EZSCALE/website
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add screenshot auth middleware, remove SupportPal references

Browse Source 
Screenshot auth: dev-only middleware that authenticates headless Chrome
via ?_screenshot_token= query param. Auto-selects admin/customer user
by subdomain. Only active when APP_ENV=local or explicitly enabled.

SupportPal cleanup: dropped supportpal_ticket_id column, removed env
vars and Phase 7 task tracking. 7 new tests (151 total, 782 assertions).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Claude Dev
2026-02-09 16:52:15 -05:00
parent 6f39c32270
commit a4cf7026bc
8 changed files with 233 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
website/tests/Feature/ScreenshotAuthTest.php Normal file
View File

@@ -0,0 +1,104 @@
<?php
declare(strict_types=1);
use App\Models\User;
use Database\Seeders\RoleAndPermissionSeeder;
beforeEach(function (): void {
$this->seed(RoleAndPermissionSeeder::class);
$this->accountUrl = 'http://'.config('app.domains.account');
$this->adminUrl = 'http://'.config('app.domains.admin');
$this->validToken = 'test-screenshot-token-abc123';
});
describe('Screenshot Auth Middleware', function (): void {
it('authenticates as admin on admin subdomain with valid token in local env', function (): void {
config([
'app.env' => 'local',
'app.screenshot_token' => $this->validToken,
]);
$admin = User::factory()->admin()->create();
$this->get($this->adminUrl.'/dashboard?_screenshot_token='.$this->validToken)
->assertOk();
});
it('authenticates as customer on account subdomain with valid token in local env', function (): void {
config([
'app.env' => 'local',
'app.screenshot_token' => $this->validToken,
]);
$customer = User::factory()->customer()->create();
$this->get($this->accountUrl.'/dashboard?_screenshot_token='.$this->validToken)
->assertOk();
});
it('does not authenticate with invalid token', function (): void {
config([
'app.env' => 'local',
'app.screenshot_token' => $this->validToken,
]);
User::factory()->admin()->create();
$this->get($this->adminUrl.'/dashboard?_screenshot_token=wrong-token')
->assertRedirect();
});
it('does not authenticate in production env with screenshot auth disabled', function (): void {
config([
'app.env' => 'production',
'app.screenshot_auth_enabled' => false,
'app.screenshot_token' => $this->validToken,
]);
User::factory()->admin()->create();
$this->get($this->adminUrl.'/dashboard?_screenshot_token='.$this->validToken)
->assertRedirect();
});
it('does not authenticate when no token is in URL', function (): void {
config([
'app.env' => 'local',
'app.screenshot_token' => $this->validToken,
]);
User::factory()->admin()->create();
$this->get($this->adminUrl.'/dashboard')
->assertRedirect();
});
it('does not affect already-authenticated user', function (): void {
config([
'app.env' => 'local',
'app.screenshot_token' => $this->validToken,
]);
$admin = User::factory()->admin()->create();
$customer = User::factory()->customer()->create();
// Already logged in as admin, token should not change that
$this->actingAs($admin)
->get($this->adminUrl.'/dashboard?_screenshot_token='.$this->validToken)
->assertOk();
});
it('authenticates in production env when screenshot auth is explicitly enabled', function (): void {
config([
'app.env' => 'production',
'app.screenshot_auth_enabled' => true,
'app.screenshot_token' => $this->validToken,
]);
$admin = User::factory()->admin()->create();
$this->get($this->adminUrl.'/dashboard?_screenshot_token='.$this->validToken)
->assertOk();
});
});