fa5ab4e161
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
移除不再使用的数据脱敏功能,包括: 1. 删除data_masking模块 2. 清理loop_runner中的unmask逻辑 3. 移除前端saas-relay-client.ts中的mask/unmask实现 4. 更新中间件层数从15层降为14层 5. 同步更新相关文档(CLAUDE.md、TRUTH.md、wiki等) 此次变更简化了系统架构,移除了不再需要的敏感数据处理逻辑。所有相关测试证据和截图已归档。
99 lines
4.1 KiB
Plaintext
99 lines
4.1 KiB
Plaintext
=== V1 Authentication & Security Tests ===
|
|
Time: Fri Apr 17 02:07:56 2026
|
|
|
|
--- V1-01: Register e2e_admin ---
|
|
HTTP: 200
|
|
Body: {"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxN2ZlZWRhOC0zMDcwLTQ2ZjktYTFhZS1kNjYxN2VhODZkZGUiLCJzdWIiOiJiNTdlYWYyZS00NjM5LTRlMzItODg2Ny01YTAyYjNkZmFmYmYiLCJyb2xlIjoidXNlciIsInBlcm1pc3Npb25zIjpbIm1vZGVsOnJlYWQiLCJyZWxheTp1c2UiLCJjb25maWc6cmVhZCJdLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwicHd2IjoxLCJpYXQiOjE3NzYzNjI4NzcsImV4cCI6MTc3NjQ0OTI3N30.xF8FWfAjq_bVxI3C_OHBUwKN_fYdHw_TmlbIIxRUpvo","refresh_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIwYjBhM2JjMC0xNzU3LTRhNTUtOGI3Yi04YmQxOWJkMj
|
|
TOKEN_LEN: 380
|
|
ADMIN_ID:
|
|
|
|
--- V1-02a: Register e2e_user ---
|
|
HTTP: 200
|
|
TOKEN_LEN: 380, ID:
|
|
--- V1-02b: Register e2e_dev ---
|
|
HTTP: 200
|
|
TOKEN_LEN: 380, ID:
|
|
|
|
--- V1-03: Duplicate registration rejection ---
|
|
Same username: HTTP=429 Body={"error":"RATE_LIMITED","message":"速率限制: 注册请求过于频繁,请一小时后再试"}
|
|
Short username: HTTP=429
|
|
Short password: HTTP=429
|
|
|
|
--- V1-04: Login e2e_user ---
|
|
HTTP: 200
|
|
TOKEN_LEN: 380
|
|
JWT payload: {
|
|
"jti": "0b774a95-dbcf-463c-8cc5-0ac89070b78a",
|
|
"sub": "73fc0d98-7dd9-4b8c-a443-010db385129a",
|
|
"role": "user",
|
|
"permissions": [
|
|
"model:read",
|
|
"relay:use",
|
|
"config:read"
|
|
],
|
|
"token_type": "access",
|
|
"pwv": 1,
|
|
"iat": 1776362881,
|
|
"exp": 1776449281
|
|
}
|
|
|
|
|
|
Tokens saved to /tmp/e2e_tokens.txt
|
|
--- V1-05: Password lockout (e2e_lock_test) ---
|
|
Lock test register: HTTP=429
|
|
SKIP: Rate limited from registration, cannot create lock test account
|
|
|
|
--- V1-06: Token refresh rotation ---
|
|
Refresh HTTP: 200
|
|
NEW_TOKEN_LEN: 380
|
|
--- Old refresh_token reuse ---
|
|
Old refresh reuse: HTTP=401 Body={"error":"AUTH_ERROR","message":"认证失败: refresh token 已使用、已过期或不存在"}
|
|
|
|
--- V1-07: Password change invalidates token ---
|
|
Password change: HTTP=200
|
|
Old token after pw change: HTTP=401
|
|
--- V1-07 continue ---
|
|
Login with new pw: token_len=380
|
|
Password revert: {"message":"密码修改成功","ok":true} 200
|
|
Final dev token: 380
|
|
|
|
--- V1-08: Logout ---
|
|
Logout: HTTP=204
|
|
--- V1-09: TOTP setup endpoint ---
|
|
TOTP setup: HTTP=200
|
|
NOTE: Full TOTP verify SKIP (needs code computation)
|
|
--- V1-10: API Token CRUD ---
|
|
Create: {"error":"INVALID_INPUT","message":"无效输入: 请求的权限均不被允许"}
|
|
API Token ID: , plain_len: 0
|
|
List: {"items":[],"total":0,"page":1,"page_size":20}...
|
|
--- V1-11: Permissions ---
|
|
user->admin endpoint: 403
|
|
admin->admin endpoint: 200
|
|
no token: 401
|
|
--- V1-12: /auth/me ---
|
|
{
|
|
"id": "73fc0d98-7dd9-4b8c-a443-010db385129a",
|
|
"username": "e2e_user",
|
|
"email": "e2e_user@test.zclaw",
|
|
"display_name": "",
|
|
"role": "user",
|
|
"status": "active",
|
|
"totp_enabled": false,
|
|
"created_at": "2026-04-16 18:07:58.716226+00",
|
|
"llm_routing": "relay"
|
|
}
|
|
--- V1-10 retry: API Token CRUD ---
|
|
No perms: Failed to deserialize the JSON body into the target type: missing field `permissions` at line 1 column 25 HTTP:422
|
|
relay:use: {"error":"INVALID_INPUT","message":"无效输入: 请求的权限均不被允许"} HTTP:400
|
|
model:read+relay:use: {"error":"INVALID_INPUT","message":"无效输入: 请求的权限均不被允许"} HTTP:400
|
|
--- V1-10 retry with correct perms ---
|
|
Create: {"id":"39229c75-3004-4d95-81c7-da36b167cb9a","name":"e2e_test_api_token","token_prefix":"zclaw_6c","permissions":["admin:full","relay:admin","config:write"],"last_used_at":null,"expires_at":null,"created_at":"2026-04-16T18:12:07.484570+00:00","token":"zclaw_6cc5238844797b1e95af159ea69cbaf07d15cd6f76fd864b8d38e37a6ead3886477b33f4e1d296cc0274574306bc2fb7"} HTTP:200
|
|
API plain_len: 102, ID: 39229c75-3004-4d95-81c7-da36b167cb9a
|
|
Token list total: 1
|
|
Use: {"id":"db5fb656-9228-4178-bc6c-c03d5d6c0c11","username":"admin","email":"admin@zclaw.local","display_name":"Admin","role":"super_admin","status":"active","totp_enabled":false,"created_at":"2026-03-27T17:26:42.374416600+00:00","llm_routing":"relay"} HTTP:200
|
|
Revoke: {"ok":true} HTTP:200
|
|
After revoke: {"error":"UNAUTHORIZED","message":"未认证"} HTTP:401
|
|
--- V1-05 retry: Password lockout ---
|
|
Register lock account: HTTP=429
|
|
SKIP: HTTP=429 Body={"error":"RATE_LIMITED","message":"速率限制: 注册请求过于频繁,请一小时后再试"}
|