Testing Documentation
Security Note
Authentication tokens are now generated dynamically for each test run to prevent hardcoded credentials in the repository.
Configuration
Automatic Token Generation
The test scripts automatically generate secure random tokens before each test run using generate_test_config.sh. This ensures:
- No hardcoded tokens in version control
- Different tokens for each test run
- Cryptographically secure random token generation
Manual Configuration
If you need to manually create a configuration:
-
Copy the example template:
cp sos_config.json.example sos_config.json -
Replace the placeholder tokens with secure values:
# Generate secure tokens openssl rand -base64 32 -
Update the
sos_config.jsonfile with your generated tokens
Test Scripts
test.sh- Main integration test suite (randomly selects from available tokens)test_1GB_file_upload.sh- Large file upload test (randomly selects from available tokens)test-docker.sh- Docker-based test runner (generates config automatically)generate_test_config.sh- Generates test configuration with random tokens
Token Selection
Test scripts randomly select one of the available tokens for each test run, ensuring all tokens are exercised during testing.
Running Tests
Local Testing
./test.sh http://localhost:7703
Docker Testing
./test-docker.sh
The Docker test automatically:
- Builds the application
- Generates random test tokens
- Runs the full test suite
- Cleans up containers
Security Best Practices
- Never commit
sos_config.json- It's in.gitignorefor security - Use strong tokens in production - At least 32 characters of random data
- Rotate tokens regularly - Generate new tokens periodically
- Store tokens securely - Use environment variables or secure vaults in production