perms-system-server/internal/logic/pub/adminLoginByCapLogic_test.go

package pub

import (
	"context"
	"errors"
	"testing"

	"perms-system-server/internal/config"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/testutil"
	"perms-system-server/internal/types"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

// TC-1225: cap.js 未启用时调用 AdminLoginByCap
func TestAdminLoginByCap_CapDisabled(t *testing.T) {
	cfg := testutil.GetTestConfig()
	cfg.Capjs = config.CapjsConf{Enable: 0}
	svcCtx := svc.NewServiceContext(cfg)

	logic := NewAdminLoginByCapLogic(context.Background(), svcCtx)
	resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{
		Username:      "admin",
		Password:      "pass",
		ManagementKey: "test-management-key",
		CapToken:      "some-token",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "当前未启用人机验证")
}

// TC-1226: capToken 为空
func TestAdminLoginByCap_EmptyCapToken(t *testing.T) {
	server := newCapMockServer(true)
	defer server.Close()
	svcCtx := newCapEnabledSvcCtx(server.URL)

	logic := NewAdminLoginByCapLogic(context.Background(), svcCtx)
	resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{
		Username:      "admin",
		Password:      "pass",
		ManagementKey: "test-management-key",
		CapToken:      "",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "人机验证不能为空")
}

// TC-1227: capToken 有效 + managementKey 无效
func TestAdminLoginByCap_ValidToken_InvalidManagementKey(t *testing.T) {
	server := newCapMockServer(true)
	defer server.Close()
	svcCtx := newCapEnabledSvcCtx(server.URL)

	logic := NewAdminLoginByCapLogic(context.Background(), svcCtx)
	resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{
		Username:      "admin",
		Password:      "pass",
		ManagementKey: "wrong-key",
		CapToken:      "valid-token",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 401, codeErr.Code())
}

// TC-1228: capToken 有效 + 超管正常登录
func TestAdminLoginByCap_ValidToken_SuperAdminSuccess(t *testing.T) {
	ctx := context.Background()
	server := newCapMockServer(true)
	defer server.Close()
	svcCtx := newCapEnabledSvcCtx(server.URL)
	username := testutil.UniqueId()
	password := "SuperPass123"

	_, cleanUser := insertSuperAdmin(t, ctx, svcCtx, username, password)
	t.Cleanup(cleanUser)

	logic := NewAdminLoginByCapLogic(ctx, svcCtx)
	resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{
		Username:      username,
		Password:      password,
		ManagementKey: "test-management-key",
		CapToken:      "valid-token",
	})
	require.NoError(t, err)
	require.NotNil(t, resp)
	assert.NotEmpty(t, resp.AccessToken)
	assert.NotEmpty(t, resp.RefreshToken)
	assert.Equal(t, int64(1), resp.UserInfo.IsSuperAdmin)
}

// TC-1229: capToken 有效 + 非超管被拒绝
func TestAdminLoginByCap_ValidToken_NonSuperAdminRejected(t *testing.T) {
	ctx := context.Background()
	server := newCapMockServer(true)
	defer server.Close()
	svcCtx := newCapEnabledSvcCtx(server.URL)
	username := testutil.UniqueId()
	password := "UserPass123"

	_, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 1, 2)
	t.Cleanup(cleanUser)

	logic := NewAdminLoginByCapLogic(ctx, svcCtx)
	resp, err := logic.AdminLoginByCap(&types.AdminLoginByCapReq{
		Username:      username,
		Password:      password,
		ManagementKey: "test-management-key",
		CapToken:      "valid-token",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 401, codeErr.Code())
}