TenantAtlas

History

ahmido c5fbcaa692 063-entra-signin (#76 ) Key changes Adds Entra OIDC redirect + callback endpoints under /auth/entra/* (token exchange only there). Upserts tenant users keyed by (entra_tenant_id = tid, entra_object_id = oid); regenerates session; never stores tokens. Blocks disabled / soft-deleted users with a generic error and safe logging. Membership-based post-login routing: 0 memberships → /admin/no-access 1 membership → tenant dashboard (via Filament URL helpers) >1 memberships → /admin/choose-tenant Adds Filament pages: /admin/choose-tenant (tenant selection + redirect) /admin/no-access (tenantless-safe) Both use simple layout to avoid tenant-required UI. Guards / tests Adds DbOnlyPagesDoNotMakeHttpRequestsTest to enforce DB-only render/hydration for: /admin/login, /admin/no-access, /admin/choose-tenant with Http::preventStrayRequests() Adds session separation smoke coverage to ensure tenant session doesn’t access system and vice versa. Runs: vendor/bin/sail artisan test --compact tests/Feature/Auth Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #76		2026-01-27 16:38:53 +00:00
..
factories	feat: unify provider connection actions and notifications (#73 )	2026-01-25 01:01:37 +00:00
migrations	063-entra-signin (#76 )	2026-01-27 16:38:53 +00:00
seeders	fix: Harden SyncPoliciesJob supported types handling (#75 )	2026-01-26 19:23:40 +00:00
.gitignore	Initial commit from Specify template	2025-12-10 22:27:21 +01:00