fix(api-test): use correct tokens and accept 404 for billing subscription

- Users list: use ADMIN_TOKEN (platform_admin role required) - Billing subscription: accept 200 or 404 (new tenants have no subscription) - Invite flow: use TOKEN (tenant admin 'admin' role) not ADMIN_TOKEN Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 04:15:06 -08:00 · 2026-03-07 04:15:06 -08:00 · 074e031685
parent a24eb84e13
commit 074e031685
1 changed files with 11 additions and 8 deletions
--- a/scripts/api-test.sh
+++ b/scripts/api-test.sh
@ -195,14 +195,14 @@ else
 fi

 # ══════════════════════════════════════════════════════════════════════════════
-section "14. Users — List (tenant admin via /api/v1/auth/users)"
+section "14. Users — List (platform admin via /api/v1/auth/users)"

-if [[ -n "$TOKEN" ]]; then
+if [[ -n "${ADMIN_TOKEN:-}" ]]; then
  STATUS=$(get_status "${BASE}/api/v1/auth/users" \
-    -H "Authorization: Bearer ${TOKEN}")
+    -H "Authorization: Bearer ${ADMIN_TOKEN}")
  [[ "$STATUS" == "200" ]] && ok "GET /api/v1/auth/users → 200" || fail "GET /api/v1/auth/users → ${STATUS}"
 else
-  info "Skipped — no token"
+  info "Skipped — no platform admin token"
 fi

 # ══════════════════════════════════════════════════════════════════════════════
@ -221,7 +221,9 @@ section "16. Billing — Subscription (JWT required)"
 if [[ -n "$TOKEN" ]]; then
  STATUS=$(get_status "${BASE}/api/v1/billing/subscription" \
    -H "Authorization: Bearer ${TOKEN}")
-  [[ "$STATUS" == "200" ]] && ok "GET /api/v1/billing/subscription → 200" \
+  # 200 = has subscription, 404 = new tenant with no subscription yet (both acceptable)
+  [[ "$STATUS" == "200" || "$STATUS" == "404" ]] \
+    && ok "GET /api/v1/billing/subscription → ${STATUS} (200=active, 404=no subscription)" \
    || fail "GET /api/v1/billing/subscription → ${STATUS}"
 fi

@ -307,10 +309,11 @@ fi
 # ══════════════════════════════════════════════════════════════════════════════
 section "24. Invite flow — Create + validate invite"

-if [[ -n "${ADMIN_TOKEN:-}" && -n "${TENANT_ID:-}" ]]; then
+# Uses TOKEN (tenant admin, 'admin' role) to create invite for their own tenant
+if [[ -n "${TOKEN:-}" && -n "${TENANT_ID:-}" ]]; then
  INVITE_EMAIL="invite_${TS}@example.com"
  RESP=$(post_json "${BASE}/api/v1/admin/tenants/${TENANT_ID}/invites" \
-    -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+    -H "Authorization: Bearer ${TOKEN}" \
    -d "{\"email\":\"${INVITE_EMAIL}\",\"role\":\"viewer\"}")
  STATUS=$(echo "$RESP" | grep -o '__STATUS__[0-9]*' | sed 's/__STATUS__//')
  BODY=$(echo "$RESP" | sed 's/__STATUS__[0-9]*//')
@ -326,7 +329,7 @@ if [[ -n "${ADMIN_TOKEN:-}" && -n "${TENANT_ID:-}" ]]; then
    fail "POST /api/v1/admin/tenants/:id/invites → ${STATUS}: ${BODY}"
  fi
 else
-  info "Skipped invite flow — need admin token + tenantId"
+  info "Skipped invite flow — need token + tenantId"
 fi

 # ══════════════════════════════════════════════════════════════════════════════