easyai-ai-gateway/apps/api/internal/httpapi/local_login_policy_test.go
chengcheng a312ad880d fix(identity): 完善统一认证配对恢复与安全退役
修复 credentials_saved 状态无法恢复、配对与激活并发冲突,以及 SSF 和身份 Secret 生命周期不完整的问题。新增持久化协调器、取消与清理状态机、事务级并发门禁、受控 SSF 凭据交接、禁用后的延迟 Secret 清理,并对生产环境统一认证及 Discovery 端点强制 HTTPS。

验证:go test ./...;go test -race ./internal/auth ./internal/identity ./internal/identityruntime ./internal/securityevents ./internal/httpapi ./internal/store -count=1;go vet ./...;真实 PostgreSQL 并发及清理成功/冲突回滚测试;pnpm openapi。
2026-07-17 18:31:12 +08:00

27 lines
962 B
Go

package httpapi
import (
"testing"
"github.com/easyai/easyai-ai-gateway/apps/api/internal/config"
"github.com/easyai/easyai-ai-gateway/apps/api/internal/store"
)
func TestLocalLoginPolicyAlwaysPreservesBreakGlassManager(t *testing.T) {
serverMain := &Server{cfg: config.Config{IdentityMode: "server-main"}}
if !serverMain.localLoginAllowed(store.GatewayUser{Roles: []string{"manager"}}) {
t.Fatal("server-main mode rejected a local break-glass manager")
}
if !serverMain.localLoginAllowed(store.GatewayUser{Roles: []string{"admin"}}) {
t.Fatal("server-main mode rejected a local break-glass admin")
}
if serverMain.localLoginAllowed(store.GatewayUser{Roles: []string{"user"}}) {
t.Fatal("server-main mode accepted an ordinary local user")
}
hybrid := &Server{cfg: config.Config{IdentityMode: "hybrid"}}
if !hybrid.localLoginAllowed(store.GatewayUser{Roles: []string{"user"}}) {
t.Fatal("hybrid mode rejected an ordinary local user")
}
}