# Testing Documentation

## Security Note

Authentication tokens are now generated dynamically for each test run to prevent hardcoded credentials in the repository.

## Configuration

### Automatic Token Generation

The test scripts automatically generate secure random tokens before each test run using `generate_test_config.sh`. This ensures:
- No hardcoded tokens in version control
- Different tokens for each test run
- Cryptographically secure random token generation

### Manual Configuration

If you need to manually create a configuration:

1. Copy the example template:
   ```bash
   cp sos_config.json.example sos_config.json
   ```

2. Replace the placeholder tokens with secure values:
   ```bash
   # Generate secure tokens
   openssl rand -base64 32
   ```

3. Update the `sos_config.json` file with your generated tokens

### Test Scripts

- `test.sh` - Main integration test suite (randomly selects from available tokens)
- `test_1GB_file_upload.sh` - Large file upload test (randomly selects from available tokens)
- `test-docker.sh` - Docker-based test runner (generates config automatically)
- `generate_test_config.sh` - Generates test configuration with random tokens

### Token Selection

Test scripts randomly select one of the available tokens for each test run, ensuring all tokens are exercised during testing.

## Running Tests

### Local Testing
```bash
./test.sh http://localhost:7703
```

### Docker Testing
```bash
./test-docker.sh
```

The Docker test automatically:
1. Builds the application
2. Generates random test tokens
3. Runs the full test suite
4. Cleans up containers

## Security Best Practices

1. **Never commit `sos_config.json`** - It's in `.gitignore` for security
2. **Use strong tokens in production** - At least 32 characters of random data
3. **Rotate tokens regularly** - Generate new tokens periodically
4. **Store tokens securely** - Use environment variables or secure vaults in production