#!/usr/bin/env bash # Test script for Partner Authentication API # Make sure your Phoenix server is running on localhost:4000 BASE_URL="http://localhost:4000/api/v1" PARTNER_ID="1" # Adjust based on your test data # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color echo -e "${BLUE}๐Ÿงช Testing Partner Authentication System${NC}" echo "==============================================" # Function to test API endpoint test_endpoint() { local description="$1" local method="$2" local endpoint="$3" local headers="$4" local data="$5" echo -e "\n${YELLOW}Testing: $description${NC}" echo "Endpoint: $method $endpoint" if [ "$method" = "GET" ]; then response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X GET "$endpoint" $headers) else response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X POST "$endpoint" $headers -d "$data") fi # Extract HTTP status code http_status=$(echo "$response" | grep "HTTP_STATUS:" | cut -d: -f2) response_body=$(echo "$response" | sed '/HTTP_STATUS:/d') echo "Status: $http_status" echo "Response: $response_body" | jq . 2>/dev/null || echo "$response_body" if [ "$http_status" -ge 200 ] && [ "$http_status" -lt 300 ]; then echo -e "${GREEN}โœ… PASS${NC}" else echo -e "${RED}โŒ FAIL${NC}" fi } echo -e "\n${BLUE}1. Testing without authentication (should fail)${NC}" test_endpoint \ "Get merchants without auth" \ "GET" \ "$BASE_URL/partners/$PARTNER_ID/merchants" \ "" echo -e "\n${BLUE}2. Testing with invalid API key (should fail)${NC}" test_endpoint \ "Get merchants with invalid key" \ "GET" \ "$BASE_URL/partners/$PARTNER_ID/merchants" \ "-H 'X-API-Key: invalid_key_12345'" echo -e "\n${BLUE}3. Testing with invalid API secret (should fail)${NC}" test_endpoint \ "Get merchants with invalid secret" \ "GET" \ "$BASE_URL/partners/$PARTNER_ID/merchants" \ "-H 'X-API-Key: test_key' -H 'X-API-Secret: invalid_secret'" # Note: For real testing, you'll need to update these with actual API keys echo -e "\n${YELLOW}โš ๏ธ To test with valid credentials:${NC}" echo "1. Run: mix run priv/scripts/generate_api_keys.exs" echo "2. Update the API keys in this script" echo "3. Re-run this test script" echo -e "\n${BLUE}4. Testing rate limiting (simulated)${NC}" echo "Testing rapid requests to trigger rate limiting..." for i in {1..5}; do echo -e "\nRequest $i:" test_endpoint \ "Rapid request #$i" \ "GET" \ "$BASE_URL/partners/$PARTNER_ID/merchants" \ "-H 'X-API-Key: test_key_for_rate_test'" sleep 0.1 done echo -e "\n${BLUE}5. Testing IP whitelist (if configured)${NC}" echo "Note: IP whitelist testing requires configuration in partner record" echo -e "\n${BLUE}6. Testing merchant creation with auth${NC}" test_data='{ "merchant": { "name": "Test Merchant", "merchant_id": "TEST_MERCH_001", "email": "test@merchant.com", "phone": "+91-9876543210", "corridor": "domestic" } }' test_endpoint \ "Create merchant with valid auth" \ "POST" \ "$BASE_URL/partners/$PARTNER_ID/merchants" \ "-H 'Content-Type: application/json' -H 'X-API-Key: valid_key_here' -H 'X-API-Secret: valid_secret_here'" \ "$test_data" echo -e "\n${GREEN}๐ŸŽฏ Authentication Testing Complete!${NC}" echo "==============================================" echo -e "${YELLOW}๐Ÿ“ Next Steps:${NC}" echo "1. Generate real API keys using the generate_api_keys.exs script" echo "2. Update this test script with real credentials" echo "3. Test the complete flow with your Postman collection" echo "4. Configure IP whitelisting for production partners" echo "5. Monitor rate limiting in production logs"