122 lines
3.5 KiB
PHP
122 lines
3.5 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature\Auth;
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Tests\TestCase;
|
|
|
|
class TenantProfileApiTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_me_endpoint_returns_user_and_tenant_payload(): void
|
|
{
|
|
$tenant = Tenant::factory()->create([
|
|
'name' => 'Test Tenant GmbH',
|
|
'slug' => 'test-tenant',
|
|
'features' => ['custom_branding' => true],
|
|
]);
|
|
|
|
$user = User::factory()->create([
|
|
'tenant_id' => $tenant->id,
|
|
'role' => 'tenant_admin',
|
|
'password' => Hash::make('secret-password'),
|
|
'email' => 'tenant@example.com',
|
|
'name' => 'Max Mustermann',
|
|
'first_name' => 'Max',
|
|
'last_name' => 'Mustermann',
|
|
]);
|
|
|
|
$login = $this->postJson('/api/v1/tenant-auth/login', [
|
|
'login' => 'tenant@example.com',
|
|
'password' => 'secret-password',
|
|
]);
|
|
|
|
$login->assertOk()->assertJsonStructure(['token', 'token_type', 'abilities']);
|
|
|
|
$token = $login->json('token');
|
|
|
|
$me = $this->withHeader('Authorization', 'Bearer '.$token)->getJson('/api/v1/tenant-auth/me');
|
|
|
|
$me->assertOk();
|
|
$me->assertJsonFragment([
|
|
'id' => $user->id,
|
|
'email' => 'tenant@example.com',
|
|
'role' => 'tenant_admin',
|
|
'tenant_id' => $tenant->id,
|
|
]);
|
|
|
|
$me->assertJsonFragment([
|
|
'name' => 'Test Tenant GmbH',
|
|
'slug' => 'test-tenant',
|
|
]);
|
|
|
|
$data = $me->json();
|
|
$this->assertEquals('Max Mustermann', data_get($data, 'user.name'));
|
|
$this->assertContains('tenant-admin', $data['abilities']);
|
|
|
|
$legacy = $this
|
|
->withHeader('Authorization', 'Bearer '.$token)
|
|
->getJson('/api/v1/tenant/me');
|
|
|
|
$legacy->assertOk();
|
|
$legacy->assertJsonFragment([
|
|
'id' => $tenant->id,
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Test Tenant GmbH',
|
|
'fullName' => 'Max Mustermann',
|
|
]);
|
|
$legacy->assertJsonStructure([
|
|
'id',
|
|
'tenant_id',
|
|
'name',
|
|
'slug',
|
|
'email',
|
|
'fullName',
|
|
'active_reseller_package_id',
|
|
'remaining_events',
|
|
'package_expires_at',
|
|
'features',
|
|
'scopes',
|
|
]);
|
|
$this->assertContains('tenant-admin', $legacy->json('scopes'));
|
|
}
|
|
|
|
public function test_me_requires_valid_token(): void
|
|
{
|
|
$response = $this->getJson('/api/v1/tenant-auth/me');
|
|
|
|
$response->assertStatus(401);
|
|
}
|
|
|
|
public function test_exchange_returns_no_content_when_session_missing(): void
|
|
{
|
|
$response = $this->postJson('/api/v1/tenant-auth/exchange');
|
|
|
|
$response->assertNoContent();
|
|
}
|
|
|
|
public function test_exchange_returns_token_for_authenticated_session(): void
|
|
{
|
|
$tenant = Tenant::factory()->create();
|
|
$user = User::factory()->create([
|
|
'tenant_id' => $tenant->id,
|
|
'role' => 'tenant_admin',
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->postJson('/api/v1/tenant-auth/exchange');
|
|
|
|
$response->assertOk();
|
|
$response->assertJsonStructure([
|
|
'token',
|
|
'token_type',
|
|
'abilities',
|
|
'user' => ['id', 'email', 'role', 'tenant_id'],
|
|
]);
|
|
}
|
|
}
|