feat(usr): auth controller + login it REQ-USR-004 (f15ae2f1) | Commits | 朱子纯 / test

Browse Code »

Commit f15ae2f1d8499902c0d6ac7b2bec169ab5a4150e

Authored by zichun 2026-04-30 14:54:25 +0800

1 parent c74ab3c0

feat(usr): auth controller + login it REQ-USR-004

Inline Side-by-side

Showing 2 changed files with 174 additions and 0 deletions

backend/src/main/java/com/xly/erp/module/usr/controller/AuthController.java 0 → 100644

View file @f15ae2f

		1	+package com.xly.erp.module.usr.controller;
		2	+
		3	+import com.xly.erp.common.response.Result;
		4	+import com.xly.erp.module.usr.dto.LoginDTO;
		5	+import com.xly.erp.module.usr.service.UserService;
		6	+import com.xly.erp.module.usr.vo.LoginVO;
		7	+import jakarta.validation.Valid;
		8	+import org.springframework.web.bind.annotation.PostMapping;
		9	+import org.springframework.web.bind.annotation.RequestBody;
		10	+import org.springframework.web.bind.annotation.RequestMapping;
		11	+import org.springframework.web.bind.annotation.RestController;
		12	+
		13	+@RestController
		14	+@RequestMapping("/api/usr/auth")
		15	+public class AuthController {
		16	+
		17	+ private final UserService userService;
		18	+
		19	+ public AuthController(UserService userService) {
		20	+ this.userService = userService;
		21	+ }
		22	+
		23	+ @PostMapping("/login")
		24	+ public Result<LoginVO> login(@Valid @RequestBody LoginDTO dto) {
		25	+ return Result.ok(userService.login(dto));
		26	+ }
		27	+}

backend/src/test/java/com/xly/erp/module/usr/controller/AuthControllerIT.java 0 → 100644

View file @f15ae2f

		1	+package com.xly.erp.module.usr.controller;
		2	+
		3	+import com.fasterxml.jackson.databind.JsonNode;
		4	+import com.fasterxml.jackson.databind.ObjectMapper;
		5	+import com.xly.erp.module.usr.security.LoginAttemptStore;
		6	+import org.junit.jupiter.api.AfterEach;
		7	+import org.junit.jupiter.api.BeforeEach;
		8	+import org.junit.jupiter.api.Test;
		9	+import org.springframework.beans.factory.annotation.Autowired;
		10	+import org.springframework.boot.test.context.SpringBootTest;
		11	+import org.springframework.boot.test.web.client.TestRestTemplate;
		12	+import org.springframework.boot.test.web.server.LocalServerPort;
		13	+import org.springframework.http.HttpEntity;
		14	+import org.springframework.http.HttpHeaders;
		15	+import org.springframework.http.HttpMethod;
		16	+import org.springframework.http.MediaType;
		17	+import org.springframework.http.ResponseEntity;
		18	+import org.springframework.jdbc.core.JdbcTemplate;
		19	+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
		20	+import org.springframework.test.context.ActiveProfiles;
		21	+
		22	+import java.util.HashMap;
		23	+import java.util.Map;
		24	+
		25	+import static org.assertj.core.api.Assertions.assertThat;
		26	+
		27	+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
		28	+@ActiveProfiles("test")
		29	+class AuthControllerIT {
		30	+
		31	+ @Autowired
		32	+ private TestRestTemplate rest;
		33	+
		34	+ @Autowired
		35	+ private JdbcTemplate jdbcTemplate;
		36	+
		37	+ @Autowired
		38	+ private ObjectMapper objectMapper;
		39	+
		40	+ @Autowired
		41	+ private BCryptPasswordEncoder encoder;
		42	+
		43	+ @Autowired
		44	+ private LoginAttemptStore loginAttemptStore;
		45	+
		46	+ @LocalServerPort
		47	+ private int port;
		48	+
		49	+ @BeforeEach
		50	+ @AfterEach
		51	+ void cleanup() {
		52	+ jdbcTemplate.update("DELETE FROM tUser WHERE sUserNo LIKE 'sp_test_%'");
		53	+ loginAttemptStore.clearFailures("sp_test_login_user");
		54	+ loginAttemptStore.clearFailures("sp_test_login_lock");
		55	+ }
		56	+
		57	+ @Test
		58	+ void loginWithValidCredentials_returns200_withTokens() throws Exception {
		59	+ insertActiveUser("sp_test_login_user", "登录用户1", encoder.encode("666666"), false);
		60	+
		61	+ Map<String, Object> body = new HashMap<>();
		62	+ body.put("sUserName", "登录用户1");
		63	+ body.put("password", "666666");
		64	+ body.put("version", "标准版");
		65	+
		66	+ ResponseEntity<String> resp = rest.exchange(
		67	+ url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
		68	+
		69	+ JsonNode jb = objectMapper.readTree(resp.getBody());
		70	+ assertThat(jb.get("code").asInt()).isZero();
		71	+ JsonNode data = jb.get("data");
		72	+ assertThat(data.get("accessToken").asText()).isNotBlank();
		73	+ assertThat(data.get("refreshToken").asText()).isNotBlank();
		74	+ assertThat(data.get("expiresIn").asInt()).isEqualTo(28800);
		75	+ assertThat(data.get("user").get("sUserNo").asText()).isEqualTo("sp_test_login_user");
		76	+ assertThat(data.get("user").has("sPasswordHash")).isFalse();
		77	+ }
		78	+
		79	+ @Test
		80	+ void loginWithEmptyBody_returns40001() throws Exception {
		81	+ ResponseEntity<String> resp = rest.exchange(
		82	+ url(), HttpMethod.POST, new HttpEntity<>("{}", jsonHeaders()), String.class);
		83	+ assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40001);
		84	+ }
		85	+
		86	+ @Test
		87	+ void loginWithUserNotFound_returns40101() throws Exception {
		88	+ Map<String, Object> body = new HashMap<>();
		89	+ body.put("sUserName", "幽灵用户");
		90	+ body.put("password", "x");
		91	+ body.put("version", "标准版");
		92	+ ResponseEntity<String> resp = rest.exchange(
		93	+ url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
		94	+ assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40101);
		95	+ }
		96	+
		97	+ @Test
		98	+ void loginWithWrongPassword_returns40101() throws Exception {
		99	+ insertActiveUser("sp_test_login_user", "登录用户1", encoder.encode("666666"), false);
		100	+
		101	+ Map<String, Object> body = new HashMap<>();
		102	+ body.put("sUserName", "登录用户1");
		103	+ body.put("password", "wrong");
		104	+ body.put("version", "标准版");
		105	+
		106	+ ResponseEntity<String> resp = rest.exchange(
		107	+ url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
		108	+ assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(40101);
		109	+ }
		110	+
		111	+ @Test
		112	+ void loginAfter5WrongPasswords_returns42301() throws Exception {
		113	+ insertActiveUser("sp_test_login_lock", "锁定用户", encoder.encode("666666"), false);
		114	+
		115	+ Map<String, Object> body = new HashMap<>();
		116	+ body.put("sUserName", "锁定用户");
		117	+ body.put("password", "wrong");
		118	+ body.put("version", "标准版");
		119	+
		120	+ for (int i = 0; i < LoginAttemptStore.MAX_ATTEMPTS - 1; i++) {
		121	+ rest.exchange(url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
		122	+ }
		123	+ ResponseEntity<String> resp = rest.exchange(
		124	+ url(), HttpMethod.POST, new HttpEntity<>(body, jsonHeaders()), String.class);
		125	+ assertThat(objectMapper.readTree(resp.getBody()).get("code").asInt()).isEqualTo(42301);
		126	+
		127	+ loginAttemptStore.clearFailures("锁定用户");
		128	+ }
		129	+
		130	+ private void insertActiveUser(String userNo, String userName, String passwordHash, boolean deleted) {
		131	+ jdbcTemplate.update(
		132	+ "INSERT INTO tUser (sBrandsId, sSubsidiaryId, tCreateDate, sUserNo, sUserName, "
		133	+ + "sUserType, sLanguage, bCanModifyDocs, sPasswordHash, sCreatedBy, bDeleted) "
		134	+ + "VALUES ('XLY','XLY', NOW(), ?, ?, '普通用户', 'zh', 0, ?, 'STUB_ADMIN', ?)",
		135	+ userNo, userName, passwordHash, deleted ? 1 : 0);
		136	+ }
		137	+
		138	+ private static HttpHeaders jsonHeaders() {
		139	+ HttpHeaders h = new HttpHeaders();
		140	+ h.setContentType(MediaType.APPLICATION_JSON);
		141	+ return h;
		142	+ }
		143	+
		144	+ private String url() {
		145	+ return "http://localhost:" + port + "/api/usr/auth/login";
		146	+ }
		147	+}