bakery-ia/scripts/test_unified_auth.sh

#!/bin/bash

# ================================================================
# Complete Authentication Test with Registration - FIXED VERSION
# Tests the full user lifecycle: registration → login → API access
# ================================================================

echo "🔐 Testing Complete Authentication System with Registration"
echo "=========================================================="

# Configuration
API_BASE="http://localhost:8000"
AUTH_BASE="$API_BASE/api/v1/auth"
TEST_EMAIL="test-$(date +%s)@bakery.com"  # Unique email for each test
TEST_PASSWORD="SecurePass123!"
TEST_NAME="Test Baker"
# ✅ FIX: Generate a proper UUID for tenant testing (will be replaced after bakery creation)
TENANT_ID=$(uuidgen 2>/dev/null || python3 -c "import uuid; print(uuid.uuid4())" 2>/dev/null || echo "00000000-0000-0000-0000-000000000000")

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

# Helper function for colored output
log_step() {
    echo -e "${BLUE}📍 $1${NC}"
}

log_success() {
    echo -e "${GREEN}✅ $1${NC}"
}

log_error() {
    echo -e "${RED}❌ $1${NC}"
}

log_warning() {
    echo -e "${YELLOW}⚠️  $1${NC}"
}

# Helper function to check if service is healthy
check_service_health() {
    local service_url=$1
    local service_name=$2
    
    log_step "Checking $service_name health..."
    
    response=$(curl -s -o /dev/null -w "%{http_code}" "$service_url/health")
    if [ "$response" = "200" ]; then
        log_success "$service_name is healthy"
        return 0
    else
        log_error "$service_name is not healthy (HTTP $response)"
        return 1
    fi
}

# Check all services are running
log_step "Pre-flight checks..."
echo ""

# Check API Gateway
if ! check_service_health "$API_BASE" "API Gateway"; then
    log_error "API Gateway is not running. Start with: docker-compose up -d"
    exit 1
fi

# Check Auth Service directly
if ! check_service_health "http://localhost:8001" "Auth Service"; then
    log_error "Auth Service is not running. Check: docker-compose logs auth-service"
    exit 1
fi

# Check Tenant Service
if ! check_service_health "http://localhost:8005" "Tenant Service"; then
    log_error "Tenant Service is not running. Check: docker-compose logs tenant-service"
    exit 1
fi

# Check Data Service
if ! check_service_health "http://localhost:8004" "Data Service"; then
    log_warning "Data Service is not running, but continuing with auth tests..."
fi

# Check Training Service
if ! check_service_health "http://localhost:8002" "Training Service"; then
    log_warning "Training Service is not running, but continuing with auth tests..."
fi

echo ""
log_step "All systems ready! Starting authentication tests..."
echo ""

# ================================================================
# STEP 1: USER REGISTRATION
# ================================================================

log_step "Step 1: Registering new user"
echo "Email: $TEST_EMAIL"
echo "Password: $TEST_PASSWORD"
echo ""

REGISTRATION_RESPONSE=$(curl -s -X POST "$AUTH_BASE/register" \
    -H "Content-Type: application/json" \
    -d "{
        \"email\": \"$TEST_EMAIL\",
        \"password\": \"$TEST_PASSWORD\",
        \"full_name\": \"$TEST_NAME\"
    }")

echo "Registration Response:"
echo "$REGISTRATION_RESPONSE" | jq '.'

# Check if registration was successful
if echo "$REGISTRATION_RESPONSE" | jq -e '.id' > /dev/null; then
    USER_ID=$(echo "$REGISTRATION_RESPONSE" | jq -r '.id')
    log_success "User registration successful! User ID: $USER_ID"
else
    log_error "User registration failed!"
    echo "Response: $REGISTRATION_RESPONSE"
    exit 1
fi

echo ""

# ================================================================
# STEP 2: USER LOGIN
# ================================================================

log_step "Step 2: Logging in with new user credentials"

LOGIN_RESPONSE=$(curl -s -X POST "$AUTH_BASE/login" \
    -H "Content-Type: application/json" \
    -d "{
        \"email\": \"$TEST_EMAIL\",
        \"password\": \"$TEST_PASSWORD\"
    }")

echo "Login Response:"
echo "$LOGIN_RESPONSE" | jq '.'

# Extract access token
if echo "$LOGIN_RESPONSE" | jq -e '.access_token' > /dev/null; then
    ACCESS_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.access_token')
    REFRESH_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.refresh_token')
    log_success "Login successful! Token obtained: ${ACCESS_TOKEN:0:20}..."
else
    log_error "Login failed!"
    echo "Response: $LOGIN_RESPONSE"
    exit 1
fi

echo ""

# ================================================================
# STEP 3: ACCESSING PROTECTED ENDPOINTS
# ================================================================

log_step "Step 3: Testing protected endpoints with authentication"

# 3a. Get current user info
log_step "3a. Getting current user profile"

USER_PROFILE_RESPONSE=$(curl -s -X GET "$API_BASE/api/v1/users/me" \
    -H "Authorization: Bearer $ACCESS_TOKEN")

echo "User Profile Response:"
echo "$USER_PROFILE_RESPONSE" | jq '.'

if echo "$USER_PROFILE_RESPONSE" | jq -e '.email' > /dev/null; then
    log_success "User profile retrieved successfully!"
else
    log_warning "User profile endpoint may not be implemented yet"
fi

echo ""

# ================================================================
# STEP 4: TENANT REGISTRATION (BAKERY CREATION)
# ================================================================

log_step "Step 4: Registering a bakery/tenant"

BAKERY_RESPONSE=$(curl -s -X POST "$API_BASE/api/v1/tenants/register" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "{
        \"name\": \"Test Bakery $(date +%H%M)\",
        \"business_type\": \"bakery\",
        \"address\": \"Calle Test 123\",
        \"city\": \"Madrid\",
        \"postal_code\": \"28001\",
        \"phone\": \"+34600123456\"
    }")

echo "Bakery Registration Response:"
echo "$BAKERY_RESPONSE" | jq '.'

if echo "$BAKERY_RESPONSE" | jq -e '.id' > /dev/null; then
    # ✅ FIX: Use the actual tenant ID returned from bakery creation
    TENANT_ID=$(echo "$BAKERY_RESPONSE" | jq -r '.id')
    log_success "Bakery registration successful! Tenant ID: $TENANT_ID"
else
    log_error "Bakery registration failed!"
    echo "Response: $BAKERY_RESPONSE"
    # Continue with tests using placeholder UUID for other endpoints
fi

echo ""

# ================================================================
# STEP 5: TEST DATA SERVICE WITH TENANT ID
# ================================================================

log_step "Step 5: Testing data service through gateway"

# Only test with valid tenant ID
if [ "$TENANT_ID" != "00000000-0000-0000-0000-000000000000" ]; then
    DATA_RESPONSE=$(curl -s -X GET "$API_BASE/api/v1/data/sales" \
        -H "Authorization: Bearer $ACCESS_TOKEN" \
        -H "X-Tenant-ID: $TENANT_ID")

    echo "Data Service Response:"
    echo "$DATA_RESPONSE" | jq '.'

    if [ "$(echo "$DATA_RESPONSE" | jq -r '.status // "unknown"')" != "error" ]; then
        log_success "Data service access successful!"
    else
        log_warning "Data service returned error (may be expected for new tenant)"
    fi
else
    log_warning "Skipping data service test - no valid tenant ID"
fi

echo ""

# ================================================================
# STEP 6: TEST TRAINING SERVICE WITH TENANT ID
# ================================================================

log_step "Step 6: Testing training service through gateway"

# Only test with valid tenant ID
if [ "$TENANT_ID" != "00000000-0000-0000-0000-000000000000" ]; then
    TRAINING_RESPONSE=$(curl -s -X POST "$API_BASE/api/v1/training/jobs" \
        -H "Authorization: Bearer $ACCESS_TOKEN" \
        -H "X-Tenant-ID: $TENANT_ID" \
        -H "Content-Type: application/json" \
        -d '{
            "include_weather": true,
            "include_traffic": false,
            "min_data_points": 30
        }')

    echo "Training Service Response:"
    echo "$TRAINING_RESPONSE" | jq '.'

    if echo "$TRAINING_RESPONSE" | jq -e '.job_id // .message' > /dev/null; then
        log_success "Training service access successful!"
    else
        log_warning "Training service access may have issues"
    fi
else
    log_warning "Skipping training service test - no valid tenant ID"
fi

echo ""

# ================================================================
# STEP 7: TOKEN REFRESH
# ================================================================

log_step "Step 7: Testing token refresh"

REFRESH_RESPONSE=$(curl -s -X POST "$AUTH_BASE/refresh" \
    -H "Content-Type: application/json" \
    -d "{
        \"refresh_token\": \"$REFRESH_TOKEN\"
    }")

echo "Token Refresh Response:"
echo "$REFRESH_RESPONSE" | jq '.'

if echo "$REFRESH_RESPONSE" | jq -e '.access_token' > /dev/null; then
    NEW_ACCESS_TOKEN=$(echo "$REFRESH_RESPONSE" | jq -r '.access_token')
    log_success "Token refresh successful! New token: ${NEW_ACCESS_TOKEN:0:20}..."
else
    log_warning "Token refresh may not be fully implemented"
fi

echo ""

# ================================================================
# STEP 8: DIRECT SERVICE HEALTH CHECKS
# ================================================================

log_step "Step 8: Testing direct service access (without gateway)"

# Test auth service directly
log_step "8a. Auth service direct health check"
AUTH_HEALTH=$(curl -s -X GET "http://localhost:8001/health")
echo "Auth Service Health:"
echo "$AUTH_HEALTH" | jq '.'

# Test other services if available
log_step "8b. Other services health check"

services=("8002:Training" "8003:Forecasting" "8004:Data" "8005:Tenant" "8006:Notification")

for service in "${services[@]}"; do
    port=$(echo $service | cut -d: -f1)
    name=$(echo $service | cut -d: -f2)
    
    health_response=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$port/health" 2>/dev/null)
    if [ "$health_response" = "200" ]; then
        log_success "$name Service (port $port) is healthy"
    else
        log_warning "$name Service (port $port) is not responding"
    fi
done

echo ""

# ================================================================
# STEP 9: LOGOUT
# ================================================================

log_step "Step 9: Logging out user"

LOGOUT_RESPONSE=$(curl -s -X POST "$AUTH_BASE/logout" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json")

echo "Logout Response:"
echo "$LOGOUT_RESPONSE" | jq '.'

if echo "$LOGOUT_RESPONSE" | jq -e '.message' > /dev/null; then
    log_success "Logout successful!"
else
    log_warning "Logout endpoint may not be fully implemented"
fi

echo ""

# ================================================================
# SUMMARY
# ================================================================

echo "🎉 Authentication Test Summary"
echo "==============================="
echo ""
echo "Test User Created:"
echo "  📧 Email: $TEST_EMAIL"
echo "  👤 Name: $TEST_NAME"
echo "  🆔 User ID: $USER_ID"
echo ""
echo "Authentication Flow:"
echo "  ✅ User Registration"
echo "  ✅ User Login"
echo "  ✅ Token Verification"
echo "  ✅ Protected Endpoint Access"
echo "  ✅ Token Refresh"
echo "  ✅ User Logout"
echo ""
echo "Services Tested:"
echo "  🌐 API Gateway"
echo "  🔐 Auth Service"
echo "  🏢 Tenant Service (bakery registration)"
echo "  📊 Data Service (through gateway)"
echo "  🤖 Training Service (through gateway)"
echo ""

if [ "$TENANT_ID" != "00000000-0000-0000-0000-000000000000" ]; then
    echo "Tenant Created:"
    echo "  🏪 Tenant ID: $TENANT_ID"
    echo ""
fi

log_success "Complete authentication test finished successfully!"
echo ""
echo "🔧 Development Tips:"
echo "  • Use the created test user for further development"
echo "  • Check service logs with: docker-compose logs [service-name]"
echo "  • View API docs at: http://localhost:8000/docs"
echo "  • Monitor services at: http://localhost:3002"
echo ""
echo "🧹 Cleanup:"
echo "  • Test user will remain in database for development"
echo "  • To reset: Delete user from auth database or run cleanup script"