ahmido
ef5c223172
## Summary <!-- Kurz: Was ändert sich und warum? --> ## Spec-Driven Development (SDD) - [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/` - [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md` - [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation) - [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert ## Implementation - [ ] Implementierung entspricht der Spec - [ ] Edge cases / Fehlerfälle berücksichtigt - [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes ## Tests - [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit) - [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`) ## Migration / Config / Ops (falls relevant) - [ ] Migration(en) enthalten und getestet - [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration) - [ ] Neue Env Vars dokumentiert (`.env.example` / Doku) - [ ] Queue/cron/storage Auswirkungen geprüft ## UI (Filament/Livewire) (falls relevant) - [ ] UI-Flows geprüft - [ ] Screenshots/Notizen hinzugefügt ## Notes <!-- Links, Screenshots, Follow-ups, offene Punkte --> Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #117
54 lines
1.7 KiB
PHP
54 lines
1.7 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\TenantResource;
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\ProviderCredential;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
it('includes scope parameter in admin consent url', function () {
|
|
// The adminConsentUrl uses `.default` so the tenant consents to configured app permissions.
|
|
$tenant = Tenant::create([
|
|
'tenant_id' => 'b0091e5d-944f-4a34-bcd9-12cbfb7b75cf',
|
|
'name' => 'Test Tenant',
|
|
'app_client_id' => 'client-id',
|
|
]);
|
|
|
|
$url = TenantResource::adminConsentUrl($tenant);
|
|
|
|
expect($url)
|
|
->toContain('scope=')
|
|
->toContain(urlencode('https://graph.microsoft.com/.default'));
|
|
});
|
|
|
|
it('can derive admin consent url from provider connection credentials when tenant app_client_id is missing', function () {
|
|
$tenant = Tenant::factory()->create([
|
|
'app_client_id' => null,
|
|
]);
|
|
|
|
$connection = ProviderConnection::factory()->create([
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'workspace_id' => (int) $tenant->workspace_id,
|
|
'provider' => 'microsoft',
|
|
'entra_tenant_id' => (string) $tenant->graphTenantId(),
|
|
'is_default' => true,
|
|
]);
|
|
|
|
ProviderCredential::factory()->create([
|
|
'provider_connection_id' => (int) $connection->getKey(),
|
|
'payload' => [
|
|
'client_id' => 'derived-client-id',
|
|
'client_secret' => 'derived-client-secret',
|
|
],
|
|
]);
|
|
|
|
$url = TenantResource::adminConsentUrl($tenant);
|
|
|
|
expect($url)
|
|
->not->toBeNull()
|
|
->and($url)->toContain('login.microsoftonline.com')
|
|
->and($url)->toContain('adminconsent')
|
|
->and($url)->toContain(urlencode('derived-client-id'));
|
|
});
|