Дмитрий
73 lines
2.9 KiB
PHP
73 lines
2.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Models\ImpersonationToken;
|
|
use App\Models\Tenant;
|
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Tests\Concerns\SharesSupplierPdo;
|
|
|
|
uses(DatabaseTransactions::class, SharesSupplierPdo::class);
|
|
|
|
beforeEach(function () {
|
|
$this->tenant = Tenant::factory()->create(['contact_email' => 'tenant-admin@example.ru']);
|
|
$this->adminId = DB::table('saas_admin_users')->insertGetId([
|
|
'email' => 'admin-saas-'.uniqid().'@liderra.ru',
|
|
'full_name' => 'SaaS Admin',
|
|
'password_hash' => '$2y$04$dummy-hash-for-test',
|
|
'role' => 'support',
|
|
'is_active' => true,
|
|
'sso_provider' => 'local',
|
|
'is_break_glass' => false,
|
|
]);
|
|
});
|
|
|
|
it('init writes saas_admin_audit_log impersonation.init', function () {
|
|
$reason = 'support investigation '.str_repeat('x', 30);
|
|
$r = $this->postJson('/api/admin/impersonation/init', [
|
|
'tenant_id' => $this->tenant->id,
|
|
'requested_by' => $this->adminId,
|
|
'reason' => $reason,
|
|
])->assertOk();
|
|
|
|
$row = DB::table('saas_admin_audit_log')->where('action', 'impersonation.init')->latest('id')->first();
|
|
expect($row)->not->toBeNull()
|
|
->and((int) $row->admin_user_id)->toBe($this->adminId)
|
|
->and((int) $row->target_id)->toBe($this->tenant->id)
|
|
->and($row->reason)->toBe($reason);
|
|
});
|
|
|
|
it('verify writes saas_audit impersonation.verify + pd_processing_log viewed', function () {
|
|
$token = ImpersonationToken::create([
|
|
'tenant_id' => $this->tenant->id, 'requested_by' => $this->adminId,
|
|
'code_hash' => Hash::make('123456'),
|
|
'reason' => 'verify case '.str_repeat('y', 30),
|
|
'sent_to_email' => 'a@b.ru', 'expires_at' => now()->addMinutes(15),
|
|
]);
|
|
|
|
$this->postJson('/api/admin/impersonation/verify', ['token_id' => $token->id, 'code' => '123456'])->assertOk();
|
|
|
|
expect(DB::table('saas_admin_audit_log')->where('action', 'impersonation.verify')->count())->toBe(1)
|
|
->and(DB::table('pd_processing_log')
|
|
->where('action', 'viewed')
|
|
->where('purpose', 'impersonation_session_'.$token->id)
|
|
->where('actor_admin_user_id', $this->adminId)
|
|
->count())->toBe(1);
|
|
});
|
|
|
|
it('end writes saas_admin_audit_log impersonation.end', function () {
|
|
$token = ImpersonationToken::create([
|
|
'tenant_id' => $this->tenant->id, 'requested_by' => $this->adminId,
|
|
'code_hash' => Hash::make('123456'),
|
|
'reason' => 'end case '.str_repeat('z', 30),
|
|
'sent_to_email' => 'a@b.ru', 'expires_at' => now()->addMinutes(15),
|
|
'used_at' => now()->subMinutes(5),
|
|
]);
|
|
|
|
$this->postJson('/api/admin/impersonation/end', ['token_id' => $token->id])->assertOk();
|
|
|
|
expect(DB::table('saas_admin_audit_log')->where('action', 'impersonation.end')->count())->toBe(1);
|
|
});
|