From cec20780351c0677a7b79db906656d70d4adedec Mon Sep 17 00:00:00 2001 From: Hank Date: Thu, 11 Jun 2026 17:52:37 +0800 Subject: [PATCH] =?UTF-8?q?test(auth):=20=E5=90=8C=E6=AD=A5=20admin=20regi?= =?UTF-8?q?ster=20=E7=AB=AF=E9=BB=9E=E7=A7=BB=E9=99=A4=E2=80=94=E2=80=94?= =?UTF-8?q?=E5=88=AA=E9=99=A4=E9=81=8E=E6=99=82=E6=B8=AC=E8=A9=A6=E3=80=81?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E8=A6=86=E8=93=8B=E8=A6=8F=E6=A0=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 原 test_admin_register_* 測的是已移除的 P0 漏洞端點, 端點關閉防護與帳號建立改由 AdminAccountCreationTest 覆蓋。 容器內全套件 146 passed / 378 assertions。 Co-Authored-By: Claude Fable 5 --- openspec/specs/auth-test-coverage/spec.md | 10 ++----- tests/Feature/AuthLoginTest.php | 35 +---------------------- 2 files changed, 4 insertions(+), 41 deletions(-) diff --git a/openspec/specs/auth-test-coverage/spec.md b/openspec/specs/auth-test-coverage/spec.md index ed43547..da64c33 100644 --- a/openspec/specs/auth-test-coverage/spec.md +++ b/openspec/specs/auth-test-coverage/spec.md @@ -66,13 +66,9 @@ - **WHEN** role=member 的帳號嘗試 `POST /api/provider/login` - **THEN** 回傳 HTTP 401,`{ status: false, message: "電子郵件或密碼錯誤" }`(查詢以 role 過濾,跨角色帳號視同不存在) -#### Scenario: Admin 註冊成功 -- **WHEN** 送出有效的 name / email / password / password_confirmation 至 `POST /api/admin/register` -- **THEN** 回傳 HTTP 201,body 包含 `{ status: true, data: { user } }`,DB 存在對應 admin 用戶 - -#### Scenario: Admin 重複 Email 註冊失敗 -- **WHEN** 送出已存在的 email 至 `POST /api/admin/register` -- **THEN** 回傳 HTTP 422 +#### Scenario: Admin 公開註冊端點保持關閉 +- **WHEN** 任何人送出 `POST /api/admin/register`(該端點已於 2026-06-11 因 P0 漏洞移除,見 admin-auth 規格「管理員帳號建立途徑」) +- **THEN** 回傳 HTTP 404,且不建立任何帳號;帳號建立改由 `app:create-admin` command 覆蓋測試 #### Scenario: Admin 登入成功 - **WHEN** 送出正確的 email / password 至 `POST /api/admin/login` diff --git a/tests/Feature/AuthLoginTest.php b/tests/Feature/AuthLoginTest.php index a917473..5c9cacd 100644 --- a/tests/Feature/AuthLoginTest.php +++ b/tests/Feature/AuthLoginTest.php @@ -248,40 +248,7 @@ class AuthLoginTest extends TestCase ->assertStatus(401); } - // ── admin 註冊 ─────────────────────────────────────────── - - public function test_admin_register_success(): void - { - $response = $this->postJson('/api/admin/register', [ - 'name' => 'Test Admin', - 'email' => 'newadmin@example.com', - 'password' => 'password123', - 'password_confirmation' => 'password123', - ]); - - $response->assertStatus(201) - ->assertJsonPath('status', true) - ->assertJsonStructure(['data' => ['user']]); - - $this->assertDatabaseHas('users', [ - 'email' => 'newadmin@example.com', - 'role' => 'admin', - ]); - } - - public function test_admin_register_duplicate_email_returns_422(): void - { - $this->createAdmin(['email' => 'dup-admin@example.com']); - - $response = $this->postJson('/api/admin/register', [ - 'name' => 'Another Admin', - 'email' => 'dup-admin@example.com', - 'password' => 'password123', - 'password_confirmation' => 'password123', - ]); - - $response->assertStatus(422); - } + // admin 註冊端點已移除(P0 漏洞),帳號建立途徑見 AdminAccountCreationTest // ── admin 登入/登出 ─────────────────────────────────────