✨ Add OAuth functionality, MCP tools, and feature tests

- 🔒 Added migrations for `oauth_access_tokens`, `oauth_refresh_tokens`, `oauth_auth_codes`, `oauth_clients`, and `oauth_device_codes`. - 🤖 Created MCP tools (Meetups, Cities, Venues, Courses, Lecturers) for managing entities with authentication and validation. - 🛠️ Implemented Passport-backed OAuth API guard configuration and validation endpoints. - ✅ Added comprehensive feature tests for MCP tools and OAuth functionality (access control, validation, and token-based authentication).
2026-06-17 04:30:31 +00:00 · 2026-06-08 09:37:00 +02:00
parent 3cad5f5636
commit d0544bfac9
67 changed files with 3948 additions and 83 deletions
@@ -0,0 +1,62 @@
+<?php
+
+use App\Mcp\Servers\EinundzwanzigServer;
+use App\Mcp\Tools\Course\CreateCourseTool;
+use App\Mcp\Tools\Course\UpdateCourseTool;
+use App\Models\Course;
+use App\Models\Lecturer;
+use App\Models\User;
+
+it('lets a lecturer create a course and stamps created_by', function () {
+    $user = User::factory()->lecturer()->create();
+    $lecturer = Lecturer::factory()->create();
+
+    $response = EinundzwanzigServer::actingAs($user)->tool(CreateCourseTool::class, [
+        'name' => 'Bitcoin Grundlagen',
+        'lecturer_id' => $lecturer->id,
+    ]);
+
+    $response->assertOk()->assertSee('Bitcoin Grundlagen');
+
+    $this->assertDatabaseHas('courses', [
+        'name' => 'Bitcoin Grundlagen',
+        'created_by' => $user->id,
+    ]);
+});
+
+it('forbids a non-lecturer from creating a course', function () {
+    $user = User::factory()->create(['is_lecturer' => false]);
+    $lecturer = Lecturer::factory()->create();
+
+    EinundzwanzigServer::actingAs($user)
+        ->tool(CreateCourseTool::class, [
+            'name' => 'Verbotener Kurs',
+            'lecturer_id' => $lecturer->id,
+        ])
+        ->assertHasErrors();
+});
+
+it('fails validation for missing fields', function () {
+    EinundzwanzigServer::actingAs(User::factory()->lecturer()->create())
+        ->tool(CreateCourseTool::class, [])
+        ->assertHasErrors();
+});
+
+it('lets the owner update a course', function () {
+    $user = User::factory()->lecturer()->create();
+    $course = Course::factory()->create(['created_by' => $user->id]);
+
+    EinundzwanzigServer::actingAs($user)
+        ->tool(UpdateCourseTool::class, ['id' => $course->id, 'name' => 'Aktualisierter Kurs'])
+        ->assertOk()
+        ->assertSee('Aktualisierter Kurs');
+});
+
+it('forbids updating someone elses course', function () {
+    $owner = User::factory()->lecturer()->create();
+    $course = Course::factory()->create(['created_by' => $owner->id]);
+
+    EinundzwanzigServer::actingAs(User::factory()->lecturer()->create())
+        ->tool(UpdateCourseTool::class, ['id' => $course->id, 'name' => 'Hijack'])
+        ->assertHasErrors();
+});