- Improved logging for `MicrosoftGraphService` methods to provide detailed insights into federation configuration processes. - Refactored error handling for domain federation configuration, including specific checks for authorization and resource errors. - Streamlined federation flow logic and made it more resilient to exceptions. - Updated UI components to handle configuration states more effectively and added button functionality for failed connections. - Expanded test coverage for Microsoft Graph Federation scenarios, including authorization failures and domain validation. - masked the sensitive fields
255 lines
10 KiB
PHP
255 lines
10 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Enums\ConnectionStatusEnum;
|
|
use App\Models\User;
|
|
use Illuminate\Support\Facades\{Config, File, Http};
|
|
use Livewire\Livewire;
|
|
|
|
beforeEach(function (): void {
|
|
$this->seed(Database\Seeders\DatabaseSeeder::class);
|
|
$this->admin = User::where('email', 'admin@example.com')->firstOrFail();
|
|
|
|
// Ensure mock SAML certificate directory and file exists for tests
|
|
$directory = storage_path('app/saml');
|
|
if (! File::exists($directory)) {
|
|
File::makeDirectory($directory, 0755, true);
|
|
}
|
|
if (! File::exists("{$directory}/idp.crt")) {
|
|
File::put("{$directory}/idp.crt", "-----BEGIN CERTIFICATE-----\nMIIE3jCCAsagAwIBAgIQQcyDaZz3MI\n-----END CERTIFICATE-----");
|
|
}
|
|
});
|
|
|
|
test('guest is redirected to login when visiting microsoft federation page', function (): void {
|
|
$response = $this->get(route('apps.microsoft-federation'));
|
|
|
|
$response->assertRedirect(route('login'));
|
|
});
|
|
|
|
test('administrator can render microsoft federation page', function (): void {
|
|
$response = $this->actingAs($this->admin)->get(route('apps.microsoft-federation'));
|
|
|
|
$response->assertStatus(200);
|
|
});
|
|
|
|
test('renders warning banner if credentials are not configured in environment', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => '',
|
|
'client_id' => '',
|
|
'client_secret' => '',
|
|
'domain_name' => '',
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('credentialsLoaded', false)
|
|
->assertSee('Environment Configuration Required');
|
|
});
|
|
|
|
test('loads credentials and check status successfully if configured', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
// Fake Microsoft Graph API responses
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
'token_type' => 'Bearer',
|
|
'expires_in' => 3600,
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([
|
|
'value' => [
|
|
[
|
|
'id' => 'mock-federation-id',
|
|
'displayName' => 'Company SSO',
|
|
'issuerUri' => 'http://localhost/saml/metadata',
|
|
'preferredAuthenticationProtocol' => 'saml',
|
|
'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI',
|
|
],
|
|
],
|
|
], 200),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('credentialsLoaded', true)
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Connected)
|
|
->assertSet('federationId', 'mock-federation-id')
|
|
->assertSee('Active Federation State');
|
|
});
|
|
|
|
test('can connect/federate domain successfully', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => function ($request) {
|
|
if ('GET' === $request->method()) {
|
|
return Http::response(['value' => []], 200);
|
|
}
|
|
if ('POST' === $request->method()) {
|
|
return Http::response([
|
|
'id' => 'new-federation-id',
|
|
'displayName' => 'Company SSO',
|
|
'issuerUri' => 'http://localhost/saml/metadata',
|
|
'preferredAuthenticationProtocol' => 'saml',
|
|
'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI',
|
|
], 200);
|
|
}
|
|
|
|
return Http::response(null, 404);
|
|
},
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->set('connectionStatus', ConnectionStatusEnum::Disconnected)
|
|
->call('connect')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Connected)
|
|
->assertSet('federationId', 'new-federation-id');
|
|
});
|
|
|
|
test('can disconnect federation successfully', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration/mock-federation-id' => Http::response(null, 204),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->set('connectionStatus', ConnectionStatusEnum::Connected)
|
|
->set('federationId', 'mock-federation-id')
|
|
->call('disconnect')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected)
|
|
->assertSet('federationId', null);
|
|
});
|
|
|
|
test('renders error state if status check fails due to authorization request denied', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([
|
|
'error' => [
|
|
'code' => 'Authorization_RequestDenied',
|
|
'message' => 'Insufficient privileges to complete the operation.',
|
|
'innerError' => [
|
|
'date' => '2026-06-02T09:06:37',
|
|
'request-id' => '7f6c85c5-4a55-47f8-91dd-f62e264583e7',
|
|
],
|
|
],
|
|
], 403),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Error)
|
|
->assertSee('Insufficient privileges to complete the operation.');
|
|
});
|
|
|
|
test('renders managed state if status check returns Request_ResourceNotFound 404', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([
|
|
'error' => [
|
|
'code' => 'Request_ResourceNotFound',
|
|
'message' => "Resource 'federationConfiguration' does not exist or one of its queried reference-property objects are not present.",
|
|
'innerError' => [
|
|
'date' => '2026-06-02T09:40:58',
|
|
'request-id' => 'e7f31a03-80bf-4b42-b1ca-6af8c156fed7',
|
|
'client-request-id' => 'e7f31a03-80bf-4b42-b1ca-6af8c156fed7',
|
|
],
|
|
],
|
|
], 404),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected)
|
|
->assertSet('federationId', null)
|
|
->assertSee('No Active Federation')
|
|
->assertSee('Managed');
|
|
});
|
|
|
|
test('renders error state if status check fails due to domain not found in Entra ID', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([
|
|
'error' => [
|
|
'code' => 'Request_ResourceNotFound',
|
|
'message' => "Resource '{0}' does not exist or one of its queried reference-property objects are not present.",
|
|
'innerError' => [
|
|
'date' => '2026-06-02T09:50:46',
|
|
'request-id' => '08b35000-608d-4ccd-8caf-8ea42fd13812',
|
|
'client-request-id' => '08b35000-608d-4ccd-8caf-8ea42fd13812',
|
|
],
|
|
],
|
|
], 404),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Error)
|
|
->assertSee("Resource '{0}' does not exist");
|
|
});
|