runphp
f54ba8e882
feat(core): 完善异常处理和配置管理
|
6 mesi fa | |
|---|---|---|
| .. | ||
| Integration | 6 mesi fa | |
| Unit | 6 mesi fa | |
| config | 6 mesi fa | |
| README.md | 6 mesi fa | |
| TestConfig.php | 6 mesi fa | |
README.md
Test Configuration and Security
This document explains how to safely configure and run tests for the Wangdian SDK.
Security Architecture
🔒 Configuration Security Layers
- Mock Configuration (Default): Uses fake credentials for unit tests
- Environment Configuration: Real credentials loaded from
.env.testing - Git Protection: Real credentials are never committed to version control
📁 Configuration Files
tests/
├── config/
│ └── test_config.php # Mock credentials (safe to commit)
├── TestConfig.php # Configuration loader helper
├── Integration/ # Tests that can use real credentials
└── Unit/ # Tests using only mock data
.env.testing # Real credentials (NEVER commit)
.env.testing.example # Template file (safe to commit)
🚀 Quick Setup
Step 1: Copy Environment Template
cp .env.testing.example .env.testing
Step 2: Configure Real Credentials
Edit .env.testing with your actual credentials:
WANGDIAN_TEST_SID=apidevnew2
WANGDIAN_TEST_APP_KEY=rhsw02-test
WANGDIAN_TEST_APP_SECRET=03da28e20
WANGDIAN_TEST_BASE_URL=https://sandbox.wangdian.cn/openapi2
RUN_INTEGRATION_TESTS=true
RUN_REAL_API_TESTS=false
Step 3: Run Tests
# Run only unit tests (uses mock data)
vendor/bin/phpunit tests/Unit/
# Run integration tests (uses real credentials if configured)
vendor/bin/phpunit tests/Integration/
# Run all tests
vendor/bin/phpunit
🛡️ Security Features
Automatic Fallback
- If
.env.testingdoesn't exist → Uses mock credentials - If real credentials not found → Falls back to mock data
- No tests fail due to missing credentials
Git Protection
The following files are automatically ignored by Git:
.env.testing(contains real credentials)tests/config/credentials.php(backup protection)tests/config/real_config.php(additional protection)
Test Isolation
- Unit Tests: Always use mock data, never make real API calls
- Integration Tests: Can use real credentials but are clearly marked
- Real API Tests: Require explicit opt-in via
RUN_REAL_API_TESTS=true
📊 Test Types
Unit Tests (tests/Unit/)
- ✅ Use mock HTTP responses
- ✅ Test business logic in isolation
- ✅ Fast execution
- ✅ No network dependencies
- ✅ Safe to run anywhere
Integration Tests (tests/Integration/)
- ⚡ Use real credentials if available
- ⚡ Test authentication and signatures
- ⚡ Validate SDK configuration
- ⚡ Skip gracefully if credentials missing
Real API Tests (Group: realapi)
- 🔥 Make actual API calls
- 🔥 Require explicit enable flag
- 🔥 May affect API quotas
- 🔥 Run with:
vendor/bin/phpunit --group realapi
🎯 Configuration Options
Environment Variables
| Variable | Description | Default |
|---|---|---|
WANGDIAN_TEST_SID |
卖家账号 (Seller ID) | mock_sid_12345 |
WANGDIAN_TEST_APP_KEY |
接口账号 (API Key) | mock_app_key_67890 |
WANGDIAN_TEST_APP_SECRET |
接口秘钥 (API Secret) | mock_app_secret_abcdef |
WANGDIAN_TEST_BASE_URL |
API Base URL | Sandbox URL |
RUN_INTEGRATION_TESTS |
Enable integration tests | false |
RUN_REAL_API_TESTS |
Enable real API calls | false |
Test Configuration Helper
Use TestConfig::get() to safely load configuration:
use SixShop\Wangdian\Tests\TestConfig;
// Get configuration (auto-detects real vs mock)
$config = TestConfig::get();
// Check configuration status
if (TestConfig::isUsingRealCredentials()) {
echo "Using real credentials from .env.testing\n";
}
if (TestConfig::shouldRunIntegrationTests()) {
echo "Integration tests enabled\n";
}
⚠️ Security Best Practices
DO ✅
- Use mock credentials for unit tests
- Put real credentials in
.env.testing - Check
.env.testingis in.gitignore - Use sandbox/test environment URLs
- Enable real API tests only when needed
DON'T ❌
- Commit real credentials to Git
- Put credentials in test files
- Use production URLs in tests
- Share credentials in plain text
- Enable real API tests in CI/CD
🔍 Verification
Check Git Protection
# Verify .env.testing is ignored
git status
# Should NOT show .env.testing as tracked
# Verify gitignore is working
echo "test" > .env.testing
git status
# Should NOT show .env.testing in untracked files
Test Configuration Loading
# Test with mock credentials (safe)
rm .env.testing
vendor/bin/phpunit tests/Unit/Config/ConfigTest.php
# Test with real credentials
cp .env.testing.example .env.testing
# Edit .env.testing with real values
vendor/bin/phpunit tests/Integration/WangdianIntegrationTest.php
📞 Provided Credentials
The following test credentials have been securely configured:
- SID (卖家账号):
apidevnew2 - App Key (接口账号):
rhsw02-test - App Secret (接口秘钥):
03da28e20 - Environment: Sandbox
These credentials are automatically loaded when .env.testing exists and never exposed in committed code.