#!/bin/bash # Password Recovery Feature Test Script BASE_URL="http://10.0.10.30:6800" EMAIL="recoverytest@example.com" USERNAME="recoverytest" PASSWORD="SecurePassword123!" RECOVERY_PHRASE="my-mothers-maiden-name-smith" WRONG_PHRASE="wrong-phrase" echo "๐Ÿงช Password Recovery Feature Test" echo "=================================" echo "" # Clean up - Delete test user if exists echo "0. Cleanup (delete test user if exists)..." # (No delete endpoint yet, so we'll just note this) echo "" # Test 1: Register with recovery phrase echo "1. Register user with recovery phrase..." REGISTER=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/register \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"username\": \"$USERNAME\", \"password\": \"$PASSWORD\", \"recovery_phrase\": \"$RECOVERY_PHRASE\" }") echo "$REGISTER" echo "" # Test 2: Login to get token echo "2. Login to get access token..." LOGIN_RESPONSE=$(curl -s -X POST $BASE_URL/api/auth/login \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"password\": \"$PASSWORD\" }") echo "$LOGIN_RESPONSE" | jq . # Extract access token ACCESS_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.access_token // empty') if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" = "null" ]; then echo "โŒ Failed to get access token" exit 1 fi echo "โœ… Access token obtained" echo "" # Test 3: Verify recovery phrase (should succeed) echo "3. Verify recovery phrase (correct phrase)..." VERIFY=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/verify \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"recovery_phrase\": \"$RECOVERY_PHRASE\" }") echo "$VERIFY" echo "" # Test 4: Verify recovery phrase (wrong phrase, should fail) echo "4. Verify recovery phrase (wrong phrase - should fail)..." WRONG_VERIFY=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/verify \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"recovery_phrase\": \"$WRONG_PHRASE\" }") echo "$WRONG_VERIFY" echo "" # Test 5: Reset password with recovery phrase echo "5. Reset password with recovery phrase..." NEW_PASSWORD="NewSecurePassword456!" RESET=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/reset-password \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"recovery_phrase\": \"$RECOVERY_PHRASE\", \"new_password\": \"$NEW_PASSWORD\" }") echo "$RESET" echo "" # Test 6: Login with old password (should fail) echo "6. Login with OLD password (should fail)..." OLD_LOGIN=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/login \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"password\": \"$PASSWORD\" }") echo "$OLD_LOGIN" echo "" # Test 7: Login with new password (should succeed) echo "7. Login with NEW password (should succeed)..." NEW_LOGIN=$(curl -s -X POST $BASE_URL/api/auth/login \ -H "Content-Type: application/json" \ -d "{ \"email\": \"$EMAIL\", \"password\": \"$NEW_PASSWORD\" }") echo "$NEW_LOGIN" | jq . # Extract new access token NEW_ACCESS_TOKEN=$(echo "$NEW_LOGIN" | jq -r '.access_token // empty') if [ -z "$NEW_ACCESS_TOKEN" ] || [ "$NEW_ACCESS_TOKEN" = "null" ]; then echo "โŒ Failed to login with new password" exit 1 fi echo "โœ… Login with new password successful" echo "" # Test 8: Try to use old access token (should fail - token invalidated) echo "8. Try to use OLD access token (should fail - token was invalidated)..." PROFILE=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X GET $BASE_URL/api/users/me \ -H "Authorization: Bearer $ACCESS_TOKEN") echo "$PROFILE" echo "" # Test 9: Setup recovery phrase (protected endpoint) echo "9. Setup new recovery phrase (protected endpoint)..." SETUP=$(curl -s -w "\nHTTP Status: %{http_code}\n" -X POST $BASE_URL/api/auth/recovery/setup \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $NEW_ACCESS_TOKEN" \ -d "{ \"recovery_phrase\": \"my-new-recovery-phrase\", \"current_password\": \"$NEW_PASSWORD\" }") echo "$SETUP" echo "" echo "โœ… All tests complete!"