long-agent
5ca3633be4
后端: - 新增全局设备管理 API(DeviceHandler.GetAllDevices) - 新增登录日志导出功能(LogHandler.ExportLoginLogs, CSV/XLSX) - 新增设置服务(SettingsService)和设置页面 API - 设备管理支持多条件筛选(状态/信任状态/关键词) - 登录日志支持流式导出防 OOM - 操作日志支持按方法/时间范围搜索 - 主题配置服务(ThemeService) - 增强监控健康检查(Prometheus metrics + SLO) - 移除旧 ratelimit.go(已迁移至 robustness) - 修复 SocialAccount NULL 扫描问题 - 新增 API 契约测试、Handler 测试、Settings 测试 前端: - 新增管理员设备管理页面(DevicesPage) - 新增管理员登录日志导出功能 - 新增系统设置页面(SettingsPage) - 设备管理支持筛选和分页 - 增强 HTTP 响应类型 测试: - 业务逻辑测试 68 个(含并发 CONC_001~003) - 规模测试 16 个(P99 百分位统计) - E2E 测试、集成测试、契约测试 - 性能基准测试、鲁棒性测试 全面测试通过(38 个测试包)
536 lines
13 KiB
Go
536 lines
13 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
// =============================================================================
|
|
// Auth Service Unit Tests
|
|
// =============================================================================
|
|
|
|
func TestPasswordStrength(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
password string
|
|
wantInfo PasswordStrengthInfo
|
|
}{
|
|
{
|
|
name: "empty_password",
|
|
password: "",
|
|
wantInfo: PasswordStrengthInfo{Score: 0, Length: 0, HasUpper: false, HasLower: false, HasDigit: false, HasSpecial: false},
|
|
},
|
|
{
|
|
name: "lowercase_only",
|
|
password: "abcdefgh",
|
|
wantInfo: PasswordStrengthInfo{Score: 1, Length: 8, HasUpper: false, HasLower: true, HasDigit: false, HasSpecial: false},
|
|
},
|
|
{
|
|
name: "uppercase_only",
|
|
password: "ABCDEFGH",
|
|
wantInfo: PasswordStrengthInfo{Score: 1, Length: 8, HasUpper: true, HasLower: false, HasDigit: false, HasSpecial: false},
|
|
},
|
|
{
|
|
name: "digits_only",
|
|
password: "12345678",
|
|
wantInfo: PasswordStrengthInfo{Score: 1, Length: 8, HasUpper: false, HasLower: false, HasDigit: true, HasSpecial: false},
|
|
},
|
|
{
|
|
name: "mixed_case_with_digits",
|
|
password: "Abcd1234",
|
|
wantInfo: PasswordStrengthInfo{Score: 3, Length: 8, HasUpper: true, HasLower: true, HasDigit: true, HasSpecial: false},
|
|
},
|
|
{
|
|
name: "mixed_with_special",
|
|
password: "Abcd1234!",
|
|
wantInfo: PasswordStrengthInfo{Score: 4, Length: 9, HasUpper: true, HasLower: true, HasDigit: true, HasSpecial: true},
|
|
},
|
|
{
|
|
name: "chinese_characters",
|
|
password: "密码123456",
|
|
wantInfo: PasswordStrengthInfo{Score: 1, Length: 8, HasUpper: false, HasLower: false, HasDigit: true, HasSpecial: false},
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
info := GetPasswordStrength(tt.password)
|
|
if info.Score != tt.wantInfo.Score {
|
|
t.Errorf("Score: got %d, want %d", info.Score, tt.wantInfo.Score)
|
|
}
|
|
if info.Length != tt.wantInfo.Length {
|
|
t.Errorf("Length: got %d, want %d", info.Length, tt.wantInfo.Length)
|
|
}
|
|
if info.HasUpper != tt.wantInfo.HasUpper {
|
|
t.Errorf("HasUpper: got %v, want %v", info.HasUpper, tt.wantInfo.HasUpper)
|
|
}
|
|
if info.HasLower != tt.wantInfo.HasLower {
|
|
t.Errorf("HasLower: got %v, want %v", info.HasLower, tt.wantInfo.HasLower)
|
|
}
|
|
if info.HasDigit != tt.wantInfo.HasDigit {
|
|
t.Errorf("HasDigit: got %v, want %v", info.HasDigit, tt.wantInfo.HasDigit)
|
|
}
|
|
if info.HasSpecial != tt.wantInfo.HasSpecial {
|
|
t.Errorf("HasSpecial: got %v, want %v", info.HasSpecial, tt.wantInfo.HasSpecial)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestValidatePasswordStrength(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
password string
|
|
minLength int
|
|
strict bool
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "valid_password_strict",
|
|
password: "Abcd1234!",
|
|
minLength: 8,
|
|
strict: true,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "too_short",
|
|
password: "Ab1!",
|
|
minLength: 8,
|
|
strict: false,
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "weak_password",
|
|
password: "abcdefgh",
|
|
minLength: 8,
|
|
strict: false,
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "strict_missing_uppercase",
|
|
password: "abcd1234!",
|
|
minLength: 8,
|
|
strict: true,
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "strict_missing_lowercase",
|
|
password: "ABCD1234!",
|
|
minLength: 8,
|
|
strict: true,
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "strict_missing_digit",
|
|
password: "Abcdefgh!",
|
|
minLength: 8,
|
|
strict: true,
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "valid_weak_password_non_strict",
|
|
password: "Abcd1234",
|
|
minLength: 8,
|
|
strict: false,
|
|
wantErr: false,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := validatePasswordStrength(tt.password, tt.minLength, tt.strict)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("validatePasswordStrength() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestSanitizeUsername(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input string
|
|
want string
|
|
}{
|
|
{
|
|
name: "normal_username",
|
|
input: "john_doe",
|
|
want: "john_doe",
|
|
},
|
|
{
|
|
name: "username_with_spaces",
|
|
input: "john doe",
|
|
want: "john_doe",
|
|
},
|
|
{
|
|
name: "username_with_uppercase",
|
|
input: "JohnDoe",
|
|
want: "johndoe",
|
|
},
|
|
{
|
|
name: "username_with_special_chars",
|
|
input: "john@doe",
|
|
want: "johndoe",
|
|
},
|
|
{
|
|
name: "empty_username",
|
|
input: "",
|
|
want: "user",
|
|
},
|
|
{
|
|
name: "whitespace_only",
|
|
input: " ",
|
|
want: "user",
|
|
},
|
|
{
|
|
name: "username_with_emoji",
|
|
input: "john😀doe",
|
|
want: "johndoe", // emoji is filtered out as it's not letter/digit/./-/_
|
|
},
|
|
{
|
|
name: "username_with_leading_underscore",
|
|
input: "_john_",
|
|
want: "john", // leading and trailing _ are trimmed
|
|
},
|
|
{
|
|
name: "username_with_trailing_dots",
|
|
input: "john..doe...",
|
|
want: "john..doe", // trailing dots trimmed
|
|
},
|
|
{
|
|
name: "long_username_truncated",
|
|
input: "this_is_a_very_long_username_that_exceeds_fifty_characters_limit",
|
|
want: "this_is_a_very_long_username_that_exceeds_fifty_ch", // 50 chars max, cuts off "acters_limit"
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := sanitizeUsername(tt.input)
|
|
if got != tt.want {
|
|
t.Errorf("sanitizeUsername() = %q (len=%d), want %q (len=%d)", got, len(got), tt.want, len(tt.want))
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestIsValidPhoneSimple(t *testing.T) {
|
|
tests := []struct {
|
|
phone string
|
|
want bool
|
|
}{
|
|
{"13800138000", true},
|
|
{"+8613800138000", true}, // Valid: +86 prefix with 11 digit mobile
|
|
{"8613800138000", true}, // Valid: 86 prefix with 11 digit mobile
|
|
{"1234567890", false},
|
|
{"abcdefghij", false},
|
|
{"", false},
|
|
{"138001380001", false}, // 12 digits
|
|
{"1380013800", false}, // 10 digits
|
|
{"19800138000", true}, // 98 prefix
|
|
// +[1-9]\d{6,14} allows international numbers like +16171234567
|
|
{"+16171234567", true}, // 11 digits international, valid for \d{6,14}
|
|
{"+112345678901", true}, // 11 digits international, valid for \d{6,14}
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.phone, func(t *testing.T) {
|
|
got := isValidPhoneSimple(tt.phone)
|
|
if got != tt.want {
|
|
t.Errorf("isValidPhoneSimple(%q) = %v, want %v", tt.phone, got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestLoginRequestGetAccount(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
req *LoginRequest
|
|
want string
|
|
}{
|
|
{
|
|
name: "account_field",
|
|
req: &LoginRequest{Account: "john", Username: "jane", Email: "jane@test.com"},
|
|
want: "john",
|
|
},
|
|
{
|
|
name: "username_field",
|
|
req: &LoginRequest{Username: "jane", Email: "jane@test.com"},
|
|
want: "jane",
|
|
},
|
|
{
|
|
name: "email_field",
|
|
req: &LoginRequest{Email: "jane@test.com"},
|
|
want: "jane@test.com",
|
|
},
|
|
{
|
|
name: "phone_field",
|
|
req: &LoginRequest{Phone: "13800138000"},
|
|
want: "13800138000",
|
|
},
|
|
{
|
|
name: "all_fields_with_whitespace",
|
|
req: &LoginRequest{Account: " john ", Username: " jane ", Email: " jane@test.com "},
|
|
want: "john",
|
|
},
|
|
{
|
|
name: "empty_request",
|
|
req: &LoginRequest{},
|
|
want: "",
|
|
},
|
|
{
|
|
name: "nil_request",
|
|
req: nil,
|
|
want: "",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := tt.req.GetAccount()
|
|
if got != tt.want {
|
|
t.Errorf("GetAccount() = %q, want %q", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestBuildDeviceFingerprint(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
req *LoginRequest
|
|
want string
|
|
}{
|
|
{
|
|
name: "full_device_info",
|
|
req: &LoginRequest{
|
|
DeviceID: "device123",
|
|
DeviceName: "iPhone 15",
|
|
DeviceBrowser: "Safari",
|
|
DeviceOS: "iOS 17",
|
|
},
|
|
want: "device123|iPhone 15|Safari|iOS 17",
|
|
},
|
|
{
|
|
name: "partial_device_info",
|
|
req: &LoginRequest{
|
|
DeviceID: "device123",
|
|
DeviceName: "iPhone 15",
|
|
},
|
|
want: "device123|iPhone 15",
|
|
},
|
|
{
|
|
name: "only_device_id",
|
|
req: &LoginRequest{
|
|
DeviceID: "device123",
|
|
},
|
|
want: "device123",
|
|
},
|
|
{
|
|
name: "empty_device_info",
|
|
req: &LoginRequest{},
|
|
want: "",
|
|
},
|
|
{
|
|
name: "nil_request",
|
|
req: nil,
|
|
want: "",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := buildDeviceFingerprint(tt.req)
|
|
if got != tt.want {
|
|
t.Errorf("buildDeviceFingerprint() = %q, want %q", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAuthServiceDefaultConfig(t *testing.T) {
|
|
// Test that default configuration is applied correctly
|
|
svc := NewAuthService(nil, nil, nil, nil, 0, 0, 0)
|
|
|
|
if svc == nil {
|
|
t.Fatal("NewAuthService returned nil")
|
|
}
|
|
|
|
// Check default password minimum length
|
|
if svc.passwordMinLength != defaultPasswordMinLen {
|
|
t.Errorf("passwordMinLength: got %d, want %d", svc.passwordMinLength, defaultPasswordMinLen)
|
|
}
|
|
|
|
// Check default max login attempts
|
|
if svc.maxLoginAttempts != 5 {
|
|
t.Errorf("maxLoginAttempts: got %d, want %d", svc.maxLoginAttempts, 5)
|
|
}
|
|
|
|
// Check default login lock duration
|
|
if svc.loginLockDuration != 15*time.Minute {
|
|
t.Errorf("loginLockDuration: got %v, want %v", svc.loginLockDuration, 15*time.Minute)
|
|
}
|
|
}
|
|
|
|
func TestAuthServiceNilSafety(t *testing.T) {
|
|
t.Run("validatePassword_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
err := svc.validatePassword("Abcd1234!")
|
|
if err != nil {
|
|
t.Errorf("nil service should not error: %v", err)
|
|
}
|
|
})
|
|
|
|
t.Run("accessTokenTTL_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
ttl := svc.accessTokenTTLSeconds()
|
|
if ttl != 0 {
|
|
t.Errorf("nil service should return 0: got %d", ttl)
|
|
}
|
|
})
|
|
|
|
t.Run("RefreshTokenTTL_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
ttl := svc.RefreshTokenTTLSeconds()
|
|
if ttl != 0 {
|
|
t.Errorf("nil service should return 0: got %d", ttl)
|
|
}
|
|
})
|
|
|
|
t.Run("generateUniqueUsername_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
username, err := svc.generateUniqueUsername(context.Background(), "testuser")
|
|
if err != nil {
|
|
t.Errorf("nil service should return username: %v", err)
|
|
}
|
|
if username != "testuser" {
|
|
t.Errorf("username: got %q, want %q", username, "testuser")
|
|
}
|
|
})
|
|
|
|
t.Run("buildUserInfo_nil_user", func(t *testing.T) {
|
|
var svc *AuthService
|
|
info := svc.buildUserInfo(nil)
|
|
if info != nil {
|
|
t.Errorf("nil user should return nil info: got %v", info)
|
|
}
|
|
})
|
|
|
|
t.Run("ensureUserActive_nil_user", func(t *testing.T) {
|
|
var svc *AuthService
|
|
err := svc.ensureUserActive(nil)
|
|
if err == nil {
|
|
t.Error("nil user should return error")
|
|
}
|
|
})
|
|
|
|
t.Run("blacklistToken_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
err := svc.blacklistTokenClaims(context.Background(), "token", nil)
|
|
if err != nil {
|
|
t.Errorf("nil service should not error: %v", err)
|
|
}
|
|
})
|
|
|
|
t.Run("Logout_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
err := svc.Logout(context.Background(), "user", nil)
|
|
if err != nil {
|
|
t.Errorf("nil service should not error: %v", err)
|
|
}
|
|
})
|
|
|
|
t.Run("IsTokenBlacklisted_nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
blacklisted := svc.IsTokenBlacklisted(context.Background(), "jti")
|
|
if blacklisted {
|
|
t.Error("nil service should not blacklist tokens")
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestUserInfoFromCacheValue(t *testing.T) {
|
|
t.Run("valid_UserInfo_pointer", func(t *testing.T) {
|
|
info := &UserInfo{ID: 1, Username: "testuser"}
|
|
got, ok := userInfoFromCacheValue(info)
|
|
if !ok {
|
|
t.Error("should parse *UserInfo")
|
|
}
|
|
if got.ID != 1 || got.Username != "testuser" {
|
|
t.Errorf("got %+v, want %+v", got, info)
|
|
}
|
|
})
|
|
|
|
t.Run("valid_UserInfo_value", func(t *testing.T) {
|
|
info := UserInfo{ID: 2, Username: "testuser2"}
|
|
got, ok := userInfoFromCacheValue(info)
|
|
if !ok {
|
|
t.Error("should parse UserInfo value")
|
|
}
|
|
if got.ID != 2 || got.Username != "testuser2" {
|
|
t.Errorf("got %+v, want %+v", got, info)
|
|
}
|
|
})
|
|
|
|
t.Run("invalid_type", func(t *testing.T) {
|
|
got, ok := userInfoFromCacheValue("invalid string")
|
|
if ok || got != nil {
|
|
t.Errorf("should not parse string: ok=%v, got=%+v", ok, got)
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestEnsureUserActive(t *testing.T) {
|
|
t.Run("nil_user", func(t *testing.T) {
|
|
var svc *AuthService
|
|
err := svc.ensureUserActive(nil)
|
|
if err == nil {
|
|
t.Error("nil user should error")
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestAttemptCount(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
value interface{}
|
|
want int
|
|
}{
|
|
{"int_value", 5, 5},
|
|
{"int64_value", int64(3), 3},
|
|
{"float64_value", float64(4.0), 4},
|
|
{"string_int", "3", 0}, // strings are not converted
|
|
{"invalid_type", "abc", 0},
|
|
{"nil", nil, 0},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := attemptCount(tt.value)
|
|
if got != tt.want {
|
|
t.Errorf("attemptCount(%v) = %d, want %d", tt.value, got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestIncrementFailAttempts(t *testing.T) {
|
|
t.Run("nil_service", func(t *testing.T) {
|
|
var svc *AuthService
|
|
count := svc.incrementFailAttempts(context.Background(), "key")
|
|
if count != 0 {
|
|
t.Errorf("nil service should return 0, got %d", count)
|
|
}
|
|
})
|
|
|
|
t.Run("empty_key", func(t *testing.T) {
|
|
svc := NewAuthService(nil, nil, nil, nil, 8, 5, 15*time.Minute)
|
|
count := svc.incrementFailAttempts(context.Background(), "")
|
|
if count != 0 {
|
|
t.Errorf("empty key should return 0, got %d", count)
|
|
}
|
|
})
|
|
}
|