150 lines
4.2 KiB
PHP
150 lines
4.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* 文件功能:站长隐藏登录功能测试
|
|
*
|
|
* 覆盖隐藏登录页访问、站长登录成功、非站长拒绝登录
|
|
* 以及通过隐藏入口登录后首页不再回到聊天室大厅等核心场景。
|
|
*
|
|
* @author ChatRoom Laravel
|
|
*
|
|
* @version 1.0.0
|
|
*/
|
|
|
|
namespace Tests\Feature\Feature;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Facades\RateLimiter;
|
|
use Illuminate\Support\Facades\Validator;
|
|
use Tests\TestCase;
|
|
|
|
/**
|
|
* 类功能:验证站长隐藏登录入口的行为。
|
|
*/
|
|
class AdminAuthControllerTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
/**
|
|
* 测试前注册验证码校验桩,避免依赖真实验证码生成。
|
|
*/
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
Validator::extend('captcha', function () {
|
|
return true;
|
|
});
|
|
}
|
|
|
|
/**
|
|
* 验证隐藏登录页可以正常打开。
|
|
*/
|
|
public function test_hidden_admin_login_page_can_be_opened(): void
|
|
{
|
|
$response = $this->get('/lkddi');
|
|
|
|
$response->assertOk()
|
|
->assertSee('站长后台入口')
|
|
->assertSee('/lkddi');
|
|
}
|
|
|
|
/**
|
|
* 验证 id=1 站长可以通过隐藏入口登录并进入后台首页。
|
|
*/
|
|
public function test_site_owner_can_login_via_hidden_admin_entry(): void
|
|
{
|
|
$siteOwner = User::factory()->create([
|
|
'id' => 1,
|
|
'username' => 'site-owner',
|
|
'password' => Hash::make('secret-owner'),
|
|
]);
|
|
|
|
$response = $this->post('/lkddi', [
|
|
'username' => 'site-owner',
|
|
'password' => 'secret-owner',
|
|
'captcha' => '1234',
|
|
]);
|
|
|
|
$response->assertRedirect(route('admin.dashboard'));
|
|
$response->assertSessionHas('admin_login_via_hidden', true);
|
|
$this->assertAuthenticatedAs($siteOwner);
|
|
}
|
|
|
|
/**
|
|
* 验证非 id=1 账号即使密码正确,也不能使用隐藏入口。
|
|
*/
|
|
public function test_non_site_owner_cannot_login_via_hidden_admin_entry(): void
|
|
{
|
|
User::factory()->create([
|
|
'username' => 'manager',
|
|
'password' => Hash::make('secret-manager'),
|
|
]);
|
|
|
|
$response = $this->from('/lkddi')->post('/lkddi', [
|
|
'username' => 'manager',
|
|
'password' => 'secret-manager',
|
|
'captcha' => '1234',
|
|
]);
|
|
|
|
$response->assertRedirect('/lkddi');
|
|
$response->assertSessionHasErrors('username');
|
|
$this->assertGuest();
|
|
}
|
|
|
|
/**
|
|
* 验证通过隐藏入口登录的站长访问首页时不会被送去聊天室大厅。
|
|
*/
|
|
public function test_hidden_admin_login_keeps_homepage_redirecting_to_dashboard(): void
|
|
{
|
|
$siteOwner = User::factory()->create([
|
|
'id' => 1,
|
|
'username' => 'site-owner',
|
|
'password' => Hash::make('secret-owner'),
|
|
]);
|
|
|
|
$this->actingAs($siteOwner)->withSession([
|
|
'admin_login_via_hidden' => true,
|
|
]);
|
|
|
|
$response = $this->get('/');
|
|
|
|
$response->assertRedirect(route('admin.dashboard'));
|
|
}
|
|
|
|
/**
|
|
* 测试隐藏后台登录入口会在连续失败后触发服务端限流。
|
|
*/
|
|
public function test_hidden_admin_login_route_is_rate_limited_after_repeated_failures(): void
|
|
{
|
|
RateLimiter::clear('admin-hidden-login|site-owner|127.0.0.1');
|
|
|
|
User::factory()->create([
|
|
'id' => 1,
|
|
'username' => 'site-owner',
|
|
'password' => Hash::make('correct-password'),
|
|
]);
|
|
|
|
for ($attempt = 1; $attempt <= 5; $attempt++) {
|
|
$response = $this->from('/lkddi')->post('/lkddi', [
|
|
'username' => 'site-owner',
|
|
'password' => 'wrong-password',
|
|
'captcha' => '1234',
|
|
]);
|
|
|
|
$response->assertRedirect('/lkddi');
|
|
}
|
|
|
|
$rateLimitedResponse = $this->from('/lkddi')->post('/lkddi', [
|
|
'username' => 'site-owner',
|
|
'password' => 'wrong-password',
|
|
'captcha' => '1234',
|
|
]);
|
|
|
|
$rateLimitedResponse->assertStatus(429);
|
|
$rateLimitedResponse->assertSessionHasErrors('username');
|
|
}
|
|
}
|