统一会话失效接口响应

2026-05-05 21:55:48 +08:00
parent 725a38eac3
commit 64945a973e
2 changed files with 57 additions and 18 deletions
@@ -25,6 +25,7 @@ use Illuminate\Broadcasting\PrivateChannel;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Http\Request;
 use Illuminate\Http\UploadedFile;
+use Illuminate\Session\TokenMismatchException;
 use Illuminate\Support\Facades\Broadcast;
 use Illuminate\Support\Facades\Cache;
 use Illuminate\Support\Facades\Redis;
@@ -779,10 +780,36 @@ class ChatControllerTest extends TestCase

        \Illuminate\Testing\TestResponse::fromBaseResponse($response)->assertStatus(419)->assertJson([
            'status' => 'error',
-            'message' => '页面已过期，请刷新后重试。',
+            'code' => 'SESSION_EXPIRED',
+            'message' => '登录状态已失效，请刷新页面后重新登录。',
+            'reload' => true,
        ]);
    }

+    /**
+     * 测试掉线后的普通 JSON 接口遇到 CSRF 失效时，不会泄露框架异常结构。
+     */
+    public function test_json_token_mismatch_exception_renders_session_expired_response(): void
+    {
+        $request = Request::create('/user/profile', 'POST', server: [
+            'HTTP_ACCEPT' => 'application/json',
+        ]);
+
+        $response = $this->app->make(\Illuminate\Contracts\Debug\ExceptionHandler::class)
+            ->render($request, new TokenMismatchException('CSRF token mismatch.'));
+
+        \Illuminate\Testing\TestResponse::fromBaseResponse($response)
+            ->assertStatus(419)
+            ->assertJson([
+                'status' => 'error',
+                'code' => 'SESSION_EXPIRED',
+                'message' => '登录状态已失效，请刷新页面后重新登录。',
+                'reload' => true,
+            ])
+            ->assertJsonMissingPath('exception')
+            ->assertJsonMissingPath('trace');
+    }
+
    /**
     * 测试房间公告更新广播中的动态内容会被转义。
     */