-access (tenantless-safe) Both use simple layout to avoid tenant-required UI. Guards / tests Adds DbOnlyPagesDoNotMakeHttpRequestsTest to enforce DB-only render/hydration for: /admin/login, /admin/no-access, /admin/choose-tenant with Http::preventStrayRequests() Adds session separation smoke coverage to ensure tenant session doesn’t access system and vice versa. Runs: vendor/bin/sail artisan test --compact tests/Feature/Auth Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #76 |
||
|---|---|---|
| .. | ||
| memory | ||
| scripts/bash | ||
| templates | ||
| plan.md | ||
| README.md | ||
| research_t186.md | ||
| spec.md | ||
| tasks.md | ||
.specify/ (Tooling)
This folder contains SpecKit tooling (templates, scripts, constitution, etc.).
Important
- Do not create new feature specs in
.specify/spec.md,.specify/plan.md,.specify/tasks.md. - Active feature specs live under
specs/<NNN>-<slug>/:spec.mdplan.mdtasks.mdchecklists/requirements.md
The files .specify/spec.md, .specify/plan.md, .specify/tasks.md may exist as legacy references only.