liderra/portal
1
0
Fork 0
Code Issues Pull Requests Actions 82 Packages Projects Releases Wiki Activity
Files
a5e2bbbbe8d35336df9a6f2ce18c88aaa72f6602
portal/app/tests/Feature/ApiKeyControllerTest.php
T
Дмитрий a5e2bbbbe8 feat(api): api_keys model + GET/regenerate endpoints (closes J5 part 1) 
Audit J5/D3: the api_keys table existed in schema but had zero code.
Adds the ApiKey model + factory, and ApiKeyController with GET
/api/api-keys (list active keys, key_hash hidden) and POST
/api/api-keys/regenerate (deactivate prior + create new, full key
returned once, bcrypt-hashed in DB). Tenant-scoped via auth:sanctum +
tenant middleware (RLS on api_keys). phpstan-baseline.neon updated for
Pest PendingCalls false-positives in the new test file; also removes
8 pre-existing stale ignore.unmatched entries (properties now resolved
by existing @mixin IdeHelper* docblocks — confirmed pre-existing via
git stash test before Task 3 changes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 21:53:35 +03:00

78 lines
2.9 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Models\ApiKey;
use App\Models\Tenant;
use App\Models\User;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Illuminate\Support\Facades\Hash;
uses(DatabaseTransactions::class);
beforeEach(function () {
$this->tenant = Tenant::factory()->create();
$this->user = User::factory()->create(['tenant_id' => $this->tenant->id]);
$this->actingAs($this->user);
});
test('GET /api/api-keys возвращает активные ключи тенанта', function () {
ApiKey::factory()->create(['tenant_id' => $this->tenant->id, 'user_id' => $this->user->id]);
$response = $this->getJson('/api/api-keys');
$response->assertOk();
expect($response->json('data'))->toHaveCount(1);
expect($response->json('data.0'))->toHaveKeys(['id', 'name', 'key_prefix', 'last_used_at', 'created_at']);
expect($response->json('data.0'))->not->toHaveKey('key_hash');
});
test('GET /api/api-keys без auth: 401', function () {
auth()->logout();
$this->getJson('/api/api-keys')->assertStatus(401);
});
test('GET /api/api-keys изолирован по тенанту', function () {
$otherTenant = Tenant::factory()->create();
$otherUser = User::factory()->create(['tenant_id' => $otherTenant->id]);
ApiKey::factory()->create(['tenant_id' => $otherTenant->id, 'user_id' => $otherUser->id]);
$response = $this->getJson('/api/api-keys');
$response->assertOk();
expect($response->json('data'))->toHaveCount(0);
});
test('POST /api/api-keys/regenerate создаёт ключ и возвращает plaintext один раз', function () {
$response = $this->postJson('/api/api-keys/regenerate');
$response->assertStatus(201);
expect($response->json('key'))->toStartWith('lpkapi_');
expect($response->json('key_prefix'))->toBe(substr($response->json('key'), 0, 10));
expect($response->json())->toHaveKeys(['id', 'name', 'key', 'key_prefix']);
$row = ApiKey::query()->where('tenant_id', $this->tenant->id)->where('is_active', true)->first();
expect($row)->not->toBeNull();
expect($row->key_hash)->not->toBe($response->json('key'));
expect(Hash::check($response->json('key'), $row->key_hash))->toBeTrue();
});
test('POST /api/api-keys/regenerate деактивирует предыдущий активный ключ', function () {
$old = ApiKey::factory()->create([
'tenant_id' => $this->tenant->id,
'user_id' => $this->user->id,
'is_active' => true,
]);
$this->postJson('/api/api-keys/regenerate')->assertStatus(201);
$old->refresh();
expect($old->is_active)->toBeFalse();
expect(ApiKey::query()->where('tenant_id', $this->tenant->id)->where('is_active', true)->count())->toBe(1);
});
test('POST /api/api-keys/regenerate без auth: 401', function () {
auth()->logout();
$this->postJson('/api/api-keys/regenerate')->assertStatus(401);
});
Reference in New Issue View Git Blame Copy Permalink