From 33adcfb8c4f0f57383b12589dbe8281a05f6bf0e Mon Sep 17 00:00:00 2001 From: zichun Date: Thu, 30 Apr 2026 10:52:26 +0800 Subject: [PATCH] test(usr): user create integration coverage REQ-USR-001 --- backend/src/main/java/com/xly/erp/common/config/PasswordEncoderConfig.java | 14 ++++++++++++++ backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java | 6 ------ backend/src/main/java/com/xly/erp/module/usr/controller/UserController.java | 28 ++++++++++++++++++++++++++++ backend/src/test/java/com/xly/erp/module/usr/controller/UserControllerIT.java | 236 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 278 insertions(+), 6 deletions(-) create mode 100644 backend/src/main/java/com/xly/erp/common/config/PasswordEncoderConfig.java create mode 100644 backend/src/main/java/com/xly/erp/module/usr/controller/UserController.java create mode 100644 backend/src/test/java/com/xly/erp/module/usr/controller/UserControllerIT.java diff --git a/backend/src/main/java/com/xly/erp/common/config/PasswordEncoderConfig.java b/backend/src/main/java/com/xly/erp/common/config/PasswordEncoderConfig.java new file mode 100644 index 0000000..566d95d --- /dev/null +++ b/backend/src/main/java/com/xly/erp/common/config/PasswordEncoderConfig.java @@ -0,0 +1,14 @@ +package com.xly.erp.common.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; + +@Configuration +public class PasswordEncoderConfig { + + @Bean + public BCryptPasswordEncoder bCryptPasswordEncoder() { + return new BCryptPasswordEncoder(); + } +} diff --git a/backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java b/backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java index 87ff6c5..fa6bb7f 100644 --- a/backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java +++ b/backend/src/main/java/com/xly/erp/common/security/SecurityConfig.java @@ -5,7 +5,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @@ -32,9 +31,4 @@ public class SecurityConfig { .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); } - - @Bean - public BCryptPasswordEncoder bCryptPasswordEncoder() { - return new BCryptPasswordEncoder(); - } } diff --git a/backend/src/main/java/com/xly/erp/module/usr/controller/UserController.java b/backend/src/main/java/com/xly/erp/module/usr/controller/UserController.java new file mode 100644 index 0000000..1a81a76 --- /dev/null +++ b/backend/src/main/java/com/xly/erp/module/usr/controller/UserController.java @@ -0,0 +1,28 @@ +package com.xly.erp.module.usr.controller; + +import com.xly.erp.common.response.Result; +import com.xly.erp.module.usr.dto.CreateUserDTO; +import com.xly.erp.module.usr.service.UserService; +import jakarta.validation.Valid; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.util.Map; + +@RestController +@RequestMapping("/api/usr") +public class UserController { + + private final UserService userService; + + public UserController(UserService userService) { + this.userService = userService; + } + + @PostMapping("/users") + public Result> create(@Valid @RequestBody CreateUserDTO dto) { + return Result.ok(userService.create(dto)); + } +} diff --git a/backend/src/test/java/com/xly/erp/module/usr/controller/UserControllerIT.java b/backend/src/test/java/com/xly/erp/module/usr/controller/UserControllerIT.java new file mode 100644 index 0000000..8db04a2 --- /dev/null +++ b/backend/src/test/java/com/xly/erp/module/usr/controller/UserControllerIT.java @@ -0,0 +1,236 @@ +package com.xly.erp.module.usr.controller; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.xly.erp.common.security.TestJwtHelper; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.boot.test.web.server.LocalServerPort; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.test.context.ActiveProfiles; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; + +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) +@ActiveProfiles("test") +class UserControllerIT { + + @Autowired + private TestRestTemplate rest; + + @Autowired + private TestJwtHelper testJwtHelper; + + @Autowired + private JdbcTemplate jdbcTemplate; + + @Autowired + private ObjectMapper objectMapper; + + @LocalServerPort + private int port; + + @BeforeEach + @AfterEach + void cleanup() { + jdbcTemplate.update("DELETE FROM tUserPermission WHERE iUserId IN " + + "(SELECT iIncrement FROM tUser WHERE sUserNo LIKE 'sp_test_%')"); + jdbcTemplate.update("DELETE FROM tUser WHERE sUserNo LIKE 'sp_test_%'"); + jdbcTemplate.update("DELETE FROM tStaff WHERE sStaffNo LIKE 'sp_test_%'"); + jdbcTemplate.update("DELETE FROM tPermissionCategory WHERE sCategoryCode LIKE 'sp_test_%'"); + } + + @Test + void postValidBody_with_jwt_returns200_andPersists() throws Exception { + Integer staffId = insertStaff("sp_test_st1", "员工1"); + Integer cat1 = insertCategory("sp_test_pc1", "权限A"); + Integer cat2 = insertCategory("sp_test_pc2", "权限B"); + + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + Map body = baseBody("sp_test_u_ok", "正常用户"); + body.put("iStaffId", staffId); + body.put("permissionCategoryIds", List.of(cat1, cat2)); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + JsonNode jb = objectMapper.readTree(resp.getBody()); + assertThat(jb.get("code").asInt()).isZero(); + int newId = jb.get("data").get("iIncrement").asInt(); + assertThat(jb.get("data").get("sUserNo").asText()).isEqualTo("sp_test_u_ok"); + + Map row = jdbcTemplate.queryForMap( + "SELECT sBrandsId, sCreatedBy, sUserType FROM tUser WHERE iIncrement = ?", newId); + assertThat(row.get("sBrandsId")).isEqualTo("XLY"); + assertThat(row.get("sCreatedBy")).isEqualTo("ADMIN001"); + Integer permCount = jdbcTemplate.queryForObject( + "SELECT COUNT(1) FROM tUserPermission WHERE iUserId = ?", Integer.class, newId); + assertThat(permCount).isEqualTo(2); + } + + @Test + void postEmptyBody_returns40001() throws Exception { + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>("{}", headers), String.class); + + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001); + } + + @Test + void postInvalidUserType_returns40001() throws Exception { + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + Map body = baseBody("sp_test_u_invtype", "枚举"); + body.put("sUserType", "火星"); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001); + } + + @Test + void postInvalidLanguage_returns40001() throws Exception { + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + Map body = baseBody("sp_test_u_invlang", "枚举"); + body.put("sLanguage", "ja"); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001); + } + + @Test + void postDuplicateUserNo_returns40020() throws Exception { + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + Map first = baseBody("sp_test_u_dup", "首次"); + ResponseEntity r1 = rest.exchange(url(), HttpMethod.POST, new HttpEntity<>(first, headers), String.class); + assertThat(objectMapper.readTree(r1.getBody()).get("code").asInt()).isZero(); + + Map dup = baseBody("sp_test_u_dup", "重复"); + dup.put("sUserName", "sp_test_u_dup_other"); + ResponseEntity r2 = rest.exchange(url(), HttpMethod.POST, new HttpEntity<>(dup, headers), String.class); + assertThat(objectMapper.readTree(r2.getBody()).get("code").asInt()).isEqualTo(40020); + } + + @Test + void postStaffNotFound_returns40022() throws Exception { + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + Map body = baseBody("sp_test_u_nostaff", "缺职员"); + body.put("iStaffId", 99999990); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40022); + } + + @Test + void postPermissionCategoryNotFound_returns40023() throws Exception { + String token = testJwtHelper.signFor("ADMIN001"); + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer " + token); + Map body = baseBody("sp_test_u_nocat", "缺权限"); + body.put("permissionCategoryIds", List.of(99999991)); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40023); + } + + @Test + void postWithoutJwt_permitAllStub_returns200_andCreatedBySTUBADMIN() throws Exception { + HttpHeaders headers = jsonHeaders(); + Map body = baseBody("sp_test_u_nojwt", "无JWT"); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + JsonNode jb = objectMapper.readTree(resp.getBody()); + assertThat(jb.get("code").asInt()).isZero(); + int newId = jb.get("data").get("iIncrement").asInt(); + String createdBy = jdbcTemplate.queryForObject( + "SELECT sCreatedBy FROM tUser WHERE iIncrement = ?", String.class, newId); + assertThat(createdBy).isEqualTo("STUB_ADMIN"); + } + + @Test + void postTamperedJwt_returns20001() throws Exception { + HttpHeaders headers = jsonHeaders(); + headers.set("Authorization", "Bearer not.a.real.jwt"); + Map body = baseBody("sp_test_u_tamper", "伪JWT"); + + ResponseEntity resp = rest.exchange( + url(), HttpMethod.POST, new HttpEntity<>(body, headers), String.class); + + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(20001); + Integer count = jdbcTemplate.queryForObject( + "SELECT COUNT(1) FROM tUser WHERE sUserNo = 'sp_test_u_tamper'", Integer.class); + assertThat(count).isZero(); + } + + private Integer insertStaff(String staffNo, String name) { + jdbcTemplate.update( + "INSERT INTO tStaff (sBrandsId, sSubsidiaryId, tCreateDate, sStaffNo, sStaffName, sCreatedBy, bDeleted) " + + "VALUES ('XLY','XLY', NOW(), ?, ?, 'STUB_ADMIN', 0)", staffNo, name); + return jdbcTemplate.queryForObject( + "SELECT iIncrement FROM tStaff WHERE sStaffNo = ?", Integer.class, staffNo); + } + + private Integer insertCategory(String code, String name) { + jdbcTemplate.update( + "INSERT INTO tPermissionCategory (sBrandsId, sSubsidiaryId, tCreateDate, sCategoryCode, sCategoryName, " + + "iSortOrder, sCreatedBy, bDeleted) " + + "VALUES ('XLY','XLY', NOW(), ?, ?, 0, 'STUB_ADMIN', 0)", code, name); + return jdbcTemplate.queryForObject( + "SELECT iIncrement FROM tPermissionCategory WHERE sCategoryCode = ?", Integer.class, code); + } + + private static Map baseBody(String userNo, String userName) { + Map m = new HashMap<>(); + m.put("sUserNo", userNo); + m.put("sUserName", userName); + m.put("sUserType", "普通用户"); + m.put("sLanguage", "zh"); + m.put("bCanModifyDocs", false); + return m; + } + + private static HttpHeaders jsonHeaders() { + HttpHeaders h = new HttpHeaders(); + h.setContentType(MediaType.APPLICATION_JSON); + return h; + } + + private String url() { + return "http://localhost:" + port + "/api/usr/users"; + } +} -- libgit2 0.22.2