feat: harden tenant settings and import pipeline
This commit is contained in:
@@ -2,29 +2,26 @@
|
||||
|
||||
namespace Tests\Feature;
|
||||
|
||||
use App\Filament\Resources\EmotionResource\Pages\ImportEmotions;
|
||||
use App\Models\Emotion;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\UploadedFile;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Livewire\Livewire;
|
||||
use App\Services\EmotionImportService;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Tests\TestCase;
|
||||
|
||||
class EmotionResourceTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
public function test_import_emotions_csv()
|
||||
{
|
||||
Storage::fake('public');
|
||||
|
||||
$user = User::factory()->create();
|
||||
$this->actingAs($user);
|
||||
|
||||
$csvData = "name_de,name_en,icon,color,description_de,description_en,sort_order,is_active,event_types\nGlück,Joy,😊,#FFD700,Gefühl des Glücks,Feeling of joy,1,1,wedding|birthday";
|
||||
$csvFile = UploadedFile::fake()->createWithContent('emotions.csv', $csvData);
|
||||
|
||||
Livewire::test(ImportEmotions::class)
|
||||
->set('file', $csvFile->getRealPath())
|
||||
->call('doImport');
|
||||
$tempFile = tempnam(sys_get_temp_dir(), 'emotions_');
|
||||
file_put_contents($tempFile, $csvData);
|
||||
|
||||
[$success, $failed] = app(EmotionImportService::class)->import($tempFile);
|
||||
|
||||
$this->assertSame(1, $success);
|
||||
$this->assertSame(0, $failed);
|
||||
|
||||
$this->assertDatabaseHas('emotions', [
|
||||
'name' => json_encode(['de' => 'Glück', 'en' => 'Joy']),
|
||||
|
||||
@@ -71,7 +71,7 @@ class SettingsApiTest extends TenantTestCase
|
||||
|
||||
$this->assertDatabaseHas('tenants', [
|
||||
'id' => $this->tenant->id,
|
||||
'settings' => $settingsData['settings'],
|
||||
'settings' => json_encode($settingsData['settings']),
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -100,7 +100,7 @@ class SettingsApiTest extends TenantTestCase
|
||||
$response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings/reset');
|
||||
|
||||
$response->assertStatus(200)
|
||||
->assertJson(['message' => 'Settings auf Standardwerte zurückgesetzt.'])
|
||||
->assertJson(['message' => 'Settings auf Standardwerte zurueckgesetzt.'])
|
||||
->assertJsonPath('data.settings.branding.primary_color', '#3B82F6')
|
||||
->assertJsonPath('data.settings.features.photo_likes_enabled', true);
|
||||
|
||||
@@ -136,7 +136,7 @@ class SettingsApiTest extends TenantTestCase
|
||||
|
||||
$response->assertStatus(200)
|
||||
->assertJson(['available' => true])
|
||||
->assertJson(['message' => 'Domain ist verfügbar.']);
|
||||
->assertJson(['message' => 'Domain ist verfuegbar.']);
|
||||
|
||||
// Invalid domain format
|
||||
$response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings/validate-domain', [
|
||||
@@ -145,7 +145,7 @@ class SettingsApiTest extends TenantTestCase
|
||||
|
||||
$response->assertStatus(200)
|
||||
->assertJson(['available' => false])
|
||||
->assertJson(['message' => 'Ungültiges Domain-Format.']);
|
||||
->assertJson(['message' => 'Ungueltiges Domain-Format.']);
|
||||
|
||||
// Taken domain (create another tenant with same domain)
|
||||
$otherTenant = Tenant::factory()->create(['custom_domain' => 'taken.example.com']);
|
||||
@@ -187,4 +187,6 @@ class SettingsApiTest extends TenantTestCase
|
||||
->assertJsonPath('data.settings.branding.primary_color', '#3B82F6') // Default for this tenant
|
||||
->assertJsonMissing(['#FF0000']); // Other tenant's color
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -263,7 +263,9 @@ class TaskApiTest extends TenantTestCase
|
||||
'tenant_id' => $this->tenant->id,
|
||||
'priority' => 'medium',
|
||||
]);
|
||||
$collectionTasks->each(fn($task) => $task->taskCollection()->associate($collection));
|
||||
$collectionTasks->each(function ($task) use ($collection) {
|
||||
$task->update(['collection_id' => $collection->id]);
|
||||
});
|
||||
|
||||
Task::factory(3)->create([
|
||||
'tenant_id' => $this->tenant->id,
|
||||
@@ -303,4 +305,8 @@ class TaskApiTest extends TenantTestCase
|
||||
->assertJsonCount(1, 'data')
|
||||
->assertJsonPath('data.0.title', 'Search Test');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
|
||||
namespace Tests\Feature\Tenant;
|
||||
|
||||
use App\Models\OAuthClient;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Illuminate\Support\Str;
|
||||
use Tests\TestCase;
|
||||
|
||||
abstract class TenantTestCase extends TestCase
|
||||
@@ -15,42 +15,103 @@ abstract class TenantTestCase extends TestCase
|
||||
|
||||
protected Tenant $tenant;
|
||||
protected User $tenantUser;
|
||||
protected OAuthClient $oauthClient;
|
||||
protected string $token;
|
||||
protected ?string $refreshToken = null;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->initialiseTenantContext();
|
||||
}
|
||||
|
||||
protected function authenticatedRequest(string $method, string $uri, array $data = [], array $headers = [])
|
||||
{
|
||||
$headers = array_merge([
|
||||
'Authorization' => 'Bearer '.$this->token,
|
||||
], $headers);
|
||||
|
||||
return $this->withHeaders($headers)->json($method, $uri, $data);
|
||||
}
|
||||
|
||||
protected function mockTenantContext(): void
|
||||
{
|
||||
$this->app->instance('tenant', $this->tenant);
|
||||
}
|
||||
|
||||
protected function initialiseTenantContext(array $scopes = ['tenant:read', 'tenant:write']): void
|
||||
{
|
||||
$this->tenant = Tenant::factory()->create([
|
||||
'name' => 'Test Tenant',
|
||||
'slug' => 'test-tenant',
|
||||
'slug' => 'test-tenant-'.Str::random(6),
|
||||
]);
|
||||
|
||||
$this->tenantUser = User::factory()->create([
|
||||
'name' => 'Test User',
|
||||
'email' => 'test@example.com',
|
||||
'email' => 'test-'.Str::random(6).'@example.com',
|
||||
'tenant_id' => $this->tenant->id,
|
||||
'role' => 'admin',
|
||||
]);
|
||||
|
||||
$this->token = 'mock-jwt-token-' . $this->tenant->id . '-' . time();
|
||||
}
|
||||
$this->oauthClient = $this->createTenantClient($this->tenant, $scopes);
|
||||
[$this->token, $this->refreshToken] = $this->issueTokens($this->oauthClient, $scopes);
|
||||
|
||||
protected function authenticatedRequest($method, $uri, array $data = [], array $headers = [])
|
||||
{
|
||||
$headers['Authorization'] = 'Bearer ' . $this->token;
|
||||
|
||||
// Temporarily override the middleware to skip auth and set tenant
|
||||
$this->app['router']->pushMiddlewareToGroup('api', MockTenantMiddleware::class, 'mock-tenant');
|
||||
|
||||
return $this->withHeaders($headers)->json($method, $uri, $data);
|
||||
}
|
||||
|
||||
protected function mockTenantContext()
|
||||
{
|
||||
$this->actingAs($this->tenantUser);
|
||||
|
||||
// Set tenant globally for tests
|
||||
$this->app->instance('tenant', $this->tenant);
|
||||
}
|
||||
}
|
||||
|
||||
protected function createTenantClient(Tenant $tenant, array $scopes): OAuthClient
|
||||
{
|
||||
return OAuthClient::create([
|
||||
'id' => (string) Str::uuid(),
|
||||
'client_id' => 'tenant-admin-app-'.$tenant->id,
|
||||
'tenant_id' => $tenant->id,
|
||||
'client_secret' => null,
|
||||
'redirect_uris' => ['http://localhost/callback'],
|
||||
'scopes' => $scopes,
|
||||
'is_active' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
protected function issueTokens(OAuthClient $client, array $scopes = ['tenant:read', 'tenant:write']): array
|
||||
{
|
||||
$codeVerifier = 'tenant-code-verifier-'.Str::random(32);
|
||||
$codeChallenge = rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
|
||||
$state = Str::random(10);
|
||||
|
||||
$response = $this->get('/api/v1/oauth/authorize?'.http_build_query([
|
||||
'client_id' => $client->client_id,
|
||||
'redirect_uri' => 'http://localhost/callback',
|
||||
'response_type' => 'code',
|
||||
'scope' => implode(' ', $scopes),
|
||||
'state' => $state,
|
||||
'code_challenge' => $codeChallenge,
|
||||
'code_challenge_method' => 'S256',
|
||||
]));
|
||||
|
||||
$response->assertRedirect();
|
||||
$location = $response->headers->get('Location');
|
||||
$this->assertNotNull($location);
|
||||
|
||||
$query = [];
|
||||
parse_str(parse_url($location, PHP_URL_QUERY) ?? '', $query);
|
||||
$authorizationCode = $query['code'] ?? null;
|
||||
$this->assertNotNull($authorizationCode, 'Authorization code should be present');
|
||||
|
||||
$tokenResponse = $this->post('/api/v1/oauth/token', [
|
||||
'grant_type' => 'authorization_code',
|
||||
'code' => $authorizationCode,
|
||||
'client_id' => $client->client_id,
|
||||
'redirect_uri' => 'http://localhost/callback',
|
||||
'code_verifier' => $codeVerifier,
|
||||
]);
|
||||
|
||||
$tokenResponse->assertOk();
|
||||
|
||||
return [
|
||||
$tokenResponse->json('access_token'),
|
||||
$tokenResponse->json('refresh_token'),
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,6 @@ namespace Tests\Feature;
|
||||
use App\Models\OAuthClient;
|
||||
use App\Models\Tenant;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Illuminate\Support\Str;
|
||||
use Tests\TestCase;
|
||||
|
||||
@@ -13,57 +12,6 @@ class TenantCreditsTest extends TestCase
|
||||
{
|
||||
use RefreshDatabase;
|
||||
|
||||
private const PUBLIC_KEY = <<<KEY
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrZWbp/7pXo83BIJX3v/
|
||||
9f/51fxYFGZnZz9diqHkiOtDjggNdwze0LXruVeVb8YsaTI68RclgYCcsE4haTCG
|
||||
LlTivKFJL2O10IEzswjjD08MsanHer3xZRO6VZ7JLXmBNKp5C71zfFf8AhMnQ+Y6
|
||||
uGQ3wMOT6PWAiAmVBVYC8+KQsqyOkDu58bamhGGOrDsdWvrfDgRU1w8dxbgFYALQ
|
||||
v1pVVmYT9oBxZcS5FlT8auf8zLcHXEl6S7X61ZPd/GTWT5htdSiJyXfSa/xM7bJP
|
||||
CCv+mK6Gd5+1UG3RHGuwoi8Rch2O8PMglZqF6ybv/w836jUQKPl+sndePNN3soKQ
|
||||
5wIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
KEY;
|
||||
|
||||
private const PRIVATE_KEY = <<<KEY
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWtlZun/ulejzc
|
||||
Eglfe//1//nV/FgUZmdnP12KoeSI60OOCA13DN7Qteu5V5VvxixpMjrxFyWBgJyw
|
||||
TiFpMIYuVOK8oUkvY7XQgTOzCOMPTwyxqcd6vfFlE7pVnskteYE0qnkLvXN8V/wC
|
||||
EydD5jq4ZDfAw5Po9YCICZUFVgLz4pCyrI6QO7nxtqaEYY6sOx1a+t8OBFTXDx3F
|
||||
uAVgAtC/WlVWZhP2gHFlxLkWVPxq5/zMtwdcSXpLtfrVk938ZNZPmG11KInJd9Jr
|
||||
/Eztsk8IK/6YroZ3n7VQbdEca7CiLxFyHY7w8yCVmoXrJu//DzfqNRAo+X6yd148
|
||||
03eygpDnAgMBAAECggEAFoldk11I/A2zXBU2YZjhRZ/pdB4v7Z0CiWXoTvq2eeL0
|
||||
TyDVIqBCEWOixCxcpEI2EeT4+2RCr4LT62lDhb9D0VnQLfTQRM3cOjmXyYXirj9b
|
||||
3pVMxwXwOvUgP/1mh+5La9yyDRdfVZCylnzWukiLL1eNHr4gOA2+EpmcNxgNiPp1
|
||||
Z8USUp2kmSZMPmQDkGEAJnrqmW7LyBvda3yuW557WtpaQlHTprvNQdBIUoFhLiiS
|
||||
HnV9kZfQHM3BdM06zx8c7W6sbVavLQlaD0mhM6Z7o7566pq1JKScjhfoGcZRTmLs
|
||||
kshQVSf38ayhAz8CikWiJgqFJigIZI0bR9fROOy+wQKBgQDOWjVRq8Ql+Eu0so/B
|
||||
3hS1TGaBOFe5vymeX+hnC87Zu7yVsj96mhmofnlTJdbSZLHfO631XD9O3qCcYzuK
|
||||
1PLzOvO38ZVZLq/CkiwkC4qfGVQb3/8v0QyIXCKhMrwkwuL6AYMjQi6vd/+4vp2C
|
||||
5EJefbNBfdvsC90t84wxqBpIDQKBgQC6+Rs7cBD9VOAKkNH1O4k9cE1JCDX6aqlg
|
||||
RtO/93+kbqxz3llvIebI9z3CPE7Wp0n2GEFjvDCTy5kST7BQvdwm4VlthSpfhx+l
|
||||
4ahw1+xbB3KQxemmf3MroTZWHLfTOGvHdei05EIdRZv8Mpi9UcHd7OhVO82SUnLn
|
||||
pBqGLZGrwwKBgB2FiltE16sW+r2/ThHOU+gcJg4WoXZRgwLFddpINi+wTCqedbZ0
|
||||
lXcloPXkU/eFsGzffOO9btE5yICXMc2K6bcil/uY9GTt6PdNMkN14z8fwIi8YyXU
|
||||
Ipbfl5S4TXJ070QVM024CjXQVSV5H8+6GESsdxjHiM8cY2hPj58LDbeBAoGAfd5r
|
||||
FcVoupJjzNkXbwboagLrFGpBpFYfth+YN1hPhou27r3V6TmiWtIOsm7VCC5QXSqR
|
||||
AqpS7XwXjTs2T/Swe0AjatZF409c39gdA/JoPBO0bX++voZ4Kvv5T1k/6yLFc96N
|
||||
jRFI7NnKm6oYJwMeBt+QvKhoyMNWdViFPqT4tu8CgYEAmcInq55jIJOr7GNvf6jV
|
||||
wojrBxhEGOF8U8YqX6FgVEmVDkEOer3mFDnkZT/S2IFjH4eruo/ZTFFtyw9K9JGd
|
||||
06FINYtK/H91SdcOJHuWdELuTQw0+Jtr47tSUlp1c3L0J7Mt1Sqqzg8lLoLYPcLJ
|
||||
d7faJuYR8uKalWG3ZimbGNo=
|
||||
-----END PRIVATE KEY-----
|
||||
KEY;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
file_put_contents(storage_path('app/public.key'), self::PUBLIC_KEY);
|
||||
file_put_contents(storage_path('app/private.key'), self::PRIVATE_KEY);
|
||||
}
|
||||
|
||||
public function test_tenant_can_retrieve_balance_and_purchase_credits(): void
|
||||
{
|
||||
$tenant = Tenant::factory()->create([
|
||||
@@ -170,5 +118,5 @@ KEY;
|
||||
$tokenResponse->json('refresh_token'),
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -6,5 +6,73 @@ use Illuminate\Foundation\Testing\TestCase as BaseTestCase;
|
||||
|
||||
abstract class TestCase extends BaseTestCase
|
||||
{
|
||||
//
|
||||
private const JWT_PUBLIC_KEY = <<<'KEY'
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrZWbp/7pXo83BIJX3v/
|
||||
9f/51fxYFGZnZz9diqHkiOtDjggNdwze0LXruVeVb8YsaTI68RclgYCcsE4haTCG
|
||||
LlTivKFJL2O10IEzswjjD08MsanHer3xZRO6VZ7JLXmBNKp5C71zfFf8AhMnQ+Y6
|
||||
uGQ3wMOT6PWAiAmVBVYC8+KQsqyOkDu58bamhGGOrDsdWvrfDgRU1w8dxbgFYALQ
|
||||
v1pVVmYT9oBxZcS5FlT8auf8zLcHXEl6S7X61ZPd/GTWT5htdSiJyXfSa/xM7bJP
|
||||
CCv+mK6Gd5+1UG3RHGuwoi8Rch2O8PMglZqF6ybv/w836jUQKPl+sndePNN3soKQ
|
||||
5wIDAQAB
|
||||
-----END PUBLIC KEY-----
|
||||
KEY;
|
||||
|
||||
private const JWT_PRIVATE_KEY = <<<'KEY'
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCWtlZun/ulejzc
|
||||
Eglfe//1//nV/FgUZmdnP12KoeSI60OOCA13DN7Qteu5V5VvxixpMjrxFyWBgJyw
|
||||
TiFpMIYuVOK8oUkvY7XQgTOzCOMPTwyxqcd6vfFlE7pVnskteYE0qnkLvXN8V/wC
|
||||
EydD5jq4ZDfAw5Po9YCICZUFVgLz4pCyrI6QO7nxtqaEYY6sOx1a+t8OBFTXDx3F
|
||||
uAVgAtC/WlVWZhP2gHFlxLkWVPxq5/zMtwdcSXpLtfrVk938ZNZPmG11KInJd9Jr
|
||||
/Eztsk8IK/6YroZ3n7VQbdEca7CiLxFyHY7w8yCVmoXrJu//DzfqNRAo+X6yd148
|
||||
03eygpDnAgMBAAECggEAFoldk11I/A2zXBU2YZjhRZ/pdB4v7Z0CiWXoTvq2eeL0
|
||||
TyDVIqBCEWOixCxcpEI2EeT4+2RCr4LT62lDhb9D0VnQLfTQRM3cOjmXyYXirj9b
|
||||
3pVMxwXwOvUgP/1mh+5La9yyDRdfVZCylnzWukiLL1eNHr4gOA2+EpmcNxgNiPp1
|
||||
Z8USUp2kmSZMPmQDkGEAJnrqmW7LyBvda3yuW557WtpaQlHTprvNQdBIUoFhLiiS
|
||||
HnV9kZfQHM3BdM06zx8c7W6sbVavLQlaD0mhM6Z7o7566pq1JKScjhfoGcZRTmLs
|
||||
kshQVSf38ayhAz8CikWiJgqFJigIZI0bR9fROOy+wQKBgQDOWjVRq8Ql+Eu0so/B
|
||||
3hS1TGaBOFe5vymeX+hnC87Zu7yVsj96mhmofnlTJdbSZLHfO631XD9O3qCcYzuK
|
||||
1PLzOvO38ZVZLq/CkiwkC4qfGVQb3/8v0QyIXCKhMrwkwuL6AYMjQi6vd/+4vp2C
|
||||
5EJefbNBfdvsC90t84wxqBpIDQKBgQC6+Rs7cBD9VOAKkNH1O4k9cE1JCDX6aqlg
|
||||
RtO/93+kbqxz3llvIebI9z3CPE7Wp0n2GEFjvDCTy5kST7BQvdwm4VlthSpfhx+l
|
||||
4ahw1+xbB3KQxemmf3MroTZWHLfTOGvHdei05EIdRZv8Mpi9UcHd7OhVO82SUnLn
|
||||
pBqGLZGrwwKBgB2FiltE16sW+r2/ThHOU+gcJg4WoXZRgwLFddpINi+wTCqedbZ0
|
||||
lXcloPXkU/eFsGzffOO9btE5yICXMc2K6bcil/uY9GTt6PdNMkN14z8fwIi8YyXU
|
||||
Ipbfl5S4TXJ070QVM024CjXQVSV5H8+6GESsdxjHiM8cY2hPj58LDbeBAoGAfd5r
|
||||
FcVoupJjzNkXbwboagLrFGpBpFYfth+YN1hPhou27r3V6TmiWtIOsm7VCC5QXSqR
|
||||
AqpS7XwXjTs2T/Swe0AjatZF409c39gdA/JoPBO0bX++voZ4Kvv5T1k/6yLFc96N
|
||||
jRFI7NnKm6oYJwMeBt+QvKhoyMNWdViFPqT4tu8CgYEAmcInq55jIJOr7GNvf6jV
|
||||
wojrBxhEGOF8U8YqX6FgVEmVDkEOer3mFDnkZT/S2IFjH4eruo/ZTFFtyw9K9JGd
|
||||
06FINYtK/H91SdcOJHuWdELuTQw0+Jtr47tSUlp1c3L0J7Mt1Sqqzg8lLoLYPcLJ
|
||||
d7faJuYR8uKalWG3ZimbGNo=
|
||||
-----END PRIVATE KEY-----
|
||||
KEY;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->ensureJwtKeys();
|
||||
}
|
||||
|
||||
protected function ensureJwtKeys(): void
|
||||
{
|
||||
$storagePath = storage_path('app');
|
||||
|
||||
if (! is_dir($storagePath)) {
|
||||
mkdir($storagePath, 0755, true);
|
||||
}
|
||||
|
||||
$publicKeyPath = $storagePath . DIRECTORY_SEPARATOR . 'public.key';
|
||||
if (! file_exists($publicKeyPath)) {
|
||||
file_put_contents($publicKeyPath, self::JWT_PUBLIC_KEY);
|
||||
}
|
||||
|
||||
$privateKeyPath = $storagePath . DIRECTORY_SEPARATOR . 'private.key';
|
||||
if (! file_exists($privateKeyPath)) {
|
||||
file_put_contents($privateKeyPath, self::JWT_PRIVATE_KEY);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user