Scott.Idem/OSIT-AE-API-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e19fd63d1f59f322180bb7e253c06cd772f25ca8
OSIT-AE-API-FastAPI/tests/e2e/test_e2e_v3_auth_security.py
Scott Idem 37c84de57b chore(tests): consolidate E2E test suite into standardized primary scripts 
- Combined 10+ one-off tests into 4 primary functional suites (Search, Auth, Lifecycle, Vision).
- Archived original scripts to tests/archive/.
- Updated README with the new standardized inventory.
- Applied clean output formatting across the new suite.
2026-02-03 16:50:18 -05:00

66 lines
2.3 KiB
Python
Raw Blame History

import requests
import json
import time
# --- Configuration ---
API_ROOT = "https://dev-api.oneskyit.com"
API_KEY = "PMM4n50teUCaOMMTN8qOJA"
SITE_ID = "ltOdfNtjZLo"
PASSCODE = "10241024"
FQDN = "dev-app.oneskyit.com"
def print_result(label, success, message=""):
status = "✅ PASS" if success else "❌ FAIL"
print(f"[{status}] {label} {message}")
def test_site_bootstrap():
"""Tests unauthenticated FQDN lookup (Bootstrap Exception)."""
print("\n--- Testing Site Bootstrap (Unauth) ---")
url = f"{API_ROOT}/v3/crud/site_domain/search"
query = {"and": [{"field": "fqdn", "op": "eq", "value": FQDN}]}
# NO AUTH HEADERS
resp = requests.post(url, json=query)
print_result("Bootstrap lookup (site_domain)", resp.status_code == 200)
def test_passcode_to_jwt():
"""Tests site-specific passcode authentication."""
print("\n--- Testing Passcode -> JWT Flow ---")
url = f"{API_ROOT}/api/authenticate_passcode"
payload = {"site_id": SITE_ID, "passcode": PASSCODE}
resp = requests.post(url, json=payload)
success = resp.status_code == 200
token = resp.json().get('data', {}).get('jwt') if success else None
print_result("Passcode Auth", success and token is not None)
return token
def test_security_boundaries(token):
"""Tests that a site-token cannot access private journals."""
print("\n--- Testing Security Boundaries ---")
url = f"{API_ROOT}/v3/crud/journal/search"
headers = {"X-Aether-API-Key": API_KEY}
params = {"jwt": token}
# site-scoped JWT should NOT be able to search global journals
resp = requests.post(url, headers=headers, params=params, json={"q": "%"})
print_result("Access Blocked (site-jwt -> journal)", resp.status_code == 403)
def test_machine_auth_exception():
"""Tests that restricted routes fail without API Key."""
print("\n--- Testing Machine Auth Exceptions ---")
url = f"{API_ROOT}/v3/crud/journal/search"
# No headers, no key
resp = requests.post(url, json={"q": "%"})
print_result("Unauth block (journal)", resp.status_code == 403)
if __name__ == "__main__":
print(f"Starting Consolidated Auth & Security E2E Suite")
test_site_bootstrap()
token = test_passcode_to_jwt()
if token:
test_security_boundaries(token)
test_machine_auth_exception()
print("\nSuite completed.")
Reference in New Issue View Git Blame Copy Permalink