add scope support for actingAs method for running UnitTests #275
Description
What should be added?
While writing tests for an API that is using scopes for protecting some endpoints, I faced some issues since even though thanks to #166, we are able to use actingAs to fake authentication, one currently can't fake scopes.
This is because actingAs only set's the user object, but not a JWT. And the auth0 guard that checks for scopes, does so by reading the JWT payload, which is empty.
Which is why I propose the following solution.
Add a Trait that can be used within Test classes that are children of Illuminate\Foundation\Testing\TestCase
use Auth0\Laravel\Model\Stateless\User;
use Auth0\Laravel\StateInstance;
use Illuminate\Contracts\Auth\Authenticatable as UserContract;
trait ActingAsAuth0
{
abstract public function actingAs(UserContract $user, string|null $guard = null);
public function actingAsAuth0User(array $attributes){
$auth0user = new User($attributes);
if(array_key_exists("scope",$attributes)){
app()->make(StateInstance::class)->setAccessTokenScope(explode(" ",$attributes["scope"]));
}
return parent::actingAs($auth0user, "auth0");
}
}
In a test class where you use this trait, you then could do the following:
public function test_readPosts(){
$response = $this->actingAsAuth0User([
"scope"=>"read:posts"
])->getJson(route("posts.read"));
$response->assertStatus(200);
}
and assuming that the route posts.read is secured by the middleware auth0.authorize:read:posts, your test would pass now.
Since I'm guessing that I'm not the only one having this problem, I thought to add this feature idea.
What's your feedback on this?