 |
VOOZH | about |
|
VOOZH | about |
This document covers the session, CORS, and authentication configuration files used in the Hypervel Testbench workbench environment. These configuration files define how web session management, cross-origin requests, and authentication mechanisms work during testing. For general application configuration settings, see Application Configuration. For the User model and authentication setup, see Authentication Models.
The testbench workbench includes three primary security-related configuration files that control session handling, cross-origin resource sharing, and authentication guards. These files are optimized for testing scenarios with permissive settings and lightweight implementations.
Sources: workbench/config/session.php1-11 workbench/config/cors.php1-34 workbench/config/auth.php1-26
The session configuration file defines how session data is stored and managed during test execution. The testbench uses in-memory array storage for fast, isolated session handling.
| Option | Value | Purpose |
|---|---|---|
driver | 'array' | Uses in-memory array storage instead of files or database |
lifetime | 120 | Session lifetime in minutes |
store | 'array' | Specifies the cache store for session data |
cookie | 'testing_session' | Cookie name for session identification |
lottery | [0, 2] | Session garbage collection probability (disabled: 0/2) |
The array driver is optimal for testing because:
Sources: workbench/config/session.php6-10
Sources: workbench/config/session.php1-11
The Cross-Origin Resource Sharing (CORS) configuration controls which cross-origin HTTP requests are permitted. The testbench uses permissive settings suitable for testing environments.
| Setting | Value | Description |
|---|---|---|
paths | ['api/*', 'sanctum/csrf-cookie'] | Routes where CORS middleware applies |
allowed_methods | ['*'] | All HTTP methods permitted (GET, POST, etc.) |
allowed_origins | ['*'] | All origins permitted |
allowed_origins_patterns | [] | No pattern-based origin restrictions |
allowed_headers | ['*'] | All request headers permitted |
exposed_headers | [] | No response headers exposed to client |
max_age | 0 | Preflight cache duration (disabled) |
supports_credentials | false | Credentials (cookies, auth) not supported |
Sources: workbench/config/cors.php19-33
The configuration specifically protects two path patterns:
api/* - All API routes receive CORS handlingsanctum/csrf-cookie - CSRF token endpoint for SPA authenticationThese paths are configured to match typical testing scenarios where API endpoints and authentication flows need cross-origin access.
Sources: workbench/config/cors.php19
The authentication configuration defines guards and providers used for user authentication during tests. The workbench includes both session-based and JWT authentication setups.
Sources: workbench/config/auth.php6-25
The testbench sets session as the default guard and users as the default provider. This configuration enables session-based authentication by default while supporting JWT authentication as an alternative.
| Configuration | Value |
|---|---|
defaults.guard | 'session' |
defaults.provider | 'users' |
Sources: workbench/config/auth.php6-9
Guards define the mechanism used to authenticate users for each request.
The session guard uses traditional session-based authentication with cookies.
Sources: workbench/config/auth.php11-14
The jwt guard uses JSON Web Tokens for stateless authentication, commonly used for API authentication.
Sources: workbench/config/auth.php15-18
Providers define how user data is retrieved for authentication. The testbench configures a single users provider using the Eloquent driver.
The provider uses:
eloquent - Retrieves users from database via Eloquent ORM'MockedUser' - References the user model (see Authentication Models)Sources: workbench/config/auth.php20-25
Sources: workbench/config/auth.php1-26
All three configuration files work together to provide a complete security setup for testing web applications:
The configurations prioritize test isolation (array driver), permissiveness (CORS wildcards), and flexibility (multiple guard types) over production security constraints.
Sources: workbench/config/session.php1-11 workbench/config/cors.php1-34 workbench/config/auth.php1-26
Refresh this wiki