import requests import json import jwt import sys # Configuration BASE_URL = "https://dev-api.oneskyit.com" SITE_ID = "ltOdfNtjZLo" # Found from DB VALID_PASSCODE = "10241024" # 'super' role for this site INVALID_PASSCODE = "wrong-code-123" def test_passcode_authentication(): print(f"\n--- Testing Passcode Authentication for Site: {SITE_ID} ---") url = f"{BASE_URL}/api/authenticate_passcode" payload = { "site_id": SITE_ID, "passcode": VALID_PASSCODE } try: # 1. Test Valid Auth print(f"[1] Requesting JWT with VALID passcode...") response = requests.post(url, json=payload) print(f"Status: {response.status_code}") if response.status_code != 200: print(f"❌ Auth Failed! Response: {response.text}") return None data = response.json() token = data.get('data', {}).get('jwt') role = data.get('data', {}).get('role') if not token: print("❌ No token in response.") return None print(f"✅ Success! Token received for role: '{role}'") # 2. Inspect JWT Payload print("\n[2] Inspecting JWT Payload (Unverified)...") decoded = jwt.decode(token, options={"verify_signature": False}) print(f"Payload: {json.dumps(decoded, indent=2)}") # Check for role flags if decoded.get('super') is True: print("✅ SUCCESS: 'super' flag is correctly set in JWT.") else: print("❌ FAILURE: 'super' flag missing or False in JWT.") sys.exit(1) # 3. Test Invalid Auth print("\n[3] Requesting JWT with INVALID passcode...") payload_bad = { "site_id": SITE_ID, "passcode": INVALID_PASSCODE } resp_bad = requests.post(url, json=payload_bad) print(f"Status: {resp_bad.status_code}") if resp_bad.status_code == 401: print("✅ SUCCESS: Invalid passcode correctly rejected (401).") else: print(f"❌ FAILURE: Unexpected status for bad passcode: {resp_bad.status_code}") sys.exit(1) return token except Exception as e: print(f"❌ Error during test: {e}") return None if __name__ == "__main__": token = test_passcode_authentication() if token: print("\n🎉 Passcode Authentication E2E Test Passed!") else: print("\n❌ Test FAILED.") sys.exit(1)