'superlevel'], ['body' => '100']); Sysparam::updateOrCreate(['alias' => 'level_kick'], ['body' => '15']); Sysparam::updateOrCreate(['alias' => 'level_mute'], ['body' => '15']); Sysparam::updateOrCreate(['alias' => 'level_ban'], ['body' => '15']); Sysparam::updateOrCreate(['alias' => 'level_banip'], ['body' => '15']); Sysparam::updateOrCreate(['alias' => 'smtp_enabled'], ['body' => '1']); // Allow email changing in tests } /** * 测试可以查看用户资料卡接口。 */ public function test_can_view_user_profile() { $user = User::factory()->create([ 'username' => 'testuser', 'user_level' => 10, ]); $this->actingAs($user); $response = $this->getJson("/user/{$user->username}"); $response->assertStatus(200) ->assertJsonPath('data.username', 'testuser') ->assertJsonPath('data.user_level', 10); } /** * 测试普通用户查看别人名片时银行存款默认显示星号。 */ public function test_normal_user_sees_masked_bank_balance_on_other_profile(): void { $viewer = User::factory()->create([ 'user_level' => 10, ]); $target = User::factory()->create([ 'username' => 'targetuser', 'user_level' => 1, 'exp_num' => 123, 'jjb' => 456, 'bank_jjb' => 6000, 'meili' => 789, ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.exp_num', 123) ->assertJsonPath('data.jjb', 456) ->assertJsonPath('data.meili', 789) ->assertJsonPath('data.bank_jjb', '******') ->assertJsonPath('data.bank_jjb_masked', true) ->assertJsonPath('data.bank_jjb_can_reveal', true) ->assertJsonPath('data.bank_jjb_reveal_cost', 1000) ->assertJsonPath('data.bank_reveal_user_id', $target->id); } /** * 测试低等级用户查看高等级名片时资产卡片仍展示但具体数值被星号遮罩。 */ public function test_low_level_user_sees_masked_asset_numbers_on_higher_profile(): void { $viewer = User::factory()->create([ 'user_level' => 1, ]); $target = User::factory()->create([ 'username' => 'highlevel', 'user_level' => 10, 'exp_num' => 123, 'jjb' => 456, 'bank_jjb' => 6000, 'meili' => 789, ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.exp_num', '******') ->assertJsonPath('data.jjb', '******') ->assertJsonPath('data.bank_jjb', '******') ->assertJsonPath('data.meili', '******') ->assertJsonPath('data.bank_jjb_masked', true) ->assertJsonPath('data.bank_jjb_can_reveal', true) ->assertJsonPath('data.asset_numbers_masked', true) ->assertJsonPath('data.asset_numbers_can_reveal', true) ->assertJsonPath('data.asset_numbers_reveal_cost', 1000) ->assertJsonPath('data.asset_reveal_user_id', $target->id); } /** * 测试低等级用户付费查看高等级用户隐藏经验时扣费并返回真实数值。 */ public function test_low_level_user_can_pay_to_reveal_hidden_exp_number(): void { $viewer = User::factory()->create([ 'user_level' => 1, 'jjb' => 1500, ]); $target = User::factory()->create([ 'username' => 'highlevel', 'user_level' => 10, 'exp_num' => 12345, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'exp_num', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('asset', 'exp_num') ->assertJsonPath('value', 12345) ->assertJsonPath('charged', true) ->assertJsonPath('jjb', 500); $this->assertDatabaseHas('users', [ 'id' => $viewer->id, 'jjb' => 500, ]); $this->assertDatabaseHas('user_currency_logs', [ 'user_id' => $viewer->id, 'currency' => 'gold', 'amount' => -1000, 'balance_after' => 500, 'source' => CurrencySource::USER_INFO_REVEAL->value, 'remark' => '查看 highlevel 的经验', ]); } /** * 测试低等级用户付费查看高等级用户隐藏金币时返回目标金币且同步扣费后余额。 */ public function test_low_level_user_can_pay_to_reveal_hidden_gold_number(): void { $viewer = User::factory()->create([ 'user_level' => 1, 'jjb' => 2000, ]); $target = User::factory()->create([ 'username' => 'goldtarget', 'user_level' => 10, 'jjb' => 4567, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'jjb', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('asset', 'jjb') ->assertJsonPath('value', 4567) ->assertJsonPath('charged', true) ->assertJsonPath('jjb', 1000); } /** * 测试金币不足时不能查看隐藏资产，也不会泄露真实数值。 */ public function test_reveal_hidden_asset_fails_without_enough_gold(): void { $viewer = User::factory()->create([ 'user_level' => 1, 'jjb' => 999, ]); $target = User::factory()->create([ 'user_level' => 10, 'meili' => 789, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'meili', ]); $response->assertOk() ->assertJsonPath('status', 'error') ->assertJsonMissingPath('value'); $this->assertDatabaseHas('users', [ 'id' => $viewer->id, 'jjb' => 999, ]); $this->assertSame(0, UserCurrencyLog::query() ->where('user_id', $viewer->id) ->where('source', CurrencySource::USER_INFO_REVEAL->value) ->count()); } /** * 测试等级足够时通过查看接口读取资产不扣费。 */ public function test_reveal_asset_is_free_when_level_allows_direct_view(): void { $viewer = User::factory()->create([ 'user_level' => 10, 'jjb' => 50, ]); $target = User::factory()->create([ 'user_level' => 1, 'meili' => 789, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'meili', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('value', 789) ->assertJsonPath('charged', false) ->assertJsonPath('jjb', 50); } /** * 测试查看自己名片时银行存款真实可见且不需要付费查看。 */ public function test_self_profile_shows_real_bank_balance(): void { $user = User::factory()->create([ 'username' => 'selfuser', 'bank_jjb' => 7000, ]); $response = $this->actingAs($user)->getJson("/user/{$user->username}"); $response->assertOk() ->assertJsonPath('data.bank_jjb', 7000) ->assertJsonPath('data.bank_jjb_masked', false) ->assertJsonPath('data.bank_jjb_can_reveal', false); } /** * 测试 superlevel 用户查看别人名片时银行存款真实可见。 */ public function test_superlevel_profile_shows_other_bank_balance(): void { $admin = User::factory()->create([ 'user_level' => 100, ]); $target = User::factory()->create([ 'username' => 'richuser', 'bank_jjb' => 8000, ]); $response = $this->actingAs($admin)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.bank_jjb', 8000) ->assertJsonPath('data.bank_jjb_masked', false) ->assertJsonPath('data.bank_jjb_can_reveal', false); } /** * 测试不改邮箱时可以正常更新个人资料。 */ public function test_can_update_profile_without_email_change() { $user = User::factory()->create([ 'username' => 'testuser', 'email' => 'old@example.com', 'sign' => 'old sign', ]); $this->actingAs($user); $response = $this->putJson('/user/profile', [ 'email' => 'old@example.com', 'sign' => 'new sign', 'sex' => 1, 'headface' => 'avatar1.png', ]); $response->assertStatus(200) ->assertJsonPath('status', 'success'); $user->refresh(); $this->assertEquals('new sign', $user->sign); } /** * 测试改邮箱但未提交验证码时会被拒绝。 */ public function test_cannot_update_email_without_verification_code() { $user = User::factory()->create([ 'username' => 'testuser', 'email' => 'old@example.com', ]); $this->actingAs($user); $response = $this->putJson('/user/profile', [ 'email' => 'new@example.com', 'sex' => 1, 'headface' => 'avatar1.png', ]); $response->assertStatus(422) ->assertJsonPath('status', 'error') ->assertJsonPath('message', '新邮箱需要验证码，请先获取并填写验证码。'); } /** * 测试提供有效验证码后可以成功修改邮箱。 */ public function test_can_update_email_with_valid_code() { $user = User::factory()->create([ 'username' => 'testuser', 'email' => 'old@example.com', ]); Cache::put("email_verify_code_{$user->id}_new@example.com", '123456', 5); $this->actingAs($user); $response = $this->putJson('/user/profile', [ 'email' => 'new@example.com', 'email_code' => '123456', 'sex' => 1, 'headface' => 'avatar1.png', ]); $response->assertStatus(200); $user->refresh(); $this->assertEquals('new@example.com', $user->email); } /** * 测试可以保存聊天室屏蔽与禁音偏好。 */ public function test_can_update_chat_preferences(): void { $user = User::factory()->create([ 'chat_preferences' => null, ]); $response = $this->actingAs($user)->putJson('/user/chat-preferences', [ 'blocked_system_senders' => ['钓鱼播报', '神秘箱子', '跑马'], 'sound_muted' => true, ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('data.blocked_system_senders.0', '钓鱼播报') ->assertJsonPath('data.blocked_system_senders.1', '神秘箱子') ->assertJsonPath('data.blocked_system_senders.2', '跑马') ->assertJsonPath('data.sound_muted', true); $user->refresh(); $this->assertEquals([ 'blocked_system_senders' => ['钓鱼播报', '神秘箱子', '跑马'], 'sound_muted' => true, ], $user->chat_preferences); } /** * 测试合法聊天室当日状态可以保存，并在当天结束后自动失效。 */ public function test_can_update_daily_status_until_end_of_day(): void { Carbon::setTestNow('2026-04-24 10:36:00'); try { $user = User::factory()->create([ 'username' => 'status-user', ]); $room = $this->enterRoomForUser($user); $response = $this->actingAs($user)->putJson(route('user.update_daily_status'), [ 'room_id' => $room->id, 'action' => 'set', 'status_key' => 'working_hard', ]); $expectedExpiry = now()->endOfDay(); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('data.status.key', 'working_hard') ->assertJsonPath('data.status.label', '搬砖') ->assertJsonPath('data.status.group', '工作学习'); $user->refresh(); $this->assertSame('working_hard', $user->daily_status_key); $this->assertSame( $expectedExpiry->toDateTimeString(), $user->daily_status_expires_at?->toDateTimeString() ); // 时间推进到次日，验证在线名单服务不再返回已过期状态。 Carbon::setTestNow($expectedExpiry->copy()->addSecond()); $this->assertNull(app(ChatUserPresenceService::class)->currentDailyStatus($user->fresh())); } finally { Carbon::setTestNow(); } } /** * 测试非法聊天室当日状态键会返回 422 校验错误。 */ public function test_invalid_daily_status_key_returns_validation_error(): void { $user = User::factory()->create(); $room = Room::create([ 'room_name' => 'dsinvalid', 'room_owner' => 'someone', ]); $response = $this->actingAs($user)->putJson(route('user.update_daily_status'), [ 'room_id' => $room->id, 'action' => 'set', 'status_key' => 'not-a-real-status', ]); $response->assertStatus(422) ->assertJsonValidationErrors('status_key'); } /** * 测试清除聊天室当日状态后会把状态字段置空。 */ public function test_clear_daily_status_resets_status_fields(): void { $user = User::factory()->create([ 'daily_status_key' => 'working_hard', 'daily_status_expires_at' => now()->endOfDay(), ]); $room = $this->enterRoomForUser($user); $response = $this->actingAs($user)->putJson(route('user.update_daily_status'), [ 'room_id' => $room->id, 'action' => 'clear', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('message', '状态已清除。') ->assertJsonPath('data.status', null); $user->refresh(); $this->assertNull($user->daily_status_key); $this->assertNull($user->daily_status_expires_at); } public function test_can_change_password() { $user = User::factory()->create([ 'username' => 'testuser', 'password' => Hash::make('oldpassword'), ]); $this->actingAs($user); $response = $this->putJson('/user/password', [ 'old_password' => 'oldpassword', 'new_password' => 'newpassword123', 'new_password_confirmation' => 'newpassword123', ]); $response->assertStatus(200) ->assertJsonPath('status', 'success'); $user->refresh(); $this->assertTrue(Hash::check('newpassword123', $user->password)); } public function test_admin_can_kick_user() { $admin = User::factory()->create(['username' => 'admin', 'user_level' => 20]); $target = User::factory()->create(['username' => 'target', 'user_level' => 1]); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'someone']); $this->actingAs($admin); $response = $this->postJson("/user/{$target->username}/kick", [ 'room_id' => $room->id, ]); $response->assertStatus(200) ->assertJsonPath('status', 'success'); } public function test_low_level_user_cannot_kick() { $user = User::factory()->create(['username' => 'user', 'user_level' => 1]); $target = User::factory()->create(['username' => 'target', 'user_level' => 1]); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'someone']); $this->actingAs($user); $response = $this->postJson("/user/{$target->username}/kick", [ 'room_id' => $room->id, ]); $response->assertStatus(403); } public function test_room_master_can_kick() { $user = User::factory()->create(['username' => 'user', 'user_level' => 2]); $target = User::factory()->create(['username' => 'target', 'user_level' => 1]); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'user']); // Master is 'user' $this->actingAs($user); $response = $this->postJson("/user/{$target->username}/kick", [ 'room_id' => $room->id, ]); if ($response->status() !== 200) { dump($response->json()); } $response->assertStatus(200); } public function test_cannot_kick_higher_level() { $admin = User::factory()->create(['username' => 'admin', 'user_level' => 20]); $superadmin = User::factory()->create(['username' => 'superadmin', 'user_level' => 100]); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'someone']); $this->actingAs($admin); $response = $this->postJson("/user/{$superadmin->username}/kick", [ 'room_id' => $room->id, ]); $response->assertStatus(403); } public function test_admin_can_mute_user() { $admin = User::factory()->create(['username' => 'admin', 'user_level' => 20]); $target = User::factory()->create(['username' => 'target', 'user_level' => 1]); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'someone']); Redis::shouldReceive('setex')->once(); $this->actingAs($admin); $response = $this->postJson("/user/{$target->username}/mute", [ 'room_id' => $room->id, 'duration' => 10, ]); $response->assertStatus(200); } public function test_admin_can_ban_user() { $admin = User::factory()->create(['username' => 'admin', 'user_level' => 20]); $target = User::factory()->create(['username' => 'target', 'user_level' => 1]); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'someone']); $this->actingAs($admin); $response = $this->postJson("/user/{$target->username}/ban", [ 'room_id' => $room->id, ]); $response->assertStatus(200); $target->refresh(); $this->assertEquals(-1, $target->user_level); } public function test_admin_can_ban_ip() { $admin = User::factory()->create(['username' => 'admin', 'user_level' => 20]); $target = User::factory()->create(['username' => 'target', 'user_level' => 1, 'last_ip' => '192.168.1.100']); $room = Room::create(['id' => 1, 'room_name' => 'Test Room', 'room_owner' => 'someone']); Redis::shouldReceive('sadd')->with('banned_ips', '192.168.1.100')->once(); $this->actingAs($admin); $response = $this->postJson("/user/{$target->username}/banip", [ 'room_id' => $room->id, ]); $response->assertStatus(200); $target->refresh(); $this->assertEquals(-1, $target->user_level); } /** * 让指定用户先进入聊天室，满足“仅在线用户可设置状态”的前置条件。 */ private function enterRoomForUser(User $user): Room { $room = Room::create([ 'room_name' => 'dsr'.$user->id, 'room_owner' => 'someone', ]); $this->actingAs($user) ->get(route('chat.room', $room->id)) ->assertOk(); return $room; } }