seed(Database\Seeders\DatabaseSeeder::class); $this->admin = User::where('email', 'admin@example.com')->firstOrFail(); // Ensure mock SAML certificate directory and file exists for tests $directory = storage_path('app/saml'); if (! File::exists($directory)) { File::makeDirectory($directory, 0755, true); } if (! File::exists("{$directory}/idp.crt")) { File::put("{$directory}/idp.crt", "-----BEGIN CERTIFICATE-----\nMIIE3jCCAsagAwIBAgIQQcyDaZz3MI\n-----END CERTIFICATE-----"); } }); test('guest is redirected to login when visiting microsoft federation page', function (): void { $response = $this->get(route('apps.microsoft-federation')); $response->assertRedirect(route('login')); }); test('administrator can render microsoft federation page', function (): void { $response = $this->actingAs($this->admin)->get(route('apps.microsoft-federation')); $response->assertStatus(200); }); test('renders warning banner if credentials are not configured in environment', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => '', 'client_id' => '', 'client_secret' => '', 'domain_name' => '', ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('credentialsLoaded', false) ->assertSee('Environment Configuration Required'); }); test('loads credentials and check status successfully if configured', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); // Fake Microsoft Graph API responses Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', 'token_type' => 'Bearer', 'expires_in' => 3600, ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([ 'value' => [ [ 'id' => 'mock-federation-id', 'displayName' => 'Company SSO', 'issuerUri' => 'http://localhost/saml/metadata', 'preferredAuthenticationProtocol' => 'saml', 'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp', 'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI', ], ], ], 200), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->assertSet('credentialsLoaded', true) ->assertSet('connectionStatus', ConnectionStatusEnum::Connected) ->assertSet('federationId', 'mock-federation-id') ->assertSee('Active Federation State'); }); test('can connect/federate domain successfully', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => function ($request) { if ('GET' === $request->method()) { return Http::response(['value' => []], 200); } if ('POST' === $request->method()) { return Http::response([ 'id' => 'new-federation-id', 'displayName' => 'Company SSO', 'issuerUri' => 'http://localhost/saml/metadata', 'preferredAuthenticationProtocol' => 'saml', 'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp', 'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI', ], 200); } return Http::response(null, 404); }, ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->set('connectionStatus', ConnectionStatusEnum::Disconnected) ->call('connect') ->assertSet('connectionStatus', ConnectionStatusEnum::Connected) ->assertSet('federationId', 'new-federation-id'); }); test('can disconnect federation successfully', function (): void { Config::set('services.microsoft_graph', [ 'tenant_id' => 'mock-tenant-id', 'client_id' => 'mock-client-id', 'client_secret' => 'mock-client-secret', 'domain_name' => 'mockdomain.com', 'display_name' => 'Company SSO', 'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp', ]); Http::fake([ 'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([ 'access_token' => 'mock-access-token', ], 200), 'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration/mock-federation-id' => Http::response(null, 204), ]); Livewire::actingAs($this->admin) ->test('pages::connecton-providers.microsoft-federation') ->set('connectionStatus', ConnectionStatusEnum::Connected) ->set('federationId', 'mock-federation-id') ->call('disconnect') ->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected) ->assertSet('federationId', null); });