From 6b25dc7bda081d5580cc8255ca077c37286c680c Mon Sep 17 00:00:00 2001 From: boxshadow Date: Thu, 15 Aug 2019 18:42:21 +0800 Subject: [PATCH] =?UTF-8?q?chore:=20=E4=BF=AE=E6=AD=A3=E4=B8=80=E4=B8=AA?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Controllers/APIs/V2/AuthController.php | 5 ++--- database/factories/UserFactory.php | 2 +- tests/Feature/API2/AuthLoginTest.php | 15 ++++++++++++++- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/APIs/V2/AuthController.php b/app/Http/Controllers/APIs/V2/AuthController.php index 7b3e24c55..8e75e7898 100644 --- a/app/Http/Controllers/APIs/V2/AuthController.php +++ b/app/Http/Controllers/APIs/V2/AuthController.php @@ -65,9 +65,8 @@ public function login(Request $request) $login = (string) $request->input('login', ''); $code = $request->input('verifiable_code'); $field = username($login); - if ($code !== null && in_array($field, ['phone', 'email'])) { - $verify = VerificationCode::where('account', $login) + $verify = VerificationCode::query()->where('account', $login) ->where('channel', $field == 'phone' ? 'sms' : 'mail') ->where('code', $code) ->byValid(120) @@ -114,7 +113,7 @@ public function login(Request $request) return $this->respondWithToken($token); } - return $this->response()->json(['message' => '账号或密码不正确'], 422); + return $this->response()->json(['message' => '账号或密码不正确'], 403); } else { return $this->response()->json([ 'message' => sprintf('%s还没有注册', $field == 'phone' diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php index 09e792ad4..191ea0f4b 100644 --- a/database/factories/UserFactory.php +++ b/database/factories/UserFactory.php @@ -36,7 +36,7 @@ 'name' => $faker->name, 'email' => $faker->unique()->safeEmail, 'phone' => $faker->unique()->phoneNumber, - 'password' => $password ?: $password = bcrypt('secret'), + 'password' => $password ?: $password = bcrypt('password'), 'email_verified_at' => now(), 'phone_verified_at' => now(), 'remember_token' => str_random(10), diff --git a/tests/Feature/API2/AuthLoginTest.php b/tests/Feature/API2/AuthLoginTest.php index f8044c24b..47e132d07 100644 --- a/tests/Feature/API2/AuthLoginTest.php +++ b/tests/Feature/API2/AuthLoginTest.php @@ -47,12 +47,25 @@ public function testUserLogin() { $response = $this->json('POST', 'api/v2/auth/login', [ 'login' => $this->user->id, - 'password' => 'secret', + 'password' => 'password', ]); $this->assertLoginResponse($response); } + /** + * 使用错误的密码将返回403状态码 + */ + public function test_user_can_not_login_with_wrong_password() + { + $response = $this->json('POST', 'api/v2/auth/login', [ + 'login' => $this->user->id, + 'password' => 'secret', + ]); + + $response->assertStatus(403); + } + /** * Assert login response. *