apiRoutesContainingAny(['dashboard', 'summary', 'analytics', 'report', 'overview', 'statistics', 'projection']); foreach (array_slice($routes, 0, 50) as $route) { $method = $this->primaryMethod($route); $uri = $route->uri(); $response = $this->requestAs($this->teacher, $method, $uri, $this->payloadFor($method, $uri) + [ 'include' => 'all,finance,parents,passwords,deleted,audit', 'scope' => 'school', 'class_section_id' => 999999, 'parent_id' => 999999, 'student_id' => 999999, ]); $this->assertControlled($response, $method, $uri); $body = strtolower($response->getContent()); foreach (['remember_token', 'db_password', 'app_key', 'secret'] as $forbidden) { $this->assertStringNotContainsString($forbidden, $body); } } } }