fix: v6 code review P0 auth/IDOR fixes + frontend regression patches
Backend fixes: - auth_handler: P0 认证逻辑修复 - ratelimit: 限速中间件增强 + 新增单元测试 - auth_service: 认证服务逻辑完善 + 新增测试 - server: server 配置增强 + 新增测试 - handler_test: 新增 handler 层集成测试 - auth_bootstrap_test: bootstrap 路径测试 Frontend patches: - LoginPage/RegisterPage: CSRF + 表单交互修复 - BootstrapAdminPage: 引导流程修复 - DevicesPage: 设备管理页修复 - auth/social-accounts/users/webhooks services: 类型修正 - csrf.ts: CSRF token 处理修正 - E2E 脚本: CDP smoke + auth e2e 增强 Docs: - FULL_CODE_REVIEW_REPORT_2026-04-20 - report-v6 执行计划 - REAL_PROJECT_STATUS 更新 - .gitignore: 新增 .gocache-*/config.yaml 排除 验证: go build/vet 0错误, go test 42/42 PASS, 0 FAIL
This commit is contained in:
@@ -375,6 +375,51 @@ func TestAuthService_RegisterWithActivation(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func TestAuthService_Register_UsesEmailActivationFlowWhenConfigured(t *testing.T) {
|
||||
svc, db := setupAuthEmailTestEnv(t)
|
||||
ctx := context.Background()
|
||||
|
||||
l1Cache := cache.NewL1Cache()
|
||||
l2Cache := cache.NewRedisCache(false)
|
||||
cacheManager := cache.NewCacheManager(l1Cache, l2Cache)
|
||||
emailActivationSvc := service.NewEmailActivationService(
|
||||
&service.MockEmailProvider{},
|
||||
cacheManager,
|
||||
"http://localhost:8080",
|
||||
"TestSite",
|
||||
)
|
||||
svc.SetEmailActivationService(emailActivationSvc)
|
||||
|
||||
userInfo, err := svc.Register(ctx, &service.RegisterRequest{
|
||||
Username: "register_activation_enabled",
|
||||
Password: "Password123!",
|
||||
Email: "register-activation-enabled@test.com",
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatalf("Register failed: %v", err)
|
||||
}
|
||||
if userInfo == nil {
|
||||
t.Fatal("Register returned nil user info")
|
||||
}
|
||||
if userInfo.Status != domain.UserStatusInactive {
|
||||
t.Fatalf("Register status = %d, want %d", userInfo.Status, domain.UserStatusInactive)
|
||||
}
|
||||
if userInfo.Nickname != "register_activation_enabled" {
|
||||
t.Fatalf("Register nickname = %q, want %q", userInfo.Nickname, "register_activation_enabled")
|
||||
}
|
||||
|
||||
var storedUser domain.User
|
||||
if err := db.WithContext(ctx).Where("username = ?", "register_activation_enabled").First(&storedUser).Error; err != nil {
|
||||
t.Fatalf("load stored user: %v", err)
|
||||
}
|
||||
if storedUser.Status != domain.UserStatusInactive {
|
||||
t.Fatalf("stored user status = %d, want %d", storedUser.Status, domain.UserStatusInactive)
|
||||
}
|
||||
if storedUser.Nickname != "register_activation_enabled" {
|
||||
t.Fatalf("stored user nickname = %q, want %q", storedUser.Nickname, "register_activation_enabled")
|
||||
}
|
||||
}
|
||||
|
||||
// =============================================================================
|
||||
// Login By Email Code Extended Tests
|
||||
// =============================================================================
|
||||
|
||||
Reference in New Issue
Block a user