承接 branpolo/laravel-test-login 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

branpolo/laravel-test-login

Composer 安装命令:

composer require --dev branpolo/laravel-test-login

包简介

Test authentication bypass for Laravel browser and API testing (Mink, Dusk, Behat)

README 文档

README

Test authentication bypass for Laravel browser and API testing (Mink, Dusk, Behat, PHPUnit).

Tests Latest Version on Packagist Total Downloads PHP Version License

Why This Package?

When testing Laravel applications with external browser drivers (Behat/Mink, Panther, Chrome DevTools Protocol), you can't use Laravel's built-in `loginAs()` method because the test process and web server run in separate processes.

This package provides secure HTTP routes that allow external test frameworks to authenticate users, similar to how Laravel Dusk's `loginAs()` works internally.

Features

  • Session-based login - For browser tests (Mink, Dusk, Panther)
  • API token login - For API tests (requires Laravel Sanctum)
  • Multi-guard support - Works with custom authentication guards
  • Spatie Permissions integration - Auto-clears permission cache
  • Environment-restricted - Routes only load in local/testing environments

Security Warning

These routes bypass normal authentication! They are designed ONLY for testing environments and should NEVER be available in production.

The package includes multiple safety measures:

  1. Routes only register in configured environments (default: `local`, `testing`)
  2. Environment check happens at boot time, not at request time
  3. Configuration allows customizing allowed environments

Installation

```bash composer require --dev branpolo/laravel-test-login ```

The package auto-registers via Laravel's package discovery.

Publish Configuration (Optional)

```bash php artisan vendor:publish --tag=test-login-config ```

Configuration

```php // config/test-login.php return [ // Environments where routes are active (SECURITY CRITICAL) 'environments' => ['local', 'testing'],

// Route prefix (default: /_test)
'prefix' => '_test',

// Middleware (default: web for session support)
'middleware' => ['web'],

// User model (null = auto-detect from auth config)
'user_model' => null,

// Enable API token routes (requires Sanctum)
'api_tokens' => true,

// Clear Spatie permission cache on login
'clear_permissions_cache' => true,

]; ```

Usage

Browser Tests (Behat/Mink)

```php // In your Behat context public function iAmLoggedInAsAdmin(): void { $user = User::factory()->create(); $user->assignRole('admin');

// Visit the login URL
\$this->visit('/_test/login/' . \$user->id);

// Verify login worked
\$response = json_decode(\$this->getSession()->getPage()->getText(), true);
if (\$response['message'] !== 'Logged in successfully') {
    throw new \RuntimeException('Login failed');
}

} ```

Gherkin Example

```gherkin Feature: Admin Dashboard Scenario: Admin can access dashboard Given I am logged in as "admin" When I visit "/admin/dashboard" Then I should see "Welcome, Admin" ```

```php /**

  • @Given I am logged in as :role */ public function iAmLoggedInAs(string $role): void { $user = User::factory()->create(); $user->assignRole($role);

    $this->visit('/_test/login/' . $user->id); } ```

API Tests

```php // Get an API token $response = Http::get(env('APP_URL') . '/_test/api-login/' . $user->id); $token = $response->json('token');

// Use token in subsequent requests $this->withHeader('Authorization', 'Bearer ' . $token) ->getJson('/api/users') ->assertOk(); ```

PHPUnit Browser Tests

```php public function test_admin_can_access_dashboard(): void { $user = User::factory()->admin()->create();

// Login via test route
\$this->get('/_test/login/' . \$user->id)
    ->assertOk()
    ->assertJson(['message' => 'Logged in successfully']);

// Now authenticated
\$this->get('/admin/dashboard')
    ->assertOk();

} ```

Available Routes

Route Method Description
`/_test/login/{userId}/{guard?}` GET Session-based login
`/_test/api-login/{userId}` GET Get Sanctum API token
`/_test/user/{guard?}` GET Get current authenticated user
`/_test/logout/{guard?}` GET Logout current user
`/_test/clear-permissions-cache` POST Clear Spatie permission cache

User Lookup

The `{userId}` parameter accepts:

Multiple Guards

Specify a custom guard as the second parameter:

```php // Login to 'admin' guard $this->get('/_test/login/' . $user->id . '/admin');

// Check user on 'api' guard $this->get('/_test/user/api'); ```

Laravel Sail with Local Chrome (Behat/Mink)

When using Laravel Sail for your web server but running Chrome locally on the host (not inside the Docker container), you need a specific architecture:

Architecture Overview

``` ┌─────────────────────────────────────────────────────────────────┐ │ HOST MACHINE │ │ │ │ ┌─────────────────┐ ┌─────────────────────────────┐ │ │ │ Chrome (CDP) │ │ Behat Test Runner │ │ │ │ Port 9222 │◄───────►│ (with environment vars) │ │ │ └─────────────────┘ └──────────────┬──────────────┘ │ │ │ │ │ ┌───────────────────────────────────┘ │ │ │ DB: 127.0.0.1:5432 │ │ │ APP: localhost:8080 │ │ ▼ │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Docker (Sail) │ │ │ │ ┌─────────────────┐ ┌─────────────────────────┐ │ │ │ │ │ Laravel App │ │ PostgreSQL │ │ │ │ │ │ Port 8080 │ │ Port 5432 │ │ │ │ │ └─────────────────┘ └─────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────────────────┘ ```

Why This Setup?

  1. Chrome is NOT installed in the standard Laravel Sail container
  2. Behat needs direct database access to create test users before browser navigation
  3. Session cookies must be shared between the test login route and subsequent page visits

Step 1: Start Sail

```bash ./vendor/bin/sail up -d ```

Step 2: Start Chrome on Host

```bash

Linux

chromium-browser --headless --disable-gpu --no-sandbox \ --remote-debugging-port=9222 --disable-dev-shm-usage &

macOS

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \ --headless --disable-gpu --remote-debugging-port=9222 &

Verify Chrome is running

curl -s http://127.0.0.1:9222/json/version | head -2 ```

Step 3: Run Behat on Host (NOT via Sail)

```bash

Set environment variables to connect to Sail's services

APP_ENV=testing \ APP_URL=http://localhost:8080 \ DB_CONNECTION=pgsql \ DB_HOST=127.0.0.1 \ DB_PORT=5432 \ DB_DATABASE=laravel \ DB_USERNAME=sail \ DB_PASSWORD=password \ CACHE_STORE=array \ SESSION_DRIVER=array \ ./vendor/bin/behat --suite=mink-chrome ```

Helper Script

Create a helper script (`scripts/run-mink-tests.sh`):

```bash #!/bin/bash set -e

Check Sail is running

if ! ./vendor/bin/sail ps 2>/dev/null | grep -q "laravel.test"; then echo "Starting Sail..." ./vendor/bin/sail up -d sleep 5 fi

Start Chrome if not running

if ! curl -s http://127.0.0.1:9222/json/version > /dev/null 2>&1; then echo "Starting Chrome..." chromium-browser --headless --disable-gpu --no-sandbox \ --remote-debugging-port=9222 --disable-dev-shm-usage & sleep 3 fi

Run Behat with environment variables

APP_ENV=testing \ APP_URL=http://localhost:8080 \ DB_CONNECTION=pgsql \ DB_HOST=127.0.0.1 \ DB_PORT=5432 \ DB_DATABASE=laravel \ DB_USERNAME=sail \ DB_PASSWORD=password \ CACHE_STORE=array \ SESSION_DRIVER=array \ ./vendor/bin/behat --suite=mink-chrome "$@" ```

Behat Context Example

```php

session = new Session(\$driver); \$this->session->start(); } /** * @Given I am logged in as :role */ public function iAmLoggedInAs(string \$role): void { // Create user in database (Behat has direct DB access) \$this->currentUser = User::factory()->create(); \$this->currentUser->assignRole(\$role); // Login via test route (browser visits the Sail container) \$baseUrl = getenv('APP_URL') ?: 'http://localhost:8080'; \$this->session->visit(\$baseUrl . '/_test/login/' . \$this->currentUser->id); } /** * @When I visit :path */ public function iVisit(string \$path): void { \$baseUrl = getenv('APP_URL') ?: 'http://localhost:8080'; \$this->session->visit(\$baseUrl . \$path); } } \`\`\` ### behat.yml Configuration \`\`\`yaml default: suites: mink-chrome: paths: - '%paths.base%/features/mink' contexts: - Tests\\Behat\\Contexts\\ChromeBrowserContext \`\`\` ### Common Issues | Issue | Cause | Solution | |-------|-------|----------| | "Chrome not found" | Chrome isn't installed in Sail | Run Chrome on the **host**, not in Docker | | "relation does not exist" | Database not migrated | Run \`./vendor/bin/sail artisan migrate\` | | 401 on API calls | Sanctum not configured for SPA | Enable \`EnsureFrontendRequestsAreStateful\` middleware | | Session not persisting | Wrong middleware | Ensure \`/_test/login\` route uses \`web\` middleware | | Empty page content | Session mismatch | Don't run Behat via Sail - run on host with env vars | ### Key Points 1. **Behat runs on HOST** - Not via \`./vendor/bin/sail exec\` 2. **Chrome runs on HOST** - With \`--remote-debugging-port=9222\` 3. **Sail provides web server** - Laravel app accessible at \`localhost:8080\` 4. **Database shared** - Both Behat and Laravel use same PostgreSQL via different ports 5. **Session cookies work** - Because browser visits the same domain for login and navigation ## Spatie Permissions If you have \`spatie/laravel-permission\` installed, the package automatically clears the permission cache when logging in. This prevents stale permissions during tests. Disable this behavior in config: \`\`\`php 'clear_permissions_cache' => false, \`\`\` ## Testing \`\`\`bash composer test \`\`\` ## Changelog Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. ## Contributing Please see [CONTRIBUTING](CONTRIBUTING.md) for details. ## Security If you discover any security related issues, please email natan@diagnostics.ai instead of using the issue tracker. ## Credits - [Branpolo](https://github.com/branpolo) - Inspired by Laravel Dusk's \`loginAs()\` implementation ## License The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

branpolo/laravel-test-login 适用场景与选型建议

branpolo/laravel-test-login 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 4 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 03 月 11 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「testing」 「Authentication」 「Behat」 「laravel」 「Mink」 「dusk」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 branpolo/laravel-test-login 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 branpolo/laravel-test-login 我们能提供哪些服务?
定制开发 / 二次开发

基于 branpolo/laravel-test-login 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 4
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 18
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-03-11