TenantAtlas/tests/Feature/Guards/NoLegacyTenantProviderFallbackTest.php

<?php

declare(strict_types=1);

use Illuminate\Support\Collection;

it('blocks legacy tenant app fallback reads in standard provider surfaces', function (): void {
    $root = base_path();
    $self = realpath(__FILE__);

    $files = collect([
        'app/Filament/Resources/TenantResource.php',
        'app/Http/Controllers/TenantOnboardingController.php',
        'app/Services/Providers/AdminConsentUrlFactory.php',
        'app/Services/Providers/MicrosoftGraphOptionsResolver.php',
        'app/Services/Providers/ProviderConnectionResolver.php',
        'app/Services/Providers/ProviderGateway.php',
        'app/Services/Providers/ProviderIdentityResolver.php',
    ])
        ->map(fn (string $relative): string => $root.'/'.$relative)
        ->filter(fn (string $absolute): bool => is_file($absolute))
        ->values();

    $patterns = [
        '/->app_client_id\b/',
        '/->app_client_secret\b/',
    ];

    $hits = [];

    /** @var Collection<int, string> $files */
    foreach ($files as $path) {
        if ($self && realpath($path) === $self) {
            continue;
        }

        $contents = file_get_contents($path);

        if (! is_string($contents) || $contents === '') {
            continue;
        }

        $relative = str_replace($root.'/', '', $path);
        $lines = preg_split('/\R/', $contents) ?: [];

        foreach ($patterns as $pattern) {
            foreach ($lines as $index => $line) {
                if (preg_match($pattern, $line) === 1) {
                    $hits[] = $relative.':'.($index + 1).' -> '.trim($line);
                }
            }
        }
    }

    expect($hits)->toBeEmpty("Legacy tenant provider fallback detected:\n".implode("\n", $hits));
});