- Added `MicrosoftGraphCredentialsData` and `FederatedIdpMfaBehaviorEnum` for managing Entra ID integration. - Implemented `MicrosoftGraphService` to handle federation setup, domain management, and token authentication. - Created UI for managing Microsoft Graph Federation, including connection and disconnection flows. - Extended tests to validate Microsoft Graph Federation functionality.
155 lines
6.0 KiB
PHP
155 lines
6.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Enums\ConnectionStatusEnum;
|
|
use App\Models\User;
|
|
use Illuminate\Support\Facades\{Config, File, Http};
|
|
use Livewire\Livewire;
|
|
|
|
beforeEach(function (): void {
|
|
$this->seed(Database\Seeders\DatabaseSeeder::class);
|
|
$this->admin = User::where('email', 'admin@example.com')->firstOrFail();
|
|
|
|
// Ensure mock SAML certificate directory and file exists for tests
|
|
$directory = storage_path('app/saml');
|
|
if (! File::exists($directory)) {
|
|
File::makeDirectory($directory, 0755, true);
|
|
}
|
|
if (! File::exists("{$directory}/idp.crt")) {
|
|
File::put("{$directory}/idp.crt", "-----BEGIN CERTIFICATE-----\nMIIE3jCCAsagAwIBAgIQQcyDaZz3MI\n-----END CERTIFICATE-----");
|
|
}
|
|
});
|
|
|
|
test('guest is redirected to login when visiting microsoft federation page', function (): void {
|
|
$response = $this->get(route('apps.microsoft-federation'));
|
|
|
|
$response->assertRedirect(route('login'));
|
|
});
|
|
|
|
test('administrator can render microsoft federation page', function (): void {
|
|
$response = $this->actingAs($this->admin)->get(route('apps.microsoft-federation'));
|
|
|
|
$response->assertStatus(200);
|
|
});
|
|
|
|
test('renders warning banner if credentials are not configured in environment', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => '',
|
|
'client_id' => '',
|
|
'client_secret' => '',
|
|
'domain_name' => '',
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('credentialsLoaded', false)
|
|
->assertSee('Environment Configuration Required');
|
|
});
|
|
|
|
test('loads credentials and check status successfully if configured', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
// Fake Microsoft Graph API responses
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
'token_type' => 'Bearer',
|
|
'expires_in' => 3600,
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([
|
|
'value' => [
|
|
[
|
|
'id' => 'mock-federation-id',
|
|
'displayName' => 'Company SSO',
|
|
'issuerUri' => 'http://localhost/saml/metadata',
|
|
'preferredAuthenticationProtocol' => 'saml',
|
|
'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI',
|
|
],
|
|
],
|
|
], 200),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->assertSet('credentialsLoaded', true)
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Connected)
|
|
->assertSet('federationId', 'mock-federation-id')
|
|
->assertSee('Active Federation State');
|
|
});
|
|
|
|
test('can connect/federate domain successfully', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => function ($request) {
|
|
if ('GET' === $request->method()) {
|
|
return Http::response(['value' => []], 200);
|
|
}
|
|
if ('POST' === $request->method()) {
|
|
return Http::response([
|
|
'id' => 'new-federation-id',
|
|
'displayName' => 'Company SSO',
|
|
'issuerUri' => 'http://localhost/saml/metadata',
|
|
'preferredAuthenticationProtocol' => 'saml',
|
|
'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI',
|
|
], 200);
|
|
}
|
|
|
|
return Http::response(null, 404);
|
|
},
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->set('connectionStatus', ConnectionStatusEnum::Disconnected)
|
|
->call('connect')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Connected)
|
|
->assertSet('federationId', 'new-federation-id');
|
|
});
|
|
|
|
test('can disconnect federation successfully', function (): void {
|
|
Config::set('services.microsoft_graph', [
|
|
'tenant_id' => 'mock-tenant-id',
|
|
'client_id' => 'mock-client-id',
|
|
'client_secret' => 'mock-client-secret',
|
|
'domain_name' => 'mockdomain.com',
|
|
'display_name' => 'Company SSO',
|
|
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
|
|
]);
|
|
|
|
Http::fake([
|
|
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
|
|
'access_token' => 'mock-access-token',
|
|
], 200),
|
|
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration/mock-federation-id' => Http::response(null, 204),
|
|
]);
|
|
|
|
Livewire::actingAs($this->admin)
|
|
->test('pages::connecton-providers.microsoft-federation')
|
|
->set('connectionStatus', ConnectionStatusEnum::Connected)
|
|
->set('federationId', 'mock-federation-id')
|
|
->call('disconnect')
|
|
->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected)
|
|
->assertSet('federationId', null);
|
|
});
|