'superlevel'], ['body' => '100']); Sysparam::updateOrCreate(['alias' => 'smtp_enabled'], ['body' => '1']); // Allow email changing in tests } /** * 测试可以查看用户资料卡接口。 */ public function test_can_view_user_profile() { $user = User::factory()->create([ 'username' => 'testuser', 'user_level' => 10, ]); $this->actingAs($user); $response = $this->getJson("/user/{$user->username}"); $response->assertStatus(200) ->assertJsonPath('data.username', 'testuser') ->assertJsonPath('data.user_level', 10); } /** * 测试用户资料卡只读取已缓存的成就摘要，避免打开名片时触发全量扫描。 */ public function test_user_profile_uses_cached_achievement_summary(): void { $viewer = User::factory()->create(); $target = User::factory()->create([ 'username' => 'achievement-target', ]); UserAchievement::factory()->create([ 'user_id' => $target->id, 'achievement_key' => 'chat_first_message', 'progress_value' => 1, 'achieved_at' => now(), ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.achievements.unlocked_count', 1) ->assertJsonPath('data.achievements.recent.0.key', 'chat_first_message') ->assertJsonMissingPath('data.achievements.achievements'); } /** * 测试普通用户查看别人名片时银行存款默认显示星号。 */ public function test_normal_user_sees_masked_bank_balance_on_other_profile(): void { $viewer = User::factory()->create([ 'user_level' => 10, ]); $target = User::factory()->create([ 'username' => 'targetuser', 'user_level' => 1, 'exp_num' => 123, 'jjb' => 456, 'bank_jjb' => 6000, 'meili' => 789, ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.exp_num', 123) ->assertJsonPath('data.jjb', 456) ->assertJsonPath('data.meili', 789) ->assertJsonPath('data.bank_jjb', '******') ->assertJsonPath('data.bank_jjb_masked', true) ->assertJsonPath('data.bank_jjb_can_reveal', true) ->assertJsonPath('data.bank_jjb_reveal_cost', 1000) ->assertJsonPath('data.bank_reveal_user_id', $target->id); } /** * 测试低等级用户查看高等级名片时资产卡片仍展示但具体数值被星号遮罩。 */ public function test_low_level_user_sees_masked_asset_numbers_on_higher_profile(): void { $viewer = User::factory()->create([ 'user_level' => 1, ]); $target = User::factory()->create([ 'username' => 'highlevel', 'user_level' => 10, 'exp_num' => 123, 'jjb' => 456, 'bank_jjb' => 6000, 'meili' => 789, ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.exp_num', '******') ->assertJsonPath('data.jjb', '******') ->assertJsonPath('data.bank_jjb', '******') ->assertJsonPath('data.meili', '******') ->assertJsonPath('data.bank_jjb_masked', true) ->assertJsonPath('data.bank_jjb_can_reveal', true) ->assertJsonPath('data.asset_numbers_masked', true) ->assertJsonPath('data.asset_numbers_can_reveal', true) ->assertJsonPath('data.asset_numbers_reveal_cost', 1000) ->assertJsonPath('data.asset_reveal_user_id', $target->id); } /** * 测试低等级用户付费查看高等级用户隐藏经验时扣费并返回真实数值。 */ public function test_low_level_user_can_pay_to_reveal_hidden_exp_number(): void { $viewer = User::factory()->create([ 'user_level' => 1, 'jjb' => 1500, ]); $target = User::factory()->create([ 'username' => 'highlevel', 'user_level' => 10, 'exp_num' => 12345, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'exp_num', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('asset', 'exp_num') ->assertJsonPath('value', 12345) ->assertJsonPath('charged', true) ->assertJsonPath('jjb', 500); $this->assertDatabaseHas('users', [ 'id' => $viewer->id, 'jjb' => 500, ]); $this->assertDatabaseHas('user_currency_logs', [ 'user_id' => $viewer->id, 'currency' => 'gold', 'amount' => -1000, 'balance_after' => 500, 'source' => CurrencySource::USER_INFO_REVEAL->value, 'remark' => '查看 highlevel 的经验', ]); } /** * 测试低等级用户付费查看高等级用户隐藏金币时返回目标金币且同步扣费后余额。 */ public function test_low_level_user_can_pay_to_reveal_hidden_gold_number(): void { $viewer = User::factory()->create([ 'user_level' => 1, 'jjb' => 2000, ]); $target = User::factory()->create([ 'username' => 'goldtarget', 'user_level' => 10, 'jjb' => 4567, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'jjb', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('asset', 'jjb') ->assertJsonPath('value', 4567) ->assertJsonPath('charged', true) ->assertJsonPath('jjb', 1000); } /** * 测试金币不足时不能查看隐藏资产，也不会泄露真实数值。 */ public function test_reveal_hidden_asset_fails_without_enough_gold(): void { $viewer = User::factory()->create([ 'user_level' => 1, 'jjb' => 999, ]); $target = User::factory()->create([ 'user_level' => 10, 'meili' => 789, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'meili', ]); $response->assertOk() ->assertJsonPath('status', 'error') ->assertJsonMissingPath('value'); $this->assertDatabaseHas('users', [ 'id' => $viewer->id, 'jjb' => 999, ]); $this->assertSame(0, UserCurrencyLog::query() ->where('user_id', $viewer->id) ->where('source', CurrencySource::USER_INFO_REVEAL->value) ->count()); } /** * 测试等级足够时通过查看接口读取资产不扣费。 */ public function test_reveal_asset_is_free_when_level_allows_direct_view(): void { $viewer = User::factory()->create([ 'user_level' => 10, 'jjb' => 50, ]); $target = User::factory()->create([ 'user_level' => 1, 'meili' => 789, ]); $response = $this->actingAs($viewer)->postJson(route('user.reveal-info'), [ 'user_id' => $target->id, 'asset' => 'meili', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('value', 789) ->assertJsonPath('charged', false) ->assertJsonPath('jjb', 50); } /** * 测试查看自己名片时银行存款真实可见且不需要付费查看。 */ public function test_self_profile_shows_real_bank_balance(): void { $user = User::factory()->create([ 'username' => 'selfuser', 'bank_jjb' => 7000, ]); $response = $this->actingAs($user)->getJson("/user/{$user->username}"); $response->assertOk() ->assertJsonPath('data.bank_jjb', 7000) ->assertJsonPath('data.bank_jjb_masked', false) ->assertJsonPath('data.bank_jjb_can_reveal', false); } /** * 测试 superlevel 用户查看别人名片时银行存款真实可见。 */ public function test_superlevel_profile_shows_other_bank_balance(): void { $admin = User::factory()->create([ 'user_level' => 100, ]); $target = User::factory()->create([ 'username' => 'richuser', 'bank_jjb' => 8000, ]); $response = $this->actingAs($admin)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.bank_jjb', 8000) ->assertJsonPath('data.bank_jjb_masked', false) ->assertJsonPath('data.bank_jjb_can_reveal', false); } /** * 测试拥有封IP职务权限的用户可以查看名片中的管理员网络信息。 */ public function test_position_user_with_banip_permission_can_view_admin_network_info(): void { $viewer = $this->createUserWithPositionPermissions([ PositionPermissionRegistry::USER_BANIP, ]); $target = User::factory()->create([ 'username' => 'nettarget', 'first_ip' => '10.0.0.1', 'previous_ip' => '10.0.0.2', 'last_ip' => '10.0.0.3', ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonPath('data.first_ip', '10.0.0.1') ->assertJsonPath('data.last_ip', '10.0.0.2') ->assertJsonPath('data.login_ip', '10.0.0.3'); } /** * 测试普通用户查看别人名片时不会拿到管理员网络信息字段。 */ public function test_user_without_banip_permission_cannot_view_admin_network_info(): void { $viewer = User::factory()->create(); $target = User::factory()->create([ 'username' => 'hidden-net', 'first_ip' => '10.0.1.1', 'previous_ip' => '10.0.1.2', 'last_ip' => '10.0.1.3', ]); $response = $this->actingAs($viewer)->getJson("/user/{$target->username}"); $response->assertOk() ->assertJsonMissingPath('data.first_ip') ->assertJsonMissingPath('data.last_ip') ->assertJsonMissingPath('data.login_ip') ->assertJsonMissingPath('data.location'); } /** * 测试不改邮箱时可以正常更新个人资料。 */ public function test_can_update_profile_without_email_change() { $user = User::factory()->create([ 'username' => 'testuser', 'email' => 'old@example.com', 'sign' => 'old sign', ]); $this->actingAs($user); $response = $this->putJson('/user/profile', [ 'email' => 'old@example.com', 'sign' => 'new sign', 'sex' => 1, 'headface' => 'avatar1.png', ]); $response->assertStatus(200) ->assertJsonPath('status', 'success'); $user->refresh(); $this->assertEquals('new sign', $user->sign); } /** * 测试改邮箱但未提交验证码时会被拒绝。 */ public function test_cannot_update_email_without_verification_code() { $user = User::factory()->create([ 'username' => 'testuser', 'email' => 'old@example.com', ]); $this->actingAs($user); $response = $this->putJson('/user/profile', [ 'email' => 'new@example.com', 'sex' => 1, 'headface' => 'avatar1.png', ]); $response->assertStatus(422) ->assertJsonPath('status', 'error') ->assertJsonPath('message', '新邮箱需要验证码，请先获取并填写验证码。'); } /** * 测试提供有效验证码后可以成功修改邮箱。 */ public function test_can_update_email_with_valid_code() { $user = User::factory()->create([ 'username' => 'testuser', 'email' => 'old@example.com', ]); Cache::put("email_verify_code_{$user->id}_new@example.com", '123456', 5); $this->actingAs($user); $response = $this->putJson('/user/profile', [ 'email' => 'new@example.com', 'email_code' => '123456', 'sex' => 1, 'headface' => 'avatar1.png', ]); $response->assertStatus(200); $user->refresh(); $this->assertEquals('new@example.com', $user->email); } /** * 测试可以保存聊天室屏蔽、禁音与字号偏好。 */ public function test_can_update_chat_preferences(): void { $user = User::factory()->create([ 'chat_preferences' => null, ]); $response = $this->actingAs($user)->putJson('/user/chat-preferences', [ 'blocked_system_senders' => ['钓鱼播报', '神秘箱子', '跑马'], 'sound_muted' => true, 'font_size' => 22, ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('data.blocked_system_senders.0', '钓鱼播报') ->assertJsonPath('data.blocked_system_senders.1', '神秘箱子') ->assertJsonPath('data.blocked_system_senders.2', '跑马') ->assertJsonPath('data.sound_muted', true) ->assertJsonPath('data.font_size', 22); $user->refresh(); $this->assertEquals([ 'blocked_system_senders' => ['钓鱼播报', '神秘箱子', '跑马'], 'sound_muted' => true, 'font_size' => 22, ], $user->chat_preferences); } /** * 测试保存屏蔽偏好时未提交字号不会清空已有字号。 */ public function test_chat_preferences_keep_existing_font_size_when_missing_from_payload(): void { $user = User::factory()->create([ 'chat_preferences' => [ 'blocked_system_senders' => [], 'sound_muted' => false, 'font_size' => 18, ], ]); $response = $this->actingAs($user)->putJson('/user/chat-preferences', [ 'blocked_system_senders' => ['钓鱼播报'], 'sound_muted' => false, ]); $response->assertOk() ->assertJsonPath('data.font_size', 18); $user->refresh(); $this->assertSame(18, $user->chat_preferences['font_size']); } /** * 测试非法聊天室字号会返回校验错误。 */ public function test_invalid_chat_font_size_returns_validation_error(): void { $user = User::factory()->create(); $response = $this->actingAs($user)->putJson('/user/chat-preferences', [ 'blocked_system_senders' => [], 'sound_muted' => false, 'font_size' => 31, ]); $response->assertStatus(422) ->assertJsonValidationErrors('font_size'); } /** * 测试猜谜活动新文案会兼容落回旧的屏蔽键。 */ public function test_quiz_activity_block_preference_is_normalized_to_legacy_sender_key(): void { $user = User::factory()->create([ 'chat_preferences' => null, ]); $response = $this->actingAs($user)->putJson('/user/chat-preferences', [ 'blocked_system_senders' => ['猜谜活动', '钓鱼播报'], 'sound_muted' => false, ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('data.blocked_system_senders.0', '猜成语') ->assertJsonPath('data.blocked_system_senders.1', '钓鱼播报') ->assertJsonPath('data.sound_muted', false); $user->refresh(); $this->assertEquals([ 'blocked_system_senders' => ['猜成语', '钓鱼播报'], 'sound_muted' => false, ], $user->chat_preferences); } /** * 测试合法聊天室当日状态可以保存，并在当天结束后自动失效。 */ public function test_can_update_daily_status_until_end_of_day(): void { Carbon::setTestNow('2026-04-24 10:36:00'); try { $user = User::factory()->create([ 'username' => 'status-user', ]); $room = $this->enterRoomForUser($user); $response = $this->actingAs($user)->putJson(route('user.update_daily_status'), [ 'room_id' => $room->id, 'action' => 'set', 'status_key' => 'working_hard', ]); $expectedExpiry = now()->endOfDay(); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('data.status.key', 'working_hard') ->assertJsonPath('data.status.label', '搬砖') ->assertJsonPath('data.status.group', '工作学习'); $user->refresh(); $this->assertSame('working_hard', $user->daily_status_key); $this->assertSame( $expectedExpiry->toDateTimeString(), $user->daily_status_expires_at?->toDateTimeString() ); // 时间推进到次日，验证在线名单服务不再返回已过期状态。 Carbon::setTestNow($expectedExpiry->copy()->addSecond()); $this->assertNull(app(ChatUserPresenceService::class)->currentDailyStatus($user->fresh())); } finally { Carbon::setTestNow(); } } /** * 测试非法聊天室当日状态键会返回 422 校验错误。 */ public function test_invalid_daily_status_key_returns_validation_error(): void { $user = User::factory()->create(); $room = Room::create([ 'room_name' => 'dsinvalid', 'room_owner' => 'someone', ]); $response = $this->actingAs($user)->putJson(route('user.update_daily_status'), [ 'room_id' => $room->id, 'action' => 'set', 'status_key' => 'not-a-real-status', ]); $response->assertStatus(422) ->assertJsonValidationErrors('status_key'); } /** * 测试清除聊天室当日状态后会把状态字段置空。 */ public function test_clear_daily_status_resets_status_fields(): void { $user = User::factory()->create([ 'daily_status_key' => 'working_hard', 'daily_status_expires_at' => now()->endOfDay(), ]); $room = $this->enterRoomForUser($user); $response = $this->actingAs($user)->putJson(route('user.update_daily_status'), [ 'room_id' => $room->id, 'action' => 'clear', ]); $response->assertOk() ->assertJsonPath('status', 'success') ->assertJsonPath('message', '状态已清除。') ->assertJsonPath('data.status', null); $user->refresh(); $this->assertNull($user->daily_status_key); $this->assertNull($user->daily_status_expires_at); } public function test_can_change_password() { $user = User::factory()->create([ 'username' => 'testuser', 'password' => Hash::make('oldpassword'), ]); $this->actingAs($user); $response = $this->putJson('/user/password', [ 'old_password' => 'oldpassword', 'new_password' => 'newpassword123', 'new_password_confirmation' => 'newpassword123', ]); $response->assertStatus(200) ->assertJsonPath('status', 'success'); $user->refresh(); $this->assertTrue(Hash::check('newpassword123', $user->password)); } /** * 让指定用户先进入聊天室，满足“仅在线用户可设置状态”的前置条件。 */ private function enterRoomForUser(User $user): Room { $room = Room::create([ 'room_name' => 'dsr'.$user->id, 'room_owner' => 'someone', ]); $this->actingAs($user) ->get(route('chat.room', $room->id)) ->assertOk(); return $room; } /** * 创建带指定职务权限的测试用户。 * * @param list $permissions */ private function createUserWithPositionPermissions(array $permissions): User { $user = User::factory()->create([ 'user_level' => 88, ]); $department = Department::create([ 'name' => '资料权限部'.$user->id, 'rank' => 88, 'color' => '#4f46e5', 'sort_order' => 1, 'description' => '资料权限测试部门', ]); $position = Position::create([ 'department_id' => $department->id, 'name' => '资料权限职务'.$user->id, 'icon' => '🛡️', 'rank' => 88, 'level' => 88, 'sort_order' => 1, 'permissions' => $permissions, ]); UserPosition::create([ 'user_id' => $user->id, 'position_id' => $position->id, 'appointed_at' => now(), 'is_active' => true, ]); return $user->fresh(); } }