SecurityConfigTest.java
1.28 KB
package com.xly.erp.common.config;
import static org.assertj.core.api.Assertions.assertThat;
import org.junit.jupiter.api.Test;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* REQ-USR-001 T3:BCryptPasswordEncoder Bean 行为(轻量单元,直接 new SecurityConfig 取 Bean)。
*/
class SecurityConfigTest {
@Test
void bcryptEncoderEncodesAndMatches() {
SecurityConfig config = new SecurityConfig();
PasswordEncoder encoder = config.passwordEncoder();
assertThat(encoder).isInstanceOf(BCryptPasswordEncoder.class);
String hash = encoder.encode("666666");
assertThat(hash).isNotEqualTo("666666");
assertThat(encoder.matches("666666", hash)).isTrue();
assertThat(encoder.matches("wrong", hash)).isFalse();
}
/**
* REQ-USR-004 T5:放行清单含 GET /api/usr/companies(与既有 /api/usr/login 同口径放行)。
*/
@Test
void companiesEndpointPermitted() {
assertThat(SecurityConfig.PERMIT_ALL_PATHS).contains("/api/usr/companies");
// 不删除既有放行项:/api/usr/login 仍在清单。
assertThat(SecurityConfig.PERMIT_ALL_PATHS).contains("/api/usr/login");
}
}