apiRoutesContainingAny(['public', 'captcha', 'contact', 'docs', 'health', 'scan', 'scanner', 'badge', 'policy']); foreach (array_slice($routes, 0, 45) as $route) { $method = $this->primaryMethod($route); $uri = $route->uri(); $response = $this->withHeaders([ 'X-User-Id' => (string) $this->admin->id, 'X-Role' => 'administrator', 'Authorization' => 'Bearer forged-public-token', ])->json($method, $this->materializePath($uri), $this->payloadFor($method, $uri) + [ 'admin' => true, 'include_private' => true, 'student_id' => $this->ids['studentId'], 'parent_id' => $this->ids['parentId'], ]); $this->assertControlled($response, $method, $uri); $body = strtolower($response->getContent()); foreach (['remember_token', 'password', 'db_password', 'app_key'] as $forbidden) { $this->assertStringNotContainsString($forbidden, $body); } } } }