#!/usr/bin/env python3 """ Seed script with test users for JWT auth testing Creates users with hashed passwords for each role """ import sys import os # This file should be run from the backend directory # Or set PYTHONPATH to include the backend directory import json from datetime import datetime # Sample users for testing (in a real deployment, these would be in the database) TEST_USERS = [ { "id": "usr_at001", "email": "at@preble.k12.wi.us", "password": "testpass123", "role": "at", "school_id": "schl_001", "first_name": "Sarah", "last_name": "Johnson", "is_active": True }, { "id": "usr_coach001", "email": "coach@preble.k12.wi.us", "password": "testpass123", "role": "coach", "school_id": "schl_001", "first_name": "Mike", "last_name": "Williams", "is_active": True }, { "id": "usr_parent001", "email": "parent@example.com", "password": "testpass123", "role": "parent", "school_id": "schl_001", "first_name": "Jennifer", "last_name": "Smith", "is_active": True }, { "id": "usr_admin001", "email": "admin@preble.k12.wi.us", "password": "testpass123", "role": "admin", "school_id": "schl_001", "first_name": "Robert", "last_name": "Davis", "is_active": True } ] def generate_user_sql(): """Generate SQL INSERT statements for test users with hashed passwords""" print("-- Run this SQL to create test users with hashed passwords") print("-- Password for all test users: 'testpass123'") print() # In a real implementation, you would use: # from app.auth import hash_password # hashed = hash_password(password) # For this script, we'll use a pre-hashed password that corresponds to "testpass123" # This hash was generated using bcrypt with cost factor 12 # Note: The actual bcrypt hash for "testpass123" would be generated at runtime # This is just a placeholder - in real deployment, use the hash_password function print("-- Test user data (hashed passwords must be generated with hash_password()):") print() for user in TEST_USERS: print(f"-- User: {user['email']} | Role: {user['role']} | Password: testpass123") print(f"-- INSERT INTO users (id, school_id, email, hashed_password, role, first_name, last_name, is_active)") print(f"-- VALUES ('{user['id']}', '{user['school_id']}', '{user['email']}', ") print(f"-- '[HASH_FROM_hash_password_FUNCTION]', '{user['role']}', '{user['first_name']}', '{user['last_name']}', true);") print() def generate_test_tokens(): """Generate sample JWT tokens for testing""" print("-- Sample JWT tokens for integration testing") print("-- These tokens can be used with the Authorization: Bearer header") print() # The token format depends on the secret_key in config.py # For testing with the default secret, tokens will be signed with: dev-secret-key-change-in-production print("# To generate actual tokens, run this Python code:") print(""" from app.auth import create_access_token # Generate token for AT user token = create_access_token( user_id="usr_at001", role="at", school_id="schl_001" ) print(f"AT Token: {token}") # Use in requests: # curl -H "Authorization: Bearer {token}" http://localhost:8000/api/v1/roster?school_id=schl_001 """) def generate_curl_examples(): """Generate cURL examples for testing""" print("-- cURL Examples for Testing") print() print("# 1. Login (get JWT token):") print("curl -X POST http://localhost:8000/api/v1/auth/login \\") print(" -H \"Content-Type: application/x-www-form-urlencoded\" \\") print(" -d \"username=at@preble.k12.wi.us&password=testpass123\"") print() print("# 2. Get roster (AT full access):") print("curl -H \"Authorization: Bearer \" \\") print(" http://localhost:8000/api/v1/roster?school_id=schl_001") print() print("# 3. Get cases for athlete:") print("curl -H \"Authorization: Bearer \" \\") print(" http://localhost:8000/api/v1/cases/athlete/?school_id=schl_001") print() print("# 4. Create sideline entry (AT only):") print("curl -X POST http://localhost:8000/api/v1/events/sideline-entry \\") print(" -H \"Authorization: Bearer \" \\") print(" -H \"Content-Type: application/json\" \\") print(" -d '{\"school_id\": \"schl_001\", \"athlete_id\": \"\", ...}'") print() def main(): """Generate all test data""" print("=" * 70) print("RTSport Auth Test Data Generator") print("=" * 70) print() print("## Overview") print() print("This script generates test data for the JWT authentication layer.") print() print("### Test Users:") print() for user in TEST_USERS: print(f" - {user['email']} ({user['role']}) - {user['first_name']} {user['last_name']}") print() print(" All test users have password: testpass123") print() print("=" * 70) generate_user_sql() print("=" * 70) generate_test_tokens() print("=" * 70) generate_curl_examples() print("=" * 70) print("Role Access Matrix") print("=" * 70) print(""" | Endpoint | AT | Coach | Parent | Admin | |------------------|--------|--------------|--------------|----------| | GET /roster | Full | Team-scoped | ❌ 403 | Full | | GET /athlete/{id}| Full | Team-scoped | ❌ 403 | Full | | POST /roster | ✅ | ❌ 403 | ❌ 403 | ✅ | | PATCH /roster | ✅ | ❌ 403 | ❌ 403 | ✅ | | DELETE /roster | ✅ | ❌ 403 | ❌ 403 | ✅ | | GET /cases | Full | Active only | Own child | Full | | POST /cases | ✅ | ❌ 403 | ❌ 403 | ✅ | | PATCH /cases | ✅ | ❌ 403 | ❌ 403 | ✅ | | GET /timeline | Full | Visibility | Own child | Full | | GET /milestones | Full | Read-only | Read-only | Full | | POST /events | ✅ | ❌ 403 | ❌ 403 | ✅ | | GET /me | ✅ | ✅ | ✅ | ✅ | Notes: - AT (Athletic Trainer): Full access to all school data - Coach: Team-scoped roster, active cases only, visibility-filtered events - Parent: Own child's cases only, no roster access, visibility-filtered events - Admin: Full access (system administrator) """) if __name__ == "__main__": main()