using System.Net;
using System.Net.Http.Headers;
using System.Net.Http.Json;
using CampusErrand.Data;
using CampusErrand.Models;
using CampusErrand.Models.Dtos;
using FsCheck;
using FsCheck.Xunit;
using Microsoft.AspNetCore.Mvc.Testing;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
namespace CampusErrand.Tests;
///
/// Property 12: 跑腿认证前置检查
/// 对任意未通过跑腿认证的用户,尝试接单时应被拒绝。
/// 已通过认证的用户应允许接单。
/// **Feature: login-and-homepage, Property 12: 跑腿认证前置检查**
///
///
public class RunnerCertificationPropertyTests : IDisposable
{
private const string JwtSecret = "YourSuperSecretKeyForJwtTokenGeneration_AtLeast32Chars!";
private const string JwtIssuer = "CampusErrand";
private const string JwtAudience = "CampusErrandApp";
private readonly List> _factories = [];
private WebApplicationFactory CreateFactory(string dbName)
{
var factory = new WebApplicationFactory()
.WithWebHostBuilder(builder =>
{
builder.ConfigureServices(services =>
{
var efDescriptors = services
.Where(d =>
d.ServiceType.FullName?.Contains("EntityFrameworkCore") == true
|| d.ServiceType == typeof(DbContextOptions)
|| d.ServiceType == typeof(DbContextOptions)
|| d.ImplementationType?.FullName?.Contains("EntityFrameworkCore") == true)
.ToList();
foreach (var d in efDescriptors) services.Remove(d);
services.AddDbContext(options =>
options.UseInMemoryDatabase(dbName));
});
});
_factories.Add(factory);
return factory;
}
private static string GenerateUserToken(int userId, string role = "User")
{
var key = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(
System.Text.Encoding.UTF8.GetBytes(JwtSecret));
var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(
key, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userId.ToString()),
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, role)
};
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: JwtIssuer, audience: JwtAudience, claims: claims,
expires: DateTime.UtcNow.AddHours(1), signingCredentials: credentials);
return new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(token);
}
///
/// 准备一个待接单订单和单主用户
///
private static int SeedOrderAndOwner(AppDbContext db, int ownerId)
{
db.Users.Add(new User
{
Id = ownerId,
OpenId = $"owner_{ownerId}",
Phone = "13900000001",
Nickname = "单主",
CreatedAt = DateTime.UtcNow
});
var order = new Order
{
OrderNo = $"ORD{Guid.NewGuid():N}"[..20],
OwnerId = ownerId,
OrderType = OrderType.Pickup,
Status = OrderStatus.Pending,
ItemName = "测试物品",
DeliveryLocation = "测试地点",
Phone = "13800138000",
Commission = 5.0m,
TotalAmount = 5.0m,
CreatedAt = DateTime.UtcNow
};
db.Orders.Add(order);
db.SaveChanges();
return order.Id;
}
///
/// 属性:未通过跑腿认证的用户接单应被拒绝
///
[Property(MaxTest = 20)]
public bool 未认证用户接单被拒绝(PositiveInt seed)
{
var dbName = $"cert_no_{Guid.NewGuid()}";
using var factory = CreateFactory(dbName);
var runnerId = 10 + (seed.Get % 90);
var ownerId = runnerId + 100;
int orderId;
using (var scope = factory.Services.CreateScope())
{
var db = scope.ServiceProvider.GetRequiredService();
orderId = SeedOrderAndOwner(db, ownerId);
// 创建跑腿用户但不创建认证记录
db.Users.Add(new User
{
Id = runnerId,
OpenId = $"runner_{runnerId}",
Phone = "13900000002",
Nickname = "未认证跑腿",
Role = UserRole.User,
IsBanned = false,
CreatedAt = DateTime.UtcNow
});
db.SaveChanges();
}
var client = factory.CreateClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", GenerateUserToken(runnerId));
var response = client.PostAsync($"/api/orders/{orderId}/accept", null).Result;
// 未认证用户接单应返回 400
return response.StatusCode == HttpStatusCode.BadRequest;
}
///
/// 属性:已通过跑腿认证的用户可以正常接单
///
[Property(MaxTest = 20)]
public bool 已认证用户可以接单(PositiveInt seed)
{
var dbName = $"cert_yes_{Guid.NewGuid()}";
using var factory = CreateFactory(dbName);
var runnerId = 10 + (seed.Get % 90);
var ownerId = runnerId + 100;
int orderId;
using (var scope = factory.Services.CreateScope())
{
var db = scope.ServiceProvider.GetRequiredService();
orderId = SeedOrderAndOwner(db, ownerId);
// 创建已认证的跑腿用户
db.Users.Add(new User
{
Id = runnerId,
OpenId = $"runner_{runnerId}",
Phone = "13900000002",
Nickname = "已认证跑腿",
Role = UserRole.Runner,
IsBanned = false,
CreatedAt = DateTime.UtcNow
});
// 创建已通过的认证记录
db.RunnerCertifications.Add(new RunnerCertification
{
UserId = runnerId,
RealName = "测试跑腿",
Phone = "13900000002",
Status = CertificationStatus.Approved,
CreatedAt = DateTime.UtcNow,
ReviewedAt = DateTime.UtcNow
});
db.SaveChanges();
}
var client = factory.CreateClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", GenerateUserToken(runnerId, "Runner"));
var response = client.PostAsync($"/api/orders/{orderId}/accept", null).Result;
// 已认证用户接单应返回 200
return response.StatusCode == HttpStatusCode.OK;
}
public void Dispose()
{
foreach (var f in _factories) f.Dispose();
_factories.Clear();
}
}