补齐套餐详情页返回链接安全护栏测试
This commit is contained in:
萝卜
@@ -179,4 +179,65 @@ class AdminPlanShowTest extends TestCase
|
|||||||
$res->assertSee($expectedShowUrl, false);
|
$res->assertSee($expectedShowUrl, false);
|
||||||
$res->assertSee('查看详情');
|
$res->assertSee('查看详情');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_plan_show_should_drop_unsafe_back_and_not_render_return_to_previous_link(): void
|
||||||
|
{
|
||||||
|
$this->loginAsPlatformAdmin();
|
||||||
|
|
||||||
|
$plan = Plan::query()->create([
|
||||||
|
'code' => 'plan_show_unsafe_back_test',
|
||||||
|
'name' => '套餐详情 unsafe back 测试套餐',
|
||||||
|
'billing_cycle' => 'monthly',
|
||||||
|
'price' => 28,
|
||||||
|
'list_price' => 38,
|
||||||
|
'status' => 'active',
|
||||||
|
'sort' => 10,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$unsafeBack = '/admin/plans?status=active&back=/admin/platform-orders';
|
||||||
|
|
||||||
|
$res = $this->get('/admin/plans/' . $plan->id . '?back=' . urlencode($unsafeBack));
|
||||||
|
$res->assertOk();
|
||||||
|
|
||||||
|
$res->assertDontSee('返回上一页(保留上下文)');
|
||||||
|
$res->assertSee('/admin/plans', false);
|
||||||
|
$res->assertDontSee('back=' . $unsafeBack, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function test_plan_show_should_render_safe_back_but_governance_links_should_still_use_plan_show_self_back(): void
|
||||||
|
{
|
||||||
|
$this->loginAsPlatformAdmin();
|
||||||
|
|
||||||
|
$plan = Plan::query()->create([
|
||||||
|
'code' => 'plan_show_safe_back_test',
|
||||||
|
'name' => '套餐详情 safe back 测试套餐',
|
||||||
|
'billing_cycle' => 'monthly',
|
||||||
|
'price' => 58,
|
||||||
|
'list_price' => 68,
|
||||||
|
'status' => 'active',
|
||||||
|
'sort' => 10,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$safeBack = '/admin/plans?' . Arr::query([
|
||||||
|
'status' => 'active',
|
||||||
|
'keyword' => '治理',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$res = $this->get('/admin/plans/' . $plan->id . '?back=' . urlencode($safeBack));
|
||||||
|
$res->assertOk();
|
||||||
|
|
||||||
|
$res->assertSee('href="' . $safeBack . '"', false);
|
||||||
|
$res->assertSee('返回上一页(保留上下文)');
|
||||||
|
|
||||||
|
$planShowSelf = '/admin/plans/' . $plan->id;
|
||||||
|
$expectedPaidNoReceiptUrl = '/admin/platform-orders?' . Arr::query([
|
||||||
|
'plan_id' => $plan->id,
|
||||||
|
'payment_status' => 'paid',
|
||||||
|
'receipt_status' => 'none',
|
||||||
|
'back' => $planShowSelf,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$res->assertSee($expectedPaidNoReceiptUrl, false);
|
||||||
|
$res->assertDontSee('back=' . $safeBack, false);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user