Mathias STRASSER
0951322d71
Le super admin (table super_admins, master DB) ne pouvait pas se connecter via /api/login car ce firewall n'utilisait que le provider tenant. De même, le JWT n'était pas enrichi pour les super admins, l'endpoint /api/me/roles les rejetait, et le frontend redirigeait systématiquement vers /dashboard. Un chain provider (super_admin + tenant) résout l'authentification, le JwtPayloadEnricher et MyRolesProvider gèrent désormais les deux types d'utilisateurs, et le frontend redirige selon le rôle après login.
72 lines
2.2 KiB
PHP
72 lines
2.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Unit\Administration\Infrastructure\Security;
|
|
|
|
use App\Administration\Infrastructure\Security\JwtPayloadEnricher;
|
|
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
|
|
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
|
|
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
|
|
use PHPUnit\Framework\Attributes\Test;
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
final class JwtPayloadEnricherSuperAdminTest extends TestCase
|
|
{
|
|
private JwtPayloadEnricher $enricher;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->enricher = new JwtPayloadEnricher();
|
|
}
|
|
|
|
#[Test]
|
|
public function onJWTCreatedAddsSuperAdminClaimsToPayload(): void
|
|
{
|
|
$superAdminId = SuperAdminId::generate();
|
|
|
|
$securitySuperAdmin = new SecuritySuperAdmin(
|
|
superAdminId: $superAdminId,
|
|
email: 'sadmin@test.com',
|
|
hashedPassword: 'hashed',
|
|
);
|
|
|
|
$initialPayload = ['username' => 'sadmin@test.com'];
|
|
$event = new JWTCreatedEvent($initialPayload, $securitySuperAdmin);
|
|
|
|
$this->enricher->onJWTCreated($event);
|
|
|
|
$payload = $event->getData();
|
|
|
|
self::assertSame((string) $superAdminId, $payload['user_id']);
|
|
self::assertSame('super_admin', $payload['user_type']);
|
|
self::assertSame(['ROLE_SUPER_ADMIN'], $payload['roles']);
|
|
self::assertArrayNotHasKey('tenant_id', $payload);
|
|
}
|
|
|
|
#[Test]
|
|
public function onJWTCreatedPreservesExistingPayloadForSuperAdmin(): void
|
|
{
|
|
$securitySuperAdmin = new SecuritySuperAdmin(
|
|
superAdminId: SuperAdminId::generate(),
|
|
email: 'sadmin@test.com',
|
|
hashedPassword: 'hashed',
|
|
);
|
|
|
|
$initialPayload = [
|
|
'username' => 'sadmin@test.com',
|
|
'iat' => 1706436600,
|
|
'exp' => 1706438400,
|
|
];
|
|
$event = new JWTCreatedEvent($initialPayload, $securitySuperAdmin);
|
|
|
|
$this->enricher->onJWTCreated($event);
|
|
|
|
$payload = $event->getData();
|
|
|
|
self::assertSame('sadmin@test.com', $payload['username']);
|
|
self::assertSame(1706436600, $payload['iat']);
|
|
self::assertSame(1706438400, $payload['exp']);
|
|
}
|
|
}
|