admin/campaign_connector
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
campaign_connector/docs/guides/testing.md
admin 30c2cfeba5 feat(security): Implement comprehensive security fixes and enhancements 
- Added Security Handoff Report detailing resolved issues and current configurations.
- Implemented CSRF protection using Flask-WTF, including token management in templates and JavaScript.
- Created standardized error handling module to log detailed errors while returning generic messages.
- Developed phone number validation module to ensure compliance with E.164 standards.
- Added CSV injection prevention measures during file uploads.
- Updated installation guide for clarity and completeness.
- Created script to update API keys from Android device, ensuring secure key management.
- Enhanced Docker security configurations to remove privileged mode and host networking.
- Implemented logging and sanitization for error messages to prevent information disclosure.
- Added verification script to test security setup flow and validate configurations.
2026-01-01 17:18:50 -07:00

302 lines
6.5 KiB
Markdown
Raw Blame History

# Testing Guide
This guide covers testing procedures for SMS Campaign Manager, including verification of security configuration, service health, and end-to-end functionality.
## Prerequisites
Before testing:
- Docker container running on Ubuntu server
- Android device accessible via Tailscale or local network
- API keys configured in `.env` file
- Termux SMS API server running on Android
## Quick Health Check
Verify all services are operational:
```bash
# Test Ubuntu web application
curl http://localhost:5000/health
# Test Android Termux API
curl http://YOUR_ANDROID_IP:5001/health
# Both should return healthy status
```
## Security Verification
### Docker Container Security
Verify the container is properly isolated:
```bash
# Check privileged mode (should be false)
docker inspect sms-campaign-manager | grep -i "privileged"
# Check network mode (should NOT be "host")
docker inspect sms-campaign-manager | grep -i "networkmode"
```
Expected output:
```
"Privileged": false,
"NetworkMode": "bridge" (or "campaign_connector_default")
```
### API Authentication
Test that authentication is enforced:
```bash
# Should fail with 401 (no API key)
curl http://localhost:5000/api/campaign/list
# Should succeed (with valid API key)
curl -H "X-API-Key: YOUR_USER_API_KEY" http://localhost:5000/api/campaign/list
```
### Termux API Authentication
Test Android server authentication:
```bash
# Get API key from .env
API_KEY=$(grep "^TERMUX_API_KEY=" .env | cut -d'=' -f2)
# Test health endpoint
curl http://YOUR_ANDROID_IP:5001/health
# Test authenticated endpoint
curl -H "X-API-Key: $API_KEY" http://YOUR_ANDROID_IP:5001/api/device/battery
# Test with wrong key (should fail)
curl -H "X-API-Key: wrong_key" http://YOUR_ANDROID_IP:5001/api/device/battery
```
## Web Dashboard Testing
### Login Flow
1. Open browser: `http://localhost:5000/`
2. Should redirect to `/login`
3. Enter credentials:
- Username: `admin`
- Password: (from `.env` ADMIN_PASSWORD)
4. Should redirect to dashboard after login
### API Access
Test API endpoints with session authentication:
```bash
# Login via API
curl -X POST http://localhost:5000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"YOUR_PASSWORD"}'
# Check auth status
curl http://localhost:5000/api/auth/status
```
## SMS Functionality Testing
### Test SMS Sending
```bash
# Test via API (replace with your number)
curl -X POST http://localhost:5000/api/sms/test/real \
-H "X-API-Key: YOUR_USER_API_KEY" \
-H "Content-Type: application/json" \
-d '{"phone":"YOUR_PHONE_NUMBER","message":"Test from SMS Campaign Manager"}'
```
### Check Termux Permissions
SSH into Android device:
```bash
ssh -p 8022 android-dev@YOUR_ANDROID_IP
```
Test Termux API directly:
```bash
# List recent SMS (should work if permissions granted)
termux-sms-list -l 1
```
If this fails, grant SMS permissions:
1. Open Android Settings
2. Apps → Termux:API
3. Permissions → SMS → Allow
## User Management Testing
### Create Test User
```bash
python3 manage_users.py
# Select option 1 (Create new user)
# Enter: testuser / TestPass123! / Role: User
```
### List Users
```bash
python3 manage_users.py
# Select option 2 (List all users)
```
### Test Login with New User
1. Log out of current session
2. Log in as new user
3. Verify access to dashboard
## Container Logs
Monitor application behavior:
```bash
# View real-time logs
docker compose logs -f sms-campaign
# Filter for authentication events
docker compose logs sms-campaign | grep -i "auth"
# Filter for errors
docker compose logs sms-campaign | grep -i "error"
```
## Android Service Logs
Check Termux server logs:
```bash
ssh -p 8022 android-dev@YOUR_ANDROID_IP
# View SMS API logs
tail -f ~/logs/sms-api.log
# View monitoring logs
tail -f ~/logs/monitoring.log
```
## End-to-End Test Checklist
### Infrastructure
- [ ] Docker container running and healthy
- [ ] Container NOT in privileged mode
- [ ] Container NOT using host networking
- [ ] Android device reachable via SSH
- [ ] Termux API server running on Android
### Authentication
- [ ] API calls without key return 401
- [ ] API calls with valid key succeed
- [ ] Wrong API key returns authentication error
- [ ] Web login with username/password works
- [ ] Session persists across page loads
### SMS Functionality
- [ ] Termux health check returns healthy
- [ ] SMS permissions granted in Android settings
- [ ] Test SMS sends successfully
- [ ] SMS delivery confirmed on receiving device
### User Management
- [ ] Admin user exists and can login
- [ ] Can create new users via CLI
- [ ] User roles enforced correctly
- [ ] Password change works
## Troubleshooting Test Failures
### Container Won't Start
```bash
# Check logs for errors
docker compose logs sms-campaign
# Verify environment variables
docker compose exec sms-campaign env | grep -E "(API_KEY|SECRET_KEY)"
# Rebuild container
docker compose down
docker compose build --no-cache
docker compose up -d
```
### Can't Reach Android Device
```bash
# Check Tailscale status
tailscale status
# Ping device
ping YOUR_ANDROID_IP
# Test SSH connection
ssh -p 8022 android-dev@YOUR_ANDROID_IP "whoami"
```
### SMS Not Sending
```bash
# Check Termux server is running
ssh -p 8022 android-dev@YOUR_ANDROID_IP "pgrep -f termux-sms-api-server"
# View server logs
ssh -p 8022 android-dev@YOUR_ANDROID_IP "tail -20 ~/logs/sms-api.log"
# Check SMS_API_SECRET is set
ssh -p 8022 android-dev@YOUR_ANDROID_IP "echo \$SMS_API_SECRET"
```
### Authentication Errors in Logs
```bash
# Check API keys match
grep API_KEY .env
docker compose exec sms-campaign env | grep API_KEY
# Restart to reload configuration
docker compose restart
```
## Automated Test Script
Create a quick verification script:
```bash
#!/bin/bash
# test-all.sh
echo "Testing Ubuntu health..."
curl -s http://localhost:5000/health | grep -q "ok" && echo "PASS" || echo "FAIL"
echo "Testing Android health..."
curl -s http://YOUR_ANDROID_IP:5001/health | grep -q "healthy" && echo "PASS" || echo "FAIL"
echo "Testing auth enforcement..."
STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:5000/api/campaign/list)
[ "$STATUS" = "401" ] && echo "PASS" || echo "FAIL"
echo "Testing Docker security..."
docker inspect sms-campaign-manager | grep -q '"Privileged": false' && echo "PASS" || echo "FAIL"
echo "All tests complete"
```
## Related Documentation
- [Deployment Guide](../deployment/deployment-guide.md) - Production deployment
- [Security Setup](../security/security-setup.md) - Security configuration
- [Troubleshooting](troubleshooting.md) - Common issues and solutions
Reference in New Issue View Git Blame Copy Permalink