package pub import ( "context" "errors" "testing" "time" "perms-system-server/internal/response" "perms-system-server/internal/testutil" "perms-system-server/internal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) // TC-0500: 超管正常登录(管理后台) func TestAdminLogin_SuperAdmin(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() username := testutil.UniqueId() password := "TestPass123" _, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 1, 1) t.Cleanup(cleanUser) logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: username, Password: password, ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.NoError(t, err) require.NotNil(t, resp) assert.NotEmpty(t, resp.AccessToken) assert.NotEmpty(t, resp.RefreshToken) assert.True(t, resp.Expires > time.Now().Unix(), "expires应为未来的unix时间戳") assert.Equal(t, username, resp.UserInfo.Username) assert.Equal(t, int64(1), resp.UserInfo.IsSuperAdmin) assert.Nil(t, resp.UserInfo.Perms) assert.Equal(t, "SUPER_ADMIN", resp.UserInfo.MemberType) } // TC-0501: 普通用户正常登录(管理后台) func TestAdminLogin_NormalUser(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() username := testutil.UniqueId() password := "TestPass123" _, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 1, 2) t.Cleanup(cleanUser) logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: username, Password: password, ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.NoError(t, err) require.NotNil(t, resp) assert.NotEmpty(t, resp.AccessToken) assert.NotEmpty(t, resp.RefreshToken) assert.True(t, resp.Expires > time.Now().Unix(), "expires应为未来的unix时间戳") assert.Equal(t, username, resp.UserInfo.Username) assert.Nil(t, resp.UserInfo.Perms) assert.Empty(t, resp.UserInfo.MemberType) } // TC-0502: managementKey无效 func TestAdminLogin_InvalidManagementKey(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: "anyone", Password: "pass", ManagementKey: "wrong-key", }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) assert.Equal(t, "managementKey无效", codeErr.Error()) } // TC-0503: managementKey为空 func TestAdminLogin_EmptyManagementKey(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: "anyone", Password: "pass", ManagementKey: "", }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) assert.Equal(t, "managementKey无效", codeErr.Error()) } // TC-0504: 用户不存在 func TestAdminLogin_UserNotFound(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: "nonexistent_" + testutil.UniqueId(), Password: "whatever", ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) assert.Equal(t, "用户名或密码错误", codeErr.Error()) } // TC-0505: 密码错误 func TestAdminLogin_WrongPassword(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() username := testutil.UniqueId() _, cleanUser := insertTestUser(t, ctx, svcCtx, username, "CorrectPass", 1, 2) t.Cleanup(cleanUser) logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: username, Password: "WrongPass", ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) assert.Equal(t, "用户名或密码错误", codeErr.Error()) } // TC-0506: 账号冻结 func TestAdminLogin_AccountFrozen(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() username := testutil.UniqueId() password := "TestPass123" _, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 2, 2) t.Cleanup(cleanUser) logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: username, Password: password, ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 403, codeErr.Code()) assert.Equal(t, "账号已被冻结", codeErr.Error()) } // TC-0507: 不带productCode时token无权限(perms为空) func TestAdminLogin_NoPermsWithoutProductCode(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() username := testutil.UniqueId() password := "TestPass123" _, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 1, 1) t.Cleanup(cleanUser) logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: username, Password: password, ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.NoError(t, err) require.NotNil(t, resp) assert.Nil(t, resp.UserInfo.Perms, "管理后台不传productCode,不应加载权限列表") assert.Equal(t, "SUPER_ADMIN", resp.UserInfo.MemberType, "超管即使不传productCode也会被标记SUPER_ADMIN") } // TC-0509: SQL注入username func TestAdminLogin_SQLInjection(t *testing.T) { ctx := context.Background() svcCtx := newTestSvcCtx() logic := NewAdminLoginLogic(ctx, svcCtx) resp, err := logic.AdminLogin(&types.AdminLoginReq{ Username: "' OR 1=1 --", Password: "anything", ManagementKey: svcCtx.Config.Auth.ManagementKey, }) require.Nil(t, resp) require.Error(t, err) var codeErr *response.CodeError require.True(t, errors.As(err, &codeErr)) assert.Equal(t, 401, codeErr.Code()) assert.Equal(t, "用户名或密码错误", codeErr.Error()) }