huike-e2e-moicen/tests/logged-in-and-isolation.spec.ts

import { expect, test } from './fixtures';

const moicenUnionid = process.env.MOICEN_E2E_UNIONID?.trim();

test.describe('已登录用户与串号防护', () => {
  test.skip(!moicenUnionid, '需要 MOICEN_E2E_UNIONID（Secret 或 .env.e2e）');

  test('login2_with_unionid 后不应停留在未登录占位，应出现身份或工作台', async ({
    page,
  }) => {
    const q = new URLSearchParams({
      unionid: moicenUnionid!,
      status: '2',
    });
    await page.goto(`/?${q.toString()}`, {
      waitUntil: 'domcontentloaded',
      timeout: 60_000,
    });
    await expect(page.locator('#app')).toBeVisible({ timeout: 60_000 });
    await expect(
      page.getByText('请返回微信小程序完成登录')
    ).not.toBeVisible({ timeout: 90_000 });
    await expect(
      page.getByText(/请选择您的登录身份|欢迎回来|进入工作台/)
    ).toBeVisible({ timeout: 90_000 });
  });

  test('已登录后 URL 中异主 unionid 应被剥离（不串号）', async ({ page }) => {
    const q = new URLSearchParams({
      unionid: moicenUnionid!,
      status: '2',
    });
    await page.goto(`/?${q.toString()}`, {
      waitUntil: 'domcontentloaded',
      timeout: 60_000,
    });
    await expect(
      page.getByText(/请选择您的登录身份|欢迎回来|进入工作台/)
    ).toBeVisible({ timeout: 90_000 });

    const poisonUnionid = 'e2eStrangerUnionidNotCurrentUser001';
    const pathBefore = new URL(page.url()).pathname || '/';
    await page.goto(
      `${pathBefore}?unionid=${encodeURIComponent(poisonUnionid)}&status=2`,
      { waitUntil: 'domcontentloaded', timeout: 60_000 }
    );
    await page.waitForURL(
      (u) => !u.toString().includes(poisonUnionid),
      { timeout: 45_000 }
    );
    expect(page.url()).not.toContain(poisonUnionid);
    await expect(
      page.getByText('请返回微信小程序完成登录')
    ).not.toBeVisible();
  });

  test('多角色时选身份后应进入已登录态（避免与单一文案耦合）', async ({
    page,
  }) => {
    const q = new URLSearchParams({
      unionid: moicenUnionid!,
      status: '2',
    });
    await page.goto(`/?${q.toString()}`, {
      waitUntil: 'domcontentloaded',
      timeout: 60_000,
    });
    if (await page.getByText('请选择您的登录身份').isVisible().catch(() => false)) {
      await page.locator('.van-grid-item').first().click();
    }
    await expect(
      page.getByText(/欢迎回来|进入工作台|请选择您的登录身份/)
    ).toBeVisible({ timeout: 120_000 });
    await expect(
      page.getByText('请返回微信小程序完成登录')
    ).not.toBeVisible({ timeout: 120_000 });
  });
});