die tenant admin oauth authentifizierung wurde implementiert und funktioniert jetzt. Zudem wurde das marketing frontend dashboard implementiert.

2025-11-04 16:14:17 +01:00
parent 92e64c361a
commit fe380689fb
63 changed files with 4239 additions and 1142 deletions
--- a/tests/Feature/Tenant/EventCreditsTest.php
+++ b/tests/Feature/Tenant/EventCreditsTest.php
@@ -3,6 +3,7 @@
 namespace Tests\Feature\Tenant;

 use App\Models\EventType;
+use App\Models\Package;
 use Illuminate\Support\Carbon;

 class EventCreditsTest extends TenantTestCase
@@ -12,6 +13,20 @@ class EventCreditsTest extends TenantTestCase
        $this->tenant->update(['event_credits_balance' => 0]);
        $eventType = EventType::factory()->create();

+        $package = Package::factory()->create([
+            'type' => 'endcustomer',
+            'price' => 0,
+            'gallery_days' => 30,
+        ]);
+
+        $this->tenant->tenantPackages()->create([
+            'package_id' => $package->id,
+            'price' => $package->price,
+            'purchased_at' => now()->subDay(),
+            'expires_at' => now()->addMonth(),
+            'active' => true,
+        ]);
+
        $payload = [
            'name' => 'Sample Event',
            'description' => 'Test description',
@@ -22,9 +37,8 @@ class EventCreditsTest extends TenantTestCase
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/events', $payload);

        $response->assertStatus(402)
-            ->assertJson([
-                'error' => 'Insufficient event credits. Please purchase more credits.',
-            ]);
+            ->assertJsonPath('error.code', 'event_credits_exhausted')
+            ->assertJsonPath('error.meta.balance', 0);

        $this->tenant->update(['event_credits_balance' => 2]);

@@ -32,15 +46,14 @@ class EventCreditsTest extends TenantTestCase

        $createResponse->assertStatus(201)
            ->assertJsonPath('message', 'Event created successfully')
-            ->assertJsonPath('balance', 1);
+            ->assertJsonPath('data.package.id', $package->id);

-        $this->tenant->refresh();
-        $this->assertSame(1, $this->tenant->event_credits_balance);
+        $createdEventId = $createResponse->json('data.id');

-        $this->assertDatabaseHas('event_credits_ledger', [
-            'tenant_id' => $this->tenant->id,
-            'delta' => -1,
-            'reason' => 'event_create',
+        $this->assertNotNull($createdEventId);
+        $this->assertDatabaseHas('event_packages', [
+            'event_id' => $createdEventId,
+            'package_id' => $package->id,
        ]);
    }
 }
--- a/tests/Feature/Tenant/EventListTest.php
+++ b/tests/Feature/Tenant/EventListTest.php
@@ -133,6 +133,8 @@ class EventListTest extends TenantTestCase
        $matchingEvent = collect($response->json('data'))->firstWhere('id', $event->id);

        $this->assertNotNull($matchingEvent, 'Event should still be returned even if package record is missing.');
-        $this->assertNull($matchingEvent['package'], 'Package payload should be null when relation cannot be resolved.');
+        $this->assertIsArray($matchingEvent['package'], 'Package payload should provide fallback data when relation is missing.');
+        $this->assertSame($package->id, $matchingEvent['package']['id']);
+        $this->assertSame((string) $package->price, $matchingEvent['package']['price']);
    }
 }
--- a/tests/Feature/Tenant/ProfileApiTest.php
+++ b/tests/Feature/Tenant/ProfileApiTest.php
@@ -0,0 +1,89 @@
+<?php
+
+namespace Tests\Feature\Tenant;
+
+use App\Models\User;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Notification;
+
+class ProfileApiTest extends TenantTestCase
+{
+    public function test_profile_endpoint_returns_current_user_details(): void
+    {
+        $response = $this->authenticatedRequest('GET', '/api/v1/tenant/profile');
+
+        $response->assertOk();
+        $payload = $response->json('data');
+
+        $this->assertSame($this->tenantUser->id, $payload['id']);
+        $this->assertSame($this->tenantUser->email, $payload['email']);
+        $this->assertSame($this->tenantUser->name, $payload['name']);
+        $this->assertTrue($payload['email_verified']);
+    }
+
+    public function test_profile_update_allows_name_and_email_changes(): void
+    {
+        Notification::fake();
+
+        $newEmail = 'updated-'.$this->tenantUser->id.'@example.com';
+
+        $response = $this->authenticatedRequest('PUT', '/api/v1/tenant/profile', [
+            'name' => 'Updated Name',
+            'email' => $newEmail,
+            'preferred_locale' => 'en',
+        ]);
+
+        $response->assertOk();
+
+        $payload = $response->json('data');
+        $this->assertSame('Updated Name', $payload['name']);
+        $this->assertSame($newEmail, $payload['email']);
+        $this->assertFalse($payload['email_verified']);
+        $this->assertSame('en', $payload['preferred_locale']);
+
+        $this->assertDatabaseHas(User::class, [
+            'id' => $this->tenantUser->id,
+            'name' => 'Updated Name',
+            'email' => $newEmail,
+            'preferred_locale' => 'en',
+        ]);
+
+        Notification::assertSentToTimes($this->tenantUser->fresh(), \Illuminate\Auth\Notifications\VerifyEmail::class, 1);
+    }
+
+    public function test_profile_update_requires_current_password_for_password_change(): void
+    {
+        $response = $this->authenticatedRequest('PUT', '/api/v1/tenant/profile', [
+            'name' => $this->tenantUser->name,
+            'email' => $this->tenantUser->email,
+            'current_password' => 'wrong-password',
+            'password' => 'new-secure-password',
+            'password_confirmation' => 'new-secure-password',
+        ]);
+
+        $response->assertStatus(422);
+        $response->assertJson([
+            'error' => [
+                'code' => 'profile.invalid_current_password',
+            ],
+        ]);
+    }
+
+    public function test_profile_update_allows_password_change_with_correct_current_password(): void
+    {
+        $newPassword = 'NewStrongPassword123!';
+
+        $response = $this->authenticatedRequest('PUT', '/api/v1/tenant/profile', [
+            'name' => $this->tenantUser->name,
+            'email' => $this->tenantUser->email,
+            'current_password' => 'password',
+            'password' => $newPassword,
+            'password_confirmation' => $newPassword,
+        ]);
+
+        $response->assertOk();
+
+        $this->tenantUser->refresh();
+        $this->assertTrue(Hash::check($newPassword, $this->tenantUser->password));
+    }
+}
--- a/tests/Feature/Tenant/SettingsApiTest.php
+++ b/tests/Feature/Tenant/SettingsApiTest.php
@@ -5,16 +5,16 @@ namespace Tests\Feature\Tenant;
 use App\Models\Tenant;
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
-use Laravel\Sanctum\Sanctum;
 use PHPUnit\Framework\Attributes\Test;
-use Tests\TestCase;

 class SettingsApiTest extends TenantTestCase
 {
    use RefreshDatabase;

    protected Tenant $tenant;
+
    protected User $tenantUser;
+
    protected string $token;

    protected function setUp(): void
@@ -37,9 +37,9 @@ class SettingsApiTest extends TenantTestCase
        $response = $this->authenticatedRequest('GET', '/api/v1/tenant/settings');

        $response->assertStatus(200)
-                ->assertJson(['message' => 'Settings erfolgreich abgerufen.'])
-                ->assertJsonPath('data.settings.branding.primary_color', '#3B82F6')
-                ->assertJsonPath('data.settings.features.photo_likes_enabled', true);
+            ->assertJson(['message' => 'Settings erfolgreich abgerufen.'])
+            ->assertJsonPath('data.settings.branding.primary_color', '#3B82F6')
+            ->assertJsonPath('data.settings.features.photo_likes_enabled', true);
    }

    #[Test]
@@ -64,10 +64,10 @@ class SettingsApiTest extends TenantTestCase
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings', $settingsData);

        $response->assertStatus(200)
-                ->assertJson(['message' => 'Settings erfolgreich aktualisiert.'])
-                ->assertJsonPath('data.settings.branding.primary_color', '#FF6B6B')
-                ->assertJsonPath('data.settings.features.photo_likes_enabled', false)
-                ->assertJsonPath('data.settings.custom_domain', 'custom.example.com');
+            ->assertJson(['message' => 'Settings erfolgreich aktualisiert.'])
+            ->assertJsonPath('data.settings.branding.primary_color', '#FF6B6B')
+            ->assertJsonPath('data.settings.features.photo_likes_enabled', false)
+            ->assertJsonPath('data.settings.custom_domain', 'custom.example.com');

        $this->assertDatabaseHas('tenants', [
            'id' => $this->tenant->id,
@@ -89,9 +89,9 @@ class SettingsApiTest extends TenantTestCase
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings', $invalidData);

        $response->assertStatus(422)
-                ->assertJsonValidationErrors([
-                    'settings.branding.primary_color',
-                ]);
+            ->assertJsonValidationErrors([
+                'settings.branding.primary_color',
+            ]);
    }

    #[Test]
@@ -100,9 +100,9 @@ class SettingsApiTest extends TenantTestCase
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings/reset');

        $response->assertStatus(200)
-                ->assertJson(['message' => 'Settings auf Standardwerte zurueckgesetzt.'])
-                ->assertJsonPath('data.settings.branding.primary_color', '#3B82F6')
-                ->assertJsonPath('data.settings.features.photo_likes_enabled', true);
+            ->assertJson(['message' => 'Settings auf Standardwerte zurueckgesetzt.'])
+            ->assertJsonPath('data.settings.branding.primary_color', '#3B82F6')
+            ->assertJsonPath('data.settings.features.photo_likes_enabled', true);

        $this->assertDatabaseHas('tenants', [
            'id' => $this->tenant->id,
@@ -135,8 +135,8 @@ class SettingsApiTest extends TenantTestCase
        ]);

        $response->assertStatus(200)
-                ->assertJson(['available' => true])
-                ->assertJson(['message' => 'Domain ist verfuegbar.']);
+            ->assertJson(['available' => true])
+            ->assertJson(['message' => 'Domain ist verfuegbar.']);

        // Invalid domain format
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings/validate-domain', [
@@ -144,19 +144,19 @@ class SettingsApiTest extends TenantTestCase
        ]);

        $response->assertStatus(200)
-                ->assertJson(['available' => false])
-                ->assertJson(['message' => 'Ungueltiges Domain-Format.']);
+            ->assertJson(['available' => false])
+            ->assertJson(['message' => 'Ungueltiges Domain-Format.']);

        // Taken domain (create another tenant with same domain)
        $otherTenant = Tenant::factory()->create(['custom_domain' => 'taken.example.com']);
-        
+
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings/validate-domain', [
            'domain' => 'taken.example.com',
        ]);

        $response->assertStatus(200)
-                ->assertJson(['available' => false])
-                ->assertJson(['message' => 'Domain ist bereits vergeben.']);
+            ->assertJson(['available' => false])
+            ->assertJson(['message' => 'Domain ist bereits vergeben.']);
    }

    #[Test]
@@ -165,7 +165,8 @@ class SettingsApiTest extends TenantTestCase
        $response = $this->authenticatedRequest('POST', '/api/v1/tenant/settings/validate-domain');

        $response->assertStatus(400)
-                ->assertJson(['error' => 'Domain ist erforderlich.']);
+            ->assertJsonPath('error.code', 'domain_missing')
+            ->assertJsonPath('error.message', 'Bitte gib eine Domain an.');
    }

    #[Test]
@@ -178,15 +179,13 @@ class SettingsApiTest extends TenantTestCase
            'tenant_id' => $otherTenant->id,
            'role' => 'admin',
        ]);
-        $otherToken = 'mock-jwt-token-' . $otherTenant->id . '-' . time();
+        $otherToken = 'mock-jwt-token-'.$otherTenant->id.'-'.time();

        // This tenant's user should not see other tenant's settings
        $response = $this->authenticatedRequest('GET', '/api/v1/tenant/settings');

        $response->assertStatus(200)
-                ->assertJsonPath('data.settings.branding.primary_color', '#3B82F6') // Default for this tenant
-                ->assertJsonMissing(['#FF0000']); // Other tenant's color
+            ->assertJsonPath('data.settings.branding.primary_color', '#3B82F6') // Default for this tenant
+            ->assertJsonMissing(['#FF0000']); // Other tenant's color
    }
 }
-
-
--- a/tests/Feature/Tenant/TaskApiTest.php
+++ b/tests/Feature/Tenant/TaskApiTest.php
@@ -8,16 +8,16 @@ use App\Models\TaskCollection;
 use App\Models\Tenant;
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
-use Laravel\Sanctum\Sanctum;
 use PHPUnit\Framework\Attributes\Test;
-use Tests\TestCase;

 class TaskApiTest extends TenantTestCase
 {
    use RefreshDatabase;

    protected Tenant $tenant;
+
    protected User $tenantUser;
+
    protected string $token;

    protected function setUp(): void
@@ -45,7 +45,7 @@ class TaskApiTest extends TenantTestCase
        $response = $this->authenticatedRequest('GET', '/api/v1/tenant/tasks');

        $response->assertStatus(200)
-                ->assertJsonCount(3, 'data');
+            ->assertJsonCount(3, 'data');
    }

    #[Test]
@@ -62,11 +62,11 @@ class TaskApiTest extends TenantTestCase
            'priority' => 'medium',
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->getJson('/api/v1/tenant/tasks');
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->getJson('/api/v1/tenant/tasks');

        $response->assertStatus(200)
-                ->assertJsonCount(3, 'data');
+            ->assertJsonCount(3, 'data');
    }

    #[Test]
@@ -79,28 +79,28 @@ class TaskApiTest extends TenantTestCase
            'due_date' => now()->addDays(7)->toISOString(),
        ];

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->postJson('/api/v1/tenant/tasks', $taskData);
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->postJson('/api/v1/tenant/tasks', $taskData);

        $response->assertStatus(201)
-                ->assertJson(['message' => 'Task erfolgreich erstellt.'])
-                ->assertJsonPath('data.title', 'Test Task')
-                ->assertJsonPath('data.tenant_id', $this->tenant->id);
+            ->assertJson(['message' => 'Task erfolgreich erstellt.'])
+            ->assertJsonPath('data.title', 'Test Task')
+            ->assertJsonPath('data.tenant_id', $this->tenant->id);

        $this->assertDatabaseHas('tasks', [
-            'title' => 'Test Task',
            'tenant_id' => $this->tenant->id,
+            'title->de' => 'Test Task',
        ]);
    }

    #[Test]
    public function task_creation_requires_valid_data()
    {
-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->postJson('/api/v1/tenant/tasks', []);
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->postJson('/api/v1/tenant/tasks', []);

        $response->assertStatus(422)
-                ->assertJsonValidationErrors(['title']);
+            ->assertJsonValidationErrors(['title']);
    }

    #[Test]
@@ -108,15 +108,18 @@ class TaskApiTest extends TenantTestCase
    {
        $task = Task::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'title' => 'Viewable Task',
+            'title' => [
+                'de' => 'Viewable Task',
+                'en' => 'Viewable Task',
+            ],
            'priority' => 'medium',
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->getJson("/api/v1/tenant/tasks/{$task->id}");
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->getJson("/api/v1/tenant/tasks/{$task->id}");

        $response->assertStatus(200)
-                ->assertJson(['title' => 'Viewable Task']);
+            ->assertJson(['title' => 'Viewable Task']);
    }

    #[Test]
@@ -129,8 +132,8 @@ class TaskApiTest extends TenantTestCase
            'priority' => 'medium',
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->getJson("/api/v1/tenant/tasks/{$otherTask->id}");
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->getJson("/api/v1/tenant/tasks/{$otherTask->id}");

        $response->assertStatus(404);
    }
@@ -140,7 +143,10 @@ class TaskApiTest extends TenantTestCase
    {
        $task = Task::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'title' => 'Old Title',
+            'title' => [
+                'de' => 'Old Title',
+                'en' => 'Old Title',
+            ],
            'priority' => 'low',
        ]);

@@ -149,17 +155,17 @@ class TaskApiTest extends TenantTestCase
            'priority' => 'urgent',
        ];

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->patchJson("/api/v1/tenant/tasks/{$task->id}", $updateData);
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->patchJson("/api/v1/tenant/tasks/{$task->id}", $updateData);

        $response->assertStatus(200)
-                ->assertJson(['message' => 'Task erfolgreich aktualisiert.'])
-                ->assertJsonPath('data.title', 'Updated Title')
-                ->assertJsonPath('data.priority', 'urgent');
+            ->assertJson(['message' => 'Task erfolgreich aktualisiert.'])
+            ->assertJsonPath('data.title', 'Updated Title')
+            ->assertJsonPath('data.priority', 'urgent');

        $this->assertDatabaseHas('tasks', [
            'id' => $task->id,
-            'title' => 'Updated Title',
+            'title->de' => 'Updated Title',
            'priority' => 'urgent',
        ]);
    }
@@ -172,11 +178,11 @@ class TaskApiTest extends TenantTestCase
            'priority' => 'medium',
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->deleteJson("/api/v1/tenant/tasks/{$task->id}");
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->deleteJson("/api/v1/tenant/tasks/{$task->id}");

        $response->assertStatus(200)
-                ->assertJson(['message' => 'Task erfolgreich gelöscht.']);
+            ->assertJson(['message' => 'Task erfolgreich gelöscht.']);

        $this->assertSoftDeleted('tasks', ['id' => $task->id]);
    }
@@ -190,14 +196,13 @@ class TaskApiTest extends TenantTestCase
        ]);
        $event = Event::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'event_type_id' => 1,
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->postJson("/api/v1/tenant/tasks/{$task->id}/assign-event/{$event->id}");
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->postJson("/api/v1/tenant/tasks/{$task->id}/assign-event/{$event->id}");

        $response->assertStatus(200)
-                ->assertJson(['message' => 'Task erfolgreich dem Event zugewiesen.']);
+            ->assertJson(['message' => 'Task erfolgreich dem Event zugewiesen.']);

        $this->assertDatabaseHas('event_task', [
            'task_id' => $task->id,
@@ -214,16 +219,15 @@ class TaskApiTest extends TenantTestCase
        ]);
        $event = Event::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'event_type_id' => 1,
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->postJson("/api/v1/tenant/tasks/bulk-assign-event/{$event->id}", [
-                            'task_ids' => $tasks->pluck('id')->toArray(),
-                        ]);
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->postJson("/api/v1/tenant/tasks/bulk-assign-event/{$event->id}", [
+                'task_ids' => $tasks->pluck('id')->toArray(),
+            ]);

        $response->assertStatus(200)
-                ->assertJson(['message' => '3 Tasks dem Event zugewiesen.']);
+            ->assertJson(['message' => '3 Tasks dem Event zugewiesen.']);

        $this->assertEquals(3, $event->tasks()->count());
    }
@@ -233,24 +237,23 @@ class TaskApiTest extends TenantTestCase
    {
        $event = Event::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'event_type_id' => 1,
        ]);
        $eventTasks = Task::factory(2)->create([
            'tenant_id' => $this->tenant->id,
            'priority' => 'medium',
        ]);
-        $eventTasks->each(fn($task) => $task->assignedEvents()->attach($event->id));
+        $eventTasks->each(fn ($task) => $task->assignedEvents()->attach($event->id));

        Task::factory(3)->create([
            'tenant_id' => $this->tenant->id,
            'priority' => 'medium',
        ]); // Other tasks

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->getJson("/api/v1/tenant/tasks/event/{$event->id}");
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->getJson("/api/v1/tenant/tasks/event/{$event->id}");

        $response->assertStatus(200)
-                ->assertJsonCount(2, 'data');
+            ->assertJsonCount(2, 'data');
    }

    #[Test]
@@ -272,11 +275,11 @@ class TaskApiTest extends TenantTestCase
            'priority' => 'medium',
        ]); // Other tasks

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->getJson("/api/v1/tenant/tasks?collection_id={$collection->id}");
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->getJson("/api/v1/tenant/tasks?collection_id={$collection->id}");

        $response->assertStatus(200)
-                ->assertJsonCount(2, 'data');
+            ->assertJsonCount(2, 'data');
    }

    #[Test]
@@ -284,29 +287,25 @@ class TaskApiTest extends TenantTestCase
    {
        Task::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'title' => 'First Task',
-            'priority' => 'medium'
+            'title' => ['de' => 'First Task', 'en' => 'First Task'],
+            'priority' => 'medium',
        ]);
        Task::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'title' => 'Search Test',
-            'priority' => 'medium'
+            'title' => ['de' => 'Search Test', 'en' => 'Search Test'],
+            'priority' => 'medium',
        ]);
        Task::factory()->create([
            'tenant_id' => $this->tenant->id,
-            'title' => 'Another Task',
-            'priority' => 'medium'
+            'title' => ['de' => 'Another Task', 'en' => 'Another Task'],
+            'priority' => 'medium',
        ]);

-        $response = $this->withHeaders(['Authorization' => 'Bearer ' . $this->token])
-                        ->getJson('/api/v1/tenant/tasks?search=Search');
+        $response = $this->withHeaders(['Authorization' => 'Bearer '.$this->token])
+            ->getJson('/api/v1/tenant/tasks?search=Search');

        $response->assertStatus(200)
-                ->assertJsonCount(1, 'data')
-                ->assertJsonPath('data.0.title', 'Search Test');
+            ->assertJsonCount(1, 'data')
+            ->assertJsonPath('data.0.title', 'Search Test');
    }
 }
-
-
-
-
--- a/tests/Feature/Tenant/TenantTestCase.php
+++ b/tests/Feature/Tenant/TenantTestCase.php
@@ -14,9 +14,13 @@ abstract class TenantTestCase extends TestCase
    use RefreshDatabase;

    protected Tenant $tenant;
+
    protected User $tenantUser;
+
    protected OAuthClient $oauthClient;
+
    protected string $token;
+
    protected ?string $refreshToken = null;

    protected function setUp(): void
@@ -75,6 +79,8 @@ abstract class TenantTestCase extends TestCase

    protected function issueTokens(OAuthClient $client, array $scopes = ['tenant:read', 'tenant:write']): array
    {
+        $this->actingAs($this->tenantUser);
+
        $codeVerifier = 'tenant-code-verifier-'.Str::random(32);
        $codeChallenge = rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
        $state = Str::random(10);
@@ -114,4 +120,3 @@ abstract class TenantTestCase extends TestCase
        ];
    }
 }
-