weiym
/
perms-system-server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
							package user

import (
	"context"
	"database/sql"
	"os"
	"testing"
	"time"

	"perms-system-server/internal/consts"
	"perms-system-server/internal/loaders"
	"perms-system-server/internal/middleware"
	memberModel "perms-system-server/internal/model/productmember"
	userModel "perms-system-server/internal/model/user"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/testutil"
	"perms-system-server/internal/testutil/ctxhelper"
	"perms-system-server/internal/types"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

// ---------------------------------------------------------------------------
// 审计 H-1（第 8 轮仍未落地，三轮累计）—— UserDetailLogic / UserListLogic 把
// Email / Phone / Remark 字段原样返回给任意同产品成员，违反 PIPL 最小必要。
// 审计 L-3（同样未落地）—— CheckManageAccess 对 caller.DeptId=0 老账号直接 403，
// 导致历史 MEMBER/DEVELOPER 连"看自己"以外的任何管理动作都做不了（即使目标合法）。
//
// 本文件用"契约测试"的方式同时完成两件事：
//   1) 为正确行为写死断言（assert.Equal(masked, ...) / assert.NoError），
//      fix 一落地即可把 t.Skip 开关打开，立刻得到回归保护。
//   2) 默认 t.Skipf 并在 skip message 里留下 `AUDIT_PENDING` 关键词，report 生成
//      流程据此统计"已知失败测试"，避免把未修缺陷当成"100% 通过"粉饰。
//
// 开关：SET AUDIT_RUN_PENDING=1 可强制跑这些测试，CI 会红并指出是哪一条未 fix。
// ---------------------------------------------------------------------------

const auditPendingEnv = "AUDIT_RUN_PENDING"

func skipPending(t *testing.T, marker, reason string) {
	t.Helper()
	if os.Getenv(auditPendingEnv) != "" {
		return
	}
	t.Skipf("AUDIT_PENDING %s (Round 8 fix 未落地) —— %s", marker, reason)
}

func insertH1Member(t *testing.T, ctx context.Context, svcCtx *svc.ServiceContext, productCode string, u *userModel.SysUser) (int64, int64) {
	t.Helper()
	id := insertTestUserFull(t, ctx, u)
	now := time.Now().Unix()
	res, err := svcCtx.SysProductMemberModel.Insert(ctx, &memberModel.SysProductMember{
		ProductCode: productCode, UserId: id, MemberType: consts.MemberTypeMember,
		Status: 1, CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	mId, _ := res.LastInsertId()
	return id, mId
}

// TC-0990: H-1 对抗性 —— 同产品 MEMBER 互看，必须屏蔽 Email/Phone/Remark。
func TestUserDetail_H1_MemberViewingPeer_MustMaskPII(t *testing.T) {
	skipPending(t, "H-1",
		"UserDetail 当前把 Email/Phone/Remark 原样回传同产品 MEMBER；"+
			"待 filterPIIForCaller + CanViewContact 落地后移除 Skip")
	ctx := context.Background()
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()
	productCode := "h1_" + testutil.UniqueId()

	target, mTarget := insertH1Member(t, ctx, svcCtx, productCode, &userModel.SysUser{
		Username:           "t_" + testutil.UniqueId(),
		Password:           testutil.HashPassword("pw"),
		Nickname:           "target",
		Avatar:             sql.NullString{},
		Email:              "[email protected]",
		Phone:              "13800001111",
		Remark:             "内部岗位: 副总",
		DeptId:             1,
		IsSuperAdmin:       2,
		MustChangePassword: 2,
		Status:             1,
	})
	caller, mCaller := insertH1Member(t, ctx, svcCtx, productCode, &userModel.SysUser{
		Username:           "c_" + testutil.UniqueId(),
		Password:           testutil.HashPassword("pw"),
		Nickname:           "caller",
		IsSuperAdmin:       2,
		MustChangePassword: 2,
		Status:             1,
		DeptId:             1,
	})
	t.Cleanup(func() {
		testutil.CleanTable(ctx, conn, "`sys_product_member`", mTarget, mCaller)
		testutil.CleanTable(ctx, conn, "`sys_user`", target, caller)
	})

	callerCtx := middleware.WithUserDetails(context.Background(), &loaders.UserDetails{
		UserId: caller, Username: "caller", MemberType: consts.MemberTypeMember,
		Status: 1, ProductCode: productCode, DeptId: 1, DeptPath: "/1/", MinPermsLevel: 100,
	})

	resp, err := NewUserDetailLogic(callerCtx, svcCtx).UserDetail(&types.UserDetailReq{Id: target})
	require.NoError(t, err)
	require.NotNil(t, resp)

	assert.NotEqual(t, "[email protected]", resp.Email,
		"H-1：同级 MEMBER 互看时 Email 必须脱敏（例：t***@example.com），禁止原文暴露")
	assert.NotEqual(t, "13800001111", resp.Phone,
		"H-1：同级 MEMBER 互看时 Phone 必须脱敏（例：138****1111）")
	assert.Empty(t, resp.Remark,
		"H-1：Remark 常含内部岗位/外部联络人，MEMBER 互看时必须清空")
}

// TC-0991: H-1 正向——看自己时 Email/Phone/Remark 必须返回原值。
func TestUserDetail_H1_ViewSelf_KeepsPII(t *testing.T) {
	skipPending(t, "H-1",
		"UserDetail 缺少 caller.UserId == target.Id 的 PII 放行短路；fix 落地后取消 Skip")
	ctx := context.Background()
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()
	productCode := "h1_self_" + testutil.UniqueId()

	selfId, mSelf := insertH1Member(t, ctx, svcCtx, productCode, &userModel.SysUser{
		Username:           "self_" + testutil.UniqueId(),
		Password:           testutil.HashPassword("pw"),
		Nickname:           "self",
		Email:              "[email protected]",
		Phone:              "13900002222",
		Remark:             "self-only note",
		IsSuperAdmin:       2,
		MustChangePassword: 2,
		Status:             1,
		DeptId:             1,
	})
	t.Cleanup(func() {
		testutil.CleanTable(ctx, conn, "`sys_product_member`", mSelf)
		testutil.CleanTable(ctx, conn, "`sys_user`", selfId)
	})

	selfCtx := middleware.WithUserDetails(context.Background(), &loaders.UserDetails{
		UserId: selfId, Username: "self", MemberType: consts.MemberTypeMember,
		Status: 1, ProductCode: productCode, DeptId: 1, DeptPath: "/1/", MinPermsLevel: 100,
	})

	resp, err := NewUserDetailLogic(selfCtx, svcCtx).UserDetail(&types.UserDetailReq{Id: selfId})
	require.NoError(t, err)

	assert.Equal(t, "[email protected]", resp.Email, "H-1：看自己必须返回 Email 原值")
	assert.Equal(t, "13900002222", resp.Phone, "H-1：看自己必须返回 Phone 原值")
	assert.Equal(t, "self-only note", resp.Remark, "H-1：看自己必须返回 Remark 原值")
}

// TC-0992: H-1 超管分支 —— SuperAdmin 看任何用户都可以看到 PII 原值（工单兜底）。
// 该分支本应通过；若 fix 改错把超管也一起脱敏了这条会挂，触发回归。
func TestUserDetail_H1_SuperAdmin_KeepsPII(t *testing.T) {
	skipPending(t, "H-1",
		"当前无脱敏逻辑，超管天然看到原值；fix 落地后本测试用来防回归，确保超管不被误脱敏")
	ctx := ctxhelper.SuperAdminCtx()
	svcCtx := svc.NewServiceContext(testutil.GetTestConfig())
	conn := testutil.GetTestSqlConn()

	userId := insertTestUserFull(t, ctx, &userModel.SysUser{
		Username: "sa_view_" + testutil.UniqueId(), Password: testutil.HashPassword("pw"),
		Nickname: "n", Email: "[email protected]", Phone: "13700000000", Remark: "nb",
		IsSuperAdmin: 2, MustChangePassword: 2, Status: 1,
	})
	t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_user`", userId) })

	resp, err := NewUserDetailLogic(ctx, svcCtx).UserDetail(&types.UserDetailReq{Id: userId})
	require.NoError(t, err)
	assert.Equal(t, "[email protected]", resp.Email)
	assert.Equal(t, "13700000000", resp.Phone)
	assert.Equal(t, "nb", resp.Remark)
}