ahmido
ce0615a9c1
## Summary - move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling - update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location - add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation` - integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404` ## Remaining Rollout Checks - validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout - confirm web, queue, and scheduler processes all start from the expected working directory in staging/production - verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #213
118 lines
3.7 KiB
PHP
118 lines
3.7 KiB
PHP
<?php
|
|
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\Tenant;
|
|
use App\Models\Workspace;
|
|
use App\Support\Providers\ProviderReasonCodes;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('stores successful admin consent on provider connection status', function () {
|
|
$tenant = Tenant::factory()->create([
|
|
'tenant_id' => 'tenant-1',
|
|
'name' => 'Contoso',
|
|
]);
|
|
|
|
$response = $this->get(route('admin.consent.callback', [
|
|
'tenant' => $tenant->tenant_id,
|
|
'admin_consent' => 'true',
|
|
]));
|
|
|
|
$response->assertOk();
|
|
$response->assertSee(
|
|
route('filament.admin.resources.tenants.view', ['tenant' => $tenant->external_id, 'record' => $tenant]),
|
|
false,
|
|
);
|
|
|
|
$connection = ProviderConnection::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('provider', 'microsoft')
|
|
->where('entra_tenant_id', $tenant->graphTenantId())
|
|
->first();
|
|
|
|
expect($connection)->not->toBeNull()
|
|
->and($connection?->status)->toBe('connected')
|
|
->and($connection?->last_error_reason_code)->toBeNull();
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'tenant_id' => $tenant->id,
|
|
'action' => 'tenant.consent.callback',
|
|
'status' => 'success',
|
|
]);
|
|
});
|
|
|
|
it('links back to onboarding when tenant is onboarding', function () {
|
|
$tenant = Tenant::factory()->create([
|
|
'tenant_id' => 'tenant-3',
|
|
'name' => 'Onboarding Tenant',
|
|
'status' => Tenant::STATUS_ONBOARDING,
|
|
]);
|
|
|
|
$response = $this->get(route('admin.consent.callback', [
|
|
'tenant' => $tenant->tenant_id,
|
|
'admin_consent' => 'true',
|
|
]));
|
|
|
|
$response->assertOk();
|
|
$response->assertSee(route('admin.onboarding'), false);
|
|
});
|
|
|
|
it('creates tenant and provider connection when callback tenant does not exist', function () {
|
|
$workspace = Workspace::factory()->create();
|
|
|
|
$response = $this->withSession([
|
|
'tenant_onboard_workspace_id' => (int) $workspace->getKey(),
|
|
'tenant_onboard_state' => 'state-456',
|
|
])->get(route('admin.consent.callback', [
|
|
'tenant' => 'new-tenant',
|
|
'state' => 'state-456',
|
|
]));
|
|
|
|
$response->assertOk();
|
|
|
|
$tenant = Tenant::where('tenant_id', 'new-tenant')->first();
|
|
expect($tenant)->not->toBeNull();
|
|
|
|
$connection = ProviderConnection::query()
|
|
->where('tenant_id', (int) $tenant->id)
|
|
->where('provider', 'microsoft')
|
|
->where('entra_tenant_id', $tenant->graphTenantId())
|
|
->first();
|
|
|
|
expect($connection)->not->toBeNull()
|
|
->and($connection?->status)->toBe('needs_consent')
|
|
->and($connection?->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderConsentMissing);
|
|
});
|
|
|
|
it('records consent callback errors on provider connection state', function () {
|
|
$tenant = Tenant::factory()->create([
|
|
'tenant_id' => 'tenant-2',
|
|
'name' => 'Fabrikam',
|
|
]);
|
|
|
|
$response = $this->get(route('admin.consent.callback', [
|
|
'tenant' => $tenant->tenant_id,
|
|
'error' => 'access_denied',
|
|
]));
|
|
|
|
$response->assertOk();
|
|
|
|
$connection = ProviderConnection::query()
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('provider', 'microsoft')
|
|
->where('entra_tenant_id', $tenant->graphTenantId())
|
|
->first();
|
|
|
|
expect($connection)->not->toBeNull()
|
|
->and($connection?->status)->toBe('error')
|
|
->and($connection?->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderAuthFailed)
|
|
->and($connection?->last_error_message)->toBe('access_denied');
|
|
|
|
$this->assertDatabaseHas('audit_logs', [
|
|
'tenant_id' => $tenant->id,
|
|
'action' => 'tenant.consent.callback',
|
|
'status' => 'failed',
|
|
]);
|
|
});
|