'Test', 'slug' => 'test', 'price' => 0, 'features' => [], ]); $companyA = Company::create([ 'plan_id' => $plan->id, 'slug' => 'company-a-' . uniqid(), 'name' => 'A', 'status' => 'active', ]); $companyB = Company::create([ 'plan_id' => $plan->id, 'slug' => 'company-b-' . uniqid(), 'name' => 'B', 'status' => 'active', ]); app(TenantManager::class)->setCurrent($companyA); $userA = User::create([ 'company_id' => $companyA->id, 'name' => 'Alice', 'email' => 'alice@a.com', 'password' => Hash::make('secret123'), 'status' => 'active', ]); // Switch to company B context — try to attempt() with A's credentials app(TenantManager::class)->setCurrent($companyB); $ok = auth('web')->attempt(['email' => 'alice@a.com', 'password' => 'secret123']); $this->assertFalse($ok, 'User from company A authenticated successfully on company B subdomain'); } public function test_user_can_login_on_own_subdomain(): void { $plan = Plan::create([ 'name' => 'Test', 'slug' => 'test', 'price' => 0, 'features' => [], ]); $company = Company::create([ 'plan_id' => $plan->id, 'slug' => 'mine-' . uniqid(), 'name' => 'Mine', 'status' => 'active', ]); app(TenantManager::class)->setCurrent($company); User::create([ 'company_id' => $company->id, 'name' => 'Bob', 'email' => 'bob@mine.com', 'password' => Hash::make('pwd12345'), 'status' => 'active', ]); $ok = auth('web')->attempt(['email' => 'bob@mine.com', 'password' => 'pwd12345']); $this->assertTrue($ok); } }