#!/bin/bash # Forgot Password Flow Test Script # Tests the complete password reset flow with MailHog BASE_URL="http://localhost:9000" MAILHOG_URL="http://localhost:8025" echo "🔐 Testing Forgot Password Flow" echo "================================" echo "" # Colors for output GREEN='\033[0;32m' RED='\033[0;31m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # Test email address TEST_EMAIL="test@example.com" echo -e "${YELLOW}Prerequisites:${NC}" echo "✓ Server running on $BASE_URL" echo "✓ MailHog running on $MAILHOG_URL" echo "✓ Test user exists with email: $TEST_EMAIL" echo "" # Step 1: Request Password Reset echo -e "${YELLOW}Step 1: Request Password Reset${NC}" echo "POST $BASE_URL/api/auth/forgot-password" echo "" RESET_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/forgot-password" \ -H "Content-Type: application/json" \ -d "{\"identifier\":\"$TEST_EMAIL\"}") echo "Response: $RESET_RESPONSE" echo "" # Check if OTP code is in response (dev mode) OTP_CODE=$(echo $RESET_RESPONSE | grep -o '"code":"[0-9]*"' | grep -o '[0-9]*') if [ -n "$OTP_CODE" ]; then echo -e "${GREEN}✓ OTP Code generated:${NC} $OTP_CODE (dev mode)" else echo -e "${YELLOW}⚠ OTP Code not in response (check MailHog)${NC}" fi echo "" # Step 2: Check MailHog echo -e "${YELLOW}Step 2: Check MailHog${NC}" echo "Open browser: $MAILHOG_URL" echo "You should see an email with:" echo " - Subject: Password Reset - Mawidi (or Arabic equivalent)" echo " - From: noreply@mawidi.com" echo " - To: $TEST_EMAIL" echo " - Body: Contains 6-digit OTP code" echo "" # If OTP not found in response, prompt user to get it from MailHog if [ -z "$OTP_CODE" ]; then echo "Enter OTP code from MailHog email:" read -p "OTP: " OTP_CODE echo "" fi # Step 3: Verify OTP echo -e "${YELLOW}Step 3: Verify OTP Code${NC}" echo "POST $BASE_URL/api/auth/verify-reset-otp" echo "" VERIFY_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/verify-reset-otp" \ -H "Content-Type: application/json" \ -d "{\"identifier\":\"$TEST_EMAIL\",\"code\":\"$OTP_CODE\"}") echo "Response: $VERIFY_RESPONSE" echo "" # Extract reset token RESET_TOKEN=$(echo $VERIFY_RESPONSE | grep -o '"resetToken":"[^"]*"' | sed 's/"resetToken":"\(.*\)"/\1/') if [ -n "$RESET_TOKEN" ]; then echo -e "${GREEN}✓ Reset token generated${NC}" else echo -e "${RED}✗ Failed to get reset token${NC}" exit 1 fi echo "" # Step 4: Reset Password echo -e "${YELLOW}Step 4: Reset Password${NC}" echo "POST $BASE_URL/api/auth/reset-password" echo "" NEW_PASSWORD="NewPassword123!" PASSWORD_RESPONSE=$(curl -s -X POST "$BASE_URL/api/auth/reset-password" \ -H "Content-Type: application/json" \ -d "{\"identifier\":\"$TEST_EMAIL\",\"newPassword\":\"$NEW_PASSWORD\",\"resetToken\":\"$RESET_TOKEN\"}") echo "Response: $PASSWORD_RESPONSE" echo "" # Check if successful if echo "$PASSWORD_RESPONSE" | grep -q '"success":true'; then echo -e "${GREEN}✅ Password reset successful!${NC}" echo "" echo "You can now log in with:" echo " Email: $TEST_EMAIL" echo " Password: $NEW_PASSWORD" else echo -e "${RED}✗ Password reset failed${NC}" exit 1 fi echo "" echo -e "${GREEN}================================${NC}" echo -e "${GREEN}🎉 All tests passed!${NC}" echo -e "${GREEN}================================${NC}"