补齐套餐详情页治理入口回链测试

2026-03-20 10:35:19 +08:00
parent 347603c259
commit 7c0e3011ed
1 changed files with 88 additions and 0 deletions
--- a/tests/Feature/AdminPlanShowTest.php
+++ b/tests/Feature/AdminPlanShowTest.php
@@ -277,4 +277,92 @@ class AdminPlanShowTest extends TestCase
        $res->assertSee($expectedCreateOrderUrl, false);
        $res->assertDontSee('back=' . $safeBack, false);
    }
+
+    public function test_plan_show_platform_order_governance_links_should_use_self_back_when_outer_back_is_unsafe(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $plan = Plan::query()->create([
+            'code' => 'plan_show_governance_unsafe_back_test',
+            'name' => '套餐详情治理入口 unsafe back 测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 76,
+            'list_price' => 96,
+            'status' => 'active',
+            'sort' => 10,
+        ]);
+
+        $unsafeBack = '/admin/plans?status=active&back=/admin/platform-orders';
+
+        $res = $this->get('/admin/plans/' . $plan->id . '?back=' . urlencode($unsafeBack));
+        $res->assertOk();
+
+        $planShowSelf = '/admin/plans/' . $plan->id;
+
+        $expectedOrdersUrl = '/admin/platform-orders?' . Arr::query([
+            'plan_id' => $plan->id,
+            'back' => $planShowSelf,
+        ]);
+        $expectedPaidNoReceiptUrl = '/admin/platform-orders?' . Arr::query([
+            'plan_id' => $plan->id,
+            'payment_status' => 'paid',
+            'receipt_status' => 'none',
+            'back' => $planShowSelf,
+        ]);
+        $expectedRenewalMissingUrl = '/admin/platform-orders?' . Arr::query([
+            'plan_id' => $plan->id,
+            'renewal_missing_subscription' => '1',
+            'back' => $planShowSelf,
+        ]);
+
+        $res->assertSee($expectedOrdersUrl, false);
+        $res->assertSee($expectedPaidNoReceiptUrl, false);
+        $res->assertSee($expectedRenewalMissingUrl, false);
+        $res->assertDontSee('back=' . $unsafeBack, false);
+        $res->assertDontSee('back%3D', false);
    }
+
+    public function test_plan_show_subscription_governance_links_should_use_self_back_when_outer_back_is_unsafe(): void
+    {
+        $this->loginAsPlatformAdmin();
+
+        $plan = Plan::query()->create([
+            'code' => 'plan_show_subscription_governance_unsafe_back_test',
+            'name' => '套餐详情订阅治理入口 unsafe back 测试套餐',
+            'billing_cycle' => 'monthly',
+            'price' => 86,
+            'list_price' => 106,
+            'status' => 'active',
+            'sort' => 10,
+        ]);
+
+        $unsafeBack = '/admin/plans?status=active&back=/admin/site-subscriptions';
+
+        $res = $this->get('/admin/plans/' . $plan->id . '?back=' . urlencode($unsafeBack));
+        $res->assertOk();
+
+        $planShowSelf = '/admin/plans/' . $plan->id;
+
+        $expectedSubscriptionsUrl = '/admin/site-subscriptions?' . Arr::query([
+            'plan_id' => $plan->id,
+            'back' => $planShowSelf,
+        ]);
+        $expectedActivatedSubscriptionsUrl = '/admin/site-subscriptions?' . Arr::query([
+            'plan_id' => $plan->id,
+            'status' => 'activated',
+            'back' => $planShowSelf,
+        ]);
+        $expectedExpiringSubscriptionsUrl = '/admin/site-subscriptions?' . Arr::query([
+            'plan_id' => $plan->id,
+            'expiry' => 'expiring_7d',
+            'back' => $planShowSelf,
+        ]);
+
+        $res->assertSee($expectedSubscriptionsUrl, false);
+        $res->assertSee($expectedActivatedSubscriptionsUrl, false);
+        $res->assertSee($expectedExpiringSubscriptionsUrl, false);
+        $res->assertDontSee('back=' . $unsafeBack, false);
+        $res->assertDontSee('back%3D', false);
+    }
+}
+