soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

stage 1 of oauth removal, switch to sanctum pat tokens

Browse Source
This commit is contained in:
Codex Agent
2025-11-06 20:35:58 +01:00
parent c9783bd57b
commit 776da57ca9
47 changed files with 1571 additions and 2555 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
tests/Feature/Auth/LoginTest.php
View File

@@ -25,8 +25,8 @@ class LoginTest extends TestCase
]);
$this->assertAuthenticated();
$expectedDefault = rtrim(route('tenant.admin.app', absolute: false), '/').'/events';
$response->assertRedirect($expectedDefault);
// User without specific role (null/default) redirects to packages for package selection
$response->assertRedirect('/packages');
$this->assertEquals('valid@example.com', Auth::user()->email);
}
@@ -44,8 +44,8 @@ class LoginTest extends TestCase
]);
$this->assertAuthenticated();
$expectedDefault = rtrim(route('tenant.admin.app', absolute: false), '/').'/events';
$response->assertRedirect($expectedDefault);
// User without specific role (null/default) redirects to packages for package selection
$response->assertRedirect('/packages');
$this->assertEquals('validuser', Auth::user()->username);
}
@@ -72,6 +72,7 @@ class LoginTest extends TestCase
{
$user = User::factory()->create([
'email' => 'success@example.com',
'role' => 'user', // Regular user
'password' => bcrypt('password'),
'email_verified_at' => now(),
]);
@@ -82,8 +83,8 @@ class LoginTest extends TestCase
]);
$this->assertAuthenticated();
$expected = rtrim(route('tenant.admin.app', absolute: false), '/').'/events';
$response->assertRedirect($expected);
// Regular users now redirect to /packages for package selection
$response->assertRedirect('/packages');
$response->assertSessionHas('success', 'Sie sind nun eingeloggt.');
}
@@ -91,11 +92,13 @@ class LoginTest extends TestCase
{
$user = User::factory()->create([
'email' => 'return@example.com',
'role' => 'user', // Regular user
'password' => bcrypt('password'),
'email_verified_at' => now(),
]);
$target = route('tenant.admin.app', absolute: false);
// Test that return_to parameter is honored - set it to a specific dashboard path
$target = '/marketing/profile';
$encoded = rtrim(strtr(base64_encode($target), '+/', '-_'), '=');
$response = $this->post(route('login.store'), [
@@ -108,6 +111,99 @@ class LoginTest extends TestCase
$response->assertRedirect($target);
}
public function test_login_prefers_intended_url_over_return_to_parameter()
{
$user = User::factory()->create([
'email' => 'tenant@example.com',
'role' => 'tenant_admin',
'password' => bcrypt('password'),
'email_verified_at' => now(),
]);
$intended = 'http://localhost/api/v1/oauth/authorize?client_id=tenant-admin-app&response_type=code';
$returnTarget = '/event-admin/dashboard';
$encodedReturn = rtrim(strtr(base64_encode($returnTarget), '+/', '-_'), '=');
$response = $this
->withSession(['url.intended' => $intended])
->post(route('login.store'), [
'login' => 'tenant@example.com',
'password' => 'password',
'return_to' => $encodedReturn,
]);
$this->assertAuthenticated();
$this->assertSame($user->id, Auth::id());
$response->assertRedirect($intended);
}
public function test_tenant_admin_login_with_absolute_intended_redirects_to_event_admin_dashboard(): void
{
$user = User::factory()->create([
'email' => 'absolute@example.com',
'role' => 'tenant_admin',
'password' => bcrypt('password'),
'email_verified_at' => now(),
]);
$intended = url('/event-admin/dashboard?from=oauth');
$response = $this
->withSession(['url.intended' => $intended])
->post(route('login.store'), [
'login' => 'absolute@example.com',
'password' => 'password',
]);
$this->assertAuthenticatedAs($user);
$response->assertRedirect($intended);
$dashboardResponse = $this->get('/dashboard');
$dashboardResponse->assertRedirect('/event-admin/dashboard?from=oauth');
}
public function test_tenant_admin_login_ignores_non_admin_return_path()
{
$user = User::factory()->create([
'email' => 'admin@example.com',
'role' => 'tenant_admin',
'password' => bcrypt('password'),
'email_verified_at' => now(),
]);
$encodedReturn = rtrim(strtr(base64_encode('/dashboard'), '+/', '-_'), '=');
$response = $this->post(route('login.store'), [
'login' => 'admin@example.com',
'password' => 'password',
'return_to' => $encodedReturn,
]);
$this->assertAuthenticatedAs($user);
$response->assertRedirect('/event-admin/dashboard');
}
public function test_tenant_admin_can_access_login_with_admin_return_path_when_authenticated()
{
$user = User::factory()->create([
'email' => 'already@logged.in',
'role' => 'tenant_admin',
'password' => bcrypt('password'),
'email_verified_at' => now(),
]);
$this->actingAs($user);
$adminStart = '/event-admin/start?return_to='.rtrim(strtr(base64_encode('/event-admin/dashboard'), '+/', '-_'), '=');
$encoded = rtrim(strtr(base64_encode($adminStart), '+/', '-_'), '=');
$response = $this->get('/de/login?return_to='.$encoded);
$response->assertRedirect('/dashboard');
$eventAdminResponse = $this->get('/event-admin/dashboard');
$eventAdminResponse->assertOk();
}
public function test_login_redirects_unverified_user_to_verification_notice()
{
$user = User::factory()->create([