feat: Permettre au super admin de se connecter et accéder à son dashboard

Le super admin (table super_admins, master DB) ne pouvait pas se connecter via /api/login car ce firewall n'utilisait que le provider tenant. De même, le JWT n'était pas enrichi pour les super admins, l'endpoint /api/me/roles les rejetait, et le frontend redirigeait systématiquement vers /dashboard. Un chain provider (super_admin + tenant) résout l'authentification, le JwtPayloadEnricher et MyRolesProvider gèrent désormais les deux types d'utilisateurs, et le frontend redirige selon le rôle après login.
2026-02-17 10:07:10 +01:00
parent c856dfdcda
commit 0951322d71
68 changed files with 4049 additions and 8 deletions
--- a/backend/tests/Unit/Administration/Infrastructure/Security/JwtPayloadEnricherSuperAdminTest.php
+++ b/backend/tests/Unit/Administration/Infrastructure/Security/JwtPayloadEnricherSuperAdminTest.php
@@ -0,0 +1,71 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Tests\Unit\Administration\Infrastructure\Security;
+
+use App\Administration\Infrastructure\Security\JwtPayloadEnricher;
+use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
+use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
+use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
+use PHPUnit\Framework\Attributes\Test;
+use PHPUnit\Framework\TestCase;
+
+final class JwtPayloadEnricherSuperAdminTest extends TestCase
+{
+    private JwtPayloadEnricher $enricher;
+
+    protected function setUp(): void
+    {
+        $this->enricher = new JwtPayloadEnricher();
+    }
+
+    #[Test]
+    public function onJWTCreatedAddsSuperAdminClaimsToPayload(): void
+    {
+        $superAdminId = SuperAdminId::generate();
+
+        $securitySuperAdmin = new SecuritySuperAdmin(
+            superAdminId: $superAdminId,
+            email: 'sadmin@test.com',
+            hashedPassword: 'hashed',
+        );
+
+        $initialPayload = ['username' => 'sadmin@test.com'];
+        $event = new JWTCreatedEvent($initialPayload, $securitySuperAdmin);
+
+        $this->enricher->onJWTCreated($event);
+
+        $payload = $event->getData();
+
+        self::assertSame((string) $superAdminId, $payload['user_id']);
+        self::assertSame('super_admin', $payload['user_type']);
+        self::assertSame(['ROLE_SUPER_ADMIN'], $payload['roles']);
+        self::assertArrayNotHasKey('tenant_id', $payload);
+    }
+
+    #[Test]
+    public function onJWTCreatedPreservesExistingPayloadForSuperAdmin(): void
+    {
+        $securitySuperAdmin = new SecuritySuperAdmin(
+            superAdminId: SuperAdminId::generate(),
+            email: 'sadmin@test.com',
+            hashedPassword: 'hashed',
+        );
+
+        $initialPayload = [
+            'username' => 'sadmin@test.com',
+            'iat' => 1706436600,
+            'exp' => 1706438400,
+        ];
+        $event = new JWTCreatedEvent($initialPayload, $securitySuperAdmin);
+
+        $this->enricher->onJWTCreated($event);
+
+        $payload = $event->getData();
+
+        self::assertSame('sadmin@test.com', $payload['username']);
+        self::assertSame(1706436600, $payload['iat']);
+        self::assertSame(1706438400, $payload['exp']);
+    }
+}