#!/bin/bash RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' BASE_URL="http://localhost:8080" log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; } log_error() { echo -e "${RED}[ERROR]${NC} $1"; } log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; } extract_json() { echo "$1" | grep -o "\"$2\":\"[^\"]*\"" | head -1 | sed "s/\"$2\":\"//;s/\"$//" } http_post() { local url=$1 local data=$2 local token=$3 if [ -n "$token" ]; then curl -s -X POST "$url" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $token" \ -d "$data" else curl -s -X POST "$url" \ -H "Content-Type: application/json" \ -d "$data" fi } http_get() { local url=$1 local token=$2 if [ -n "$token" ]; then curl -s -X GET "$url" \ -H "Authorization: Bearer $token" else curl -s -X GET "$url" fi } echo "============================================================" echo " EVENTHUB AUTHENTICATION API TEST SCRIPT" echo "============================================================" echo "" log_info "Checking if server is running..." if ! curl -s "$BASE_URL/health" | grep -q "ok"; then log_error "Server is not running" exit 1 fi log_success "Server is running" echo "" log_info "============================================================" log_info "TEST 1: Healthcheck" log_info "============================================================" response=$(http_get "$BASE_URL/health" "") if echo "$response" | grep -q "ok"; then log_success "Healthcheck passed: $response" else log_error "Healthcheck failed: $response" fi echo "" log_info "============================================================" log_info "TEST 2: Register new user" log_info "============================================================" TEST_EMAIL="test_auth_$(date +%s)@example.com" TEST_PASSWORD="testpass123" log_info "Registering $TEST_EMAIL..." response=$(http_post "$BASE_URL/v1/register" "{\"email\":\"$TEST_EMAIL\",\"password\":\"$TEST_PASSWORD\"}" "") if echo "$response" | grep -q "token"; then TOKEN=$(extract_json "$response" "token") USER_ID=$(extract_json "$response" "id") log_success "Registration successful" log_info "User ID: $USER_ID" log_info "Token: ${TOKEN:0:30}..." else log_error "Registration failed: $response" exit 1 fi echo "" log_info "============================================================" log_info "TEST 3: Register with existing email (should fail)" log_info "============================================================" response=$(http_post "$BASE_URL/v1/register" "{\"email\":\"$TEST_EMAIL\",\"password\":\"$TEST_PASSWORD\"}" "") if echo "$response" | grep -q "already exists"; then log_success "Duplicate registration correctly rejected" else log_error "Duplicate registration not rejected: $response" fi echo "" log_info "============================================================" log_info "TEST 4: Login with correct credentials" log_info "============================================================" response=$(http_post "$BASE_URL/v1/login" "{\"email\":\"$TEST_EMAIL\",\"password\":\"$TEST_PASSWORD\"}" "") if echo "$response" | grep -q "token"; then LOGIN_TOKEN=$(extract_json "$response" "token") REFRESH_TOKEN=$(extract_json "$response" "refresh_token") log_success "Login successful" log_info "Refresh token received: ${REFRESH_TOKEN:0:30}..." else log_error "Login failed: $response" fi echo "" log_info "============================================================" log_info "TEST 5: Login with wrong password (should fail)" log_info "============================================================" response=$(http_post "$BASE_URL/v1/login" "{\"email\":\"$TEST_EMAIL\",\"password\":\"wrongpassword\"}" "") if echo "$response" | grep -q "Invalid credentials"; then log_success "Wrong password correctly rejected" else log_error "Wrong password not rejected: $response" fi echo "" log_info "============================================================" log_info "TEST 6: Get user profile with valid token" log_info "============================================================" response=$(http_get "$BASE_URL/v1/user/me" "$TOKEN") if echo "$response" | grep -q "$TEST_EMAIL"; then log_success "Profile retrieved successfully" log_info "Response: $response" else log_error "Profile retrieval failed: $response" fi echo "" log_info "============================================================" log_info "TEST 7: Get user profile with invalid token" log_info "============================================================" response=$(http_get "$BASE_URL/v1/user/me" "invalid.token.here") if echo "$response" | grep -q "Invalid token"; then log_success "Invalid token correctly rejected" else log_error "Invalid token not rejected: $response" fi echo "" log_info "============================================================" log_info "TEST 8: Get user profile without token" log_info "============================================================" response=$(http_get "$BASE_URL/v1/user/me" "") if echo "$response" | grep -q "Missing or invalid Authorization"; then log_success "Missing token correctly rejected" else log_error "Missing token not rejected: $response" fi echo "" log_info "============================================================" log_info "TEST 9: Refresh token" log_info "============================================================" if [ -n "$REFRESH_TOKEN" ]; then response=$(http_post "$BASE_URL/v1/refresh" "{\"refresh_token\":\"$REFRESH_TOKEN\"}" "") if echo "$response" | grep -q "token"; then NEW_TOKEN=$(extract_json "$response" "token") NEW_REFRESH=$(extract_json "$response" "refresh_token") log_success "Token refreshed successfully" log_info "New token: ${NEW_TOKEN:0:30}..." log_info "New refresh token: ${NEW_REFRESH:0:30}..." else log_error "Token refresh failed: $response" fi log_info "Trying to reuse old refresh token (should fail)..." response=$(http_post "$BASE_URL/v1/refresh" "{\"refresh_token\":\"$REFRESH_TOKEN\"}" "") if echo "$response" | grep -q "Invalid refresh token"; then log_success "Old refresh token correctly rejected" else log_warning "Old refresh token not rejected: $response" fi else log_warning "No refresh token to test" fi echo "" log_info "============================================================" log_info "TEST 10: Access protected endpoint with new token" log_info "============================================================" if [ -n "$NEW_TOKEN" ]; then response=$(http_get "$BASE_URL/v1/user/me" "$NEW_TOKEN") if echo "$response" | grep -q "$TEST_EMAIL"; then log_success "Protected endpoint accessible with new token" else log_error "Protected endpoint not accessible: $response" fi fi echo "" echo "============================================================" log_success "AUTHENTICATION TESTS COMPLETED!" echo "============================================================"