#!/bin/bash # auth_v2 统一认证服务完整功能测试脚本 # 包含:现有功能测试 + 缺失功能检测 + 安全缺陷测试 echo "==========================================" echo "auth_v2 统一认证服务完整功能测试" echo "网址:https://ebankofdata.online/auth/" echo "测试时间:$(date '+%Y-%m-%d %H:%M:%S')" echo "==========================================" echo "" TEST_RESULTS=() PASS_COUNT=0 FAIL_COUNT=0 WARN_COUNT=0 # 测试函数 run_test() { local test_name="$1" local test_command="$2" local expected="$3" local severity="${4:-INFO}" echo "🧪 测试:$test_name [$severity]" result=$(eval "$test_command" 2>&1) if [[ "$result" == *"$expected"* ]]; then echo " ✅ 通过" TEST_RESULTS+=("✅ [$severity] $test_name") ((PASS_COUNT++)) else echo " ❌ 失败" echo " 预期:$expected" echo " 实际:$result" TEST_RESULTS+=("❌ [$severity] $test_name") ((FAIL_COUNT++)) fi echo "" } # 关闭之前的浏览器会话 agent-browser close 2>/dev/null echo "==========================================" echo "第一部分:现有功能测试" echo "==========================================" echo "--- 1.1 页面访问测试 ---" agent-browser open https://ebankofdata.online/auth/ sleep 3 run_test "登录页面标题" "agent-browser eval 'document.title'" "统一认证服务" "CORE" run_test "登录页面 URL" "agent-browser get url" "auth" "CORE" echo "--- 1.2 注册页面测试 ---" # 前端使用 Hash 路由,直接测试注册 API 更可靠 register_page_http=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth/ 2>&1) if [[ "$register_page_http" == "200" ]]; then # 检查页面中是否有注册链接 page_content=$(curl -s https://ebankofdata.online/auth/ 2>&1) if [[ "$page_content" == *"register"* ]] || [[ "$page_content" == *"注册"* ]]; then echo " ✅ 通过 (注册页面可访问)" TEST_RESULTS+=("✅ [CORE] 注册页面访问") ((PASS_COUNT++)) else echo " ⚠️ 警告 (注册页面存在但无注册入口)" TEST_RESULTS+=("⚠️ [CORE] 注册页面访问 (无入口)") ((WARN_COUNT++)) fi else echo " ❌ 失败 (注册页面无法访问)" TEST_RESULTS+=("❌ [CORE] 注册页面访问") ((FAIL_COUNT++)) fi echo "" echo "--- 1.3 注册功能测试 ---" # 测试正常注册 register_result=$(curl -s -X POST https://ebankofdata.online/auth-api/register \ -H "Content-Type: application/json" \ -d "{\"username\":\"testuser_$(date +%s)\",\"password\":\"test123456\",\"nickname\":\"测试用户\"}" 2>&1) if [[ "$register_result" == *"success\":true"* ]]; then echo " ✅ 通过 (注册 API 正常)" TEST_RESULTS+=("✅ [CORE] 注册 API 功能") ((PASS_COUNT++)) else echo " ❌ 失败 (注册 API 异常)" TEST_RESULTS+=("❌ [CORE] 注册 API 功能") ((FAIL_COUNT++)) fi echo "" echo "--- 1.4 登录功能测试 ---" login_result=$(curl -s -X POST https://ebankofdata.online/auth-api/login \ -H "Content-Type: application/json" \ -d '{"username":"bluesky","password":"test8888"}' 2>&1) if [[ "$login_result" == *"token"* ]]; then echo " ✅ 通过 (登录 API 正常)" TEST_RESULTS+=("✅ [CORE] 登录 API 功能") ((PASS_COUNT++)) else echo " ❌ 失败 (登录 API 异常)" TEST_RESULTS+=("❌ [CORE] 登录 API 功能") ((FAIL_COUNT++)) fi echo "" echo "--- 1.5 Token 验证测试 ---" TOKEN=$(echo "$login_result" | grep -o '"token":"[^"]*"' | cut -d'"' -f4) if [ -n "$TOKEN" ]; then verify_result=$(curl -s -X POST https://ebankofdata.online/auth-api/token/verify \ -H "Content-Type: application/json" \ -d "{\"token\":\"$TOKEN\"}" 2>&1) if [[ "$verify_result" == *"valid\":true"* ]] || [[ "$verify_result" == *"status\":\"ok"* ]]; then echo " ✅ 通过 (Token 验证正常)" TEST_RESULTS+=("✅ [CORE] Token 验证功能") ((PASS_COUNT++)) else echo " ❌ 失败 (Token 验证异常)" TEST_RESULTS+=("❌ [CORE] Token 验证功能") ((FAIL_COUNT++)) fi else echo " ⚠️ 跳过 (未获取到 Token)" TEST_RESULTS+=("⚠️ [CORE] Token 验证功能 (跳过)") ((WARN_COUNT++)) fi echo "" echo "==========================================" echo "第二部分:安全缺陷测试" echo "==========================================" echo "--- 2.1 图形验证码检测 ---" login_page=$(curl -s https://ebankofdata.online/auth/ 2>&1) if [[ "$login_page" == *"captcha"* ]] || [[ "$login_page" == *"验证码"* ]] || [[ "$login_page" == *"Captcha"* ]]; then echo " ✅ 通过 (有图形验证码)" TEST_RESULTS+=("✅ [SECURITY] 图形验证码") ((PASS_COUNT++)) else echo " ❌ 失败 (无图形验证码 - 安全风险)" TEST_RESULTS+=("❌ [SECURITY] 图形验证码 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "--- 2.2 登录失败限制检测 ---" echo " 测试连续 10 次登录失败..." fail_count=0 for i in {1..10}; do result=$(curl -s -X POST https://ebankofdata.online/auth-api/login \ -H "Content-Type: application/json" \ -d '{"username":"bluesky","password":"wrongpassword"}' 2>&1) if [[ "$result" == *"locked"* ]] || [[ "$result" == *"限制"* ]] || [[ "$result" == *"limit"* ]]; then ((fail_count++)) break fi done if [[ $fail_count -gt 0 ]]; then echo " ✅ 通过 (有登录失败限制)" TEST_RESULTS+=("✅ [SECURITY] 登录失败限制") ((PASS_COUNT++)) else echo " ❌ 失败 (无登录失败限制 - 安全风险)" TEST_RESULTS+=("❌ [SECURITY] 登录失败限制 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "--- 2.3 Token 退出失效检测 ---" # 获取新 Token login_result=$(curl -s -X POST https://ebankofdata.online/auth-api/login \ -H "Content-Type: application/json" \ -d '{"username":"bluesky","password":"test8888"}' 2>&1) TOKEN=$(echo "$login_result" | grep -o '"token":"[^"]*"' | cut -d'"' -f4) if [ -n "$TOKEN" ]; then # 验证 Token 有效 verify_before=$(curl -s -X POST https://ebankofdata.online/auth-api/token/verify \ -H "Content-Type: application/json" \ -d "{\"token\":\"$TOKEN\"}" 2>&1) # 模拟退出登录(实际后端无退出 API,仅测试 Token 是否持续有效) sleep 2 # 再次验证 Token verify_after=$(curl -s -X POST https://ebankofdata.online/auth-api/token/verify \ -H "Content-Type: application/json" \ -d "{\"token\":\"$TOKEN\"}" 2>&1) if [[ "$verify_after" == *"valid\":true"* ]] || [[ "$verify_after" == *"status\":\"ok"* ]]; then echo " ⚠️ 警告 (Token 退出后仍有效 - 安全缺陷)" TEST_RESULTS+=("⚠️ [SECURITY] Token 退出失效 (缺陷)") ((WARN_COUNT++)) else echo " ✅ 通过 (Token 退出后失效)" TEST_RESULTS+=("✅ [SECURITY] Token 退出失效") ((PASS_COUNT++)) fi else echo " ⚠️ 跳过 (未获取到 Token)" TEST_RESULTS+=("⚠️ [SECURITY] Token 退出失效 (跳过)") ((WARN_COUNT++)) fi echo "" echo "--- 2.4 密码强度检测 ---" weak_register=$(curl -s -X POST https://ebankofdata.online/auth-api/register \ -H "Content-Type: application/json" \ -d '{"username":"weakpass_user","password":"123"}' 2>&1) if [[ "$weak_register" == *"success\":false"* ]] && [[ "$weak_register" == *"密码"* ]]; then echo " ✅ 通过 (有密码强度验证)" TEST_RESULTS+=("✅ [SECURITY] 密码强度验证") ((PASS_COUNT++)) else echo " ⚠️ 警告 (密码强度验证不足)" TEST_RESULTS+=("⚠️ [SECURITY] 密码强度验证 (不足)") ((WARN_COUNT++)) fi echo "" echo "==========================================" echo "第三部分:缺失功能检测" echo "==========================================" echo "--- 3.1 密码找回功能 ---" if [[ "$login_page" == *"找回密码"* ]] || [[ "$login_page" == *"忘记密码"* ]] || [[ "$login_page" == *"forgot"* ]]; then echo " ✅ 存在 (找回密码功能)" TEST_RESULTS+=("✅ [FEATURE] 密码找回功能") ((PASS_COUNT++)) else echo " ❌ 缺失 (无密码找回功能)" TEST_RESULTS+=("❌ [FEATURE] 密码找回功能 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "--- 3.2 修改密码功能 ---" modify_pwd_api=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth-api/password/change 2>&1) if [[ "$modify_pwd_api" != "404" ]]; then echo " ✅ 存在 (修改密码 API)" TEST_RESULTS+=("✅ [FEATURE] 修改密码功能") ((PASS_COUNT++)) else echo " ❌ 缺失 (无修改密码功能)" TEST_RESULTS+=("❌ [FEATURE] 修改密码功能 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "--- 3.3 用户信息管理 ---" user_info_api=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth-api/user/info 2>&1) if [[ "$user_info_api" != "404" ]]; then echo " ✅ 存在 (用户信息管理 API)" TEST_RESULTS+=("✅ [FEATURE] 用户信息管理") ((PASS_COUNT++)) else echo " ❌ 缺失 (无用户信息管理)" TEST_RESULTS+=("❌ [FEATURE] 用户信息管理 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "--- 3.4 邮箱验证功能 ---" email_verify_api=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth-api/email/verify 2>&1) if [[ "$email_verify_api" != "404" ]]; then echo " ✅ 存在 (邮箱验证 API)" TEST_RESULTS+=("✅ [FEATURE] 邮箱验证功能") ((PASS_COUNT++)) else echo " ❌ 缺失 (无邮箱验证功能)" TEST_RESULTS+=("❌ [FEATURE] 邮箱验证功能 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "--- 3.5 登录日志功能 ---" login_log_api=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth-api/login/log 2>&1) if [[ "$login_log_api" != "404" ]]; then echo " ✅ 存在 (登录日志 API)" TEST_RESULTS+=("✅ [FEATURE] 登录日志功能") ((PASS_COUNT++)) else echo " ❌ 缺失 (无登录日志功能)" TEST_RESULTS+=("❌ [FEATURE] 登录日志功能 (缺失)") ((FAIL_COUNT++)) fi echo "" echo "==========================================" echo "第四部分:Nginx 配置测试" echo "==========================================" auth_status=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth/ 2>&1) if [[ "$auth_status" == "200" ]]; then echo " ✅ 通过 (/auth/ 路径正常)" TEST_RESULTS+=("✅ [CONFIG] Nginx /auth/ 路径") ((PASS_COUNT++)) else echo " ❌ 失败 (/auth/ 路径状态码:$auth_status)" TEST_RESULTS+=("❌ [CONFIG] Nginx /auth/ 路径") ((FAIL_COUNT++)) fi api_status=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth-api/health 2>&1) if [[ "$api_status" == "200" ]]; then echo " ✅ 通过 (/auth-api/ 路径正常)" TEST_RESULTS+=("✅ [CONFIG] Nginx /auth-api/ 路径") ((PASS_COUNT++)) else echo " ❌ 失败 (/auth-api/ 路径状态码:$api_status)" TEST_RESULTS+=("❌ [CONFIG] Nginx /auth-api/ 路径") ((FAIL_COUNT++)) fi health_status=$(curl -s -o /dev/null -w "%{http_code}" https://ebankofdata.online/auth-health/ 2>&1) if [[ "$health_status" == "200" ]]; then echo " ✅ 通过 (/auth-health/ 路径正常)" TEST_RESULTS+=("✅ [CONFIG] Nginx /auth-health/ 路径") ((PASS_COUNT++)) else echo " ❌ 失败 (/auth-health/ 路径状态码:$health_status)" TEST_RESULTS+=("❌ [CONFIG] Nginx /auth-health/ 路径") ((FAIL_COUNT++)) fi echo "" echo "==========================================" echo "测试结果汇总" echo "==========================================" echo "" for result in "${TEST_RESULTS[@]}"; do echo " $result" done echo "" echo "==========================================" echo "统计信息" echo "==========================================" echo "总计:${#TEST_RESULTS[@]} 个测试" echo "通过:$PASS_COUNT" echo "失败:$FAIL_COUNT" echo "警告:$WARN_COUNT" echo "" # 计算通过率 if [ ${#TEST_RESULTS[@]} -gt 0 ]; then PASS_RATE=$((PASS_COUNT * 100 / ${#TEST_RESULTS[@]})) echo "通过率:$PASS_RATE%" fi echo "" # 分类统计 CORE_PASS=$(echo "${TEST_RESULTS[@]}" | grep -o "✅ \[CORE\]" | wc -l) CORE_FAIL=$(echo "${TEST_RESULTS[@]}" | grep -o "❌ \[CORE\]" | wc -l) SECURITY_PASS=$(echo "${TEST_RESULTS[@]}" | grep -o "✅ \[SECURITY\]" | wc -l) SECURITY_FAIL=$(echo "${TEST_RESULTS[@]}" | grep -o "❌ \[SECURITY\]" | wc -l) FEATURE_PASS=$(echo "${TEST_RESULTS[@]}" | grep -o "✅ \[FEATURE\]" | wc -l) FEATURE_FAIL=$(echo "${TEST_RESULTS[@]}" | grep -o "❌ \[FEATURE\]" | wc -l) echo "==========================================" echo "分类统计" echo "==========================================" echo "核心功能:$CORE_PASS 通过 / $CORE_FAIL 失败" echo "安全功能:$SECURITY_PASS 通过 / $SECURITY_FAIL 失败" echo "扩展功能:$FEATURE_PASS 通过 / $FEATURE_FAIL 失败" echo "" if [ $FAIL_COUNT -eq 0 ]; then echo "🎉 所有测试通过!" exit 0 else echo "⚠️ 有 $FAIL_COUNT 个测试失败,$WARN_COUNT 个警告" echo "" echo "📋 详细分析报告已生成:" echo " /home/auto_test/auth_v2_function_analysis.md" exit 1 fi