84 lines
2.8 KiB
PHP
84 lines
2.8 KiB
PHP
<?php
|
|
|
|
use App\Models\AdminUser;
|
|
use App\Lottery\ErrorCode;
|
|
use Illuminate\Support\Str;
|
|
use App\Services\AdminCaptchaService;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
test('admin ping requires authentication', function () {
|
|
$this->getJson('/api/v1/admin/ping')->assertUnauthorized()
|
|
->assertJsonPath('code', ErrorCode::AdminUnauthenticated->value);
|
|
});
|
|
|
|
test('admin login returns bearer token when captcha passes validation', function () {
|
|
AdminUser::query()->create([
|
|
'username' => 'tester',
|
|
'name' => '测试昵称',
|
|
'email' => null,
|
|
'password' => 'secret-strong',
|
|
'status' => 0,
|
|
]);
|
|
|
|
$mock = Mockery::mock(AdminCaptchaService::class);
|
|
$mock->shouldReceive('verify')->once()->andReturn(true);
|
|
$this->instance(AdminCaptchaService::class, $mock);
|
|
|
|
$resp = $this->postJson('/api/v1/admin/auth/login', [
|
|
'account' => 'Tester',
|
|
'password' => 'secret-strong',
|
|
'captcha_key' => (string) Str::uuid(),
|
|
'captcha_code' => 'xwz2',
|
|
]);
|
|
|
|
$resp->assertOk()
|
|
->assertJsonPath('code', ErrorCode::Success->value)
|
|
->assertJsonPath('data.admin.username', 'tester')
|
|
->assertJsonPath('data.admin.nickname', '测试昵称')
|
|
->assertJsonStructure(['data' => ['token', 'token_type', 'admin' => ['id', 'username', 'nickname', 'email', 'permissions']]]);
|
|
|
|
$token = $resp->json('data.token');
|
|
expect($token)->not->toBeNull();
|
|
|
|
$this->withHeader('Authorization', 'Bearer '.$token)
|
|
->getJson('/api/v1/admin/ping')
|
|
->assertOk()
|
|
->assertJsonPath('data.scope', 'admin');
|
|
});
|
|
|
|
test('admin captcha exposes key and image base64', function () {
|
|
$resp = $this->getJson('/api/v1/admin/auth/captcha');
|
|
|
|
$resp->assertOk()
|
|
->assertJsonPath('code', ErrorCode::Success->value);
|
|
|
|
$data = $resp->json('data');
|
|
expect($data)->toBeArray()
|
|
->and(Str::isUuid((string) $data['captcha_key']))->toBeTrue()
|
|
->and((string) $data['image_base64'])->not->toBe('');
|
|
});
|
|
|
|
test('login rejects wrong password with masked message', function () {
|
|
AdminUser::query()->create([
|
|
'username' => 'bad_tester',
|
|
'name' => 'X',
|
|
'email' => null,
|
|
'password' => 'right-only',
|
|
'status' => 0,
|
|
]);
|
|
|
|
$mock = Mockery::mock(AdminCaptchaService::class);
|
|
$mock->shouldReceive('verify')->andReturn(true);
|
|
$this->instance(AdminCaptchaService::class, $mock);
|
|
|
|
$this->postJson('/api/v1/admin/auth/login', [
|
|
'account' => 'bad_tester',
|
|
'password' => 'wrong-password',
|
|
'captcha_key' => (string) Str::uuid(),
|
|
'captcha_code' => 'aaaa',
|
|
])->assertUnauthorized()
|
|
->assertJsonPath('code', ErrorCode::AdminCredentialsInvalid->value);
|
|
});
|