112 lines
5.2 KiB
Python
Executable File
112 lines
5.2 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
"""L99 AUTH INFRASTRUCTURE TEST — 5avr2026 (v2: subdomains)"""
|
|
import subprocess, json, sys
|
|
|
|
SITE = "https://weval-consulting.com"
|
|
results = {"pass": 0, "fail": 0, "warn": 0, "tests": []}
|
|
|
|
def test(name, url, expected_code, method="GET"):
|
|
cmd = f'curl -sk -o /dev/null -w "%{{http_code}}" -X {method} "{url}" --max-time 8 --max-redirs 0'
|
|
r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=12)
|
|
code = r.stdout.strip()
|
|
ok = code == str(expected_code)
|
|
status = "P" if ok else "F"
|
|
results["pass" if ok else "fail"] += 1
|
|
results["tests"].append({"name": name, "code": code, "expected": expected_code, "status": status})
|
|
print(f" {status} {name}: {code} (expected {expected_code})")
|
|
|
|
def test_auth_flow(domain, path="/"):
|
|
"""Test 3-step auth flow: page -> outpost -> authorize"""
|
|
url = f"https://{domain}{path}"
|
|
# Step 1: should redirect to outpost
|
|
r1 = subprocess.run(f'curl -sk -o /dev/null -w "%{{http_code}} %{{redirect_url}}" "{url}" --max-time 5 --max-redirs 0',
|
|
shell=True, capture_output=True, text=True, timeout=10)
|
|
parts = r1.stdout.strip().split()
|
|
code1 = parts[0]
|
|
redir1 = parts[1] if len(parts) > 1 else ""
|
|
|
|
if code1 != "302" or "outpost" not in redir1:
|
|
results["fail"] += 1
|
|
results["tests"].append({"name": f"flow:{domain}", "code": code1, "expected": "302->outpost", "status": "F"})
|
|
print(f" F flow:{domain}: {code1} (no outpost redirect)")
|
|
return
|
|
|
|
# Step 2: outpost start -> authorize
|
|
r2 = subprocess.run(f'curl -sk -o /dev/null -w "%{{http_code}} %{{redirect_url}}" "{redir1}" --max-time 5 --max-redirs 0',
|
|
shell=True, capture_output=True, text=True, timeout=10)
|
|
parts2 = r2.stdout.strip().split()
|
|
code2 = parts2[0]
|
|
redir2 = parts2[1] if len(parts2) > 1 else ""
|
|
|
|
if code2 != "302" or "/application/o/authorize/" not in redir2:
|
|
results["fail"] += 1
|
|
results["tests"].append({"name": f"flow:{domain}", "code": f"{code1}->{code2}", "expected": "302->302->authorize", "status": "F"})
|
|
print(f" F flow:{domain}: step2={code2} (no authorize)")
|
|
return
|
|
|
|
# Step 3: authorize -> should 302 to flows
|
|
r3 = subprocess.run(f'curl -sk -o /dev/null -w "%{{http_code}}" "{redir2}" --max-time 5 --max-redirs 0',
|
|
shell=True, capture_output=True, text=True, timeout=10)
|
|
code3 = r3.stdout.strip()
|
|
ok = code3 in ["302", "200"]
|
|
results["pass" if ok else "fail"] += 1
|
|
results["tests"].append({"name": f"flow:{domain}", "code": f"302->302->{code3}", "expected": "302->302->302/200", "status": "P" if ok else "F"})
|
|
print(f" {'P' if ok else 'F'} flow:{domain}: 302->302->{code3}")
|
|
|
|
print("=== AUTH INFRASTRUCTURE TESTS v2 ===")
|
|
|
|
# PUBLIC pages
|
|
test("Public: Home", f"{SITE}/", 200)
|
|
test("Public: wevia.html", f"{SITE}/wevia.html", 200)
|
|
test("Public: wevia-widget", f"{SITE}/wevia-widget.html", 200)
|
|
test("Public: enterprise", f"{SITE}/enterprise-model.html", 200)
|
|
test("Public: login", f"{SITE}/login.html", 200)
|
|
|
|
# PROTECTED pages (main domain)
|
|
test("Protected: workspace", f"{SITE}/products/workspace.html", 302)
|
|
test("Protected: nonreg", f"{SITE}/nonreg.html", 302)
|
|
test("Protected: wevia-admin", f"{SITE}/wevia-admin", 302)
|
|
test("Protected: ethica", f"{SITE}/ethica-monitor.html", 302)
|
|
test("Protected: arsenal", f"{SITE}/arsenal-proxy/", 302)
|
|
test("Protected: wevads-adx", f"{SITE}/wevads-adx/", 302)
|
|
test("Protected: command-center", f"{SITE}/command-center.html", 302)
|
|
test("Protected: tools-hub", f"{SITE}/tools-hub.html", 302)
|
|
|
|
# AUTHENTIK endpoints
|
|
test("Authentik: /if/flow", f"{SITE}/if/flow/default-authentication-flow/", 200)
|
|
test("Authentik: authorize", f"{SITE}/application/o/authorize/?test=1", 400)
|
|
|
|
# APIs
|
|
test("API: chatbot-health", f"{SITE}/api/health-chatbot.php", 200)
|
|
test("API: auth-session", f"{SITE}/api/weval-auth-session.php?action=status", 200)
|
|
|
|
# Outpost
|
|
test("Outpost: start", f"{SITE}/outpost.goauthentik.io/start", 302)
|
|
|
|
# SUBDOMAIN AUTH FLOWS (3-step test)
|
|
print("\n--- Subdomain auth flows ---")
|
|
test_auth_flow("analytics.weval-consulting.com")
|
|
test_auth_flow("crm.weval-consulting.com")
|
|
test_auth_flow("deerflow.weval-consulting.com")
|
|
test_auth_flow("mm.weval-consulting.com")
|
|
test_auth_flow("monitor.weval-consulting.com")
|
|
test_auth_flow("n8n.weval-consulting.com")
|
|
test_auth_flow("wevads.weval-consulting.com", "/auth/login.html")
|
|
test_auth_flow("weval-consulting.com", "/products/workspace.html")
|
|
test_auth_flow("ethica.weval-consulting.com")
|
|
|
|
# Architecture referentiel
|
|
test("Protected: architecture", f"{SITE}/architecture.html", 302)
|
|
test("API: architecture-json", f"{SITE}/api/architecture-index.json", 200)
|
|
test("API: arch-topology", f"{SITE}/api/architecture-topology.json", 200)
|
|
test("API: arch-scanner", f"{SITE}/api/architecture-scanner.php", 200)
|
|
test("API: arch-autonomous", f"{SITE}/api/architecture-autonomous.php", 200)
|
|
test("API: l99-ux-results", f"{SITE}/api/l99-ux-results.json", 200)
|
|
test("API: wevia-master", f"{SITE}/api/wevia-master-api.php?health", 200)
|
|
|
|
print(f"\n=== RESULTS: {results['pass']} pass / {results['fail']} fail ===")
|
|
|
|
with open("/var/www/html/api/l99-auth-results.json", "w") as f:
|
|
json.dump(results, f, indent=2)
|
|
print("Saved to l99-auth-results.json")
|