From 1f380587a91c7d3fbd79d6a2c54e630f04fbb259 Mon Sep 17 00:00:00 2001 From: veypi Date: Mon, 16 Feb 2026 17:08:57 +0800 Subject: [PATCH] refactor(tests): Restructure test scripts with better coverage - Add 00_none_auth.sh for unauthenticated access testing - Replace 01_basic_auth.sh with 01_setup_users.sh for comprehensive user setup - Replace 02_user_permission.sh with 02_resource_perm.sh for cross-user permission tests - Update lib.sh to handle non-numeric code fields in response - Update README.md with new test structure and usage instructions - Update run_all.sh with new test sequence --- scripts/tests/00_none_auth.sh | 67 +++++++++++++ scripts/tests/01_basic_auth.sh | 100 ------------------- scripts/tests/01_setup_users.sh | 148 ++++++++++++++++++++++++++++ scripts/tests/02_resource_perm.sh | 122 +++++++++++++++++++++++ scripts/tests/02_user_permission.sh | 84 ---------------- scripts/tests/README.md | 94 +++++++----------- scripts/tests/lib.sh | 12 ++- scripts/tests/run_all.sh | 5 +- 8 files changed, 389 insertions(+), 243 deletions(-) create mode 100644 scripts/tests/00_none_auth.sh delete mode 100755 scripts/tests/01_basic_auth.sh create mode 100644 scripts/tests/01_setup_users.sh create mode 100644 scripts/tests/02_resource_perm.sh delete mode 100755 scripts/tests/02_user_permission.sh diff --git a/scripts/tests/00_none_auth.sh b/scripts/tests/00_none_auth.sh new file mode 100644 index 0000000..22eba0a --- /dev/null +++ b/scripts/tests/00_none_auth.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# +# 未登录访问测试 +# 测试内容:验证受保护接口在未登录状态下拒绝访问 +# + +set -e + +# 加载公共库 +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/lib.sh" + +test_start "未登录访问测试 (None Auth)" + +# 检查服务 +check_service + +# 定义要测试的受保护接口列表 +# 格式: "METHOD PATH [BODY]" +PROTECTED_ENDPOINTS=( + "GET /api/auth/me" + "POST /api/auth/logout {}" + "GET /api/users" + "POST /api/users {}" + "GET /api/orgs" + "POST /api/orgs {}" + "GET /api/roles" + "POST /api/roles {}" + "GET /api/settings" + "GET /api/oauth/clients" + "GET /api/oauth/providers" +) + +# 遍历测试 +for endpoint in "${PROTECTED_ENDPOINTS[@]}"; do + read -r method path body <<< "$endpoint" + + step "测试 $method $path (未登录)" + + if [ "$method" == "GET" ]; then + RES=$(api_get "$path" "") + elif [ "$method" == "POST" ]; then + RES=$(api_post "$path" "${body:-{}}" "") + elif [ "$method" == "PATCH" ]; then + RES=$(api_patch "$path" "${body:-{}}" "") + elif [ "$method" == "DELETE" ]; then + RES=$(api_delete "$path" "") + fi + + # 提取状态码 + # 注意:Vigo 框架可能返回 HTTP 401 或 JSON code 40100 + # check_http_code 默认提取 JSON 中的 code + code=$(echo "$RES" | jq -r '.code // 200') + + # 允许 401 (Standard HTTP) 或 40100 (Vigo Unauthorized) + if [[ "$code" == "401" || "$code" == "40100" ]]; then + success "访问被拒绝 (Code: $code)" + else + error "期望 401/40100, 实际: $code" + info "响应: $RES" + # 标记失败但不立即退出,以便测试所有接口? + # 这里为了严格性,还是退出吧,或者用 fail_flag + exit 1 + fi +done + +test_end diff --git a/scripts/tests/01_basic_auth.sh b/scripts/tests/01_basic_auth.sh deleted file mode 100755 index 14e7f7f..0000000 --- a/scripts/tests/01_basic_auth.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash -# -# 基础认证测试 -# 测试内容:注册、登录、修改信息、改密码、刷新token、登出 -# - -set -e - -# 加载公共库 -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -source "$SCRIPT_DIR/lib.sh" - -# 测试配置 -TEST_USER="basic_user_$TEST_TIMESTAMP" -TEST_PASS="password123" -TEST_EMAIL="$TEST_USER@test.com" - -test_start "基础认证测试" - -# 检查服务 -check_service - -# 1. 用户注册 -step "1. 用户注册" -REGISTER_RES=$(register_user "$TEST_USER" "$TEST_PASS" "$TEST_EMAIL") -echo "注册响应: $REGISTER_RES" -check_http_code "$REGISTER_RES" "200" || exit 1 -check_success "用户注册成功" - -# 2. 用户登录 -step "2. 用户登录" -LOGIN_RES=$(login_user "$TEST_USER" "$TEST_PASS") -echo "登录响应: $LOGIN_RES" -check_http_code "$LOGIN_RES" "200" || exit 1 - -TOKEN=$(get_token "$LOGIN_RES") -USER_ID=$(get_user_id "$LOGIN_RES") -info "Token: ${TOKEN:0:20}..." -info "User ID: $USER_ID" -check_success "用户登录成功" - -# 3. 获取当前用户信息 -step "3. 获取当前用户信息" -ME_RES=$(api_get "/api/auth/me" "$TOKEN") -echo "用户信息: $ME_RES" -check_http_code "$ME_RES" "200" || exit 1 -check_success "获取用户信息成功" - -# 4. 修改自己的信息 -step "4. 修改自己的信息" -UPDATE_RES=$(api_patch "/api/users/$USER_ID" '{"nickname": "Updated Nickname"}' "$TOKEN") -echo "更新响应: $UPDATE_RES" -check_http_code "$UPDATE_RES" "200" || exit 1 -NICKNAME=$(echo "$UPDATE_RES" | jq -r '.nickname') -if [ "$NICKNAME" = "Updated Nickname" ]; then - check_success "修改用户信息成功" -else - error "修改用户信息失败" - exit 1 -fi - -# 5. 修改密码 -step "5. 修改密码" -CHANGE_PW_RES=$(api_post "/api/auth/me/change-password" \ - "{\"old_password\": \"$TEST_PASS\", \"new_password\": \"newpassword123\"}" \ - "$TOKEN") -echo "改密码响应: $CHANGE_PW_RES" -check_http_code "$CHANGE_PW_RES" "200" || exit 1 -check_success "修改密码成功" - -# 6. 使用新密码登录 -step "6. 使用新密码登录" -LOGIN_NEW_RES=$(login_user "$TEST_USER" "newpassword123") -check_http_code "$LOGIN_NEW_RES" "200" || exit 1 -TOKEN=$(get_token "$LOGIN_NEW_RES") -check_success "新密码登录成功" - -# 7. Token 刷新 -step "7. Token 刷新" -REFRESH_TOKEN=$(get_refresh_token "$LOGIN_NEW_RES") -REFRESH_RES=$(api_post "/api/auth/refresh" "{\"refresh_token\": \"$REFRESH_TOKEN\"}" "" ) -echo "刷新响应: $REFRESH_RES" -check_http_code "$REFRESH_RES" "200" || exit 1 -NEW_TOKEN=$(echo "$REFRESH_RES" | jq -r '.access_token') -if [ -n "$NEW_TOKEN" ] && [ "$NEW_TOKEN" != "null" ]; then - TOKEN="$NEW_TOKEN" - check_success "Token 刷新成功" -else - error "Token 刷新失败" - exit 1 -fi - -# 8. 用户登出 -step "8. 用户登出" -LOGOUT_RES=$(api_post "/api/auth/logout" "{}" "$TOKEN") -echo "登出响应: $LOGOUT_RES" -check_http_code "$LOGOUT_RES" "200" || exit 1 -check_success "用户登出成功" - -test_end diff --git a/scripts/tests/01_setup_users.sh b/scripts/tests/01_setup_users.sh new file mode 100644 index 0000000..bdcbcf7 --- /dev/null +++ b/scripts/tests/01_setup_users.sh @@ -0,0 +1,148 @@ +#!/bin/bash +# +# 01_setup_users.sh +# +# 功能: +# 1. 初始化三个核心测试账户:Admin, User1, User2 +# 2. 验证基础认证功能(注册、登录、信息修改、密码修改、Token刷新、登出) +# 3. 确保后续测试有稳定的测试账号 +# + +set -e + +# 加载公共库 +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/lib.sh" + +test_start "用户初始化与基础认证测试" + +# 检查服务 +check_service + +# ========================================== +# 定义测试账号 +# ========================================== +# 密码统一 +COMMON_PASS="password123" + +# 1. Admin 用户 (系统第一个注册用户自动成为Admin) +ADMIN_USER="admin_${TEST_TIMESTAMP}" +ADMIN_EMAIL="${ADMIN_USER}@test.com" + +# 2. 普通用户 1 +USER1_NAME="user1_${TEST_TIMESTAMP}" +USER1_EMAIL="${USER1_NAME}@test.com" + +# 3. 普通用户 2 +USER2_NAME="user2_${TEST_TIMESTAMP}" +USER2_EMAIL="${USER2_NAME}@test.com" + +# 4. 临时用户 (用于测试改密、登出等破坏性操作) +TEMP_USER="temp_${TEST_TIMESTAMP}" +TEMP_EMAIL="${TEMP_USER}@test.com" + +# ========================================== +# 1. 创建核心账户 +# ========================================== + +# --- Admin --- +step "1.1 注册 Admin 账户 (第一个用户)" +RES=$(register_user "$ADMIN_USER" "$COMMON_PASS" "$ADMIN_EMAIL") +check_http_code "$RES" "200" +info "Admin 注册成功: $ADMIN_USER" + +# 验证 Admin 登录 +RES=$(login_user "$ADMIN_USER" "$COMMON_PASS") +check_http_code "$RES" "200" +ADMIN_TOKEN=$(get_token "$RES") +check_success "Admin 登录验证成功" + +# --- User1 --- +step "1.2 注册 User1 账户" +RES=$(register_user "$USER1_NAME" "$COMMON_PASS" "$USER1_EMAIL") +check_http_code "$RES" "200" +info "User1 注册成功: $USER1_NAME" + +# 验证 User1 登录 +RES=$(login_user "$USER1_NAME" "$COMMON_PASS") +check_http_code "$RES" "200" +USER1_TOKEN=$(get_token "$RES") +check_success "User1 登录验证成功" + +# --- User2 --- +step "1.3 注册 User2 账户" +RES=$(register_user "$USER2_NAME" "$COMMON_PASS" "$USER2_EMAIL") +check_http_code "$RES" "200" +info "User2 注册成功: $USER2_NAME" + +# 验证 User2 登录 +RES=$(login_user "$USER2_NAME" "$COMMON_PASS") +check_http_code "$RES" "200" +check_success "User2 登录验证成功" + +# ========================================== +# 2. 基础功能验证 (使用临时用户) +# ========================================== + +step "2.1 注册临时用户用于功能验证" +RES=$(register_user "$TEMP_USER" "$COMMON_PASS" "$TEMP_EMAIL") +check_http_code "$RES" "200" + +# 登录 +RES=$(login_user "$TEMP_USER" "$COMMON_PASS") +TEMP_TOKEN=$(get_token "$RES") +TEMP_ID=$(get_user_id "$RES") + +# 修改信息 +step "2.2 验证修改个人信息" +RES=$(api_patch "/api/users/$TEMP_ID" '{"nickname": "Temp Nick"}' "$TEMP_TOKEN") +check_http_code "$RES" "200" +check_success "修改信息成功" + +# 修改密码 +step "2.3 验证修改密码" +NEW_PASS="newpass123" +RES=$(api_post "/api/auth/me/change-password" \ + "{\"old_password\": \"$COMMON_PASS\", \"new_password\": \"$NEW_PASS\"}" \ + "$TEMP_TOKEN") +check_http_code "$RES" "200" +check_success "密码修改成功" + +# 旧密码登录失败验证 +step "2.4 验证旧密码登录失败" +RES=$(login_user "$TEMP_USER" "$COMMON_PASS") +code=$(echo "$RES" | jq -r '.code // 200') +if [[ "$code" != "200" ]]; then + check_success "旧密码登录被拒绝 (预期)" +else + error "旧密码仍然可以登录!" + exit 1 +fi + +# 新密码登录 +step "2.5 验证新密码登录" +RES=$(login_user "$TEMP_USER" "$NEW_PASS") +check_http_code "$RES" "200" +TEMP_TOKEN=$(get_token "$RES") # 更新 Token +check_success "新密码登录成功" + +# Token 刷新 +step "2.6 验证 Token 刷新" +REFRESH_TOKEN=$(get_refresh_token "$RES") +RES=$(api_post "/api/auth/refresh" "{\"refresh_token\": \"$REFRESH_TOKEN\"}" "") +check_http_code "$RES" "200" +NEW_ACCESS=$(echo "$RES" | jq -r '.access_token') +if [ -n "$NEW_ACCESS" ] && [ "$NEW_ACCESS" != "null" ]; then + check_success "Token 刷新成功" +else + error "Token 刷新失败" + exit 1 +fi + +# 登出 +step "2.7 验证登出" +RES=$(api_post "/api/auth/logout" "{}" "$TEMP_TOKEN") +check_http_code "$RES" "200" +check_success "登出成功" + +test_end diff --git a/scripts/tests/02_resource_perm.sh b/scripts/tests/02_resource_perm.sh new file mode 100644 index 0000000..7fdb1fc --- /dev/null +++ b/scripts/tests/02_resource_perm.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# +# 02_resource_perm.sh +# +# 功能:测试跨用户资源访问权限 +# 场景: +# 1. Admin 修改任意用户资源 (Allow) +# 2. 普通用户修改自己资源 (Allow) +# 3. 普通用户修改他人资源 (Deny) +# 4. 普通用户修改 Admin 资源 (Deny) +# + +set -e + +# 加载公共库 +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/lib.sh" + +test_start "资源权限交叉验证测试" + +# 检查服务 +check_service + +# ========================================== +# 准备环境 (登录三个账户) +# ========================================== +COMMON_PASS="password123" + +ADMIN_USER="admin_${TEST_TIMESTAMP}" +USER1_NAME="user1_${TEST_TIMESTAMP}" +USER2_NAME="user2_${TEST_TIMESTAMP}" + +step "0. 登录测试账户" + +# Admin Login +RES=$(login_user "$ADMIN_USER" "$COMMON_PASS") +check_http_code "$RES" "200" +ADMIN_TOKEN=$(get_token "$RES") +ADMIN_ID=$(get_user_id "$RES") +info "Admin ID: $ADMIN_ID" + +# User1 Login +RES=$(login_user "$USER1_NAME" "$COMMON_PASS") +check_http_code "$RES" "200" +USER1_TOKEN=$(get_token "$RES") +USER1_ID=$(get_user_id "$RES") +info "User1 ID: $USER1_ID" + +# User2 Login +RES=$(login_user "$USER2_NAME" "$COMMON_PASS") +check_http_code "$RES" "200" +USER2_TOKEN=$(get_token "$RES") +USER2_ID=$(get_user_id "$RES") +info "User2 ID: $USER2_ID" + + +# ========================================== +# 测试用例 +# ========================================== + +# Case 1: Admin 修改 User1 (应成功) +step "1. Admin 修改 User1 信息 (预期: 成功)" +RES=$(api_patch "/api/users/$USER1_ID" '{"nickname": "Edited By Admin"}' "$ADMIN_TOKEN") +check_http_code "$RES" "200" +NICK=$(echo "$RES" | jq -r '.nickname') +if [ "$NICK" == "Edited By Admin" ]; then + check_success "Admin 修改 User1 成功" +else + error "Admin 修改失败, nickname=$NICK" + exit 1 +fi + +# Case 2: User1 修改 User1 (应成功) +step "2. User1 修改自己信息 (预期: 成功)" +RES=$(api_patch "/api/users/$USER1_ID" '{"nickname": "Edited By Self"}' "$USER1_TOKEN") +check_http_code "$RES" "200" +NICK=$(echo "$RES" | jq -r '.nickname') +if [ "$NICK" == "Edited By Self" ]; then + check_success "User1 修改自己成功" +else + error "User1 修改自己失败, nickname=$NICK" + exit 1 +fi + +# Case 3: User1 修改 User2 (应失败) +step "3. User1 修改 User2 信息 (预期: 失败 403/404)" +RES=$(api_patch "/api/users/$USER2_ID" '{"nickname": "Hacked By User1"}' "$USER1_TOKEN") +# Vigo 可能返回 403 Forbidden 或 404 NotFound (如果做了隔离) +code=$(echo "$RES" | jq -r '.code // 200') +if [[ "$code" == "403"* ]] || [[ "$code" == "404"* ]] || [[ "$code" == "401"* ]]; then + check_success "User1 修改 User2 被拒绝 (Code: $code)" +else + error "User1 竟然修改了 User2 ! Code: $code" + info "Response: $RES" + exit 1 +fi + +# Case 4: User1 修改 Admin (应失败) +step "4. User1 修改 Admin 信息 (预期: 失败 403/404)" +RES=$(api_patch "/api/users/$ADMIN_ID" '{"nickname": "Hacked By User1"}' "$USER1_TOKEN") +code=$(echo "$RES" | jq -r '.code // 200') +if [[ "$code" == "403"* ]] || [[ "$code" == "404"* ]] || [[ "$code" == "401"* ]]; then + check_success "User1 修改 Admin 被拒绝 (Code: $code)" +else + error "User1 竟然修改了 Admin ! Code: $code" + info "Response: $RES" + exit 1 +fi + +# Case 5: User2 修改 User1 (应失败) +step "5. User2 修改 User1 信息 (预期: 失败 403/404)" +RES=$(api_patch "/api/users/$USER1_ID" '{"nickname": "Hacked By User2"}' "$USER2_TOKEN") +code=$(echo "$RES" | jq -r '.code // 200') +if [[ "$code" == "403"* ]] || [[ "$code" == "404"* ]] || [[ "$code" == "401"* ]]; then + check_success "User2 修改 User1 被拒绝 (Code: $code)" +else + error "User2 竟然修改了 User1 ! Code: $code" + info "Response: $RES" + exit 1 +fi + +test_end diff --git a/scripts/tests/02_user_permission.sh b/scripts/tests/02_user_permission.sh deleted file mode 100755 index f416f51..0000000 --- a/scripts/tests/02_user_permission.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -# -# 用户权限测试 -# 测试内容: -# - 第一个用户注册为 admin -# - 第二个用户注册为 user -# - user 可以修改自己的信息 -# - user 不能修改 admin 的信息 -# - -set -e - -# 加载公共库 -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -source "$SCRIPT_DIR/lib.sh" - -# 测试用户 -ADMIN_USER="admin_user_$TEST_TIMESTAMP" -ADMIN_PASS="admin123" -ADMIN_EMAIL="$ADMIN_USER@test.com" - -NORMAL_USER="normal_user_$TEST_TIMESTAMP" -NORMAL_PASS="user123" -NORMAL_EMAIL="$NORMAL_USER@test.com" - -test_start "用户权限测试" - -# 检查服务 -check_service - -# 1. 第一个用户注册 (admin) -step "1. 第一个用户注册 (自动成为 admin)" -ADMIN_REG=$(register_user "$ADMIN_USER" "$ADMIN_PASS" "$ADMIN_EMAIL") -echo "Admin 注册响应: $ADMIN_REG" -check_http_code "$ADMIN_REG" "200" -ADMIN_LOGIN=$(login_user "$ADMIN_USER" "$ADMIN_PASS") -ADMIN_TOKEN=$(get_token "$ADMIN_LOGIN") -ADMIN_ID=$(get_user_id "$ADMIN_LOGIN") -info "Admin ID: $ADMIN_ID" -check_success "Admin 注册并登录成功" - -# 2. 第二个用户注册 (user) -step "2. 第二个用户注册 (普通 user)" -USER_REG=$(register_user "$NORMAL_USER" "$NORMAL_PASS" "$NORMAL_EMAIL") -echo "User 注册响应: $USER_REG" -check_http_code "$USER_REG" "200" -USER_LOGIN=$(login_user "$NORMAL_USER" "$NORMAL_PASS") -USER_TOKEN=$(get_token "$USER_LOGIN") -USER_ID=$(get_user_id "$USER_LOGIN") -info "User ID: $USER_ID" -check_success "普通用户注册并登录成功" - -# 3. user 可以修改自己的信息 -step "3. user 可以修改自己的信息" -USER_UPDATE=$(api_patch "/api/users/$USER_ID" '{"nickname": "My Nickname"}' "$USER_TOKEN") -echo "修改自己响应: $USER_UPDATE" -check_http_code "$USER_UPDATE" "200" -check_success "user 可以修改自己的信息" - -# 4. user 不能修改 admin 的信息 -step "4. user 不能修改 admin 的信息 (应该返回 403)" -ADMIN_UPDATE_BY_USER=$(api_patch "/api/users/$ADMIN_ID" '{"nickname": "Hacked"}' "$USER_TOKEN") || true -echo "尝试修改 admin 响应: $ADMIN_UPDATE_BY_USER" -if echo "$ADMIN_UPDATE_BY_USER" | grep -q '"code":403' || echo "$ADMIN_UPDATE_BY_USER" | grep -q '"code":404'; then - check_success "user 不能修改 admin 的信息 (权限控制生效)" -else - error "权限控制失效" - exit 1 -fi - -# 5. admin 可以修改任意用户的信息 -step "5. admin 可以修改任意用户的信息" -USER_UPDATE_BY_ADMIN=$(api_patch "/api/users/$USER_ID" '{"nickname": "Updated By Admin"}' "$ADMIN_TOKEN") -echo "Admin 修改 user 响应: $USER_UPDATE_BY_ADMIN" -check_http_code "$USER_UPDATE_BY_ADMIN" "200" -NICKNAME=$(echo "$USER_UPDATE_BY_ADMIN" | jq -r '.nickname') -if [ "$NICKNAME" == "Updated By Admin" ]; then - check_success "admin 可以修改任意用户的信息" -else - error "admin 修改失败" - exit 1 -fi - -test_end diff --git a/scripts/tests/README.md b/scripts/tests/README.md index ab67ed0..6d373ad 100644 --- a/scripts/tests/README.md +++ b/scripts/tests/README.md @@ -8,8 +8,9 @@ scripts/tests/ ├── README.md # 本说明文件 ├── lib.sh # 公共函数库 -├── 01_basic_auth.sh # 基础认证测试 -├── 02_user_permission.sh # 用户权限测试 +├── 00_none_auth.sh # 未登录访问测试 +├── 01_setup_users.sh # 用户初始化与基础认证 +├── 02_resource_perm.sh # 资源权限交叉测试 ├── 03_org_permission.sh # 组织权限测试 └── run_all.sh # 运行所有测试 ``` @@ -19,60 +20,44 @@ scripts/tests/ 1. 服务必须已启动: ```bash - go run cli/main.go -db.type=sqlite -db.dsn /tmp/vb.sqlite -p 4000 + rm /tmp/vb.sqlite && go run cli/main.go -db.type=sqlite -db.dsn /tmp/vb.sqlite -p 4000 ``` - -2. 数据库已初始化(如需要可以删除旧数据库): - +2. 手动查询后端接口列表 ```bash - rm /tmp/vb.sqlite + curl -sSf http://localhost:4000/_api.json ``` -3. 依赖工具: - - `curl` - - `jq` (JSON 解析) - ## 测试脚本说明 -### lib.sh - -公共函数库,包含: +### 00_none_auth.sh -- `check_success()` / `check_fail()` - 检查结果 -- `check_http_code()` - 检查 HTTP 状态码 -- `register_user()` - 注册用户 -- `login_user()` - 登录用户 -- `api_get()` / `api_post()` / `api_patch()` / `api_delete()` - API 请求封装 -- `create_org()` - 创建组织 -- `update_org()` - 更新组织 -- `add_org_member()` - 添加组织成员 +**测试内容**:未登录状态下访问受保护接口 +- 验证 API 是否正确拦截未携带 Token 的请求 +- 覆盖 Users, Orgs, Roles, Settings 等核心模块 -### 01_basic_auth.sh +### 01_setup_users.sh -**测试内容**:基础认证流程 +**测试内容**:用户初始化与基础功能验证 +- 注册三个核心账户:Admin, User1, User2 +- 验证注册与登录流程 +- 使用临时账户验证: + - 修改个人信息 + - 修改密码(验证旧密码失效、新密码生效) + - Token 刷新 + - 用户登出 -- 用户注册 -- 用户登录 -- 获取当前用户信息 -- 修改自己的用户信息 -- 修改密码 -- Token 刷新 -- 用户登出 +### 02_resource_perm.sh -### 02_user_permission.sh - -**测试内容**:用户级权限控制 - -- 第一个用户注册(自动成为 admin) -- 第二个用户注册(普通 user) -- user 可以修改自己的信息 -- user **不能**修改 admin 的信息 -- admin 可以修改任意用户信息 +**测试内容**:跨用户资源访问权限验证 +- 场景 1: Admin 修改任意用户信息 (允许) +- 场景 2: User1 修改自己信息 (允许) +- 场景 3: User1 修改 User2 信息 (禁止) +- 场景 4: User1 修改 Admin 信息 (禁止) +- 场景 5: User2 修改 User1 信息 (禁止) ### 03_org_permission.sh **测试内容**:组织权限控制 - - admin 创建组织 - user 不能修改他人创建的组织 - admin 邀请 user 加入组织 @@ -82,33 +67,30 @@ scripts/tests/ ### run_all.sh **功能**:运行所有测试 - - 按顺序执行所有测试脚本 - 遇到错误时停止 - 输出测试摘要 -- 统一时间戳避免冲突 +- 统一时间戳 `TEST_TIMESTAMP`,确保跨脚本的用户数据一致性 ## 使用方法 -### 运行单个测试 +### 运行所有测试 (推荐) ```bash -# 基础认证测试 cd scripts/tests -bash 01_basic_auth.sh - -# 用户权限测试 -bash 02_user_permission.sh - -# 组织权限测试 -bash 03_org_permission.sh +bash run_all.sh ``` -### 运行所有测试 +### 运行单个测试 ```bash -cd scripts/tests -bash run_all.sh +# 必须先设置时间戳以避免冲突 (可选) +export TEST_TIMESTAMP=$(date +%s) + +# 运行特定测试 +bash 00_none_auth.sh +bash 01_setup_users.sh +bash 02_resource_perm.sh ``` ## 测试环境变量 @@ -122,4 +104,4 @@ bash run_all.sh 1. 测试脚本会创建真实数据,建议在测试数据库上运行 2. 测试失败时会立即退出(`set -e`) -3. 每次运行使用不同的时间戳,避免用户名冲突 +3. `run_all.sh` 会自动导出 `TEST_TIMESTAMP`,手动运行单个脚本时建议手动设置,否则每次运行都会生成新用户。 diff --git a/scripts/tests/lib.sh b/scripts/tests/lib.sh index 2cd2c6f..9086d16 100755 --- a/scripts/tests/lib.sh +++ b/scripts/tests/lib.sh @@ -75,7 +75,17 @@ check_http_code() { code="200" else # 提取 code 字段,如果不存在则认为是 200 - code=$(echo "$response" | jq -r '.code // 200') + local json_code + json_code=$(echo "$response" | jq -r '.code // empty') + + if [ -z "$json_code" ] || [ "$json_code" = "empty" ]; then + code="200" + elif [[ "$json_code" =~ ^[0-9]+$ ]]; then + code="$json_code" + else + # code 字段存在但不是数字(可能是业务字段,如 org.code),视为成功 200 + code="200" + fi fi if [ "$code" = "$expected" ]; then diff --git a/scripts/tests/run_all.sh b/scripts/tests/run_all.sh index e2ea5ee..d901715 100755 --- a/scripts/tests/run_all.sh +++ b/scripts/tests/run_all.sh @@ -27,8 +27,9 @@ echo "" # 测试脚本列表 TESTS=( - "01_basic_auth.sh:基础认证测试" - "02_user_permission.sh:用户权限测试" + "00_none_auth.sh:未登录访问测试" + "01_setup_users.sh:用户初始化与基础认证测试" + "02_resource_perm.sh:资源权限交叉验证测试" "03_org_permission.sh:组织权限测试" )