From 47d4749afb1d0d59e79c32fe1b506a6344e8a39f Mon Sep 17 00:00:00 2001
From: Boen_Shi <boen.shi@qq.com>
Date: Thu, 18 Jun 2026 00:33:51 +0800
Subject: [PATCH] =?UTF-8?q?fix(=E6=B3=A8=E5=86=8C):=20=E7=99=BB=E8=AE=B0?=
 =?UTF-8?q?=E6=B3=A8=E5=86=8C=E6=97=B6=EF=BC=8C=E7=BB=99=E6=89=8B=E6=9C=BA?=
 =?UTF-8?q?=E5=8F=B7=E5=92=8C=E9=82=AE=E7=AE=B1=E5=8A=A0=E5=85=A5=E6=A0=A1?=
 =?UTF-8?q?=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Api/AuthController.php |  2 +-
 tests/Feature/SsoApiTest.php                | 23 ++++++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php
index c35cae4..44e9b92 100644
--- a/app/Http/Controllers/Api/AuthController.php
+++ b/app/Http/Controllers/Api/AuthController.php
@@ -104,7 +104,7 @@ class AuthController extends Controller
         $validated = $request->validate([
             'nickname' => ['required', 'string', 'max:255'],
             'email' => ['required', 'email', 'max:255', 'unique:users,email'],
-            'phone' => ['required', 'string', 'max:32', 'unique:users,phone'],
+            'phone' => ['required', 'string', 'regex:/^1[3-9]\d{9}$/', 'unique:users,phone'],
             'password' => ['required', 'confirmed', Password::min(6)],
         ]);
 
diff --git a/tests/Feature/SsoApiTest.php b/tests/Feature/SsoApiTest.php
index 254a1e2..77c925e 100644
--- a/tests/Feature/SsoApiTest.php
+++ b/tests/Feature/SsoApiTest.php
@@ -4,6 +4,8 @@ namespace Tests\Feature;
 
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Spatie\Permission\Models\Permission;
+use Spatie\Permission\Models\Role;
 use Tests\TestCase;
 
 class SsoApiTest extends TestCase
@@ -13,10 +15,14 @@ class SsoApiTest extends TestCase
     public function test_user_can_login_and_get_jwt_token(): void
     {
         $password = 'secret123';
-        User::factory()->create([
+        $user = User::factory()->create([
             'email' => 'admin@example.com',
             'password' => bcrypt($password),
         ]);
+        $role = Role::query()->create(['name' => 'tester', 'guard_name' => 'api']);
+        $permission = Permission::query()->create(['name' => 'platform.dashboard.view', 'guard_name' => 'api']);
+        $role->givePermissionTo($permission);
+        $user->assignRole($role);
 
         $response = $this->postJson('/auth/login', [
             'email' => 'admin@example.com',
@@ -28,4 +34,19 @@ class SsoApiTest extends TestCase
             ->assertJsonPath('code', 0)
             ->assertJsonStructure(['data' => ['token', 'type', 'expires_in']]);
     }
+
+    public function test_apply_account_validates_email_and_phone_format(): void
+    {
+        $response = $this->postJson('/auth/apply-account', [
+            'nickname' => 'Tester',
+            'email' => 'bad-email',
+            'phone' => '12345',
+            'password' => 'secret123',
+            'password_confirmation' => 'secret123',
+        ]);
+
+        $response
+            ->assertStatus(422)
+            ->assertJsonValidationErrors(['email', 'phone']);
+    }
 }