singleloginsystem/tests/Feature/MicrosoftGraphFederationTest.php
= df4a84b970 Feat: introduce Microsoft Entra ID federation configuration
- Added `MicrosoftGraphCredentialsData` and `FederatedIdpMfaBehaviorEnum` for managing Entra ID integration.
- Implemented `MicrosoftGraphService` to handle federation setup, domain management, and token authentication.
- Created UI for managing Microsoft Graph Federation, including connection and disconnection flows.
- Extended tests to validate Microsoft Graph Federation functionality.
2026-05-28 12:43:17 +00:00

155 lines
6.0 KiB
PHP

<?php
declare(strict_types=1);
use App\Enums\ConnectionStatusEnum;
use App\Models\User;
use Illuminate\Support\Facades\{Config, File, Http};
use Livewire\Livewire;
beforeEach(function (): void {
$this->seed(Database\Seeders\DatabaseSeeder::class);
$this->admin = User::where('email', 'admin@example.com')->firstOrFail();
// Ensure mock SAML certificate directory and file exists for tests
$directory = storage_path('app/saml');
if (! File::exists($directory)) {
File::makeDirectory($directory, 0755, true);
}
if (! File::exists("{$directory}/idp.crt")) {
File::put("{$directory}/idp.crt", "-----BEGIN CERTIFICATE-----\nMIIE3jCCAsagAwIBAgIQQcyDaZz3MI\n-----END CERTIFICATE-----");
}
});
test('guest is redirected to login when visiting microsoft federation page', function (): void {
$response = $this->get(route('apps.microsoft-federation'));
$response->assertRedirect(route('login'));
});
test('administrator can render microsoft federation page', function (): void {
$response = $this->actingAs($this->admin)->get(route('apps.microsoft-federation'));
$response->assertStatus(200);
});
test('renders warning banner if credentials are not configured in environment', function (): void {
Config::set('services.microsoft_graph', [
'tenant_id' => '',
'client_id' => '',
'client_secret' => '',
'domain_name' => '',
]);
Livewire::actingAs($this->admin)
->test('pages::connecton-providers.microsoft-federation')
->assertSet('credentialsLoaded', false)
->assertSee('Environment Configuration Required');
});
test('loads credentials and check status successfully if configured', function (): void {
Config::set('services.microsoft_graph', [
'tenant_id' => 'mock-tenant-id',
'client_id' => 'mock-client-id',
'client_secret' => 'mock-client-secret',
'domain_name' => 'mockdomain.com',
'display_name' => 'Company SSO',
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
]);
// Fake Microsoft Graph API responses
Http::fake([
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
'access_token' => 'mock-access-token',
'token_type' => 'Bearer',
'expires_in' => 3600,
], 200),
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => Http::response([
'value' => [
[
'id' => 'mock-federation-id',
'displayName' => 'Company SSO',
'issuerUri' => 'http://localhost/saml/metadata',
'preferredAuthenticationProtocol' => 'saml',
'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp',
'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI',
],
],
], 200),
]);
Livewire::actingAs($this->admin)
->test('pages::connecton-providers.microsoft-federation')
->assertSet('credentialsLoaded', true)
->assertSet('connectionStatus', ConnectionStatusEnum::Connected)
->assertSet('federationId', 'mock-federation-id')
->assertSee('Active Federation State');
});
test('can connect/federate domain successfully', function (): void {
Config::set('services.microsoft_graph', [
'tenant_id' => 'mock-tenant-id',
'client_id' => 'mock-client-id',
'client_secret' => 'mock-client-secret',
'domain_name' => 'mockdomain.com',
'display_name' => 'Company SSO',
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
]);
Http::fake([
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
'access_token' => 'mock-access-token',
], 200),
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration' => function ($request) {
if ('GET' === $request->method()) {
return Http::response(['value' => []], 200);
}
if ('POST' === $request->method()) {
return Http::response([
'id' => 'new-federation-id',
'displayName' => 'Company SSO',
'issuerUri' => 'http://localhost/saml/metadata',
'preferredAuthenticationProtocol' => 'saml',
'federatedIdpMfaBehavior' => 'acceptIfMfaDoneByFederatedIdp',
'signingCertificate' => 'MIIE3jCCAsagAwIBAgIQQcyDaZz3MI',
], 200);
}
return Http::response(null, 404);
},
]);
Livewire::actingAs($this->admin)
->test('pages::connecton-providers.microsoft-federation')
->set('connectionStatus', ConnectionStatusEnum::Disconnected)
->call('connect')
->assertSet('connectionStatus', ConnectionStatusEnum::Connected)
->assertSet('federationId', 'new-federation-id');
});
test('can disconnect federation successfully', function (): void {
Config::set('services.microsoft_graph', [
'tenant_id' => 'mock-tenant-id',
'client_id' => 'mock-client-id',
'client_secret' => 'mock-client-secret',
'domain_name' => 'mockdomain.com',
'display_name' => 'Company SSO',
'mfa_behavior' => 'acceptIfMfaDoneByFederatedIdp',
]);
Http::fake([
'https://login.microsoftonline.com/mock-tenant-id/oauth2/v2.0/token' => Http::response([
'access_token' => 'mock-access-token',
], 200),
'https://graph.microsoft.com/v1.0/domains/mockdomain.com/federationConfiguration/mock-federation-id' => Http::response(null, 204),
]);
Livewire::actingAs($this->admin)
->test('pages::connecton-providers.microsoft-federation')
->set('connectionStatus', ConnectionStatusEnum::Connected)
->set('federationId', 'mock-federation-id')
->call('disconnect')
->assertSet('connectionStatus', ConnectionStatusEnum::Disconnected)
->assertSet('federationId', null);
});