package pub import ( "context" "errors" "testing" "perms-system-server/internal/config" "perms-system-server/internal/response" "perms-system-server/internal/svc" "perms-system-server/internal/testutil" "perms-system-server/internal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) // TC-1225: cap.js 未启用时调用 AdminLoginByCap func TestAdminLoginByCap_CapDisabled(t *testing.T) { cfg := testutil.GetTestConfig() cfg.Capjs = config.CapjsConf{Enable: 0} svcCtx := svc.NewServiceContext(cfg) logic := NewAdminLoginByCapLogic(context.Background(), svcCtx) resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{ Username: "admin", Password: "pass", ManagementKey: "test-management-key", CapToken: "some-token", }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 400, codeErr.Code()) assert.Contains(t, codeErr.Error(), "当前未启用人机验证") } // TC-1226: capToken 为空 func TestAdminLoginByCap_EmptyCapToken(t *testing.T) { server := newCapMockServer(true) defer server.Close() svcCtx := newCapEnabledSvcCtx(server.URL) logic := NewAdminLoginByCapLogic(context.Background(), svcCtx) resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{ Username: "admin", Password: "pass", ManagementKey: "test-management-key", CapToken: "", }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 400, codeErr.Code()) assert.Contains(t, codeErr.Error(), "人机验证不能为空") } // TC-1227: capToken 有效 + managementKey 无效 func TestAdminLoginByCap_ValidToken_InvalidManagementKey(t *testing.T) { server := newCapMockServer(true) defer server.Close() svcCtx := newCapEnabledSvcCtx(server.URL) logic := NewAdminLoginByCapLogic(context.Background(), svcCtx) resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{ Username: "admin", Password: "pass", ManagementKey: "wrong-key", CapToken: "valid-token", }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) } // TC-1228: capToken 有效 + 超管正常登录 func TestAdminLoginByCap_ValidToken_SuperAdminSuccess(t *testing.T) { ctx := context.Background() server := newCapMockServer(true) defer server.Close() svcCtx := newCapEnabledSvcCtx(server.URL) username := testutil.UniqueId() password := "SuperPass123" _, cleanUser := insertSuperAdmin(t, ctx, svcCtx, username, password) t.Cleanup(cleanUser) logic := NewAdminLoginByCapLogic(ctx, svcCtx) resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{ Username: username, Password: password, ManagementKey: "test-management-key", CapToken: "valid-token", }) require.NoError(t, err) require.NotNil(t, resp) assert.NotEmpty(t, resp.AccessToken) assert.NotEmpty(t, resp.RefreshToken) assert.Equal(t, int64(1), resp.UserInfo.IsSuperAdmin) } // TC-1229: capToken 有效 + 非超管被拒绝 func TestAdminLoginByCap_ValidToken_NonSuperAdminRejected(t *testing.T) { ctx := context.Background() server := newCapMockServer(true) defer server.Close() svcCtx := newCapEnabledSvcCtx(server.URL) username := testutil.UniqueId() password := "UserPass123" _, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 1, 2) t.Cleanup(cleanUser) logic := NewAdminLoginByCapLogic(ctx, svcCtx) resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{ Username: username, Password: password, ManagementKey: "test-management-key", CapToken: "valid-token", }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) }