= d7c2491fed Refactor: consolidate and replace permission enums for streamlined access management
- Replaced `AccessManager`, `Apps`, and `Settings` enums with modular enums like `RoleAndAppsPermissionEnum`, `AppPermissionEnum`, etc.
- Updated route, view, Livewire components, and tests to use new modular enums.
- Enhanced `DefaultRoleWithPermissionSeeder` and `PermissionSeeder` with updated enums.
- Added README in the Enums/Permissions directory to explain usage and naming conventions.
- Refactored dashboard sidebar and route definitions for better enum-based permission handling.
- Improved test coverage to validate new permission enums functionality.
2026-05-25 06:18:09 +00:00

115 lines
3.4 KiB
PHP

<?php
declare(strict_types=1);
use App\Enums\Permissions\SecurityPermissionEnum;
use App\Livewire\Settings\Security;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Laravel\Fortify\Features;
use Livewire\Livewire;
use Spatie\Permission\Models\Permission;
beforeEach(function (): void {
$this->skipUnlessFortifyHas(Features::twoFactorAuthentication());
Features::twoFactorAuthentication([
'confirm' => true,
'confirmPassword' => true,
]);
Permission::findOrCreate(SecurityPermissionEnum::Access->value);
});
test('security settings page can be rendered', function (): void {
$user = User::factory()->create();
$user->givePermissionTo(SecurityPermissionEnum::Access->value);
$this->actingAs($user)
->withSession(['auth.password_confirmed_at' => time()])
->get(route('security.edit'))
->assertOk()
->assertSee('Two-factor authentication')
->assertSee('Enable 2FA');
});
test('security settings page requires password confirmation when enabled', function (): void {
$user = User::factory()->create();
$user->givePermissionTo(SecurityPermissionEnum::Access->value);
$response = $this->actingAs($user)
->get(route('security.edit'));
$response->assertRedirect(route('password.confirm'));
});
test('security settings page renders without two factor when feature is disabled', function (): void {
config(['fortify.features' => []]);
$user = User::factory()->create();
$user->givePermissionTo(SecurityPermissionEnum::Access->value);
$this->actingAs($user)
->withSession(['auth.password_confirmed_at' => time()])
->get(route('security.edit'))
->assertOk()
->assertSee('Update password')
->assertDontSee('Two-factor authentication');
});
test('two factor authentication disabled when confirmation abandoned between requests', function (): void {
$user = User::factory()->create();
$user->forceFill([
'two_factor_secret' => encrypt('test-secret'),
'two_factor_recovery_codes' => encrypt(json_encode(['code1', 'code2'])),
'two_factor_confirmed_at' => null,
])->save();
$this->actingAs($user);
$component = Livewire::test(Security::class);
$component->assertSet('twoFactorEnabled', false);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'two_factor_secret' => null,
'two_factor_recovery_codes' => null,
]);
});
test('password can be updated', function (): void {
$user = User::factory()->create([
'password' => Hash::make('password'),
]);
$this->actingAs($user);
$response = Livewire::test(Security::class)
->set('current_password', 'password')
->set('password', 'new-password')
->set('password_confirmation', 'new-password')
->call('updatePassword');
$response->assertHasNoErrors();
expect(Hash::check('new-password', $user->refresh()->password))->toBeTrue();
});
test('correct password must be provided to update password', function (): void {
$user = User::factory()->create([
'password' => Hash::make('password'),
]);
$this->actingAs($user);
$response = Livewire::test(Security::class)
->set('current_password', 'wrong-password')
->set('password', 'new-password')
->set('password_confirmation', 'new-password')
->call('updatePassword');
$response->assertHasErrors(['current_password']);
});