mirror of https://github.com/veypi/OneAuth.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 lines
2.7 KiB
Bash
85 lines
2.7 KiB
Bash
#!/bin/bash
|
|
#
|
|
# 用户权限测试
|
|
# 测试内容:
|
|
# - 第一个用户注册为 admin
|
|
# - 第二个用户注册为 user
|
|
# - user 可以修改自己的信息
|
|
# - user 不能修改 admin 的信息
|
|
#
|
|
|
|
set -e
|
|
|
|
# 加载公共库
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
source "$SCRIPT_DIR/lib.sh"
|
|
|
|
# 测试用户
|
|
ADMIN_USER="admin_user_$TEST_TIMESTAMP"
|
|
ADMIN_PASS="admin123"
|
|
ADMIN_EMAIL="$ADMIN_USER@test.com"
|
|
|
|
NORMAL_USER="normal_user_$TEST_TIMESTAMP"
|
|
NORMAL_PASS="user123"
|
|
NORMAL_EMAIL="$NORMAL_USER@test.com"
|
|
|
|
test_start "用户权限测试"
|
|
|
|
# 检查服务
|
|
check_service
|
|
|
|
# 1. 第一个用户注册 (admin)
|
|
step "1. 第一个用户注册 (自动成为 admin)"
|
|
ADMIN_REG=$(register_user "$ADMIN_USER" "$ADMIN_PASS" "$ADMIN_EMAIL")
|
|
echo "Admin 注册响应: $ADMIN_REG"
|
|
check_http_code "$ADMIN_REG" "200"
|
|
ADMIN_LOGIN=$(login_user "$ADMIN_USER" "$ADMIN_PASS")
|
|
ADMIN_TOKEN=$(get_token "$ADMIN_LOGIN")
|
|
ADMIN_ID=$(get_user_id "$ADMIN_LOGIN")
|
|
info "Admin ID: $ADMIN_ID"
|
|
check_success "Admin 注册并登录成功"
|
|
|
|
# 2. 第二个用户注册 (user)
|
|
step "2. 第二个用户注册 (普通 user)"
|
|
USER_REG=$(register_user "$NORMAL_USER" "$NORMAL_PASS" "$NORMAL_EMAIL")
|
|
echo "User 注册响应: $USER_REG"
|
|
check_http_code "$USER_REG" "200"
|
|
USER_LOGIN=$(login_user "$NORMAL_USER" "$NORMAL_PASS")
|
|
USER_TOKEN=$(get_token "$USER_LOGIN")
|
|
USER_ID=$(get_user_id "$USER_LOGIN")
|
|
info "User ID: $USER_ID"
|
|
check_success "普通用户注册并登录成功"
|
|
|
|
# 3. user 可以修改自己的信息
|
|
step "3. user 可以修改自己的信息"
|
|
USER_UPDATE=$(api_patch "/api/users/$USER_ID" '{"nickname": "My Nickname"}' "$USER_TOKEN")
|
|
echo "修改自己响应: $USER_UPDATE"
|
|
check_http_code "$USER_UPDATE" "200"
|
|
check_success "user 可以修改自己的信息"
|
|
|
|
# 4. user 不能修改 admin 的信息
|
|
step "4. user 不能修改 admin 的信息 (应该返回 403)"
|
|
ADMIN_UPDATE_BY_USER=$(api_patch "/api/users/$ADMIN_ID" '{"nickname": "Hacked"}' "$USER_TOKEN") || true
|
|
echo "尝试修改 admin 响应: $ADMIN_UPDATE_BY_USER"
|
|
if echo "$ADMIN_UPDATE_BY_USER" | grep -q '"code":403' || echo "$ADMIN_UPDATE_BY_USER" | grep -q '"code":404'; then
|
|
check_success "user 不能修改 admin 的信息 (权限控制生效)"
|
|
else
|
|
error "权限控制失效"
|
|
exit 1
|
|
fi
|
|
|
|
# 5. admin 可以修改任意用户的信息
|
|
step "5. admin 可以修改任意用户的信息"
|
|
USER_UPDATE_BY_ADMIN=$(api_patch "/api/users/$USER_ID" '{"nickname": "Updated By Admin"}' "$ADMIN_TOKEN")
|
|
echo "Admin 修改 user 响应: $USER_UPDATE_BY_ADMIN"
|
|
check_http_code "$USER_UPDATE_BY_ADMIN" "200"
|
|
NICKNAME=$(echo "$USER_UPDATE_BY_ADMIN" | jq -r '.nickname')
|
|
if [ "$NICKNAME" == "Updated By Admin" ]; then
|
|
check_success "admin 可以修改任意用户的信息"
|
|
else
|
|
error "admin 修改失败"
|
|
exit 1
|
|
fi
|
|
|
|
test_end
|