MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
main
work-club-manager/infra/keycloak/test-auth.sh

142 lines
5.0 KiB
Bash
Raw Permalink Normal View History

feat(domain): add core entities — Club, Member, WorkItem, Shift with state machine - Create domain entities in WorkClub.Domain/Entities: Club, Member, WorkItem, Shift, ShiftSignup - Implement enums: SportType, ClubRole, WorkItemStatus - Add ITenantEntity interface for multi-tenancy support - Implement state machine validation on WorkItem with C# 14 switch expressions - Valid transitions: Open→Assigned→InProgress→Review→Done, Review→InProgress (rework) - All invalid transitions throw InvalidOperationException - TDD approach: Write tests first, 12/12 passing - Use required properties with explicit Guid/Guid? for foreign keys - DateTimeOffset for timestamps (timezone-aware, multi-tenant friendly) - RowVersion byte[] for optimistic concurrency control - No navigation properties yet (deferred to EF Core task) - No domain events or validation attributes (YAGNI for MVP)
2026-03-03 14:09:25 +01:00
#!/bin/bash
set -euo pipefail
# Test script for Keycloak authentication and JWT claims verification
# This script validates the realm configuration after import
KEYCLOAK_URL="${KEYCLOAK_URL:-http://localhost:8080}"
REALM="workclub"
CLIENT_ID="workclub-app"
# Color output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo "=== Keycloak Authentication Test ==="
echo "Keycloak URL: $KEYCLOAK_URL"
echo "Realm: $REALM"
echo ""
# Wait for Keycloak to be ready
echo "Waiting for Keycloak to be ready..."
max_attempts=60
attempt=0
while ! curl -sf "$KEYCLOAK_URL/health/ready" > /dev/null; do
attempt=$((attempt + 1))
if [ $attempt -ge $max_attempts ]; then
echo -e "${RED}✗ Keycloak failed to become ready after $max_attempts attempts${NC}"
exit 1
fi
echo -n "."
sleep 2
done
echo -e "\n${GREEN}✓ Keycloak is ready${NC}\n"
# Test users with expected club memberships
declare -A USERS=(
["admin@test.com"]='{"club-1-uuid":"admin","club-2-uuid":"member"}'
["manager@test.com"]='{"club-1-uuid":"manager"}'
["member1@test.com"]='{"club-1-uuid":"member","club-2-uuid":"member"}'
["member2@test.com"]='{"club-1-uuid":"member"}'
["viewer@test.com"]='{"club-1-uuid":"viewer"}'
)
PASSWORD="testpass123"
EVIDENCE_DIR=".sisyphus/evidence"
mkdir -p "$EVIDENCE_DIR"
RESULTS_FILE="$EVIDENCE_DIR/task-3-user-auth.txt"
JWT_FILE="$EVIDENCE_DIR/task-3-jwt-claims.txt"
# Clear previous results
> "$RESULTS_FILE"
> "$JWT_FILE"
echo "Testing authentication for all users..." | tee -a "$RESULTS_FILE"
echo "=======================================" | tee -a "$RESULTS_FILE"
echo "" | tee -a "$RESULTS_FILE"
success_count=0
failure_count=0
for user in "${!USERS[@]}"; do
expected_clubs="${USERS[$user]}"
echo "Testing: $user" | tee -a "$RESULTS_FILE"
echo "Expected clubs: $expected_clubs" | tee -a "$RESULTS_FILE"
# Request token using direct grant (password grant)
response=$(curl -s -X POST "$KEYCLOAK_URL/realms/$REALM/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password" \
-d "client_id=$CLIENT_ID" \
-d "username=$user" \
-d "password=$PASSWORD" \
2>&1)
# Check if token was obtained
if echo "$response" | jq -e '.access_token' > /dev/null 2>&1; then
access_token=$(echo "$response" | jq -r '.access_token')
# Decode JWT (extract payload, base64 decode)
payload=$(echo "$access_token" | cut -d. -f2)
# Add padding if needed for base64
padding=$((4 - ${#payload} % 4))
if [ $padding -ne 4 ]; then
payload="${payload}$(printf '=%.0s' $(seq 1 $padding))"
fi
decoded=$(echo "$payload" | base64 -d 2>/dev/null | jq '.')
# Extract clubs claim
clubs_claim=$(echo "$decoded" | jq -c '.clubs // empty')
if [ -z "$clubs_claim" ]; then
echo -e " ${RED}✗ FAILED: No 'clubs' claim found in JWT${NC}" | tee -a "$RESULTS_FILE"
failure_count=$((failure_count + 1))
elif [ "$clubs_claim" == "$expected_clubs" ]; then
echo -e " ${GREEN}✓ SUCCESS: Clubs claim matches expected value${NC}" | tee -a "$RESULTS_FILE"
success_count=$((success_count + 1))
# Save decoded JWT for first successful user (admin)
if [ "$user" == "admin@test.com" ]; then
echo "=== Decoded JWT for admin@test.com ===" > "$JWT_FILE"
echo "$decoded" | jq '.' >> "$JWT_FILE"
echo "" >> "$JWT_FILE"
echo "=== Clubs Claim ===" >> "$JWT_FILE"
echo "$clubs_claim" | jq '.' >> "$JWT_FILE"
fi
else
echo -e " ${YELLOW}✗ FAILED: Clubs claim mismatch${NC}" | tee -a "$RESULTS_FILE"
echo " Expected: $expected_clubs" | tee -a "$RESULTS_FILE"
echo " Got: $clubs_claim" | tee -a "$RESULTS_FILE"
failure_count=$((failure_count + 1))
fi
echo " Claim type: $(echo "$clubs_claim" | jq -r 'type')" | tee -a "$RESULTS_FILE"
else
echo -e " ${RED}✗ FAILED: Could not obtain access token${NC}" | tee -a "$RESULTS_FILE"
echo " Error: $(echo "$response" | jq -r '.error_description // .error // "Unknown error"')" | tee -a "$RESULTS_FILE"
failure_count=$((failure_count + 1))
fi
echo "" | tee -a "$RESULTS_FILE"
done
echo "=======================================" | tee -a "$RESULTS_FILE"
echo "Summary: $success_count passed, $failure_count failed" | tee -a "$RESULTS_FILE"
echo "" | tee -a "$RESULTS_FILE"
if [ $failure_count -eq 0 ]; then
echo -e "${GREEN}✓ All authentication tests passed!${NC}" | tee -a "$RESULTS_FILE"
echo "Evidence saved to:" | tee -a "$RESULTS_FILE"
echo " - $RESULTS_FILE" | tee -a "$RESULTS_FILE"
echo " - $JWT_FILE" | tee -a "$RESULTS_FILE"
exit 0
else
echo -e "${RED}✗ Some tests failed${NC}" | tee -a "$RESULTS_FILE"
exit 1
fi
Reference in New Issue Copy Permalink