#!/usr/bin/env bash # Authentication Testing Script # Run this after starting the backend server set -e API_BASE="http://localhost:8000" API_V1="${API_BASE}/api/v1" GREEN='\033[0;32m' RED='\033[0;31m' YELLOW='\033[1;33m' NC='\033[0m' # No Color echo "=========================================" echo "Testing Reference Board Viewer Auth API" echo "=========================================" echo "" # Test 1: Health Check echo -e "${YELLOW}Test 1: Health Check${NC}" response=$(curl -s "${API_BASE}/health") if echo "$response" | grep -q "healthy"; then echo -e "${GREEN}✓ Health check passed${NC}" else echo -e "${RED}✗ Health check failed${NC}" echo "Response: $response" exit 1 fi echo "" # Test 2: Register User echo -e "${YELLOW}Test 2: Register New User${NC}" email="test_$(date +%s)@example.com" password="TestPass123" register_response=$(curl -s -X POST "${API_V1}/auth/register" \ -H "Content-Type: application/json" \ -d "{\"email\":\"${email}\",\"password\":\"${password}\"}") if echo "$register_response" | grep -q "id"; then echo -e "${GREEN}✓ User registration successful${NC}" echo "Email: $email" else echo -e "${RED}✗ User registration failed${NC}" echo "Response: $register_response" exit 1 fi echo "" # Test 3: Login User echo -e "${YELLOW}Test 3: Login User${NC}" login_response=$(curl -s -X POST "${API_V1}/auth/login" \ -H "Content-Type: application/json" \ -d "{\"email\":\"${email}\",\"password\":\"${password}\"}") if echo "$login_response" | grep -q "access_token"; then echo -e "${GREEN}✓ Login successful${NC}" token=$(echo "$login_response" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4) echo "Token: ${token:0:20}..." else echo -e "${RED}✗ Login failed${NC}" echo "Response: $login_response" exit 1 fi echo "" # Test 4: Get Current User (Protected) echo -e "${YELLOW}Test 4: Get Current User (Protected Endpoint)${NC}" me_response=$(curl -s "${API_V1}/auth/me" \ -H "Authorization: Bearer ${token}") if echo "$me_response" | grep -q "$email"; then echo -e "${GREEN}✓ Protected endpoint works${NC}" else echo -e "${RED}✗ Protected endpoint failed${NC}" echo "Response: $me_response" exit 1 fi echo "" # Test 5: Invalid Token echo -e "${YELLOW}Test 5: Test Invalid Token${NC}" invalid_response=$(curl -s "${API_V1}/auth/me" \ -H "Authorization: Bearer invalid-token-here") if echo "$invalid_response" | grep -q "Invalid\|Unauthorized"; then echo -e "${GREEN}✓ Invalid token correctly rejected${NC}" else echo -e "${RED}✗ Invalid token not rejected properly${NC}" echo "Response: $invalid_response" fi echo "" # Test 6: Duplicate Registration echo -e "${YELLOW}Test 6: Test Duplicate Registration${NC}" duplicate_response=$(curl -s -X POST "${API_V1}/auth/register" \ -H "Content-Type: application/json" \ -d "{\"email\":\"${email}\",\"password\":\"${password}\"}") if echo "$duplicate_response" | grep -q "already registered\|Conflict\|409"; then echo -e "${GREEN}✓ Duplicate registration correctly rejected${NC}" else echo -e "${RED}✗ Duplicate registration should be rejected${NC}" echo "Response: $duplicate_response" fi echo "" # Test 7: Weak Password echo -e "${YELLOW}Test 7: Test Weak Password${NC}" weak_response=$(curl -s -X POST "${API_V1}/auth/register" \ -H "Content-Type: application/json" \ -d "{\"email\":\"weak_$(date +%s)@example.com\",\"password\":\"weak\"}") if echo "$weak_response" | grep -q "Password\|validation\|400"; then echo -e "${GREEN}✓ Weak password correctly rejected${NC}" else echo -e "${RED}✗ Weak password should be rejected${NC}" echo "Response: $weak_response" fi echo "" # Test 8: Wrong Password echo -e "${YELLOW}Test 8: Test Wrong Password${NC}" wrong_pass_response=$(curl -s -X POST "${API_V1}/auth/login" \ -H "Content-Type: application/json" \ -d "{\"email\":\"${email}\",\"password\":\"WrongPass123\"}") if echo "$wrong_pass_response" | grep -q "Incorrect\|Unauthorized\|401"; then echo -e "${GREEN}✓ Wrong password correctly rejected${NC}" else echo -e "${RED}✗ Wrong password should be rejected${NC}" echo "Response: $wrong_pass_response" fi echo "" echo "=========================================" echo -e "${GREEN}All authentication tests passed!${NC}" echo "=========================================" echo "" echo "Test user created:" echo " Email: $email" echo " Password: $password" echo " Token: ${token:0:30}..."