peanut/happy-life-star
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
happy-life-star/backend-single/docs/ADMIN_AUTH_TEST.md
T
peanut 0016453f20 增加后台管理模块
2025-10-27 23:57:31 +08:00

263 lines
5.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 管理员登录功能测试指南
## 测试前准备
### 1. 执行数据库脚本
确保已执行 `sql/emotion_museum.sql` 脚本,该脚本会:
- 创建 `t_admin`
- 初始化默认管理员账号
### 2. 启动应用
```bash
cd backend-single
mvn spring-boot:run
```
## 测试用例
### 测试1: 管理员登录
**请求**:
```bash
curl -X POST http://localhost:8080/api/admin/auth/login \
-H "Content-Type: application/json" \
-d '{
"account": "admin",
"password": "admin123"
}'
```
**预期响应**:
```json
{
"code": 200,
"message": "登录成功",
"data": {
"accessToken": "eyJhbGciOiJIUzUxMiJ9...",
"refreshToken": "eyJhbGciOiJIUzUxMiJ9...",
"expiresIn": 86400,
"adminInfo": {
"id": "xxx",
"account": "admin",
"username": "系统管理员",
"email": "admin@emotion-museum.com",
"phone": "13800138000",
"role": "super_admin",
"status": 1
},
"loginTime": "2025-10-27 10:00:00"
},
"timestamp": 1698393600000
}
```
### 测试2: 错误的密码
**请求**:
```bash
curl -X POST http://localhost:8080/api/admin/auth/login \
-H "Content-Type: application/json" \
-d '{
"account": "admin",
"password": "wrongpassword"
}'
```
**预期响应**:
```json
{
"code": 500,
"message": "账号或密码错误",
"data": null,
"timestamp": 1698393600000
}
```
### 测试3: 获取管理员信息
**请求**:
```bash
curl -X GET http://localhost:8080/api/admin/auth/info \
-H "Authorization: Bearer {从登录接口获取的accessToken}"
```
**预期响应**:
```json
{
"code": 200,
"message": "操作成功",
"data": {
"id": "xxx",
"account": "admin",
"username": "系统管理员",
"email": "admin@emotion-museum.com",
"role": "super_admin",
"status": 1
},
"timestamp": 1698393600000
}
```
### 测试4: 访问管理员接口(分页查询管理员)
**请求**:
```bash
curl -X GET "http://localhost:8080/api/admin/page?current=1&size=10" \
-H "Authorization: Bearer {accessToken}"
```
**预期响应**:
```json
{
"code": 200,
"message": "操作成功",
"data": {
"records": [
{
"id": "xxx",
"account": "admin",
"username": "系统管理员",
"role": "super_admin",
...
}
],
"total": 1,
"current": 1,
"size": 10,
"pages": 1
},
"timestamp": 1698393600000
}
```
### 测试5: 普通用户Token访问管理员接口(应该被拒绝)
**请求**:
```bash
# 先用普通用户登录获取Token
curl -X POST http://localhost:8080/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"phone": "13800138001",
"smsCode": "123456"
}'
# 使用普通用户Token访问管理员接口
curl -X GET http://localhost:8080/api/admin/page \
-H "Authorization: Bearer {普通用户的accessToken}"
```
**预期响应**:
```json
{
"code": 403,
"message": "无权限访问",
"data": null
}
```
### 测试6: 管理员登出
**请求**:
```bash
curl -X POST http://localhost:8080/api/admin/auth/logout \
-H "Authorization: Bearer {accessToken}"
```
**预期响应**:
```json
{
"code": 200,
"message": "登出成功",
"data": null,
"timestamp": 1698393600000
}
```
### 测试7: 刷新Token
**请求**:
```bash
curl -X POST http://localhost:8080/api/admin/auth/refreshToken \
-H "Content-Type: application/json" \
-d '{
"refreshToken": "{从登录接口获取的refreshToken}"
}'
```
**预期响应**:
```json
{
"code": 200,
"message": "令牌刷新成功",
"data": {
"accessToken": "新的accessToken",
"refreshToken": "新的refreshToken",
"expiresIn": 86400,
...
},
"timestamp": 1698393600000
}
```
## 使用Postman测试
### 1. 导入环境变量
创建环境变量:
- `baseUrl`: http://localhost:8080/api
- `adminToken`: (登录后自动设置)
### 2. 管理员登录请求配置
- **Method**: POST
- **URL**: `{{baseUrl}}/admin/auth/login`
- **Headers**:
- Content-Type: application/json
- **Body** (raw JSON):
```json
{
"account": "admin",
"password": "admin123"
}
```
- **Tests** (自动保存Token):
```javascript
if (pm.response.code === 200) {
const response = pm.response.json();
pm.environment.set("adminToken", response.data.accessToken);
}
```
### 3. 其他请求配置
在需要认证的请求中添加Header
- **Key**: Authorization
- **Value**: Bearer {{adminToken}}
## 验证要点
1. ✅ 管理员可以使用账号密码登录
2. ✅ 登录成功返回带有userType=admin的Token
3. ✅ 管理员Token可以访问 `/admin/**` 路径
4. ✅ 普通用户Token无法访问管理员接口(返回403)
5. ✅ 管理员Token无法访问普通用户接口
6. ✅ 登录信息被正确记录(最后登录时间、登录次数)
7. ✅ Token刷新功能正常
8. ✅ 登出功能正常
## 常见问题
### Q1: 登录返回401
**原因**: 账号或密码错误
**解决**: 检查账号密码是否正确,确认数据库中有初始管理员数据
### Q2: 访问接口返回403
**原因**: 使用了错误类型的Token
**解决**: 确保使用管理员Token访问管理员接口
### Q3: Token验证失败
**原因**: Token过期或无效
**解决**: 重新登录或使用refreshToken刷新
### Q4: 数据库连接失败
**原因**: Redis或MySQL未启动
**解决**: 确保Redis和MySQL服务正常运行
Reference in New Issue View Git Blame Copy Permalink