ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
de0679cd8b
TenantAtlas/tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php
ahmido 98e2b5acd9 feat: managed tenant onboarding draft identity and resume semantics (#167) 
## Summary
- add canonical managed-tenant onboarding draft routing with explicit draft identity and landing vs concrete draft behavior
- implement draft lifecycle, authorization, attribution, picker UX, resume-stage resolution, and auditable cancel or completion semantics
- add focused feature, unit, and browser coverage plus Spec 138 artifacts for the onboarding draft resume flow

## Validation
- `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Audit/OnboardingDraftAuditTest.php tests/Feature/Onboarding/OnboardingDraftAccessTest.php tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php tests/Feature/Onboarding/OnboardingDraftPickerTest.php tests/Feature/Onboarding/OnboardingDraftRoutingTest.php tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php tests/Feature/Onboarding/OnboardingVerificationClustersTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php tests/Unit/Onboarding tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php tests/Browser/OnboardingDraftRefreshTest.php tests/Browser/OnboardingDraftVerificationResumeTest.php`
- passed: 69 tests, 251 assertions

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #167
2026-03-13 23:45:23 +00:00

91 lines
3.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Support\Verification\VerificationReportSanitizer;
it('preserves safe evidence pointer kinds for app diagnostics', function (): void {
$report = [
'schema_version' => '1',
'flow' => 'managed_tenant_onboarding',
'generated_at' => now()->toIso8601String(),
'summary' => [
'overall' => 'warn',
'counts' => [
'total' => 1,
'pass' => 0,
'fail' => 0,
'warn' => 1,
'skip' => 0,
'running' => 0,
],
],
'checks' => [
[
'key' => 'permissions.admin_consent',
'title' => 'Required application permissions',
'status' => 'warn',
'severity' => 'medium',
'blocking' => false,
'reason_code' => 'permissions_inventory_empty',
'message' => 'No permissions detected.',
'evidence' => [
['kind' => 'app_id', 'value' => '00000000-0000-0000-0000-000000000000'],
['kind' => 'observed_permissions_count', 'value' => 0],
['kind' => 'client_secret', 'value' => 'nope'],
],
'next_steps' => [],
],
],
];
$sanitized = VerificationReportSanitizer::sanitizeReport($report);
$evidence = $sanitized['checks'][0]['evidence'] ?? null;
$title = $sanitized['checks'][0]['title'] ?? null;
expect($title)->toBe('Required application permissions');
expect($evidence)->toBeArray();
expect($evidence)->toContain(['kind' => 'app_id', 'value' => '00000000-0000-0000-0000-000000000000']);
expect($evidence)->toContain(['kind' => 'observed_permissions_count', 'value' => 0]);
expect($evidence)->not->toContain(['kind' => 'client_secret', 'value' => 'nope']);
});
it('keeps safe configuration phrases in verification messages', function (): void {
$report = [
'schema_version' => '1',
'flow' => 'managed_tenant_onboarding',
'generated_at' => now()->toIso8601String(),
'summary' => [
'overall' => 'warn',
'counts' => [
'total' => 1,
'pass' => 0,
'fail' => 0,
'warn' => 1,
'skip' => 0,
'running' => 0,
],
],
'checks' => [
[
'key' => 'password.policy',
'title' => 'Password policy',
'status' => 'warn',
'severity' => 'medium',
'blocking' => false,
'reason_code' => 'password_policy_warning',
'message' => 'passwordMinimumLength remains visible while password=super-secret is hidden.',
'evidence' => [],
'next_steps' => [],
],
],
];
$sanitized = VerificationReportSanitizer::sanitizeReport($report);
$message = $sanitized['checks'][0]['message'] ?? null;
expect($message)->toContain('passwordMinimumLength');
expect($message)->not->toContain('super-secret');
});
Reference in New Issue View Git Blame Copy Permalink