Files
wehub-resource-sync 3a28426bf4
Lint and Format Check / lint-and-format (push) Failing after 0s
Check Migrations / Check for duplicate migration numbers (push) Failing after 1s
CI Pre-merge Check / CI Pre-merge Check (push) Failing after 2m17s
chore: import upstream snapshot with attribution
2026-07-13 12:23:40 +08:00

72 lines
2.4 KiB
Markdown

# Manual Tests
This directory contains tests that need to be run manually and are not included in the automated test suite.
## Better Auth Tests
These tests are for the Better Auth v2 implementation.
### Running Better Auth Tests
Run the Better Auth test:
```bash
./tests/manual/test-better-auth.sh
```
### Prerequisites
- Docker must be running with the InsForge backend on port 7130
- Root admin credentials should be configured in environment variables:
- `ROOT_ADMIN_USERNAME` (default: admin)
- `ROOT_ADMIN_PASSWORD` (default: change-this-password)
### Example Commands
```bash
# Run from the backend directory
cd backend
# Run Better Auth test
./tests/manual/test-better-auth.sh
# Run with custom root admin credentials
ROOT_ADMIN_USERNAME=admin ROOT_ADMIN_PASSWORD=mysecurepass ./tests/manual/test-better-auth.sh
```
### Test Coverage
The test covers:
- Admin authentication (sign-in, wrong password, wrong admin username)
- User registration and sign-in
- Admin user management (list users with pagination)
- JWT token verification (admin role and type claims)
- Authorization checks (admin-only endpoints)
- Error handling (invalid email format, missing fields)
### Why These Tests Are Manual
These tests are kept separate because:
1. They use authentication endpoints (`/api/auth/v2/*`) that require specific setup
2. They test admin-specific functionality that needs manual verification
3. They verify JWT token structure and claims that may vary between environments
---
## Google ID Token Sign-In Verification Tool
### test-google-id-token.html
This is a standalone, client-side HTML test helper utility to manually verify Google Sign-In and the ID Token authentication endpoint (`/api/auth/id-token?client_type=mobile`).
#### Prerequisites
- Running local InsForge backend on `http://localhost:7130`.
- A valid Google Client ID configured in your `.env` (or use the pre-configured default client ID inside the HTML file for testing).
#### How to Use
1. Serve or open `test-google-id-token.html` directly in your browser.
2. Click **"Sign in with Google"** to authenticate via Google OAuth and retrieve your raw `id_token`.
3. Once authenticated, the **"Test /api/auth/id-token"** button will be enabled. Click it to transmit the token to your local backend API.
4. The backend response will print directly in the results console showing either a successful authentication profile or validation error.