#!/bin/bash # QA Test Script: Certificate Page Authentication # Tests authentication fixes for certificate endpoints set -e # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color BASE_URL="${BASE_URL:-http://localhost:8080}" API_URL="${BASE_URL}/api/v1" COOKIE_FILE="/tmp/charon-test-cookies.txt" # Derive repository root dynamically so script works outside specific paths REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P)" TEST_RESULTS="$REPO_ROOT/test-results/qa-auth-test-results.log" # Clear previous results : > "$TEST_RESULTS" : > "$COOKIE_FILE" echo -e "${BLUE}=== QA Test: Certificate Page Authentication ===${NC}" echo "Testing authentication fixes for certificate endpoints" echo "Base URL: $BASE_URL" echo "" # Function to log test results log_test() { local status=$1 local test_name=$2 local details=$3 echo "[$status] $test_name" | tee -a "$TEST_RESULTS" if [ -n "$details" ]; then echo " Details: $details" | tee -a "$TEST_RESULTS" fi } # Function to print section header section() { echo -e "\n${BLUE}=== $1 ===${NC}\n" echo "=== $1 ===" >> "$TEST_RESULTS" } # Phase 1: Certificate Page Authentication Tests section "Phase 1: Certificate Page Authentication Tests" # Test 1.1: Login and Cookie Verification echo -e "${YELLOW}Test 1.1: Login and Cookie Verification${NC}" # First, ensure test user exists (idempotent) curl -s -X POST "$API_URL/auth/register" \ -H "Content-Type: application/json" \ -d '{"email":"qa-test@example.com","password":"QATestPass123!","name":"QA Test User"}' > /dev/null 2>&1 LOGIN_RESPONSE=$(curl -s -c "$COOKIE_FILE" -X POST "$API_URL/auth/login" \ -H "Content-Type: application/json" \ -d '{"email":"qa-test@example.com","password":"QATestPass123!"}' \ -w "\n%{http_code}") HTTP_CODE=$(echo "$LOGIN_RESPONSE" | tail -n1) RESPONSE_BODY=$(echo "$LOGIN_RESPONSE" | sed '$d') if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Login successful" "HTTP $HTTP_CODE" # Check if auth_token cookie exists if grep -q "auth_token" "$COOKIE_FILE"; then log_test "PASS" "auth_token cookie created" "" # Extract cookie details COOKIE_LINE=$(grep "auth_token" "$COOKIE_FILE") echo " Cookie details: $COOKIE_LINE" | tee -a "$TEST_RESULTS" # Note: HttpOnly and Secure flags are not visible in curl cookie file # These would need to be verified in browser DevTools log_test "INFO" "Cookie flags (HttpOnly, Secure, SameSite)" "Verify manually in browser DevTools" else log_test "FAIL" "auth_token cookie NOT created" "Cookie file: $COOKIE_FILE" fi else log_test "FAIL" "Login failed" "HTTP $HTTP_CODE - $RESPONSE_BODY" exit 1 fi # Test 1.2: Certificate List (GET /api/v1/certificates) echo -e "\n${YELLOW}Test 1.2: Certificate List (GET /api/v1/certificates)${NC}" LIST_RESPONSE=$(curl -s -b "$COOKIE_FILE" "$API_URL/certificates" -w "\n%{http_code}" -v 2>&1) HTTP_CODE=$(echo "$LIST_RESPONSE" | grep "< HTTP" | awk '{print $3}') RESPONSE_BODY=$(echo "$LIST_RESPONSE" | grep -v "^[<>*]" | sed '/^$/d' | tail -n +2) echo "Response: $RESPONSE_BODY" | tee -a "$TEST_RESULTS" if echo "$LIST_RESPONSE" | grep -q "Cookie: auth_token"; then log_test "PASS" "Request includes auth_token cookie" "" else log_test "WARN" "Could not verify Cookie header in request" "Check manually in browser Network tab" fi if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Certificate list request successful" "HTTP $HTTP_CODE" # Check if response is valid JSON array if echo "$RESPONSE_BODY" | jq -e 'type == "array"' > /dev/null 2>&1; then CERT_COUNT=$(echo "$RESPONSE_BODY" | jq 'length') log_test "PASS" "Response is valid JSON array" "Count: $CERT_COUNT certificates" else log_test "WARN" "Response is not a JSON array" "" fi elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Authentication failed - 401 Unauthorized" "Cookie not being sent or not valid" echo "Response body: $RESPONSE_BODY" | tee -a "$TEST_RESULTS" else log_test "FAIL" "Certificate list request failed" "HTTP $HTTP_CODE" fi # Test 1.3: Certificate Upload (POST /api/v1/certificates) echo -e "\n${YELLOW}Test 1.3: Certificate Upload (POST /api/v1/certificates)${NC}" # Create test certificate and key TEST_CERT_DIR="/tmp/charon-test-certs" mkdir -p "$TEST_CERT_DIR" # Generate self-signed certificate for testing openssl req -x509 -newkey rsa:2048 -keyout "$TEST_CERT_DIR/test.key" -out "$TEST_CERT_DIR/test.crt" \ -days 1 -nodes -subj "/CN=qa-test.local" 2>/dev/null if [ -f "$TEST_CERT_DIR/test.crt" ] && [ -f "$TEST_CERT_DIR/test.key" ]; then log_test "INFO" "Test certificate generated" "$TEST_CERT_DIR" # Upload certificate UPLOAD_RESPONSE=$(curl -s -b "$COOKIE_FILE" -X POST "$API_URL/certificates" \ -F "name=QA-Test-Cert-$(date +%s)" \ -F "certificate_file=@$TEST_CERT_DIR/test.crt" \ -F "key_file=@$TEST_CERT_DIR/test.key" \ -w "\n%{http_code}") HTTP_CODE=$(echo "$UPLOAD_RESPONSE" | tail -n1) RESPONSE_BODY=$(echo "$UPLOAD_RESPONSE" | sed '$d') if [ "$HTTP_CODE" = "201" ]; then log_test "PASS" "Certificate upload successful" "HTTP $HTTP_CODE" # Extract certificate ID for later deletion CERT_ID=$(echo "$RESPONSE_BODY" | jq -r '.id' 2>/dev/null || echo "") if [ -n "$CERT_ID" ] && [ "$CERT_ID" != "null" ]; then log_test "INFO" "Certificate created with ID: $CERT_ID" "" echo "$CERT_ID" > /tmp/charon-test-cert-id.txt fi elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Upload authentication failed - 401 Unauthorized" "Cookie not being sent" else log_test "FAIL" "Certificate upload failed" "HTTP $HTTP_CODE - $RESPONSE_BODY" fi else log_test "FAIL" "Could not generate test certificate" "" fi # Test 1.4: Certificate Delete (DELETE /api/v1/certificates/:id) echo -e "\n${YELLOW}Test 1.4: Certificate Delete (DELETE /api/v1/certificates/:id)${NC}" if [ -f /tmp/charon-test-cert-id.txt ]; then CERT_ID=$(cat /tmp/charon-test-cert-id.txt) if [ -n "$CERT_ID" ] && [ "$CERT_ID" != "null" ]; then DELETE_RESPONSE=$(curl -s -b "$COOKIE_FILE" -X DELETE "$API_URL/certificates/$CERT_ID" -w "\n%{http_code}") HTTP_CODE=$(echo "$DELETE_RESPONSE" | tail -n1) RESPONSE_BODY=$(echo "$DELETE_RESPONSE" | sed '$d') if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Certificate delete successful" "HTTP $HTTP_CODE" elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Delete authentication failed - 401 Unauthorized" "Cookie not being sent" elif [ "$HTTP_CODE" = "409" ]; then log_test "INFO" "Certificate in use (expected for active certs)" "HTTP $HTTP_CODE" else log_test "WARN" "Certificate delete failed" "HTTP $HTTP_CODE - $RESPONSE_BODY" fi else log_test "SKIP" "Certificate delete test" "No certificate ID available" fi else log_test "SKIP" "Certificate delete test" "Upload test did not create a certificate" fi # Test 1.5: Unauthorized Access echo -e "\n${YELLOW}Test 1.5: Unauthorized Access${NC}" # Remove cookies and try to access rm -f "$COOKIE_FILE" UNAUTH_RESPONSE=$(curl -s "$API_URL/certificates" -w "\n%{http_code}") HTTP_CODE=$(echo "$UNAUTH_RESPONSE" | tail -n1) if [ "$HTTP_CODE" = "401" ]; then log_test "PASS" "Unauthorized access properly rejected" "HTTP $HTTP_CODE" else log_test "FAIL" "Unauthorized access NOT rejected" "HTTP $HTTP_CODE (expected 401)" fi # Phase 2: Regression Testing Other Endpoints section "Phase 2: Regression Testing Other Endpoints" # Re-login for regression tests echo -e "${YELLOW}Re-authenticating for regression tests...${NC}" curl -s -c "$COOKIE_FILE" -X POST "$API_URL/auth/login" \ -H "Content-Type: application/json" \ -d '{"email":"qa-test@example.com","password":"QATestPass123!"}' > /dev/null # Test 2.1: Proxy Hosts Page echo -e "\n${YELLOW}Test 2.1: Proxy Hosts Page (GET /api/v1/proxy-hosts)${NC}" HOSTS_RESPONSE=$(curl -s -b "$COOKIE_FILE" "$API_URL/proxy-hosts" -w "\n%{http_code}") HTTP_CODE=$(echo "$HOSTS_RESPONSE" | tail -n1) if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Proxy hosts list successful" "HTTP $HTTP_CODE" elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Proxy hosts authentication failed" "HTTP $HTTP_CODE" else log_test "WARN" "Proxy hosts request failed" "HTTP $HTTP_CODE" fi # Test 2.2: Backups Page echo -e "\n${YELLOW}Test 2.2: Backups Page (GET /api/v1/backups)${NC}" BACKUPS_RESPONSE=$(curl -s -b "$COOKIE_FILE" "$API_URL/backups" -w "\n%{http_code}") HTTP_CODE=$(echo "$BACKUPS_RESPONSE" | tail -n1) if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Backups list successful" "HTTP $HTTP_CODE" elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Backups authentication failed" "HTTP $HTTP_CODE" else log_test "WARN" "Backups request failed" "HTTP $HTTP_CODE" fi # Test 2.3: Settings Page echo -e "\n${YELLOW}Test 2.3: Settings Page (GET /api/v1/settings)${NC}" SETTINGS_RESPONSE=$(curl -s -b "$COOKIE_FILE" "$API_URL/settings" -w "\n%{http_code}") HTTP_CODE=$(echo "$SETTINGS_RESPONSE" | tail -n1) if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Settings list successful" "HTTP $HTTP_CODE" elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Settings authentication failed" "HTTP $HTTP_CODE" else log_test "WARN" "Settings request failed" "HTTP $HTTP_CODE" fi # Test 2.4: User Management echo -e "\n${YELLOW}Test 2.4: User Management (GET /api/v1/users)${NC}" USERS_RESPONSE=$(curl -s -b "$COOKIE_FILE" "$API_URL/users" -w "\n%{http_code}") HTTP_CODE=$(echo "$USERS_RESPONSE" | tail -n1) if [ "$HTTP_CODE" = "200" ]; then log_test "PASS" "Users list successful" "HTTP $HTTP_CODE" elif [ "$HTTP_CODE" = "401" ]; then log_test "FAIL" "Users authentication failed" "HTTP $HTTP_CODE" else log_test "WARN" "Users request failed" "HTTP $HTTP_CODE" fi # Summary section "Test Summary" echo -e "\n${BLUE}=== Test Results Summary ===${NC}\n" TOTAL_TESTS=$(grep -c "^\[" "$TEST_RESULTS" || echo "0") PASSED=$(grep -c "^\[PASS\]" "$TEST_RESULTS" || echo "0") FAILED=$(grep -c "^\[FAIL\]" "$TEST_RESULTS" || echo "0") WARNINGS=$(grep -c "^\[WARN\]" "$TEST_RESULTS" || echo "0") SKIPPED=$(grep -c "^\[SKIP\]" "$TEST_RESULTS" || echo "0") echo "Total Tests: $TOTAL_TESTS" echo -e "${GREEN}Passed: $PASSED${NC}" echo -e "${RED}Failed: $FAILED${NC}" echo -e "${YELLOW}Warnings: $WARNINGS${NC}" echo "Skipped: $SKIPPED" echo "" echo "Full test results saved to: $TEST_RESULTS" echo "" # Exit with error if any tests failed if [ "$FAILED" -gt 0 ]; then echo -e "${RED}Some tests FAILED. Review the results above.${NC}" exit 1 else echo -e "${GREEN}All critical tests PASSED!${NC}" exit 0 fi