#!/bin/bash # Simple Passwordless System Test # Tests core functionality using curl set -e APP_URL="http://localhost:9000" MAILHOG_API="http://localhost:8025/api/v2" GREEN='\033[0;32m' BLUE='\033[0;34m' RED='\033[0;31m' YELLOW='\033[1;33m' NC='\033[0m' echo "" echo "==========================================" echo " Passwordless System Quick Test" echo "==========================================" echo "" # Test 1: Check Email Endpoint echo -e "${BLUE}Test 1: Email Existence Check${NC}" echo "Testing with existing email..." RESPONSE=$(curl -s "$APP_URL/api/auth/check-email?email=gara2222ge@support.com") if echo "$RESPONSE" | grep -q '"exists":true'; then echo -e "${GREEN}✅ Check-email endpoint working${NC}" echo " Response: $RESPONSE" else echo -e "${RED}❌ Check-email endpoint failed${NC}" exit 1 fi echo "" # Test 2: Check New Email echo "Testing with new email..." NEW_EMAIL="test-$(date +%s)@example.com" RESPONSE=$(curl -s "$APP_URL/api/auth/check-email?email=$NEW_EMAIL") if echo "$RESPONSE" | grep -q '"exists":false'; then echo -e "${GREEN}✅ New email detected as available${NC}" echo " Email: $NEW_EMAIL" else echo -e "${RED}❌ New email check failed${NC}" exit 1 fi echo "" echo "==========================================" echo -e "${BLUE}Test 2: MailHog Integration${NC}" echo "==========================================" # Clear MailHog curl -s -X DELETE "$MAILHOG_API/messages" > /dev/null # Check MailHog is accessible MAILHOG_CHECK=$(curl -s -o /dev/null -w "%{http_code}" "$MAILHOG_API/messages") if [ "$MAILHOG_CHECK" = "200" ]; then echo -e "${GREEN}✅ MailHog is accessible and cleared${NC}" MAILHOG_COUNT=$(curl -s "$MAILHOG_API/messages" | grep -o '"total":[0-9]*' | cut -d: -f2 || echo "0") echo " Messages in MailHog: $MAILHOG_COUNT" else echo -e "${RED}❌ MailHog not accessible (HTTP $MAILHOG_CHECK)${NC}" exit 1 fi echo "" echo "==========================================" echo -e "${BLUE}Test 3: OTP Email Sending${NC}" echo "==========================================" # Get CSRF token CSRF_TOKEN=$(curl -s "$APP_URL/api/auth/csrf" | python3 -c "import sys, json; print(json.load(sys.stdin)['csrfToken'])" 2>/dev/null || echo "") if [ -z "$CSRF_TOKEN" ]; then echo -e "${YELLOW}⚠️ Could not get CSRF token, skipping OTP send test${NC}" else echo "CSRF token obtained" # Send OTP (note: will be blocked by CSRF if cookies not passed) echo "Attempting to send OTP..." echo -e "${YELLOW}⚠️ Note: This may fail due to CSRF protection (expected in production)${NC}" fi echo "" echo "==========================================" echo -e "${BLUE}Test 4: Pages Accessibility${NC}" echo "==========================================" # Test signup page SIGNUP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$APP_URL/en/signup") if [ "$SIGNUP_STATUS" = "200" ]; then echo -e "${GREEN}✅ Signup page accessible${NC}" else echo -e "${RED}❌ Signup page returned $SIGNUP_STATUS${NC}" exit 1 fi # Test login page LOGIN_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$APP_URL/en/login") if [ "$LOGIN_STATUS" = "200" ]; then echo -e "${GREEN}✅ Login page accessible${NC}" else echo -e "${RED}❌ Login page returned $LOGIN_STATUS${NC}" exit 1 fi # Test verify page VERIFY_STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$APP_URL/en/signup/verify") if [ "$VERIFY_STATUS" = "200" ]; then echo -e "${GREEN}✅ Verify page accessible${NC}" else echo -e "${RED}❌ Verify page returned $VERIFY_STATUS${NC}" exit 1 fi echo "" echo "==========================================" echo -e "${BLUE}Test 5: Check Signup Page Has No Passwords${NC}" echo "==========================================" SIGNUP_HTML=$(curl -s "$APP_URL/en/signup") if echo "$SIGNUP_HTML" | grep -q 'type="password"'; then echo -e "${RED}❌ Password fields found on signup page!${NC}" echo " Passwordless implementation may not be complete" exit 1 else echo -e "${GREEN}✅ No password fields on signup page${NC}" echo " Passwordless signup confirmed" fi if echo "$SIGNUP_HTML" | grep -q 'Passwordless'; then echo -e "${GREEN}✅ Passwordless notice found on signup page${NC}" else echo -e "${YELLOW}⚠️ Passwordless notice might be missing${NC}" fi echo "" echo "==========================================" echo " ✅ All Basic Tests Passed!" echo "==========================================" echo "" echo "Summary:" echo " ✅ Email check endpoint working" echo " ✅ MailHog accessible" echo " ✅ All pages loading (200 OK)" echo " ✅ No password fields on signup" echo " ✅ Passwordless notice present" echo "" echo "Next: Run full test suite with:" echo " npm run test:e2e" echo "" echo "Or run manual tests:" echo " Signup: $APP_URL/en/signup" echo " Login: $APP_URL/en/login" echo " MailHog: http://localhost:8025" echo ""