the_order/scripts/test/test-all-entra-features.sh

#!/bin/bash
# Comprehensive test script for all Entra VerifiedID features
# Tests issuance, verification, webhooks, retry, rate limiting, multi-manifest

set -euo pipefail

GREEN='\033[0;32m'
RED='\033[0;31m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'

log_info() { echo -e "${BLUE}[TEST]${NC} $1"; }
log_success() { echo -e "${GREEN}[PASS]${NC} $1"; }
log_error() { echo -e "${RED}[FAIL]${NC} $1"; }
log_warning() { echo -e "${YELLOW}[SKIP]${NC} $1"; }

cd "$(dirname "$0")/../.."

BASE_URL="${API_BASE_URL:-http://localhost:4002}"
AUTH_TOKEN="${AUTH_TOKEN:-}"
TESTS_PASSED=0
TESTS_FAILED=0
TESTS_SKIPPED=0

# Test function
run_test() {
    local test_name=$1
    local test_command=$2
    
    log_info "Testing: ${test_name}"
    if eval "${test_command}" > /tmp/test-output.log 2>&1; then
        log_success "${test_name}"
        ((TESTS_PASSED++))
        return 0
    else
        log_error "${test_name}"
        cat /tmp/test-output.log | head -5
        ((TESTS_FAILED++))
        return 1
    fi
}

# Check if service is running
log_info "Checking if service is running..."
if ! curl -sf "${BASE_URL}/health" > /dev/null; then
    log_warning "Service not running at ${BASE_URL}"
    log_warning "Skipping API tests (unit tests will still run)"
    SKIP_API_TESTS=true
else
    SKIP_API_TESTS=false
    log_success "Service is running"
fi

echo ""
log_info "=== Running Entra VerifiedID Feature Tests ==="
echo ""

# 1. Unit Tests
log_info "1. Running Unit Tests..."
if pnpm --filter @the-order/auth test entra-verifiedid.test.ts --run 2>&1 | tee /tmp/unit-test.log; then
    log_success "Unit tests passed"
    ((TESTS_PASSED++))
else
    log_error "Unit tests failed"
    ((TESTS_FAILED++))
fi

# 2. Credential Issuance Test
if [ "${SKIP_API_TESTS}" = "false" ]; then
    log_info "2. Testing Credential Issuance..."
    ISSUANCE_RESPONSE=$(curl -s -X POST "${BASE_URL}/vc/issue/entra" \
        -H "Content-Type: application/json" \
        ${AUTH_TOKEN:+-H "Authorization: Bearer ${AUTH_TOKEN}"} \
        -d '{"claims": {"email": "test@example.com", "name": "Test User"}}' || echo "ERROR")
    
    if echo "${ISSUANCE_RESPONSE}" | jq -e '.requestId' > /dev/null 2>&1; then
        REQUEST_ID=$(echo "${ISSUANCE_RESPONSE}" | jq -r '.requestId')
        log_success "Credential issuance successful (Request ID: ${REQUEST_ID})"
        ((TESTS_PASSED++))
    else
        log_error "Credential issuance failed"
        echo "${ISSUANCE_RESPONSE}" | head -3
        ((TESTS_FAILED++))
    fi
else
    log_warning "Skipping credential issuance test (service not running)"
    ((TESTS_SKIPPED++))
fi

# 3. Status Endpoint Test
if [ "${SKIP_API_TESTS}" = "false" ] && [ -n "${REQUEST_ID:-}" ]; then
    log_info "3. Testing Status Endpoint..."
    STATUS_RESPONSE=$(curl -s "${BASE_URL}/vc/entra/status/${REQUEST_ID}" || echo "ERROR")
    if echo "${STATUS_RESPONSE}" | jq -e '.requestId' > /dev/null 2>&1; then
        log_success "Status endpoint working"
        ((TESTS_PASSED++))
    else
        log_warning "Status endpoint test inconclusive"
        ((TESTS_SKIPPED++))
    fi
else
    log_warning "Skipping status endpoint test"
    ((TESTS_SKIPPED++))
fi

# 4. Webhook Endpoint Test
if [ "${SKIP_API_TESTS}" = "false" ]; then
    log_info "4. Testing Webhook Endpoint..."
    WEBHOOK_RESPONSE=$(curl -s -X POST "${BASE_URL}/vc/entra/webhook" \
        -H "Content-Type: application/json" \
        -d '{"requestId":"test-123","requestStatus":"issuance_successful"}' || echo "ERROR")
    
    if echo "${WEBHOOK_RESPONSE}" | jq -e '.received' > /dev/null 2>&1; then
        log_success "Webhook endpoint working"
        ((TESTS_PASSED++))
    else
        log_error "Webhook endpoint test failed"
        ((TESTS_FAILED++))
    fi
else
    log_warning "Skipping webhook endpoint test"
    ((TESTS_SKIPPED++))
fi

# 5. Multi-Manifest Test
if [ "${SKIP_API_TESTS}" = "false" ]; then
    log_info "5. Testing Multi-Manifest Support..."
    MULTI_MANIFEST_RESPONSE=$(curl -s -X POST "${BASE_URL}/vc/issue/entra" \
        -H "Content-Type: application/json" \
        ${AUTH_TOKEN:+-H "Authorization: Bearer ${AUTH_TOKEN}"} \
        -d '{"claims": {"test": "true"}, "manifestName": "diplomatic"}' || echo "ERROR")
    
    if echo "${MULTI_MANIFEST_RESPONSE}" | jq -e '.requestId' > /dev/null 2>&1; then
        log_success "Multi-manifest support working"
        ((TESTS_PASSED++))
    else
        log_warning "Multi-manifest test inconclusive (may require valid manifest)"
        ((TESTS_SKIPPED++))
    fi
else
    log_warning "Skipping multi-manifest test"
    ((TESTS_SKIPPED++))
fi

# 6. Rate Limiting Test
if [ "${SKIP_API_TESTS}" = "false" ]; then
    log_info "6. Testing Rate Limiting..."
    RATE_LIMIT_HIT=false
    for i in {1..15}; do
        HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST "${BASE_URL}/vc/issue/entra" \
            -H "Content-Type: application/json" \
            ${AUTH_TOKEN:+-H "Authorization: Bearer ${AUTH_TOKEN}"} \
            -d '{"claims": {"test": "true"}}')
        if [ "${HTTP_CODE}" = "429" ]; then
            RATE_LIMIT_HIT=true
            break
        fi
        sleep 0.1
    done
    
    if [ "${RATE_LIMIT_HIT}" = "true" ]; then
        log_success "Rate limiting working (429 received)"
        ((TESTS_PASSED++))
    else
        log_warning "Rate limit not hit (may need to adjust limits or test more aggressively)"
        ((TESTS_SKIPPED++))
    fi
else
    log_warning "Skipping rate limiting test"
    ((TESTS_SKIPPED++))
fi

# 7. Metrics Test
if [ "${SKIP_API_TESTS}" = "false" ]; then
    log_info "7. Testing Metrics Endpoint..."
    METRICS_RESPONSE=$(curl -s "${BASE_URL}/metrics" | grep -c "entra_" || echo "0")
    if [ "${METRICS_RESPONSE}" -gt 0 ]; then
        log_success "Metrics endpoint contains Entra metrics (${METRICS_RESPONSE} found)"
        ((TESTS_PASSED++))
    else
        log_warning "No Entra metrics found (may not have made requests yet)"
        ((TESTS_SKIPPED++))
    fi
else
    log_warning "Skipping metrics test"
    ((TESTS_SKIPPED++))
fi

# Summary
echo ""
log_info "=== Test Summary ==="
log_success "Passed: ${TESTS_PASSED}"
if [ ${TESTS_FAILED} -gt 0 ]; then
    log_error "Failed: ${TESTS_FAILED}"
fi
if [ ${TESTS_SKIPPED} -gt 0 ]; then
    log_warning "Skipped: ${TESTS_SKIPPED}"
fi

if [ ${TESTS_FAILED} -eq 0 ]; then
    log_success "All tests passed or skipped!"
    exit 0
else
    log_error "Some tests failed"
    exit 1
fi