mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-15 01:07:32 +00:00
117 lines
3.3 KiB
Bash
Executable file
117 lines
3.3 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
|
|
HOT_DEV_AUTH_LIB="${ROOT_DIR}/scripts/lib/hot-dev-auth.sh"
|
|
|
|
if [[ ! -f "${HOT_DEV_AUTH_LIB}" ]]; then
|
|
echo "hot-dev-auth.sh not found at ${HOT_DEV_AUTH_LIB}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
failures=0
|
|
temp_dirs=()
|
|
|
|
cleanup() {
|
|
local dir
|
|
for dir in "${temp_dirs[@]:-}"; do
|
|
rm -rf "${dir}" 2>/dev/null || true
|
|
done
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
assert_contains() {
|
|
local desc="$1"
|
|
local haystack="$2"
|
|
local needle="$3"
|
|
|
|
if [[ "${haystack}" == *"${needle}"* ]]; then
|
|
echo "[PASS] ${desc}"
|
|
else
|
|
echo "[FAIL] ${desc}" >&2
|
|
echo "Expected to find: ${needle}" >&2
|
|
((failures++))
|
|
fi
|
|
}
|
|
|
|
make_temp_dir() {
|
|
local dir
|
|
dir="$(mktemp -d)"
|
|
temp_dirs+=("${dir}")
|
|
printf "%s\n" "${dir}"
|
|
}
|
|
|
|
test_default_auth_contract() {
|
|
local output
|
|
output="$(
|
|
HOT_DEV_AUTH_LIB="${HOT_DEV_AUTH_LIB}" \
|
|
bash -lc '
|
|
source "${HOT_DEV_AUTH_LIB}"
|
|
printf "user=%s\n" "$(hot_dev_resolve_auth_user)"
|
|
printf "pass=%s\n" "$(hot_dev_resolve_auth_pass)"
|
|
printf "banner=%s\n" "$(hot_dev_auth_banner_line "$(hot_dev_resolve_auth_user)" "$(hot_dev_resolve_auth_pass)")"
|
|
'
|
|
)"
|
|
|
|
assert_contains "default auth username stays admin" "${output}" "user=admin"
|
|
assert_contains "default auth password stays adminadminadmin" "${output}" "banner=admin / adminadminadmin"
|
|
assert_contains "default auth uses canonical bcrypt hash" "${output}" "pass=${HOT_DEV_DEFAULT_AUTH_HASH}"
|
|
}
|
|
|
|
test_custom_auth_banner_contract() {
|
|
local output
|
|
output="$(
|
|
HOT_DEV_AUTH_LIB="${HOT_DEV_AUTH_LIB}" \
|
|
bash -lc '
|
|
source "${HOT_DEV_AUTH_LIB}"
|
|
HOT_DEV_AUTH_USER="custom-admin"
|
|
HOT_DEV_AUTH_PASS="custom-password"
|
|
printf "banner=%s\n" "$(hot_dev_auth_banner_line "$(hot_dev_resolve_auth_user)" "$(hot_dev_resolve_auth_pass)")"
|
|
'
|
|
)"
|
|
|
|
assert_contains "custom auth banner hides the raw password" "${output}" "banner=custom via HOT_DEV_AUTH_USER / HOT_DEV_AUTH_PASS"
|
|
}
|
|
|
|
test_sync_auth_env_file_preserves_non_auth_settings() {
|
|
local state_dir runtime_env output
|
|
state_dir="$(make_temp_dir)"
|
|
runtime_env="${state_dir}/.env"
|
|
|
|
cat > "${runtime_env}" <<'EOF'
|
|
# Auto-generated by Pulse Quick Security Setup
|
|
PULSE_AUTH_USER='stale-user'
|
|
PULSE_AUTH_PASS='stale-pass'
|
|
PULSE_AUDIT_LOG=true
|
|
PULSE_MOCK_MODE=false
|
|
EOF
|
|
|
|
output="$(
|
|
HOT_DEV_AUTH_LIB="${HOT_DEV_AUTH_LIB}" \
|
|
RUNTIME_ENV_PATH="${runtime_env}" \
|
|
bash -lc '
|
|
source "${HOT_DEV_AUTH_LIB}"
|
|
hot_dev_sync_auth_env_file "${RUNTIME_ENV_PATH}" "admin" "${HOT_DEV_DEFAULT_AUTH_HASH}"
|
|
cat "${RUNTIME_ENV_PATH}"
|
|
'
|
|
)"
|
|
|
|
assert_contains "sync writes managed auth header" "${output}" "# Managed by hot-dev.sh for deterministic dev auth"
|
|
assert_contains "sync rewrites auth user" "${output}" "PULSE_AUTH_USER='admin'"
|
|
assert_contains "sync rewrites auth password hash" "${output}" "PULSE_AUTH_PASS='${HOT_DEV_DEFAULT_AUTH_HASH}'"
|
|
assert_contains "sync preserves audit settings" "${output}" "PULSE_AUDIT_LOG=true"
|
|
assert_contains "sync preserves mock settings" "${output}" "PULSE_MOCK_MODE=false"
|
|
}
|
|
|
|
source "${HOT_DEV_AUTH_LIB}"
|
|
test_default_auth_contract
|
|
test_custom_auth_banner_contract
|
|
test_sync_auth_env_file_preserves_non_auth_settings
|
|
|
|
if (( failures > 0 )); then
|
|
echo "FAIL: ${failures} hot-dev auth assertions failed" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "PASS: hot-dev auth contract checks passed"
|