peipei-backend/play-admin/src/test/java/com/starry/admin/api/WxOauthAdminTestAuthApiTest.java

package com.starry.admin.api;

import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

import com.starry.admin.common.apitest.ApiTestDataSeeder;
import org.junit.jupiter.api.Test;
import org.springframework.http.MediaType;
import org.springframework.test.context.TestPropertySource;

@TestPropertySource(properties = "test.auth.secret=apitest-secret")
class WxOauthAdminTestAuthApiTest extends AbstractApiTest {

    private static final String TEST_AUTH_HEADER = "X-Test-Auth";
    private static final String TEST_AUTH_SECRET = "apitest-secret";

    @Test
    void adminLoginByUsernameRejectsWithoutSecretHeader() throws Exception {
        mockMvc.perform(post("/wx/oauth2/admin/loginByUsername")
                        .header(USER_HEADER, DEFAULT_USER)
                        .header(TENANT_HEADER, DEFAULT_TENANT)
                        .header("User-Agent", "apitest")
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{" +
                                "\"userName\":\"" + ApiTestDataSeeder.DEFAULT_ADMIN_USERNAME + "\"," +
                                "\"passWord\":\"apitest-secret\"," +
                                "\"tenantKey\":\"" + ApiTestDataSeeder.DEFAULT_TENANT_KEY + "\"" +
                                "}"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.code").value(403));
    }

    @Test
    void adminLoginByUsernameReturnsTokenWhenSecretHeaderValid() throws Exception {
        mockMvc.perform(post("/wx/oauth2/admin/loginByUsername")
                        .header(USER_HEADER, DEFAULT_USER)
                        .header(TENANT_HEADER, DEFAULT_TENANT)
                        .header("User-Agent", "apitest")
                        .header(TEST_AUTH_HEADER, TEST_AUTH_SECRET)
                        .contentType(MediaType.APPLICATION_JSON)
                        .content("{" +
                                "\"userName\":\"" + ApiTestDataSeeder.DEFAULT_ADMIN_USERNAME + "\"," +
                                "\"passWord\":\"apitest-secret\"," +
                                "\"tenantKey\":\"" + ApiTestDataSeeder.DEFAULT_TENANT_KEY + "\"" +
                                "}"))
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.code").value(200))
                .andExpect(jsonPath("$.data.tokenHead").isNotEmpty())
                .andExpect(jsonPath("$.data.token").isNotEmpty());
    }
}