This repository was archived by the owner on Nov 23, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtesh.sh
More file actions
executable file
·208 lines (175 loc) · 8.9 KB
/
tesh.sh
File metadata and controls
executable file
·208 lines (175 loc) · 8.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
#!/bin/bash
# ==============================================================================
# Comprehensive Test Script for the TechTorque Authentication Service
# ==============================================================================
#
# This script validates the entire functionality of the auth-service, including:
# - Public endpoints (health, register, login)
# - User self-service (get profile, change password)
# - Admin capabilities (create employee, list users, manage accounts)
# - Super-Admin security rules (create admin, role management)
# - Negative tests for security permissions.
#
# Prerequisites:
# - The auth-service must be running on localhost:8081.
# - `curl` must be installed.
# - `jq` must be installed for parsing JSON (e.g., `sudo apt-get install jq`).
#
# ==============================================================================
# --- Configuration ---
BASE_URL="http://localhost:8081/api/v1"
PASS_COUNT=0
FAIL_COUNT=0
# --- Helper Functions for Colored Output ---
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to print test status
print_status() {
local message=$1
local status=$2
if [ "$status" == "PASS" ]; then
echo -e "${GREEN}[PASS]${NC} $message"
((PASS_COUNT++))
else
echo -e "${RED}[FAIL]${NC} $message"
((FAIL_COUNT++))
fi
}
# --- Core Test Runner Function ---
# Usage: run_test "Test Name" <Expected HTTP Status> <Method> <Endpoint> [JWT Token] [JSON Data]
run_test() {
local test_name=$1
local expected_status=$2
local method=$3
local endpoint=$4
local token=$5
local data=$6
local headers=(-H "Content-Type: application/json")
if [ -n "$token" ]; then
headers+=(-H "Authorization: Bearer $token")
fi
# The -w "%{http_code}" flag makes curl output only the HTTP status code.
# The -s flag makes it silent, and -o /dev/null discards the body.
local http_code=$(curl -s -o /dev/null -w "%{http_code}" -X "$method" \
"${headers[@]}" \
-d "$data" \
"$BASE_URL$endpoint")
if [ "$http_code" == "$expected_status" ]; then
print_status "$test_name (Expected $expected_status, Got $http_code)" "PASS"
else
print_status "$test_name (Expected $expected_status, Got $http_code)" "FAIL"
fi
}
# Run a request and assert HTTP status and that the body contains an expected substring
# Usage: run_test_body_contains "Test Name" <Expected HTTP Status> <Method> <Endpoint> [JWT Token] [JSON Data] <Expected Substring>
run_test_body_contains() {
local test_name=$1
local expected_status=$2
local method=$3
local endpoint=$4
local token=$5
local data=$6
local expected_substr=$7
local headers=(-H "Content-Type: application/json")
if [ -n "$token" ]; then
headers+=(-H "Authorization: Bearer $token")
fi
response=$(curl -s -w "\n%{http_code}" -X "$method" "${headers[@]}" -d "$data" "$BASE_URL$endpoint")
http_code=$(echo "$response" | tail -n1)
body=$(echo "$response" | sed '$d')
if [ "$http_code" == "$expected_status" ] && echo "$body" | grep -q "$expected_substr"; then
print_status "$test_name (Expected $expected_status, Got $http_code; body contains '$expected_substr')" "PASS"
else
print_status "$test_name (Expected $expected_status and body containing '$expected_substr'; Got $http_code) -- Body: $body" "FAIL"
fi
}
# --- Main Test Execution ---
echo -e "${YELLOW}===============================================${NC}"
echo -e "${YELLOW} Starting Auth Service Integration Tests... ${NC}"
echo -e "${YELLOW}===============================================${NC}"
# Check for jq dependency
if ! command -v jq &> /dev/null; then
echo -e "${RED}Error: 'jq' is not installed. Please install it to run these tests.${NC}"
exit 1
fi
# === 1. Public Endpoints ===
echo -e "\n--- Testing Public Endpoints ---"
run_test "Health check" 200 "GET" "/auth/health"
# Generate a unique username for this test run
UNIQUE_ID=$RANDOM
CUSTOMER_USER="testcust$UNIQUE_ID"
CUSTOMER_EMAIL="testcust$UNIQUE_ID@techtorque.com"
run_test "Register a new customer" 200 "POST" "/auth/register" "" \
'{"username":"'$CUSTOMER_USER'","email":"'$CUSTOMER_EMAIL'","password":"password123"}'
# === 2. Login and Token Extraction ===
echo -e "\n--- Logging in and Acquiring JWTs ---"
# Log in as SUPER_ADMIN to get a token
SUPER_ADMIN_TOKEN=$(curl -s -X POST -H "Content-Type: application/json" -d '{"username":"superadmin","password":"superadmin123"}' "$BASE_URL/auth/login" | jq -r '.token')
if [ "$SUPER_ADMIN_TOKEN" != "null" ]; then print_status "Logged in as SUPER_ADMIN" "PASS"; else print_status "Failed to log in as SUPER_ADMIN" "FAIL"; fi
# Log in as ADMIN to get a token
ADMIN_TOKEN=$(curl -s -X POST -H "Content-Type: application/json" -d '{"username":"admin","password":"admin123"}' "$BASE_URL/auth/login" | jq -r '.token')
if [ "$ADMIN_TOKEN" != "null" ]; then print_status "Logged in as ADMIN" "PASS"; else print_status "Failed to log in as ADMIN" "FAIL"; fi
# Log in as the new CUSTOMER to get a token
CUSTOMER_TOKEN=$(curl -s -X POST -H "Content-Type: application/json" -d '{"username":"'$CUSTOMER_USER'","password":"password123"}' "$BASE_URL/auth/login" | jq -r '.token')
if [ "$CUSTOMER_TOKEN" != "null" ]; then print_status "Logged in as new CUSTOMER" "PASS"; else print_status "Failed to log in as new CUSTOMER" "FAIL"; fi
# === 3. User Self-Service Endpoints ===
echo -e "\n--- Testing User Self-Service ---"
run_test "Customer can get their own profile (/me)" 200 "GET" "/users/me" "$CUSTOMER_TOKEN"
run_test "Customer can change their own password" 200 "POST" "/users/me/change-password" "$CUSTOMER_TOKEN" \
'{"currentPassword":"password123", "newPassword":"newPassword456"}'
# === 4. Admin-Level Endpoints ===
echo -e "\n--- Testing Admin Capabilities ---"
NEW_EMP_USER="testemp$UNIQUE_ID"
run_test "Admin can create an Employee" 201 "POST" "/auth/users/employee" "$ADMIN_TOKEN" \
'{"username":"'$NEW_EMP_USER'","email":"'$NEW_EMP_USER'@techtorque.com","password":"password123"}'
run_test "Admin can list all users" 200 "GET" "/users" "$ADMIN_TOKEN"
run_test "Admin can disable a user" 200 "POST" "/users/$CUSTOMER_USER/disable" "$ADMIN_TOKEN"
run_test "Admin can re-enable a user" 200 "POST" "/users/$CUSTOMER_USER/enable" "$ADMIN_TOKEN"
# === 5. Super-Admin-Level Endpoints and Security Rules ===
echo -e "\n--- Testing Super-Admin Capabilities & Security Rules ---"
NEW_ADMIN_USER="newadmin$UNIQUE_ID"
run_test "Super-Admin can create an Admin" 201 "POST" "/auth/users/admin" "$SUPER_ADMIN_TOKEN" \
'{"username":"'$NEW_ADMIN_USER'","email":"'$NEW_ADMIN_USER'@techtorque.com","password":"password123"}'
run_test "Super-Admin can assign ADMIN role to an employee" 200 "POST" "/users/$NEW_EMP_USER/roles" "$SUPER_ADMIN_TOKEN" \
'{"roleName":"ADMIN", "action":"ASSIGN"}'
# === 6. Negative Security Tests (Crucial!) ===
echo -e "\n--- Testing Security Denials (Negative Tests) ---"
run_test "FAIL: Regular Admin CANNOT create another Admin" 403 "POST" "/auth/users/admin" "$ADMIN_TOKEN" \
'{"username":"fakeadmin","email":"fake@admin.com","password":"password123"}'
run_test "FAIL: Regular Admin CANNOT assign ADMIN role" 403 "POST" "/users/$CUSTOMER_USER/roles" "$ADMIN_TOKEN" \
'{"roleName":"ADMIN", "action":"ASSIGN"}'
run_test "FAIL: Customer CANNOT list all users" 403 "GET" "/users" "$CUSTOMER_TOKEN"
run_test "FAIL: Customer CANNOT create an Employee" 403 "POST" "/auth/users/employee" "$CUSTOMER_TOKEN" \
'{"username":"fakeemployee","email":"fake@employee.com","password":"password123"}'
# === 7. Final Cleanup Test ===
echo -e "\n--- Testing Final Cleanup Action ---"
run_test "Admin can delete a user" 200 "DELETE" "/users/$CUSTOMER_USER" "$ADMIN_TOKEN"
# === 8. Lockout Policy Test ===
echo -e "\n--- Testing Lockout Policy (3 failed attempts -> 15 minute lock) ---"
LOCK_USER="locktest$UNIQUE_ID"
LOCK_EMAIL="$LOCK_USER@techtorque.com"
run_test "Create user for lock test" 200 "POST" "/auth/register" "" \
'{"username":"'$LOCK_USER'","email":"'$LOCK_EMAIL'","password":"correctPassword"}'
# Perform 3 failed login attempts
for i in 1 2 3; do
run_test "Failed login attempt #$i for $LOCK_USER" 401 "POST" "/auth/login" "" \
'{"username":"'$LOCK_USER'","password":"wrongPassword"}'
done
# Now the account should be locked; login with correct password should return a message indicating temporary lock
run_test_body_contains "Locked account shows message" 401 "POST" "/auth/login" "" \
'{"username":"'$LOCK_USER'","password":"correctPassword"}' "temporarily locked"
# === Summary ===
echo -e "\n${YELLOW}===============================================${NC}"
echo -e "${YELLOW} Test Summary ${NC}"
echo -e "${YELLOW}===============================================${NC}"
echo -e "${GREEN}Passed: $PASS_COUNT${NC}"
echo -e "${RED}Failed: $FAIL_COUNT${NC}"
echo -e "${YELLOW}===============================================${NC}"
# Return exit code based on failures
if [ "$FAIL_COUNT" -gt 0 ]; then
exit 1
else
exit 0
fi