Admin/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cdfc37c27359db834aacbc97e33a6cd02e1511f8
panel/test-auth-pages.mjs
RKWojs c1bb4c44fd feat: upgrade next-auth to v5.0.0-beta.29 and refactor authentication middleware 
- Updated next-auth dependency in package.json to version 5.0.0-beta.29.
- Refactored create-admin script to use a valid email format.
- Implemented authentication middleware for various API routes to enforce access control.
- Refactored API route handlers to improve readability and maintainability.
- Enhanced error handling in authentication error page.
- Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.
2025-06-25 12:32:13 +02:00

128 lines
4.7 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Test authenticated access to pages and API endpoints
const BASE_URL = 'http://localhost:3000';
// Helper to extract cookies from response headers
function extractCookies(response) {
const cookies = [];
const setCookieHeaders = response.headers.get('set-cookie');
if (setCookieHeaders) {
cookies.push(setCookieHeaders);
}
return cookies.join('; ');
}
// Test authenticated access
async function testAuthenticatedAccess() {
console.log('🔐 Testing Authenticated Access\n');
// Step 1: Get the sign-in page to check if it loads
console.log('1⃣ Testing sign-in page access...');
try {
const signInResponse = await fetch(`${BASE_URL}/auth/signin`);
console.log(`✅ Sign-in page: ${signInResponse.status} ${signInResponse.statusText}`);
if (signInResponse.status === 200) {
const pageContent = await signInResponse.text();
const hasForm = pageContent.includes('Sign in to your account');
console.log(` Form present: ${hasForm ? '✅ Yes' : '❌ No'}`);
}
} catch (error) {
console.log(`❌ Sign-in page error: ${error.message}`);
}
console.log('\n2⃣ Testing authentication endpoint...');
// Step 2: Test the authentication API endpoint
try {
const sessionResponse = await fetch(`${BASE_URL}/api/auth/session`);
console.log(`✅ Session endpoint: ${sessionResponse.status} ${sessionResponse.statusText}`);
if (sessionResponse.status === 200) {
const sessionData = await sessionResponse.json();
console.log(` Session data: ${JSON.stringify(sessionData)}`);
}
} catch (error) {
console.log(`❌ Session endpoint error: ${error.message}`);
}
console.log('\n3⃣ Testing CSRF token endpoint...');
// Step 3: Get CSRF token
try {
const csrfResponse = await fetch(`${BASE_URL}/api/auth/csrf`);
console.log(`✅ CSRF endpoint: ${csrfResponse.status} ${csrfResponse.statusText}`);
if (csrfResponse.status === 200) {
const csrfData = await csrfResponse.json();
console.log(` CSRF token: ${csrfData.csrfToken ? '✅ Present' : '❌ Missing'}`);
}
} catch (error) {
console.log(`❌ CSRF endpoint error: ${error.message}`);
}
console.log('\n4⃣ Testing main dashboard page (unauthenticated)...');
// Step 4: Test main page redirect
try {
const mainPageResponse = await fetch(`${BASE_URL}/`, {
redirect: 'manual' // Don't follow redirects automatically
});
console.log(`✅ Main page: ${mainPageResponse.status} ${mainPageResponse.statusText}`);
if (mainPageResponse.status === 307 || mainPageResponse.status === 302) {
const location = mainPageResponse.headers.get('location');
console.log(` Redirects to: ${location}`);
console.log(` Correct redirect: ${location && location.includes('/auth/signin') ? '✅ Yes' : '❌ No'}`);
}
} catch (error) {
console.log(`❌ Main page error: ${error.message}`);
}
console.log('\n5⃣ Testing projects page (unauthenticated)...');
// Step 5: Test projects page redirect
try {
const projectsPageResponse = await fetch(`${BASE_URL}/projects`, {
redirect: 'manual'
});
console.log(`✅ Projects page: ${projectsPageResponse.status} ${projectsPageResponse.statusText}`);
if (projectsPageResponse.status === 307 || projectsPageResponse.status === 302) {
const location = projectsPageResponse.headers.get('location');
console.log(` Redirects to: ${location}`);
console.log(` Correct redirect: ${location && location.includes('/auth/signin') ? '✅ Yes' : '❌ No'}`);
}
} catch (error) {
console.log(`❌ Projects page error: ${error.message}`);
}
console.log('\n6⃣ Testing API endpoints (unauthenticated)...');
// Step 6: Test API endpoints
const apiEndpoints = ['/api/projects', '/api/contracts', '/api/tasks/templates'];
for (const endpoint of apiEndpoints) {
try {
const response = await fetch(`${BASE_URL}${endpoint}`);
const data = await response.json();
if (response.status === 401) {
console.log(`${endpoint}: Protected (401) - ${data.error}`);
} else {
console.log(`${endpoint}: Not protected (${response.status})`);
}
} catch (error) {
console.log(`${endpoint}: Error - ${error.message}`);
}
}
console.log('\n📋 Summary:');
console.log('- Sign-in page should be accessible');
console.log('- Protected pages should redirect to /auth/signin');
console.log('- Protected API endpoints should return 401 with JSON error');
console.log('- Auth endpoints (/api/auth/*) should be accessible');
}
// Run the test
testAuthenticatedAccess().catch(console.error);
Reference in New Issue View Git Blame Copy Permalink