using System.Net;
using System.Net.Http.Headers;
using System.Net.Http.Json;
using CampusErrand.Data;
using CampusErrand.Models;
using CampusErrand.Models.Dtos;
using FsCheck;
using FsCheck.Xunit;
using Microsoft.AspNetCore.Mvc.Testing;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
namespace CampusErrand.Tests;
///
/// Property 4: 手机号隐藏规则
/// 对任意未被接取的订单,非单主用户查询订单详情时,API 返回的数据中手机号字段应为空或被遮蔽。
/// 仅当订单已被接取且查询者为接单跑腿时,手机号才可见。
/// **Feature: login-and-homepage, Property 4: 手机号隐藏规则**
///
///
public class PhoneHidingPropertyTests : IDisposable
{
private const string JwtSecret = "YourSuperSecretKeyForJwtTokenGeneration_AtLeast32Chars!";
private const string JwtIssuer = "CampusErrand";
private const string JwtAudience = "CampusErrandApp";
private readonly List> _factories = [];
private WebApplicationFactory CreateFactory(string dbName)
{
var factory = new WebApplicationFactory()
.WithWebHostBuilder(builder =>
{
builder.ConfigureServices(services =>
{
var efDescriptors = services
.Where(d =>
d.ServiceType.FullName?.Contains("EntityFrameworkCore") == true
|| d.ServiceType == typeof(DbContextOptions)
|| d.ServiceType == typeof(DbContextOptions)
|| d.ImplementationType?.FullName?.Contains("EntityFrameworkCore") == true)
.ToList();
foreach (var d in efDescriptors) services.Remove(d);
services.AddDbContext(options =>
options.UseInMemoryDatabase(dbName));
});
});
_factories.Add(factory);
return factory;
}
private static string GenerateUserToken(int userId)
{
var key = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(
System.Text.Encoding.UTF8.GetBytes(JwtSecret));
var credentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(
key, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userId.ToString()),
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "User")
};
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: JwtIssuer, audience: JwtAudience, claims: claims,
expires: DateTime.UtcNow.AddHours(1), signingCredentials: credentials);
return new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(token);
}
///
/// 在数据库中直接创建一个订单,返回订单 ID
///
private static int SeedOrder(WebApplicationFactory factory, int ownerId, int? runnerId, string phone)
{
using var scope = factory.Services.CreateScope();
var db = scope.ServiceProvider.GetRequiredService();
var order = new Order
{
OrderNo = $"TEST{Guid.NewGuid():N}"[..20],
OwnerId = ownerId,
RunnerId = runnerId,
OrderType = OrderType.Pickup,
Status = runnerId == null ? OrderStatus.Pending : OrderStatus.InProgress,
ItemName = "测试物品",
DeliveryLocation = "测试地点",
Phone = phone,
Commission = 5.0m,
TotalAmount = 5.0m,
CreatedAt = DateTime.UtcNow,
AcceptedAt = runnerId == null ? null : DateTime.UtcNow
};
db.Orders.Add(order);
db.SaveChanges();
return order.Id;
}
///
/// 属性:未接单订单,非单主用户查询时手机号应为空
///
[Property(MaxTest = 10)]
public bool 未接单订单非单主查询手机号为空(PositiveInt seed)
{
var ownerId = 100 + (seed.Get % 100);
var otherUserId = ownerId + 1; // 非单主用户
var phone = "13800138000";
var dbName = $"phone_hide_{Guid.NewGuid()}";
using var factory = CreateFactory(dbName);
// 创建未接单订单(RunnerId = null)
var orderId = SeedOrder(factory, ownerId, null, phone);
var client = factory.CreateClient();
// 以非单主身份查询
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", GenerateUserToken(otherUserId));
var response = client.GetAsync($"/api/orders/{orderId}").Result;
if (response.StatusCode != HttpStatusCode.OK) return false;
var order = response.Content.ReadFromJsonAsync().Result!;
// 手机号应为空
return order.Phone == null;
}
///
/// 属性:单主自己查询时手机号始终可见
///
[Property(MaxTest = 10)]
public bool 单主查询自己订单手机号可见(PositiveInt seed)
{
var ownerId = 200 + (seed.Get % 100);
var phone = "13900139000";
var dbName = $"phone_owner_{Guid.NewGuid()}";
using var factory = CreateFactory(dbName);
var orderId = SeedOrder(factory, ownerId, null, phone);
var client = factory.CreateClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", GenerateUserToken(ownerId));
var response = client.GetAsync($"/api/orders/{orderId}").Result;
if (response.StatusCode != HttpStatusCode.OK) return false;
var order = response.Content.ReadFromJsonAsync().Result!;
return order.Phone == phone;
}
///
/// 属性:已接单订单,接单跑腿查询时手机号可见
///
[Property(MaxTest = 10)]
public bool 已接单订单跑腿查询手机号可见(PositiveInt seed)
{
var ownerId = 300 + (seed.Get % 100);
var runnerId = ownerId + 1;
var phone = "13700137000";
var dbName = $"phone_runner_{Guid.NewGuid()}";
using var factory = CreateFactory(dbName);
var orderId = SeedOrder(factory, ownerId, runnerId, phone);
var client = factory.CreateClient();
// 以接单跑腿身份查询
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", GenerateUserToken(runnerId));
var response = client.GetAsync($"/api/orders/{orderId}").Result;
if (response.StatusCode != HttpStatusCode.OK) return false;
var order = response.Content.ReadFromJsonAsync().Result!;
return order.Phone == phone;
}
///
/// 属性:已接单订单,非单主非跑腿的第三方用户查询时手机号为空
///
[Property(MaxTest = 10)]
public bool 已接单订单第三方用户查询手机号为空(PositiveInt seed)
{
var ownerId = 400 + (seed.Get % 100);
var runnerId = ownerId + 1;
var thirdPartyId = ownerId + 2;
var phone = "13600136000";
var dbName = $"phone_third_{Guid.NewGuid()}";
using var factory = CreateFactory(dbName);
var orderId = SeedOrder(factory, ownerId, runnerId, phone);
var client = factory.CreateClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", GenerateUserToken(thirdPartyId));
var response = client.GetAsync($"/api/orders/{orderId}").Result;
if (response.StatusCode != HttpStatusCode.OK) return false;
var order = response.Content.ReadFromJsonAsync().Result!;
return order.Phone == null;
}
public void Dispose()
{
foreach (var f in _factories) f.Dispose();
_factories.Clear();
}
}