From 49fa5aa2a127bdf8924d02bf77e5086b39c7a447 Mon Sep 17 00:00:00 2001
From: Calvin Morrison <calvin@pobox.com>
Date: Wed, 3 Sep 2025 21:15:36 -0400
Subject: i vibe coded it

---
 test_auth.sh | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 165 insertions(+)
 create mode 100755 test_auth.sh

(limited to 'test_auth.sh')

diff --git a/test_auth.sh b/test_auth.sh
new file mode 100755
index 0000000..d12c91c
--- /dev/null
+++ b/test_auth.sh
@@ -0,0 +1,165 @@
+#!/bin/bash
+
+# JChat Authentication Test Suite
+# Tests registration, login, and JMAP API access
+
+set -e
+
+BASE_URL="http://api.jchat.localhost"
+TEST_EMAIL="test@example.com"
+TEST_PASSWORD="testpass123"
+TEST_DISPLAY_NAME="Test User"
+
+echo "🧪 Starting JChat Authentication Tests..."
+echo "==============================================="
+
+# Test 1: Register a new user
+echo "1. Testing user registration..."
+REGISTER_RESPONSE=$(curl -s -X POST "${BASE_URL}/auth/register" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "email": "'${TEST_EMAIL}'",
+    "password": "'${TEST_PASSWORD}'",
+    "displayName": "'${TEST_DISPLAY_NAME}'"
+  }' -w "\n%{http_code}")
+
+HTTP_CODE=$(echo "$REGISTER_RESPONSE" | tail -n1)
+REGISTER_BODY=$(echo "$REGISTER_RESPONSE" | head -n -1)
+
+echo "   HTTP Status: $HTTP_CODE"
+if [ "$HTTP_CODE" -eq 201 ]; then
+    echo "   ✅ Registration successful"
+    echo "   Response: $REGISTER_BODY"
+    TOKEN=$(echo "$REGISTER_BODY" | jq -r '.token // empty')
+    echo "   Token: ${TOKEN:0:20}..."
+else
+    echo "   ❌ Registration failed"
+    echo "   Response: $REGISTER_BODY"
+    exit 1
+fi
+
+echo ""
+
+# Test 2: Login with the registered user
+echo "2. Testing user login..."
+LOGIN_RESPONSE=$(curl -s -X POST "${BASE_URL}/auth/login" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "email": "'${TEST_EMAIL}'",
+    "password": "'${TEST_PASSWORD}'"
+  }' -w "\n%{http_code}")
+
+HTTP_CODE=$(echo "$LOGIN_RESPONSE" | tail -n1)
+LOGIN_BODY=$(echo "$LOGIN_RESPONSE" | head -n -1)
+
+echo "   HTTP Status: $HTTP_CODE"
+if [ "$HTTP_CODE" -eq 200 ]; then
+    echo "   ✅ Login successful"
+    echo "   Response: $LOGIN_BODY"
+    TOKEN=$(echo "$LOGIN_BODY" | jq -r '.token // empty')
+    echo "   Token: ${TOKEN:0:20}..."
+else
+    echo "   ❌ Login failed"
+    echo "   Response: $LOGIN_BODY"
+    exit 1
+fi
+
+echo ""
+
+# Test 3: Verify token with /auth/me
+echo "3. Testing token verification..."
+ME_RESPONSE=$(curl -s -X GET "${BASE_URL}/auth/me" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -w "\n%{http_code}")
+
+HTTP_CODE=$(echo "$ME_RESPONSE" | tail -n1)
+ME_BODY=$(echo "$ME_RESPONSE" | head -n -1)
+
+echo "   HTTP Status: $HTTP_CODE"
+if [ "$HTTP_CODE" -eq 200 ]; then
+    echo "   ✅ Token verification successful"
+    echo "   User info: $ME_BODY"
+else
+    echo "   ❌ Token verification failed"
+    echo "   Response: $ME_BODY"
+    exit 1
+fi
+
+echo ""
+
+# Test 4: Test JMAP API with authentication
+echo "4. Testing JMAP API access..."
+JMAP_REQUEST='{
+    "using": ["urn:ietf:params:jmap:core", "https://jmap.io/jchat/"],
+    "methodCalls": [
+        ["Conversation/query", {
+            "accountId": "default",
+            "filter": {},
+            "sort": [{"property": "lastMessageAt", "isAscending": false}]
+        }, "c1"]
+    ]
+}'
+
+JMAP_RESPONSE=$(curl -s -X POST "${BASE_URL}/jmap/api" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -d "$JMAP_REQUEST" \
+  -w "\n%{http_code}")
+
+HTTP_CODE=$(echo "$JMAP_RESPONSE" | tail -n1)
+JMAP_BODY=$(echo "$JMAP_RESPONSE" | head -n -1)
+
+echo "   HTTP Status: $HTTP_CODE"
+if [ "$HTTP_CODE" -eq 200 ]; then
+    echo "   ✅ JMAP API access successful"
+    echo "   Response: $JMAP_BODY"
+else
+    echo "   ❌ JMAP API access failed"
+    echo "   Response: $JMAP_BODY"
+    exit 1
+fi
+
+echo ""
+
+# Test 5: Test JMAP API without authentication
+echo "5. Testing JMAP API without authentication..."
+JMAP_UNAUTH_RESPONSE=$(curl -s -X POST "${BASE_URL}/jmap/api" \
+  -H "Content-Type: application/json" \
+  -d "$JMAP_REQUEST" \
+  -w "\n%{http_code}")
+
+HTTP_CODE=$(echo "$JMAP_UNAUTH_RESPONSE" | tail -n1)
+JMAP_UNAUTH_BODY=$(echo "$JMAP_UNAUTH_RESPONSE" | head -n -1)
+
+echo "   HTTP Status: $HTTP_CODE"
+if [ "$HTTP_CODE" -eq 401 ]; then
+    echo "   ✅ Unauthenticated access properly rejected"
+    echo "   Response: $JMAP_UNAUTH_BODY"
+else
+    echo "   ❌ Unauthenticated access should be rejected"
+    echo "   Response: $JMAP_UNAUTH_BODY"
+fi
+
+echo ""
+
+# Test 6: Test logout
+echo "6. Testing logout..."
+LOGOUT_RESPONSE=$(curl -s -X POST "${BASE_URL}/auth/logout" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -w "\n%{http_code}")
+
+HTTP_CODE=$(echo "$LOGOUT_RESPONSE" | tail -n1)
+LOGOUT_BODY=$(echo "$LOGOUT_RESPONSE" | head -n -1)
+
+echo "   HTTP Status: $HTTP_CODE"
+if [ "$HTTP_CODE" -eq 200 ]; then
+    echo "   ✅ Logout successful"
+    echo "   Response: $LOGOUT_BODY"
+else
+    echo "   ❌ Logout failed"
+    echo "   Response: $LOGOUT_BODY"
+fi
+
+echo ""
+echo "🎉 All tests completed!"
+echo "==============================================="
-- 
cgit v1.2.3