docs(phase-2.5): Complete access control implementation
This commit is contained in:
goose
parent
eb0e2cc4b5
commit
378703bf1c
19 changed files with 1204 additions and 48 deletions
|
|
@ -1,7 +1,8 @@
|
|||
#!/bin/bash
|
||||
# Password Recovery Feature Test Script
|
||||
# Updated for port 6500
|
||||
|
||||
BASE_URL="http://10.0.10.30:6800"
|
||||
BASE_URL="http://10.0.10.30:6500"
|
||||
EMAIL="recoverytest@example.com"
|
||||
USERNAME="recoverytest"
|
||||
PASSWORD="SecurePassword123!"
|
||||
|
|
@ -12,13 +13,14 @@ echo "🧪 Password Recovery Feature Test"
|
|||
echo "================================="
|
||||
echo ""
|
||||
|
||||
# Clean up - Delete test user if exists
|
||||
echo "0. Cleanup (delete test user if exists)..."
|
||||
# (No delete endpoint yet, so we'll just note this)
|
||||
# Test 1: Health check
|
||||
echo "1. Health check..."
|
||||
HEALTH=$(curl -s -w "\nHTTP Status: %{http_code}\n" $BASE_URL/health)
|
||||
echo "$HEALTH"
|
||||
echo ""
|
||||
|
||||
# Test 1: Register with recovery phrase
|
||||
echo "1. Register user with recovery phrase..."
|
||||
# Test 2: Register user with recovery phrase
|
||||
echo "2. Register user with recovery phrase..."
|
||||
REGISTER=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/register \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
|
|
@ -30,8 +32,8 @@ REGISTER=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth
|
|||
echo "$REGISTER"
|
||||
echo ""
|
||||
|
||||
# Test 2: Login to get token
|
||||
echo "2. Login to get access token..."
|
||||
# Test 3: Login to get token
|
||||
echo "3. Login to get access token..."
|
||||
LOGIN_RESPONSE=$(curl -s -X POST $BASE_URL/api/auth/login \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
|
|
@ -52,8 +54,8 @@ fi
|
|||
echo "✅ Access token obtained"
|
||||
echo ""
|
||||
|
||||
# Test 3: Verify recovery phrase (should succeed)
|
||||
echo "3. Verify recovery phrase (correct phrase)..."
|
||||
# Test 4: Verify recovery phrase (should succeed)
|
||||
echo "4. Verify recovery phrase (correct phrase)..."
|
||||
VERIFY=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/verify \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
|
|
@ -63,8 +65,8 @@ VERIFY=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/r
|
|||
echo "$VERIFY"
|
||||
echo ""
|
||||
|
||||
# Test 4: Verify recovery phrase (wrong phrase, should fail)
|
||||
echo "4. Verify recovery phrase (wrong phrase - should fail)..."
|
||||
# Test 5: Verify recovery phrase (wrong phrase, should fail)
|
||||
echo "5. Verify recovery phrase (wrong phrase - should fail)..."
|
||||
WRONG_VERIFY=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/verify \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
|
|
@ -74,8 +76,8 @@ WRONG_VERIFY=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/
|
|||
echo "$WRONG_VERIFY"
|
||||
echo ""
|
||||
|
||||
# Test 5: Reset password with recovery phrase
|
||||
echo "5. Reset password with recovery phrase..."
|
||||
# Test 6: Reset password with recovery phrase
|
||||
echo "6. Reset password with recovery phrase..."
|
||||
NEW_PASSWORD="NewSecurePassword456!"
|
||||
RESET=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/reset-password \
|
||||
-H "Content-Type: application/json" \
|
||||
|
|
@ -87,8 +89,8 @@ RESET=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/re
|
|||
echo "$RESET"
|
||||
echo ""
|
||||
|
||||
# Test 6: Login with old password (should fail)
|
||||
echo "6. Login with OLD password (should fail)..."
|
||||
# Test 7: Login with old password (should fail)
|
||||
echo "7. Login with OLD password (should fail)..."
|
||||
OLD_LOGIN=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/login \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
|
|
@ -98,8 +100,8 @@ OLD_LOGIN=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/aut
|
|||
echo "$OLD_LOGIN"
|
||||
echo ""
|
||||
|
||||
# Test 7: Login with new password (should succeed)
|
||||
echo "7. Login with NEW password (should succeed)..."
|
||||
# Test 8: Login with new password (should succeed)
|
||||
echo "8. Login with NEW password (should succeed)..."
|
||||
NEW_LOGIN=$(curl -s -X POST $BASE_URL/api/auth/login \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
|
|
@ -120,15 +122,15 @@ fi
|
|||
echo "✅ Login with new password successful"
|
||||
echo ""
|
||||
|
||||
# Test 8: Try to use old access token (should fail - token invalidated)
|
||||
echo "8. Try to use OLD access token (should fail - token was invalidated)..."
|
||||
# Test 9: Try to use old access token (should fail - token invalidated)
|
||||
echo "9. Try to use OLD access token (should fail - token was invalidated)..."
|
||||
PROFILE=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X GET $BASE_URL/api/users/me \
|
||||
-H "Authorization: Bearer $ACCESS_TOKEN")
|
||||
echo "$PROFILE"
|
||||
echo ""
|
||||
|
||||
# Test 9: Setup recovery phrase (protected endpoint)
|
||||
echo "9. Setup new recovery phrase (protected endpoint)..."
|
||||
# Test 10: Setup new recovery phrase (protected endpoint)
|
||||
echo "10. Setup new recovery phrase (protected endpoint)..."
|
||||
SETUP=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/setup \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "Authorization: Bearer $NEW_ACCESS_TOKEN" \
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue