#!/bin/bash set -euo pipefail # FUNCTIONS function title() { echo "----------------------------------------" # Center the text local text="$1" local line_length=40 local text_length=${#text} local padding=$(( (line_length - text_length) / 2 )) printf "%*s%s%*s\n" $padding "" "$text" $padding "" echo "----------------------------------------" } function die() { title "error: $1" exit 1 } #------------------------------------------------------------------------------------------------ title "Testing hash_token utility" # Determine if we're running inside or outside the container if [ -f /.dockerenv ] || [ -n "${DOCKER_CONTAINER:-}" ]; then # We're inside the container, run commands directly HASH_TOKEN_CMD="/sos/hash_token --quiet" IN_CONTAINER=true else # We're outside the container, use docker exec HASH_TOKEN_CMD="docker exec sos-test /sos/hash_token --quiet" IN_CONTAINER=false fi # Test 1: Verify hash_token exists echo "1. Checking if hash_token exists..." if [ "$IN_CONTAINER" = true ]; then if [ -f /sos/hash_token ]; then echo "✓ hash_token utility found at /sos/hash_token" else die "hash_token utility not found at /sos/hash_token" fi else if docker exec sos-test ls /sos/hash_token >/dev/null 2>&1; then echo "✓ hash_token utility found in container" else die "hash_token utility not found in container at /sos/hash_token" fi fi # Test 2: Generate a hash and verify format echo "2. Testing hash generation..." TEST_TOKEN="test-token-$(date +%s)" HASH=$($HASH_TOKEN_CMD "$TEST_TOKEN" 2>/dev/null) if [ -z "$HASH" ]; then die "hash_token did not produce any output" fi echo "Generated hash: $HASH" # Verify hash format (should start with $2b$ for bcrypt) if [[ $HASH == \$2b\$* ]]; then echo "✓ Hash has correct bcrypt format" else die "Hash does not have correct bcrypt format (should start with \$2b\$)" fi # Test 3: Verify hash length (bcrypt hashes are typically 60-106 characters) HASH_LENGTH=${#HASH} if [ $HASH_LENGTH -ge 59 ] && [ $HASH_LENGTH -le 106 ]; then echo "✓ Hash has correct length ($HASH_LENGTH characters)" else die "Hash has incorrect length ($HASH_LENGTH characters, expected 60-106)" fi # Test 4: Generate multiple hashes for same token and verify they're different echo "3. Testing hash uniqueness (same token should produce different hashes)..." HASH1=$($HASH_TOKEN_CMD "same-token" 2>/dev/null) HASH2=$($HASH_TOKEN_CMD "same-token" 2>/dev/null) if [ "$HASH1" != "$HASH2" ]; then echo "✓ Same token produces different hashes (expected bcrypt behavior)" else echo "Warning: Same token produced identical hashes (unexpected but not critical)" fi # Test 5: Test with special characters echo "4. Testing with special characters..." SPECIAL_TOKEN='test!@#$%^&*()_+-=[]{}|;:,.<>?' SPECIAL_HASH=$($HASH_TOKEN_CMD "$SPECIAL_TOKEN" 2>/dev/null || echo "FAILED") if [ "$SPECIAL_HASH" != "FAILED" ] && [[ $SPECIAL_HASH == \$2b\$* ]]; then echo "✓ Special characters handled correctly" else die "Failed to handle special characters in token" fi # Test 6: Test with empty token (should fail or produce output) echo "5. Testing with empty token..." EMPTY_RESULT=$($HASH_TOKEN_CMD "" 2>&1 || echo "EXPECTED_FAILURE") if [ "$EMPTY_RESULT" == "EXPECTED_FAILURE" ] || [ -z "$EMPTY_RESULT" ]; then echo "✓ Empty token handled appropriately" else # Empty token might still produce a hash, which is also acceptable if [[ $EMPTY_RESULT == \$2b\$* ]]; then echo "✓ Empty token produces valid hash" else echo "Warning: Unexpected behavior with empty token" fi fi # Test 7: Test authentication with generated hash using existing server echo "6. Testing authentication with generated hash..." # Generate a new token and hash AUTH_TOKEN="auth-test-$(date +%s)" # Use the base command without --quiet for this specific case if [ "$IN_CONTAINER" = true ]; then AUTH_HASH=$(/sos/hash_token --quiet "$AUTH_TOKEN" 2>/dev/null) else AUTH_HASH=$(docker exec sos-test /sos/hash_token --quiet "$AUTH_TOKEN" 2>/dev/null) fi echo "Generated token: $AUTH_TOKEN" echo "Generated hash for authentication: ${AUTH_HASH:0:20}..." # The server is already running on port 7703, but it has different tokens configured # So we'll just verify that the hash_token utility generates valid bcrypt hashes # that could be used in a config file # Verify the generated hash format is correct for use in config if [[ $AUTH_HASH == \$2b\$* ]] && [ ${#AUTH_HASH} -ge 59 ]; then echo "✓ Generated hash is valid for use in authentication config" # Generate another hash for the same token to verify it's different (bcrypt salt) if [ "$IN_CONTAINER" = true ]; then AUTH_HASH2=$(/sos/hash_token --quiet "$AUTH_TOKEN" 2>/dev/null) else AUTH_HASH2=$(docker exec sos-test /sos/hash_token --quiet "$AUTH_TOKEN" 2>/dev/null) fi if [ "$AUTH_HASH" != "$AUTH_HASH2" ]; then echo "✓ Different hashes generated for same token (proper salting)" else echo "Warning: Same hash generated for same token (salting issue?)" fi # Note: The --verify mode requires TTY for password input, which isn't available in test environment echo "Note: Verification test skipped (requires interactive TTY)" else echo "Warning: Generated hash may not be suitable for authentication" fi title "hash_token tests completed"