mirror of https://github.com/veypi/OneAuth.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
104 lines
3.3 KiB
Bash
104 lines
3.3 KiB
Bash
#!/bin/bash
|
|
#
|
|
# 组织权限测试
|
|
# 测试内容:
|
|
# - admin 创建组织
|
|
# - user 不能修改他人的组织
|
|
# - admin 邀请 user 加入组织
|
|
# - 普通成员不能修改组织信息
|
|
#
|
|
|
|
set -e
|
|
|
|
# 加载公共库
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
source "$SCRIPT_DIR/lib.sh"
|
|
|
|
# 测试用户
|
|
ADMIN_USER="org_admin_$TEST_TIMESTAMP"
|
|
ADMIN_PASS="admin123"
|
|
ADMIN_EMAIL="$ADMIN_USER@test.com"
|
|
|
|
NORMAL_USER="org_member_$TEST_TIMESTAMP"
|
|
NORMAL_PASS="user123"
|
|
NORMAL_EMAIL="$NORMAL_USER@test.com"
|
|
|
|
ORG_CODE="test_org_$TEST_TIMESTAMP"
|
|
ORG_NAME="Test Organization"
|
|
|
|
test_start "组织权限测试"
|
|
|
|
# 检查服务
|
|
check_service
|
|
|
|
# 1. 创建 admin 用户
|
|
step "1. 创建 admin 用户"
|
|
ADMIN_REG=$(register_user "$ADMIN_USER" "$ADMIN_PASS" "$ADMIN_EMAIL")
|
|
ADMIN_LOGIN=$(login_user "$ADMIN_USER" "$ADMIN_PASS")
|
|
ADMIN_TOKEN=$(get_token "$ADMIN_LOGIN")
|
|
ADMIN_ID=$(get_user_id "$ADMIN_LOGIN")
|
|
info "Admin ID: $ADMIN_ID"
|
|
check_success "admin 用户创建成功"
|
|
|
|
# 2. 创建普通用户
|
|
step "2. 创建普通用户"
|
|
USER_REG=$(register_user "$NORMAL_USER" "$NORMAL_PASS" "$NORMAL_EMAIL")
|
|
USER_LOGIN=$(login_user "$NORMAL_USER" "$NORMAL_PASS")
|
|
USER_TOKEN=$(get_token "$USER_LOGIN")
|
|
USER_ID=$(get_user_id "$USER_LOGIN")
|
|
info "User ID: $USER_ID"
|
|
check_success "普通用户创建成功"
|
|
|
|
# 3. admin 创建组织
|
|
step "3. admin 创建组织"
|
|
ORG_RES=$(create_org "$ADMIN_TOKEN" "$ORG_CODE" "$ORG_NAME" "Test Description")
|
|
echo "创建组织响应: $ORG_RES"
|
|
check_http_code "$ORG_RES" "200"
|
|
ORG_ID=$(echo "$ORG_RES" | jq -r '.id')
|
|
info "Org ID: $ORG_ID"
|
|
check_success "admin 创建组织成功"
|
|
|
|
# 4. user 不能修改他人的组织
|
|
step "4. user 不能修改他人的组织 (应该返回 403)"
|
|
USER_UPDATE_ORG=$(update_org "$USER_TOKEN" "$ORG_ID" '{"name": "Hacked Name"}') || true
|
|
echo "user 尝试修改组织响应: $USER_UPDATE_ORG"
|
|
if echo "$USER_UPDATE_ORG" | grep -q '"code":403' || echo "$USER_UPDATE_ORG" | grep -q '"code":404'; then
|
|
check_success "user 不能修改他人的组织 (权限控制生效)"
|
|
else
|
|
error "权限控制失效"
|
|
exit 1
|
|
fi
|
|
|
|
# 5. admin 邀请 user 加入组织
|
|
step "5. admin 邀请 user 加入组织 (作为普通成员)"
|
|
ADD_MEMBER_RES=$(add_org_member "$ADMIN_TOKEN" "$ORG_ID" "$USER_ID" "member")
|
|
echo "添加成员响应: $ADD_MEMBER_RES"
|
|
check_http_code "$ADD_MEMBER_RES" "200"
|
|
check_success "admin 邀请 user 加入组织成功"
|
|
|
|
# 6. 普通成员不能修改组织信息
|
|
step "6. 普通成员不能修改组织信息 (应该返回 403)"
|
|
MEMBER_UPDATE_ORG=$(update_org "$USER_TOKEN" "$ORG_ID" '{"name": "Member Hacked"}') || true
|
|
echo "普通成员尝试修改组织响应: $MEMBER_UPDATE_ORG"
|
|
if echo "$MEMBER_UPDATE_ORG" | grep -q '"code":403' || echo "$MEMBER_UPDATE_ORG" | grep -q '"code":404'; then
|
|
check_success "普通成员不能修改组织 (权限控制生效)"
|
|
else
|
|
error "权限控制失效"
|
|
exit 1
|
|
fi
|
|
|
|
# 7. admin 可以修改组织
|
|
step "7. admin 可以修改组织"
|
|
ADMIN_UPDATE_ORG=$(update_org "$ADMIN_TOKEN" "$ORG_ID" '{"name": "Updated By Admin"}')
|
|
echo "admin 修改组织响应: $ADMIN_UPDATE_ORG"
|
|
check_http_code "$ADMIN_UPDATE_ORG" "200"
|
|
UPDATED_NAME=$(echo "$ADMIN_UPDATE_ORG" | jq -r '.name')
|
|
if [ "$UPDATED_NAME" == "Updated By Admin" ]; then
|
|
check_success "admin 可以修改组织"
|
|
else
|
|
error "admin 修改组织失败"
|
|
exit 1
|
|
fi
|
|
|
|
test_end
|