# Test Configuration and Security This document explains how to safely configure and run tests for the Wangdian SDK. ## Security Architecture ### 🔒 Configuration Security Layers 1. **Mock Configuration (Default)**: Uses fake credentials for unit tests 2. **Environment Configuration**: Real credentials loaded from `.env.testing` 3. **Git Protection**: Real credentials are never committed to version control ### 📁 Configuration Files ``` tests/ ├── config/ │ └── test_config.php # Mock credentials (safe to commit) ├── TestConfig.php # Configuration loader helper ├── Integration/ # Tests that can use real credentials └── Unit/ # Tests using only mock data .env.testing # Real credentials (NEVER commit) .env.testing.example # Template file (safe to commit) ``` ## 🚀 Quick Setup ### Step 1: Copy Environment Template ```bash cp .env.testing.example .env.testing ``` ### Step 2: Configure Real Credentials Edit `.env.testing` with your actual credentials: ```bash WANGDIAN_TEST_SID=apidevnew2 WANGDIAN_TEST_APP_KEY=rhsw02-test WANGDIAN_TEST_APP_SECRET=03da28e20 WANGDIAN_TEST_BASE_URL=https://sandbox.wangdian.cn/openapi2 RUN_INTEGRATION_TESTS=true RUN_REAL_API_TESTS=false ``` ### Step 3: Run Tests ```bash # Run only unit tests (uses mock data) vendor/bin/phpunit tests/Unit/ # Run integration tests (uses real credentials if configured) vendor/bin/phpunit tests/Integration/ # Run all tests vendor/bin/phpunit ``` ## đŸ›Ąïž Security Features ### Automatic Fallback - If `.env.testing` doesn't exist → Uses mock credentials - If real credentials not found → Falls back to mock data - No tests fail due to missing credentials ### Git Protection The following files are automatically ignored by Git: - `.env.testing` (contains real credentials) - `tests/config/credentials.php` (backup protection) - `tests/config/real_config.php` (additional protection) ### Test Isolation - **Unit Tests**: Always use mock data, never make real API calls - **Integration Tests**: Can use real credentials but are clearly marked - **Real API Tests**: Require explicit opt-in via `RUN_REAL_API_TESTS=true` ## 📊 Test Types ### Unit Tests (`tests/Unit/`) - ✅ Use mock HTTP responses - ✅ Test business logic in isolation - ✅ Fast execution - ✅ No network dependencies - ✅ Safe to run anywhere ### Integration Tests (`tests/Integration/`) - ⚡ Use real credentials if available - ⚡ Test authentication and signatures - ⚡ Validate SDK configuration - ⚡ Skip gracefully if credentials missing ### Real API Tests (Group: `realapi`) - đŸ”„ Make actual API calls - đŸ”„ Require explicit enable flag - đŸ”„ May affect API quotas - đŸ”„ Run with: `vendor/bin/phpunit --group realapi` ## 🎯 Configuration Options ### Environment Variables | Variable | Description | Default | |----------|-------------|---------| | `WANGDIAN_TEST_SID` | ć–ćź¶èŽŠć· (Seller ID) | `mock_sid_12345` | | `WANGDIAN_TEST_APP_KEY` | æŽ„ćŁèŽŠć· (API Key) | `mock_app_key_67890` | | `WANGDIAN_TEST_APP_SECRET` | æŽ„ćŁç§˜é’„ (API Secret) | `mock_app_secret_abcdef` | | `WANGDIAN_TEST_BASE_URL` | API Base URL | Sandbox URL | | `RUN_INTEGRATION_TESTS` | Enable integration tests | `false` | | `RUN_REAL_API_TESTS` | Enable real API calls | `false` | ### Test Configuration Helper Use `TestConfig::get()` to safely load configuration: ```php use SixShop\Wangdian\Tests\TestConfig; // Get configuration (auto-detects real vs mock) $config = TestConfig::get(); // Check configuration status if (TestConfig::isUsingRealCredentials()) { echo "Using real credentials from .env.testing\n"; } if (TestConfig::shouldRunIntegrationTests()) { echo "Integration tests enabled\n"; } ``` ## ⚠ Security Best Practices ### DO ✅ - Use mock credentials for unit tests - Put real credentials in `.env.testing` - Check `.env.testing` is in `.gitignore` - Use sandbox/test environment URLs - Enable real API tests only when needed ### DON'T ❌ - Commit real credentials to Git - Put credentials in test files - Use production URLs in tests - Share credentials in plain text - Enable real API tests in CI/CD ## 🔍 Verification ### Check Git Protection ```bash # Verify .env.testing is ignored git status # Should NOT show .env.testing as tracked # Verify gitignore is working echo "test" > .env.testing git status # Should NOT show .env.testing in untracked files ``` ### Test Configuration Loading ```bash # Test with mock credentials (safe) rm .env.testing vendor/bin/phpunit tests/Unit/Config/ConfigTest.php # Test with real credentials cp .env.testing.example .env.testing # Edit .env.testing with real values vendor/bin/phpunit tests/Integration/WangdianIntegrationTest.php ``` ## 📞 Provided Credentials The following test credentials have been securely configured: - **SID (ć–ćź¶èŽŠć·)**: `apidevnew2` - **App Key (æŽ„ćŁèŽŠć·)**: `rhsw02-test` - **App Secret (æŽ„ćŁç§˜é’„)**: `03da28e20` - **Environment**: Sandbox These credentials are automatically loaded when `.env.testing` exists and never exposed in committed code.