朱子纯 / test

Commit f15ae2f1d8499902c0d6ac7b2bec169ab5a4150e

Authored by zichun
1 parent c74ab3c0

feat(usr): auth controller + login it REQ-USR-004

Inline Side-by-side
Showing 2 changed files with 174 additions and 0 deletions
backend/src/main/java/com/xly/erp/module/usr/controller/AuthController.java 0 → 100644
  View file @f15ae2f
  1 +package com.xly.erp.module.usr.controller;
  2 +
  3 +import com.xly.erp.common.response.Result;
  4 +import com.xly.erp.module.usr.dto.LoginDTO;
  5 +import com.xly.erp.module.usr.service.UserService;
  6 +import com.xly.erp.module.usr.vo.LoginVO;
  7 +import jakarta.validation.Valid;
  8 +import org.springframework.web.bind.annotation.PostMapping;
  9 +import org.springframework.web.bind.annotation.RequestBody;
  10 +import org.springframework.web.bind.annotation.RequestMapping;
  11 +import org.springframework.web.bind.annotation.RestController;
  12 +
  13 +@RestController
  14 +@RequestMapping("/api/usr/auth")
  15 +public class AuthController {
  16 +
  17 + private final UserService userService;
  18 +
  19 + public AuthController(UserService userService) {
  20 + this.userService = userService;
  21 + }
  22 +
  23 + @PostMapping("/login")
  24 + public Result<LoginVO> login(@Valid @RequestBody LoginDTO dto) {
  25 + return Result.ok(userService.login(dto));
  26 + }
  27 +}
... ...
backend/src/test/java/com/xly/erp/module/usr/controller/AuthControllerIT.java 0 → 100644
  View file @f15ae2f
  1 +package com.xly.erp.module.usr.controller;
  2 +
  3 +import com.fasterxml.jackson.databind.JsonNode;
  4 +import com.fasterxml.jackson.databind.ObjectMapper;
  5 +import com.xly.erp.module.usr.security.LoginAttemptStore;
  6 +import org.junit.jupiter.api.AfterEach;
  7 +import org.junit.jupiter.api.BeforeEach;
  8 +import org.junit.jupiter.api.Test;
  9 +import org.springframework.beans.factory.annotation.Autowired;
  10 +import org.springframework.boot.test.context.SpringBootTest;
  11 +import org.springframework.boot.test.web.client.TestRestTemplate;
  12 +import org.springframework.boot.test.web.server.LocalServerPort;
  13 +import org.springframework.http.HttpEntity;
  14 +import org.springframework.http.HttpHeaders;
  15 +import org.springframework.http.HttpMethod;
  16 +import org.springframework.http.MediaType;
  17 +import org.springframework.http.ResponseEntity;
  18 +import org.springframework.jdbc.core.JdbcTemplate;
  19 +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  20 +import org.springframework.test.context.ActiveProfiles;
  21 +
  22 +import java.util.HashMap;
  23 +import java.util.Map;
  24 +
  25 +import static org.assertj.core.api.Assertions.assertThat;
  26 +
  27 +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
  28 +@ActiveProfiles("test")
  29 +class AuthControllerIT {
  30 +
  31 + @Autowired
  32 + private TestRestTemplate rest;
  33 +
  34 + @Autowired
  35 + private JdbcTemplate jdbcTemplate;
  36 +
  37 + @Autowired
  38 + private ObjectMapper objectMapper;
  39 +
  40 + @Autowired
  41 + private BCryptPasswordEncoder encoder;
  42 +
  43 + @Autowired
  44 + private LoginAttemptStore loginAttemptStore;
  45 +
  46 + @LocalServerPort
  47 + private int port;
  48 +
  49 + @BeforeEach
  50 + @AfterEach
  51 + void cleanup() {
  52 + jdbcTemplate.update("DELETE FROM tUser WHERE sUserNo LIKE 'sp_test_%'");
  53 + loginAttemptStore.clearFailures("sp_test_login_user");
  54 + loginAttemptStore.clearFailures("sp_test_login_lock");
  55 + }
  56 +
  57 + @Test
  58 + void loginWithValidCredentials_returns200_withTokens() throws Exception {
  59 + insertActiveUser("sp_test_login_user", "登录用户1", encoder.encode("666666"), false);
  60 +
  61 + Map<String, Object> body = new HashMap<>();
  62 + body.put("sUserName", "登录用户1");
  63 + body.put("password", "666666");
  64 + body.put("version", "标准版");
  65 +
  66 + ResponseEntity<String> resp = rest.exchange(
  67 + url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
  68 +
  69 + JsonNode jb = objectMapper.readTree(resp.getBody());
  70 + assertThat(jb.get("code").asInt()).isZero();
  71 + JsonNode data = jb.get("data");
  72 + assertThat(data.get("accessToken").asText()).isNotBlank();
  73 + assertThat(data.get("refreshToken").asText()).isNotBlank();
  74 + assertThat(data.get("expiresIn").asInt()).isEqualTo(28800);
  75 + assertThat(data.get("user").get("sUserNo").asText()).isEqualTo("sp_test_login_user");
  76 + assertThat(data.get("user").has("sPasswordHash")).isFalse();
  77 + }
  78 +
  79 + @Test
  80 + void loginWithEmptyBody_returns40001() throws Exception {
  81 + ResponseEntity<String> resp = rest.exchange(
  82 + url(), HttpMethod.POST, new HttpEntity<>("{}", jsonHeaders()), String.class);
  83 + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001);
  84 + }
  85 +
  86 + @Test
  87 + void loginWithUserNotFound_returns40101() throws Exception {
  88 + Map<String, Object> body = new HashMap<>();
  89 + body.put("sUserName", "幽灵用户");
  90 + body.put("password", "x");
  91 + body.put("version", "标准版");
  92 + ResponseEntity<String> resp = rest.exchange(
  93 + url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
  94 + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40101);
  95 + }
  96 +
  97 + @Test
  98 + void loginWithWrongPassword_returns40101() throws Exception {
  99 + insertActiveUser("sp_test_login_user", "登录用户1", encoder.encode("666666"), false);
  100 +
  101 + Map<String, Object> body = new HashMap<>();
  102 + body.put("sUserName", "登录用户1");
  103 + body.put("password", "wrong");
  104 + body.put("version", "标准版");
  105 +
  106 + ResponseEntity<String> resp = rest.exchange(
  107 + url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
  108 + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40101);
  109 + }
  110 +
  111 + @Test
  112 + void loginAfter5WrongPasswords_returns42301() throws Exception {
  113 + insertActiveUser("sp_test_login_lock", "锁定用户", encoder.encode("666666"), false);
  114 +
  115 + Map<String, Object> body = new HashMap<>();
  116 + body.put("sUserName", "锁定用户");
  117 + body.put("password", "wrong");
  118 + body.put("version", "标准版");
  119 +
  120 + for (int i = 0; i < LoginAttemptStore.MAX_ATTEMPTS - 1; i++) {
  121 + rest.exchange(url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
  122 + }
  123 + ResponseEntity<String> resp = rest.exchange(
  124 + url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
  125 + assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(42301);
  126 +
  127 + loginAttemptStore.clearFailures("锁定用户");
  128 + }
  129 +
  130 + private void insertActiveUser(String userNo, String userName, String passwordHash, boolean deleted) {
  131 + jdbcTemplate.update(
  132 + "INSERT INTO tUser (sBrandsId, sSubsidiaryId, tCreateDate, sUserNo, sUserName, "
  133 + + "sUserType, sLanguage, bCanModifyDocs, sPasswordHash, sCreatedBy, bDeleted) "
  134 + + "VALUES ('XLY','XLY', NOW(), ?, ?, '普通用户', 'zh', 0, ?, 'STUB_ADMIN', ?)",
  135 + userNo, userName, passwordHash, deleted ? 1 : 0);
  136 + }
  137 +
  138 + private static HttpHeaders jsonHeaders() {
  139 + HttpHeaders h = new HttpHeaders();
  140 + h.setContentType(MediaType.APPLICATION_JSON);
  141 + return h;
  142 + }
  143 +
  144 + private String url() {
  145 + return "http://localhost:" + port + "/api/usr/auth/login";
  146 + }
  147 +}
... ...