146 lines
4.4 KiB
Bash
Executable File
146 lines
4.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Authentication Testing Script
|
|
# Run this after starting the backend server
|
|
|
|
set -e
|
|
|
|
API_BASE="http://localhost:8000"
|
|
API_V1="${API_BASE}/api/v1"
|
|
|
|
GREEN='\033[0;32m'
|
|
RED='\033[0;31m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m' # No Color
|
|
|
|
echo "========================================="
|
|
echo "Testing Reference Board Viewer Auth API"
|
|
echo "========================================="
|
|
echo ""
|
|
|
|
# Test 1: Health Check
|
|
echo -e "${YELLOW}Test 1: Health Check${NC}"
|
|
response=$(curl -s "${API_BASE}/health")
|
|
if echo "$response" | grep -q "healthy"; then
|
|
echo -e "${GREEN}✓ Health check passed${NC}"
|
|
else
|
|
echo -e "${RED}✗ Health check failed${NC}"
|
|
echo "Response: $response"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# Test 2: Register User
|
|
echo -e "${YELLOW}Test 2: Register New User${NC}"
|
|
email="test_$(date +%s)@example.com"
|
|
password="TestPass123"
|
|
|
|
register_response=$(curl -s -X POST "${API_V1}/auth/register" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"${email}\",\"password\":\"${password}\"}")
|
|
|
|
if echo "$register_response" | grep -q "id"; then
|
|
echo -e "${GREEN}✓ User registration successful${NC}"
|
|
echo "Email: $email"
|
|
else
|
|
echo -e "${RED}✗ User registration failed${NC}"
|
|
echo "Response: $register_response"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# Test 3: Login User
|
|
echo -e "${YELLOW}Test 3: Login User${NC}"
|
|
login_response=$(curl -s -X POST "${API_V1}/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"${email}\",\"password\":\"${password}\"}")
|
|
|
|
if echo "$login_response" | grep -q "access_token"; then
|
|
echo -e "${GREEN}✓ Login successful${NC}"
|
|
token=$(echo "$login_response" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
|
|
echo "Token: ${token:0:20}..."
|
|
else
|
|
echo -e "${RED}✗ Login failed${NC}"
|
|
echo "Response: $login_response"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# Test 4: Get Current User (Protected)
|
|
echo -e "${YELLOW}Test 4: Get Current User (Protected Endpoint)${NC}"
|
|
me_response=$(curl -s "${API_V1}/auth/me" \
|
|
-H "Authorization: Bearer ${token}")
|
|
|
|
if echo "$me_response" | grep -q "$email"; then
|
|
echo -e "${GREEN}✓ Protected endpoint works${NC}"
|
|
else
|
|
echo -e "${RED}✗ Protected endpoint failed${NC}"
|
|
echo "Response: $me_response"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
|
|
# Test 5: Invalid Token
|
|
echo -e "${YELLOW}Test 5: Test Invalid Token${NC}"
|
|
invalid_response=$(curl -s "${API_V1}/auth/me" \
|
|
-H "Authorization: Bearer invalid-token-here")
|
|
|
|
if echo "$invalid_response" | grep -q "Invalid\|Unauthorized"; then
|
|
echo -e "${GREEN}✓ Invalid token correctly rejected${NC}"
|
|
else
|
|
echo -e "${RED}✗ Invalid token not rejected properly${NC}"
|
|
echo "Response: $invalid_response"
|
|
fi
|
|
echo ""
|
|
|
|
# Test 6: Duplicate Registration
|
|
echo -e "${YELLOW}Test 6: Test Duplicate Registration${NC}"
|
|
duplicate_response=$(curl -s -X POST "${API_V1}/auth/register" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"${email}\",\"password\":\"${password}\"}")
|
|
|
|
if echo "$duplicate_response" | grep -q "already registered\|Conflict\|409"; then
|
|
echo -e "${GREEN}✓ Duplicate registration correctly rejected${NC}"
|
|
else
|
|
echo -e "${RED}✗ Duplicate registration should be rejected${NC}"
|
|
echo "Response: $duplicate_response"
|
|
fi
|
|
echo ""
|
|
|
|
# Test 7: Weak Password
|
|
echo -e "${YELLOW}Test 7: Test Weak Password${NC}"
|
|
weak_response=$(curl -s -X POST "${API_V1}/auth/register" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"weak_$(date +%s)@example.com\",\"password\":\"weak\"}")
|
|
|
|
if echo "$weak_response" | grep -q "Password\|validation\|400"; then
|
|
echo -e "${GREEN}✓ Weak password correctly rejected${NC}"
|
|
else
|
|
echo -e "${RED}✗ Weak password should be rejected${NC}"
|
|
echo "Response: $weak_response"
|
|
fi
|
|
echo ""
|
|
|
|
# Test 8: Wrong Password
|
|
echo -e "${YELLOW}Test 8: Test Wrong Password${NC}"
|
|
wrong_pass_response=$(curl -s -X POST "${API_V1}/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"${email}\",\"password\":\"WrongPass123\"}")
|
|
|
|
if echo "$wrong_pass_response" | grep -q "Incorrect\|Unauthorized\|401"; then
|
|
echo -e "${GREEN}✓ Wrong password correctly rejected${NC}"
|
|
else
|
|
echo -e "${RED}✗ Wrong password should be rejected${NC}"
|
|
echo "Response: $wrong_pass_response"
|
|
fi
|
|
echo ""
|
|
|
|
echo "========================================="
|
|
echo -e "${GREEN}All authentication tests passed!${NC}"
|
|
echo "========================================="
|
|
echo ""
|
|
echo "Test user created:"
|
|
echo " Email: $email"
|
|
echo " Password: $password"
|
|
echo " Token: ${token:0:30}..."
|
|
|