mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-16 16:20:30 +00:00
✨ Add OAuth functionality, MCP tools, and feature tests
- 🔒 Added migrations for `oauth_access_tokens`, `oauth_refresh_tokens`, `oauth_auth_codes`, `oauth_clients`, and `oauth_device_codes`. - 🤖 Created MCP tools (Meetups, Cities, Venues, Courses, Lecturers) for managing entities with authentication and validation. - 🛠️ Implemented Passport-backed OAuth API guard configuration and validation endpoints. - ✅ Added comprehensive feature tests for MCP tools and OAuth functionality (access control, validation, and token-based authentication).
This commit is contained in:
HolgerHatGarKeineNode
@@ -0,0 +1,71 @@
|
||||
<?php
|
||||
|
||||
use App\Mcp\Servers\EinundzwanzigServer;
|
||||
use App\Mcp\Tools\Meetup\CreateMeetupTool;
|
||||
use App\Mcp\Tools\Meetup\ListMyMeetupsTool;
|
||||
use App\Mcp\Tools\Meetup\ShowMyMeetupTool;
|
||||
use App\Mcp\Tools\Meetup\UpdateMeetupTool;
|
||||
use App\Models\City;
|
||||
use App\Models\Meetup;
|
||||
use App\Models\User;
|
||||
|
||||
it('lets an authenticated user create a meetup and stamps created_by', function () {
|
||||
$user = User::factory()->create();
|
||||
$city = City::factory()->create();
|
||||
|
||||
$response = EinundzwanzigServer::actingAs($user)->tool(CreateMeetupTool::class, [
|
||||
'name' => 'Einundzwanzig Ansbach',
|
||||
'city_id' => $city->id,
|
||||
]);
|
||||
|
||||
$response->assertOk()->assertSee('Einundzwanzig Ansbach');
|
||||
|
||||
$this->assertDatabaseHas('meetups', [
|
||||
'name' => 'Einundzwanzig Ansbach',
|
||||
'created_by' => $user->id,
|
||||
]);
|
||||
});
|
||||
|
||||
it('fails validation for missing fields', function () {
|
||||
EinundzwanzigServer::actingAs(User::factory()->create())
|
||||
->tool(CreateMeetupTool::class, [])
|
||||
->assertHasErrors();
|
||||
});
|
||||
|
||||
it('lets the owner update a meetup', function () {
|
||||
$user = User::factory()->create();
|
||||
$meetup = Meetup::factory()->create(['created_by' => $user->id]);
|
||||
|
||||
EinundzwanzigServer::actingAs($user)
|
||||
->tool(UpdateMeetupTool::class, ['id' => $meetup->id, 'name' => 'Plan B Lugano'])
|
||||
->assertOk()
|
||||
->assertSee('Plan B Lugano');
|
||||
});
|
||||
|
||||
it('forbids updating someone elses meetup', function () {
|
||||
$owner = User::factory()->create();
|
||||
$meetup = Meetup::factory()->create(['created_by' => $owner->id]);
|
||||
|
||||
EinundzwanzigServer::actingAs(User::factory()->create())
|
||||
->tool(UpdateMeetupTool::class, ['id' => $meetup->id, 'name' => 'Hijack'])
|
||||
->assertHasErrors();
|
||||
});
|
||||
|
||||
it('returns only own meetups in the mine list', function () {
|
||||
$user = User::factory()->create();
|
||||
Meetup::factory()->count(2)->create(['created_by' => $user->id]);
|
||||
Meetup::factory()->create(['created_by' => User::factory()->create()->id]);
|
||||
|
||||
EinundzwanzigServer::actingAs($user)
|
||||
->tool(ListMyMeetupsTool::class)
|
||||
->assertOk();
|
||||
});
|
||||
|
||||
it('forbids viewing someone elses meetup in mine show', function () {
|
||||
$owner = User::factory()->create();
|
||||
$meetup = Meetup::factory()->create(['created_by' => $owner->id]);
|
||||
|
||||
EinundzwanzigServer::actingAs(User::factory()->create())
|
||||
->tool(ShowMyMeetupTool::class, ['id' => $meetup->id])
|
||||
->assertHasErrors();
|
||||
});
|
||||
Reference in New Issue
Block a user