feat(auth): implement site-based passcode-to-JWT endpoint

- Add POST /api/authenticate_passcode to verify site access codes - Refactor sign_jwt to support arbitrary role flags (super, admin, etc.) - Update dependencies_v3 to extract role flags from JWT payloads - Add E2E test for passcode auth verification
2026-01-20 17:51:54 -05:00
parent e16fbaa34b
commit d4e46a4a97
4 changed files with 183 additions and 3 deletions
--- a/tests/e2e/test_e2e_passcode_auth.py
+++ b/tests/e2e/test_e2e_passcode_auth.py
@@ -0,0 +1,80 @@
+import requests
+import json
+import jwt
+import sys
+
+# Configuration
+BASE_URL = "https://dev-api.oneskyit.com"
+SITE_ID = "ltOdfNtjZLo" # Found from DB
+VALID_PASSCODE = "10241024" # 'super' role for this site
+INVALID_PASSCODE = "wrong-code-123"
+
+def test_passcode_authentication():
+    print(f"\n--- Testing Passcode Authentication for Site: {SITE_ID} ---")
+    
+    url = f"{BASE_URL}/api/authenticate_passcode"
+    payload = {
+        "site_id": SITE_ID,
+        "passcode": VALID_PASSCODE
+    }
+    
+    try:
+        # 1. Test Valid Auth
+        print(f"[1] Requesting JWT with VALID passcode...")
+        response = requests.post(url, json=payload)
+        print(f"Status: {response.status_code}")
+        
+        if response.status_code != 200:
+            print(f"❌ Auth Failed! Response: {response.text}")
+            return None
+
+        data = response.json()
+        token = data.get('data', {}).get('jwt')
+        role = data.get('data', {}).get('role')
+        
+        if not token:
+            print("❌ No token in response.")
+            return None
+
+        print(f"✅ Success! Token received for role: '{role}'")
+        
+        # 2. Inspect JWT Payload
+        print("\n[2] Inspecting JWT Payload (Unverified)...")
+        decoded = jwt.decode(token, options={"verify_signature": False})
+        print(f"Payload: {json.dumps(decoded, indent=2)}")
+        
+        # Check for role flags
+        if decoded.get('super') is True:
+            print("✅ SUCCESS: 'super' flag is correctly set in JWT.")
+        else:
+            print("❌ FAILURE: 'super' flag missing or False in JWT.")
+            sys.exit(1)
+
+        # 3. Test Invalid Auth
+        print("\n[3] Requesting JWT with INVALID passcode...")
+        payload_bad = {
+            "site_id": SITE_ID,
+            "passcode": INVALID_PASSCODE
+        }
+        resp_bad = requests.post(url, json=payload_bad)
+        print(f"Status: {resp_bad.status_code}")
+        
+        if resp_bad.status_code == 401:
+            print("✅ SUCCESS: Invalid passcode correctly rejected (401).")
+        else:
+            print(f"❌ FAILURE: Unexpected status for bad passcode: {resp_bad.status_code}")
+            sys.exit(1)
+
+        return token
+
+    except Exception as e:
+        print(f"❌ Error during test: {e}")
+        return None
+
+if __name__ == "__main__":
+    token = test_passcode_authentication()
+    if token:
+        print("\n🎉 Passcode Authentication E2E Test Passed!")
+    else:
+        print("\n❌ Test FAILED.")
+        sys.exit(1)