chore(tests): consolidate E2E test suite into standardized primary scripts

- Combined 10+ one-off tests into 4 primary functional suites (Search, Auth, Lifecycle, Vision). - Archived original scripts to tests/archive/. - Updated README with the new standardized inventory. - Applied clean output formatting across the new suite.
2026-02-03 16:50:18 -05:00
parent 29f6cf258f
commit 37c84de57b
15 changed files with 326 additions and 71 deletions
--- a/tests/e2e/test_e2e_v3_auth_security.py
+++ b/tests/e2e/test_e2e_v3_auth_security.py
@@ -0,0 +1,65 @@
+import requests
+import json
+import time
+
+# --- Configuration ---
+API_ROOT = "https://dev-api.oneskyit.com"
+API_KEY = "PMM4n50teUCaOMMTN8qOJA"
+SITE_ID = "ltOdfNtjZLo" 
+PASSCODE = "10241024"
+FQDN = "dev-app.oneskyit.com"
+
+def print_result(label, success, message=""):
+    status = "✅ PASS" if success else "❌ FAIL"
+    print(f"[{status}] {label} {message}")
+
+def test_site_bootstrap():
+    """Tests unauthenticated FQDN lookup (Bootstrap Exception)."""
+    print("\n--- Testing Site Bootstrap (Unauth) ---")
+    url = f"{API_ROOT}/v3/crud/site_domain/search"
+    query = {"and": [{"field": "fqdn", "op": "eq", "value": FQDN}]}
+    # NO AUTH HEADERS
+    resp = requests.post(url, json=query)
+    print_result("Bootstrap lookup (site_domain)", resp.status_code == 200)
+
+def test_passcode_to_jwt():
+    """Tests site-specific passcode authentication."""
+    print("\n--- Testing Passcode -> JWT Flow ---")
+    url = f"{API_ROOT}/api/authenticate_passcode"
+    payload = {"site_id": SITE_ID, "passcode": PASSCODE}
+    resp = requests.post(url, json=payload)
+    
+    success = resp.status_code == 200
+    token = resp.json().get('data', {}).get('jwt') if success else None
+    print_result("Passcode Auth", success and token is not None)
+    return token
+
+def test_security_boundaries(token):
+    """Tests that a site-token cannot access private journals."""
+    print("\n--- Testing Security Boundaries ---")
+    url = f"{API_ROOT}/v3/crud/journal/search"
+    headers = {"X-Aether-API-Key": API_KEY}
+    params = {"jwt": token}
+    
+    # site-scoped JWT should NOT be able to search global journals
+    resp = requests.post(url, headers=headers, params=params, json={"q": "%"})
+    print_result("Access Blocked (site-jwt -> journal)", resp.status_code == 403)
+
+def test_machine_auth_exception():
+    """Tests that restricted routes fail without API Key."""
+    print("\n--- Testing Machine Auth Exceptions ---")
+    url = f"{API_ROOT}/v3/crud/journal/search"
+    # No headers, no key
+    resp = requests.post(url, json={"q": "%"})
+    print_result("Unauth block (journal)", resp.status_code == 403)
+
+if __name__ == "__main__":
+    print(f"Starting Consolidated Auth & Security E2E Suite")
+    
+    test_site_bootstrap()
+    token = test_passcode_to_jwt()
+    if token:
+        test_security_boundaries(token)
+    test_machine_auth_exception()
+    
+    print("\nSuite completed.")