weval-l99/pw-auth-guard.py

"""Verify WTP auth guard redirects unauth to login"""
import time, json
from pathlib import Path
from playwright.sync_api import sync_playwright

TS = time.strftime("%Y%m%d-%H%M%S")
OUT = Path(f"/var/www/html/test-report/wtp-auth-{TS}")
OUT.mkdir(parents=True, exist_ok=True)

try:
    with sync_playwright() as p:
        browser = p.chromium.launch(headless=True, args=["--no-sandbox"])
        ctx = browser.new_context(
            viewport={"width":1400,"height":900},
            ignore_https_errors=True,
            record_video_dir=str(OUT),
            record_video_size={"width":1400,"height":900}
        )
        page = ctx.new_page()
        results = []
        
        # TEST 1: Open WTP without auth · should redirect to login
        print("\n=== T1: Unauth access WTP ===")
        page.goto(f"https://weval-consulting.com/weval-technology-platform.html?t={TS}", wait_until="networkidle", timeout=15000)
        time.sleep(4)
        final_url = page.url
        page.screenshot(path=str(OUT/"01-unauth-redirect.png"), full_page=False)
        on_login = "login" in final_url.lower()
        has_gate = page.query_selector("#wtp-auth-gate") is not None
        results.append({"test":"unauth_redirect", "final_url":final_url, "on_login":on_login, "has_gate":has_gate})
        print(f"  final_url: {final_url}")
        print(f"  on_login: {on_login} · has_gate: {has_gate}")
        
        # TEST 2: Login directly via API · then access WTP
        print("\n=== T2: Login API · then WTP access ===")
        # Use API to login
        import urllib.parse
        ctx2 = browser.new_context(viewport={"width":1400,"height":900}, ignore_https_errors=True)
        page2 = ctx2.new_page()
        
        # Navigate to login page first
        page2.goto(f"https://weval-consulting.com/weval-login.html", wait_until="networkidle", timeout=10000)
        time.sleep(2)
        page2.screenshot(path=str(OUT/"02-login-page.png"), full_page=False)
        
        # Check page structure
        login_form = page2.evaluate("""() => ({
            hasUserField: !!document.querySelector('input[type=text],input[type=email],input[name*=user]'),
            hasPassField: !!document.querySelector('input[type=password]'),
            hasSubmit: !!document.querySelector('button, input[type=submit]'),
            title: document.title
        })""")
        results.append({"test":"login_page_render", "data":login_form})
        print(f"  login form: {login_form}")
        
        ctx.close()
        ctx2.close()
        browser.close()
    
    videos = list(OUT.glob("*.webm"))
    pngs = list(OUT.glob("*.png"))
    with open(OUT/"results.json","w") as f:
        json.dump({"ts":TS, "tests":results, "screenshots":[p.name for p in pngs], "videos":[v.name for v in videos]}, f, indent=2, default=str)
    
    print(f"\n  ✓ Screenshots: {len(pngs)} · Video: {len(videos)}")
except Exception as e:
    print(f"ERR: {e}")