novalon/novalon-manage-system
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(security): 重构安全配置并优化测试环境

Browse Source 
- 移除旧的测试套件和UAT测试文件
- 更新密码编码器配置使用BCrypt strength=12
- 添加用户角色关联表和相关服务
- 优化前端日期显示格式
- 清理无用资源和配置文件
- 增强测试数据管理和清理功能
This commit is contained in:
张翔
2026-03-27 13:00:22 +08:00
parent ce30893a96
commit af44c23f21
294 changed files with 16057 additions and 22601 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api_integration_tests/tests/test_e2e.py
+70 -43
View File
@@ -4,6 +4,7 @@
import pytest
import time
import uuid
from api.auth_api import AuthAPI
from api.user_api import UserAPI
from api.role_api import RoleAPI
@@ -16,17 +17,17 @@ class TestBusinessFlow:
"""端到端业务流程测试类"""
@pytest.mark.asyncio
async def test_complete_user_lifecycle(self, authenticated_client):
async def test_complete_user_lifecycle(self, authenticated_client, test_data_manager):
"""测试完整用户生命周期"""
auth_api = AuthAPI(authenticated_client)
user_api = UserAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
new_user_data = {
"username": f"e2e_user_{timestamp}",
"username": f"e2e_user_{unique_id}",
"password": "Test123!@#",
"email": f"e2e_{timestamp}@example.com",
"email": f"e2e_{unique_id}@example.com",
"phone": "13800138000",
"status": 1
}
@@ -34,33 +35,35 @@ class TestBusinessFlow:
create_response = await user_api.create_user(new_user_data)
assert create_response.status_code == 201
user_id = create_response.json()["id"]
test_data_manager.add_user(user_id)
get_response = await user_api.get_user_by_id(user_id)
assert get_response.status_code == 200
user_data = get_response.json()
assert user_data["username"] == new_user_data["username"]
update_data = {"email": f"updated_{timestamp}@example.com"}
update_data = {"email": f"updated_{unique_id}@example.com"}
update_response = await user_api.update_user(user_id, update_data)
assert update_response.status_code == 200
delete_response = await user_api.delete_user(user_id)
assert delete_response.status_code in [200, 204]
test_data_manager._users.remove(user_id)
final_get_response = await user_api.get_user_by_id(user_id)
assert final_get_response.status_code == 404
@pytest.mark.asyncio
async def test_role_assignment_workflow(self, authenticated_client):
async def test_role_assignment_workflow(self, authenticated_client, test_data_manager):
"""测试角色分配工作流"""
user_api = UserAPI(authenticated_client)
role_api = RoleAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
role_data = {
"roleName": f"E2E_Role_{timestamp}",
"roleKey": f"e2e_role_{timestamp}",
"roleName": f"E2E_Role_{unique_id}",
"roleKey": f"e2e_role_{unique_id}",
"roleSort": 1,
"status": 1
}
@@ -68,17 +71,19 @@ class TestBusinessFlow:
role_response = await role_api.create_role(role_data)
assert role_response.status_code == 201
role_id = role_response.json()["id"]
test_data_manager.add_role(role_id)
user_data = {
"username": f"e2e_user_{timestamp}",
"username": f"e2e_user_{unique_id}",
"password": "Test123!@#",
"email": f"e2e_{timestamp}@example.com",
"email": f"e2e_{unique_id}@example.com",
"status": 1
}
user_response = await user_api.create_user(user_data)
assert user_response.status_code == 201
user_id = user_response.json()["id"]
test_data_manager.add_user(user_id)
assign_response = await user_api.update_user(user_id, {"roleId": role_id})
assert assign_response.status_code == 200
@@ -87,18 +92,20 @@ class TestBusinessFlow:
assert verify_response.json()["roleId"] == role_id
await user_api.delete_user(user_id)
test_data_manager._users.remove(user_id)
await role_api.delete_role(role_id)
test_data_manager._roles.remove(role_id)
@pytest.mark.asyncio
async def test_notification_workflow(self, authenticated_client):
async def test_notification_workflow(self, authenticated_client, test_data_manager):
"""测试通知工作流"""
notice_api = SysNoticeAPI(authenticated_client)
user_api = UserAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
notice_data = {
"noticeTitle": f"E2E_Notice_{timestamp}",
"noticeTitle": f"E2E_Notice_{unique_id}",
"noticeType": "1",
"noticeContent": "This is an E2E test notice",
"status": "0"
@@ -117,6 +124,7 @@ class TestBusinessFlow:
notice_id = notice["id"] if notice else None
assert notice_id is not None
test_data_manager.add_notice(notice_id)
get_response = await notice_api.get_by_id(notice_id)
assert get_response.status_code == 200
@@ -126,58 +134,63 @@ class TestBusinessFlow:
notices = all_notices.json()
assert any(notice["id"] == notice_id for notice in notices)
update_data = {"noticeTitle": f"Updated_Notice_{timestamp}"}
update_data = {"noticeTitle": f"Updated_Notice_{unique_id}"}
update_response = await notice_api.update(notice_id, update_data)
assert update_response.status_code == 200
await notice_api.delete(notice_id)
test_data_manager._notices.remove(notice_id)
final_get = await notice_api.get_by_id(notice_id)
assert final_get.status_code in [200, 404]
@pytest.mark.asyncio
async def test_multi_role_user_management(self, authenticated_client):
async def test_multi_role_user_management(self, authenticated_client, test_data_manager):
"""测试多角色用户管理"""
user_api = UserAPI(authenticated_client)
role_api = RoleAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
admin_role_data = {
"roleName": f"Admin_{timestamp}",
"roleKey": f"admin_{timestamp}",
"roleName": f"Admin_{unique_id}",
"roleKey": f"admin_{unique_id}",
"roleSort": 1,
"status": 1
}
admin_role = await role_api.create_role(admin_role_data)
admin_role_id = admin_role.json()["id"]
test_data_manager.add_role(admin_role_id)
user_role_data = {
"roleName": f"User_{timestamp}",
"roleKey": f"user_{timestamp}",
"roleName": f"User_{unique_id}",
"roleKey": f"user_{unique_id}",
"roleSort": 2,
"status": 1
}
user_role = await role_api.create_role(user_role_data)
user_role_id = user_role.json()["id"]
test_data_manager.add_role(user_role_id)
admin_user_data = {
"username": f"admin_{timestamp}",
"username": f"admin_{unique_id}",
"password": "Admin123!@#",
"email": f"admin_{timestamp}@example.com",
"email": f"admin_{unique_id}@example.com",
"status": 1
}
admin_user = await user_api.create_user(admin_user_data)
admin_user_id = admin_user.json()["id"]
test_data_manager.add_user(admin_user_id)
regular_user_data = {
"username": f"regular_{timestamp}",
"username": f"regular_{unique_id}",
"password": "User123!@#",
"email": f"regular_{timestamp}@example.com",
"email": f"regular_{unique_id}@example.com",
"status": 1
}
regular_user = await user_api.create_user(regular_user_data)
regular_user_id = regular_user.json()["id"]
test_data_manager.add_user(regular_user_id)
await user_api.update_user(admin_user_id, {"roleId": admin_role_id})
await user_api.update_user(regular_user_id, {"roleId": user_role_id})
@@ -193,38 +206,44 @@ class TestBusinessFlow:
assert len(users) >= 2
await user_api.delete_user(admin_user_id)
test_data_manager._users.remove(admin_user_id)
await user_api.delete_user(regular_user_id)
test_data_manager._users.remove(regular_user_id)
await role_api.delete_role(admin_role_id)
test_data_manager._roles.remove(admin_role_id)
await role_api.delete_role(user_role_id)
test_data_manager._roles.remove(user_role_id)
@pytest.mark.asyncio
async def test_user_role_cascade_operations(self, authenticated_client):
async def test_user_role_cascade_operations(self, authenticated_client, test_data_manager):
"""测试用户角色级联操作"""
user_api = UserAPI(authenticated_client)
role_api = RoleAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
role_data = {
"roleName": f"Cascade_Role_{timestamp}",
"roleKey": f"cascade_role_{timestamp}",
"roleName": f"Cascade_Role_{unique_id}",
"roleKey": f"cascade_role_{unique_id}",
"roleSort": 1,
"status": 1
}
role_response = await role_api.create_role(role_data)
role_id = role_response.json()["id"]
test_data_manager.add_role(role_id)
user_ids = []
for i in range(3):
user_data = {
"username": f"cascade_user_{timestamp}_{i}",
"username": f"cascade_user_{unique_id}_{i}",
"password": "Test123!@#",
"email": f"cascade_{timestamp}_{i}@example.com",
"email": f"cascade_{unique_id}_{i}@example.com",
"status": 1
}
user_response = await user_api.create_user(user_data)
user_id = user_response.json()["id"]
user_ids.append(user_id)
test_data_manager.add_user(user_id)
await user_api.update_user(user_id, {"roleId": role_id})
await role_api.update_role(role_id, {"status": 0})
@@ -235,38 +254,42 @@ class TestBusinessFlow:
for user_id in user_ids:
await user_api.delete_user(user_id)
test_data_manager._users.remove(user_id)
await role_api.delete_role(role_id)
test_data_manager._roles.remove(role_id)
@pytest.mark.asyncio
async def test_search_and_filter_workflow(self, authenticated_client):
async def test_search_and_filter_workflow(self, authenticated_client, test_data_manager):
"""测试搜索和过滤工作流"""
user_api = UserAPI(authenticated_client)
role_api = RoleAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
role_data = {
"roleName": f"Search_Role_{timestamp}",
"roleKey": f"search_role_{timestamp}",
"roleName": f"Search_Role_{unique_id}",
"roleKey": f"search_role_{unique_id}",
"roleSort": 1,
"status": 1
}
role_response = await role_api.create_role(role_data)
role_id = role_response.json()["id"]
test_data_manager.add_role(role_id)
user_ids = []
for i in range(5):
user_data = {
"username": f"search_{timestamp}_{i}",
"username": f"search_{unique_id}_{i}",
"password": "Test123!@#",
"email": f"search_{timestamp}_{i}@example.com",
"email": f"search_{unique_id}_{i}@example.com",
"status": 1
}
user_response = await user_api.create_user(user_data)
user_id = user_response.json()["id"]
user_ids.append(user_id)
test_data_manager.add_user(user_id)
search_response = await user_api.get_users_by_page(keyword=f"search_{timestamp}")
search_response = await user_api.get_users_by_page(keyword=f"search_{unique_id}")
assert search_response.status_code == 200
search_data = search_response.json()
assert len(search_data["content"]) >= 5
@@ -276,14 +299,16 @@ class TestBusinessFlow:
for user_id in user_ids:
await user_api.delete_user(user_id)
test_data_manager._users.remove(user_id)
await role_api.delete_role(role_id)
test_data_manager._roles.remove(role_id)
@pytest.mark.asyncio
async def test_error_recovery_workflow(self, authenticated_client):
async def test_error_recovery_workflow(self, authenticated_client, test_data_manager):
"""测试错误恢复工作流"""
user_api = UserAPI(authenticated_client)
timestamp = int(time.time() * 1000)
unique_id = f"{int(time.time() * 1000)}_{uuid.uuid4().hex[:8]}"
invalid_user_data = {
"username": "",
@@ -295,17 +320,19 @@ class TestBusinessFlow:
assert invalid_response.status_code in [400, 409, 422]
valid_user_data = {
"username": f"recovery_{timestamp}",
"username": f"recovery_{unique_id}",
"password": "Valid123!@#",
"email": f"recovery_{timestamp}@example.com",
"email": f"recovery_{unique_id}@example.com",
"status": 1
}
valid_response = await user_api.create_user(valid_user_data)
assert valid_response.status_code == 201
user_id = valid_response.json()["id"]
test_data_manager.add_user(user_id)
get_response = await user_api.get_user_by_id(user_id)
assert get_response.status_code == 200
await user_api.delete_user(user_id)
await user_api.delete_user(user_id)
test_data_manager._users.remove(user_id)