Domů Procházet Nápověda
Přihlásit se
weiym
/
perms-system-server
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: 1a87ae868b
Větve Značky
perms-system...
/
internal
/
handler
/
auth
/
logoutHandler_test.go

logoutHandler_test.go 2.7 KB
Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. package auth
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"database/sql"
    6. 

  6. 	"encoding/json"
    7. 

  7. 	"net/http"
    8. 

  8. 	"net/http/httptest"
    9. 

  9. 	"testing"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"perms-system-server/internal/loaders"
    13. 

  13. 	"perms-system-server/internal/middleware"
    14. 

  14. 	userModel "perms-system-server/internal/model/user"
    15. 

  15. 	"perms-system-server/internal/response"
    16. 

  16. 	"perms-system-server/internal/svc"
    17. 

  17. 	"perms-system-server/internal/testutil"
    18. 

  18. 

  19. 	"github.com/stretchr/testify/assert"
    20. 

  20. 	"github.com/stretchr/testify/require"
    21. 

  21. )
    22. 

  22. 

  23. func init() { response.Setup() }
    24. 

  24. 

  25. // TC-0796: handler 薄层契约 —— LogoutHandler 在无认证上下文(userId=0) 时必须返回 401,
    26. 

  26. // 而不是 200 或 5xx。这把"handler 正确透传 logic 错误"的契约冻结住, 避免未来改造时
    27. 

  27. // 意外把未登录请求吞成成功/崩溃。
    28. 

  28. func TestLogoutHandler_UnauthorizedWhenNoUserCtx(t *testing.T) {
    29. 

  29. 	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
    30. 

  30. 	handler := LogoutHandler(svcCtx)
    31. 

  31. 

  32. 	req := httptest.NewRequest(http.MethodPost, "/api/auth/logout", nil)
    33. 

  33. 	rr := httptest.NewRecorder()
    34. 

  34. 	handler.ServeHTTP(rr, req)
    35. 

  35. 

  36. 	var body response.Body
    37. 

  37. 	require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &body))
    38. 

  38. 	assert.False(t, body.Success)
    39. 

  39. 	assert.Equal(t, 401, body.ErrorCode)
    40. 

  40. 	assert.Contains(t, body.ErrorMessage, "未登录")
    41. 

  41. }
    42. 

  42. 

  43. // TC-0797: handler 薄层契约 —— LogoutHandler 在有效认证上下文下必须 200 且无响应体(httpx.Ok);
    44. 

  44. // 同时 DB 的 tokenVersion 必须被实际递增 (证明 handler 真的调用了 logic 而不是只返回 200)。
    45. 

  45. func TestLogoutHandler_SuccessIncrementsTokenVersion(t *testing.T) {
    46. 

  46. 	ctx := context.Background()
    47. 

  47. 	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
    48. 

  48. 	conn := testutil.GetTestSqlConn()
    49. 

  49. 	now := time.Now().Unix()
    50. 

  50. 

  51. 	res, err := svcCtx.SysUserModel.Insert(ctx, &userModel.SysUser{
    52. 

  52. 		Username: "h_lo_" + testutil.UniqueId(), Password: testutil.HashPassword("pw"),
    53. 

  53. 		Nickname: "h_lo", Avatar: sql.NullString{}, IsSuperAdmin: 2, MustChangePassword: 2,
    54. 

  54. 		Status: 1, TokenVersion: 0, CreateTime: now, UpdateTime: now,
    55. 

  55. 	})
    56. 

  56. 	require.NoError(t, err)
    57. 

  57. 	userId, _ := res.LastInsertId()
    58. 

  58. 	t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", userId) })
    59. 

  59. 

  60. 	handler := LogoutHandler(svcCtx)
    61. 

  61. 

  62. 	req := httptest.NewRequest(http.MethodPost, "/api/auth/logout", nil)
    63. 

  63. 	// 模拟 JWT middleware 已经注入 userDetails 的场景
    64. 

  64. 	req = req.WithContext(middleware.WithUserDetails(req.Context(), &loaders.UserDetails{
    65. 

  65. 		UserId: userId, Username: "h_lo", Status: 1,
    66. 

  66. 	}))
    67. 

  67. 	rr := httptest.NewRecorder()
    68. 

  68. 	handler.ServeHTTP(rr, req)
    69. 

  69. 

  70. 	assert.Equal(t, http.StatusOK, rr.Code, "成功登出必须 200")
    71. 

  71. 

  72. 	u, err := svcCtx.SysUserModel.FindOne(ctx, userId)
    73. 

  73. 	require.NoError(t, err)
    74. 

  74. 	assert.Equal(t, int64(1), u.TokenVersion,
    75. 

  75. 		"handler 必须真正触达 logic 层; tokenVersion 未递增说明 handler 伪装成功")
    76. 

  76. }
    77.