seed(Database\Seeders\DatabaseSeeder::class); $this->admin = User::where('email', 'admin@example.com')->firstOrFail(); // Ensure mock SAML certificate directory and file exists for tests $directory = storage_path('app/saml'); if (! File::exists($directory)) { File::makeDirectory($directory, 0755, true); } if (! File::exists("{$directory}/idp.crt")) { File::put("{$directory}/idp.crt", "-----BEGIN CERTIFICATE-----\nMIIE3jCCAsagAwIBAgIQQcyDaZz3MI\n-----END CERTIFICATE-----"); } }); test('guest is redirected to login when visiting microsoft federation page', function (): void { $response = $this->get(route('apps.microsoft-federation')); $response->assertRedirect(route('login')); }); test('administrator can render microsoft federation page', function (): void { $response = $this->actingAs($this->admin)->get(route('apps.microsoft-federation')); $response->assertStatus(200); }); test('renders warning banner if credentials are not configured in environment', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => '', 'client_id' => '', 'client_secret' => '', 'domain_name' => '', ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('credentialsLoaded', false) ->assertSee('Environment Configuration Required'); }); test('loads credentials and check status successfully if configured', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); // Fake Microsoft Graph API responses Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', 'token_type' => 'Bearer', 'expires_in' => 3600, ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([ 'value' => [ [ 'id' => 'mock-federation-id', 'displayName' => 'Company SSO', 'issuerUri' => 'http://localhost/saml/metadata', 'preferredAuthenticationProtocol' => 'saml', 'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp', 'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI', ], ], ], 200), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('credentialsLoaded', true) ->assertSet('connectionStatus', ConnectionStatusEnum::Connected) ->assertSet('federationId', 'mock-federation-id') ->assertSee('Active Federation State'); }); test('can connect/federate domain successfully', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => function ($request) { if ('GET' === $request->method()) { return Http::response(['value' => []], 200); } if ('POST' === $request->method()) { return Http::response([ 'id' => 'new-federation-id', 'displayName' => 'Company SSO', 'issuerUri' => 'http://localhost/saml/metadata', 'preferredAuthenticationProtocol' => 'saml', 'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp', 'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI', ], 200); } return Http::response(null, 404); }, ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->set('connectionStatus', ConnectionStatusEnum::Disconnected) ->call('connect') ->assertSet('connectionStatus', ConnectionStatusEnum::Connected) ->assertSet('federationId', 'new-federation-id'); }); test('can disconnect federation successfully', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration/mock-federation-id' => Http::response(null, 204), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->set('connectionStatus', ConnectionStatusEnum::Connected) ->set('federationId', 'mock-federation-id') ->call('disconnect') ->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected) ->assertSet('federationId', null); }); test('renders error state if status check fails due to authorization request denied', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([ 'error' => [ 'code' => 'Authorization_RequestDenied', 'message' => 'Insufficient privileges to complete the operation.', 'innerError' => [ 'date' => '2026-06-02T09:06:37', 'request-id' => '7f6c85c5-4a55-47f8-91dd-f62e264583e7', ], ], ], 403), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('connectionStatus', ConnectionStatusEnum::Error) ->assertSee('Insufficient privileges to complete the operation.'); }); test('renders managed state if status check returns Request_ResourceNotFound 404', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([ 'error' => [ 'code' => 'Request_ResourceNotFound', 'message' => "Resource 'federationConfiguration' does not exist or one of its queried reference-property objects are not present.", 'innerError' => [ 'date' => '2026-06-02T09:40:58', 'request-id' => 'e7f31a03-80bf-4b42-b1ca-6af8c156fed7', 'client-request-id' => 'e7f31a03-80bf-4b42-b1ca-6af8c156fed7', ], ], ], 404), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected) ->assertSet('federationId', null) ->assertSee('No Active Federation') ->assertSee('Managed'); }); test('renders error state if status check fails due to domain not found in Entra ID', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([ 'error' => [ 'code' => 'Request_ResourceNotFound', 'message' => "Resource '{0}' does not exist or one of its queried reference-property objects are not present.", 'innerError' => [ 'date' => '2026-06-02T09:50:46', 'request-id' => '08b35000-608d-4ccd-8caf-8ea42fd13812', 'client-request-id' => '08b35000-608d-4ccd-8caf-8ea42fd13812', ], ], ], 404), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('connectionStatus', ConnectionStatusEnum::Error) ->assertSee("Resource '{0}' does not exist"); });