!/usr/bin/env python3
"""
Seed script with test users for JWT auth testing
Creates users with hashed passwords for each role
"""
import sys
import os
This file should be run from the backend directory
Or set PYTHONPATH to include the backend directory
import json
from datetime import datetime
Sample users for testing (in a real deployment, these would be in the database)
TEST_USERS = [
{
"id": "usr_at001",
"email": "at@preble.k12.wi.us",
"password": "testpass123",
"role": "at",
"school_id": "schl_001",
"first_name": "Sarah",
"last_name": "Johnson",
"is_active": True
},
{
"id": "usr_coach001",
"email": "coach@preble.k12.wi.us",
"password": "testpass123",
"role": "coach",
"school_id": "schl_001",
"first_name": "Mike",
"last_name": "Williams",
"is_active": True
},
{
"id": "usr_parent001",
"email": "parent@example.com",
"password": "testpass123",
"role": "parent",
"school_id": "schl_001",
"first_name": "Jennifer",
"last_name": "Smith",
"is_active": True
},
{
"id": "usr_admin001",
"email": "admin@preble.k12.wi.us",
"password": "testpass123",
"role": "admin",
"school_id": "schl_001",
"first_name": "Robert",
"last_name": "Davis",
"is_active": True
}
]
def generate_user_sql():
"""Generate SQL INSERT statements for test users with hashed passwords"""
print("-- Run this SQL to create test users with hashed passwords")
print("-- Password for all test users: 'testpass123'")
print()
# In a real implementation, you would use:
# from app.auth import hash_password
# hashed = hash_password(password)
# For this script, we'll use a pre-hashed password that corresponds to "testpass123"
# This hash was generated using bcrypt with cost factor 12
# Note: The actual bcrypt hash for "testpass123" would be generated at runtime
# This is just a placeholder - in real deployment, use the hash_password function
print("-- Test user data (hashed passwords must be generated with hash_password()):")
print()
for user in TEST_USERS:
print(f"-- User: {user['email']} | Role: {user['role']} | Password: testpass123")
print(f"-- INSERT INTO users (id, school_id, email, hashed_password, role, first_name, last_name, is_active)")
print(f"-- VALUES ('{user['id']}', '{user['school_id']}', '{user['email']}', ")
print(f"-- '[HASH_FROM_hash_password_FUNCTION]', '{user['role']}', '{user['first_name']}', '{user['last_name']}', true);")
print()
def generate_test_tokens():
"""Generate sample JWT tokens for testing"""
print("-- Sample JWT tokens for integration testing")
print("-- These tokens can be used with the Authorization: Bearer
print()
# The token format depends on the secret_key in config.py
# For testing with the default secret, tokens will be signed with: dev-secret-key-change-in-production
print("# To generate actual tokens, run this Python code:")
print("""
from app.auth import create_access_token
Generate token for AT user
token = create_access_token(
user_id="usr_at001",
role="at",
school_id="schl_001"
)
print(f"AT Token: {token}")
Use in requests:
curl -H "Authorization: Bearer {token}" http://localhost:8000/api/v1/roster?school_id=schl_001
""")
def generate_curl_examples():
"""Generate cURL examples for testing"""
print("-- cURL Examples for Testing")
print()
print("# 1. Login (get JWT token):")
print("curl -X POST http://localhost:8000/api/v1/auth/login \\")
print(" -H \"Content-Type: application/x-www-form-urlencoded\" \\")
print(" -d \"username=at@preble.k12.wi.us&password=testpass123\"")
print()
print("# 2. Get roster (AT full access):")
print("curl -H \"Authorization: Bearer <TOKEN_FROM_LOGIN>\" \\")
print(" http://localhost:8000/api/v1/roster?school_id=schl_001")
print()
print("# 3. Get cases for athlete:")
print("curl -H \"Authorization: Bearer <TOKEN_FROM_LOGIN>\" \\")
print(" http://localhost:8000/api/v1/cases/athlete/<ATHLETE_ID>?school_id=schl_001")
print()
print("# 4. Create sideline entry (AT only):")
print("curl -X POST http://localhost:8000/api/v1/events/sideline-entry \\")
print(" -H \"Authorization: Bearer <TOKEN_FROM_LOGIN>\" \\")
print(" -H \"Content-Type: application/json\" \\")
print(" -d '{\"school_id\": \"schl_001\", \"athlete_id\": \"<ATHLETE_ID>\", ...}'")
print()
def main():
"""Generate all test data"""
print("=" * 70)
print("RTSport Auth Test Data Generator")
print("=" * 70)
print()
print("## Overview")
print()
print("This script generates test data for the JWT authentication layer.")
print()
print("### Test Users:")
print()
for user in TEST_USERS:
print(f" - {user['email']} ({user['role']}) - {user['first_name']} {user['last_name']}")
print()
print(" All test users have password: testpass123")
print()
print("=" * 70)
generate_user_sql()
print("=" * 70)
generate_test_tokens()
print("=" * 70)
generate_curl_examples()
print("=" * 70)
print("Role Access Matrix")
print("=" * 70)
print("""
| Endpoint | AT | Coach | Parent | Admin |
|---|---|---|---|---|
| GET /roster | Full | Team-scoped | ❌ 403 | Full |
| GET /athlete/{id} | Full | Team-scoped | ❌ 403 | Full |
| POST /roster | ✅ | ❌ 403 | ❌ 403 | ✅ |
| PATCH /roster | ✅ | ❌ 403 | ❌ 403 | ✅ |
| DELETE /roster | ✅ | ❌ 403 | ❌ 403 | ✅ |
| GET /cases | Full | Active only | Own child | Full |
| POST /cases | ✅ | ❌ 403 | ❌ 403 | ✅ |
| PATCH /cases | ✅ | ❌ 403 | ❌ 403 | ✅ |
| GET /timeline | Full | Visibility | Own child | Full |
| GET /milestones | Full | Read-only | Read-only | Full |
| POST /events | ✅ | ❌ 403 | ❌ 403 | ✅ |
| GET /me | ✅ | ✅ | ✅ | ✅ |
Notes:
- AT (Athletic Trainer): Full access to all school data
- Coach: Team-scoped roster, active cases only, visibility-filtered events
- Parent: Own child's cases only, no roster access, visibility-filtered events
- Admin: Full access (system administrator)
""")
if name == "main":
main()