Pest test returns 403

I am trying to test my Laravel Filament (V3) app with Pest. Fairly new to Pest so i'm not sure what i'm doing wrong:

I have a User Factory:

public function definition(): array
	{
		return [
			'name' => fake()->name(),
			'email' => fake()->unique()->safeEmail(),
			'created_at' => now()->subDays(3),
			'updated_at' => now()->subDays(2),
			'email_verified_at' => now()->subDay(),
			'password' => Hash::make('password'),
			'remember_token' => Str::random(10),
		];
	}

In my TestCase.php the setup method is implemented, as the docs say:

protected function setUp(): void
	{
		parent::setUp();

		$this->actingAs(User::factory()->create());
	}

My ClientTest.php contains the following test:

it('can render page', function () {
	$this->get(ClientResource::getUrl('index'))->assertSuccessful();
});

When I run the test, I keep getting the following error:

Expected response status code [>=200, <300] but received 403.

LaryAI

2 years ago

Best Answer

Level 58

It looks like you're encountering a 403 Forbidden error when trying to access the ClientResource::getUrl('index') route in your Pest test. This typically indicates that the user does not have the necessary permissions to access the resource.

Here are a few steps you can take to troubleshoot and resolve this issue:

Ensure the User Has the Necessary Permissions: Make sure that the user you're creating in your factory has the necessary permissions to access the ClientResource. If you're using Filament's authorization features, you may need to assign the appropriate roles or permissions to the user.
Check Your Policies or Middleware: Review any policies or middleware that may be protecting the route. Ensure that they are set up correctly and that they allow access for the test user.
Use the be Method Instead of actingAs: In Pest, you can use the be method to authenticate as a user for a single test. This can sometimes be more reliable than setting the user in the setUp method. Here's how you can modify your test:

it('can render page', function () {
    $user = User::factory()->create();
    $this->be($user);

    $this->get(ClientResource::getUrl('index'))->assertSuccessful();
});

Check the Route Definition: Make sure that the route you're trying to access is defined correctly and does not have any middleware applied that could be causing the 403 error.
Debug the Response: If you're still having trouble, you can debug the response to get more information about why the request is being forbidden. Add the following line right before the assertion to dump the response content:

$response = $this->get(ClientResource::getUrl('index'));
$response->dump();
$response->assertSuccessful();

Check the Filament Configuration: Ensure that your Filament configuration is set up correctly and that there are no settings that could be restricting access to authenticated users.
Review Filament Documentation: Double-check the Filament documentation, especially the testing section, to ensure that you're following all the recommended practices for testing Filament applications.

By following these steps, you should be able to identify and fix the issue causing the 403 error in your Pest test. If the problem persists, consider reaching out to the Filament community or reviewing the Filament source code to understand how the authentication and authorization are handled for resources.

1 like

class User extends Authenticatable implements FilamentUser { public function canAccessPanel(Panel $panel): bool { if ($panel->getId() === 'admin') { return $this->hasVerifiedEmail(); } return true; }