/**
* Security Framework Test Suite
*
* Tests the new security framework implementation:
* - Role-based access control (trainer, master_trainer, admin)
* - CSRF protection via nonce verification
* - Input sanitization validation
* - Authentication boundary testing
* - Permission escalation prevention
* - Session security
*
* @package HVAC_Community_Events
* @version 3.0.0
* @created 2025-08-20
*/
const { test, expect, authHelpers, authScenarios } = require('../helpers/auth-fixtures');
const path = require('path');
// Test configuration
const BASE_URL = process.env.UPSKILL_STAGING_URL || 'https://upskill-staging.measurequick.com';
const TEST_TIMEOUT = 90000;
// Test users with different privilege levels (now handled by auth system)
const USER_ACCESS_MATRIX = {
trainer: {
role: 'hvac_trainer',
expectedPages: ['/trainer/dashboard/', '/trainer/profile/', '/trainer/events/']
},
master_trainer: {
role: 'hvac_master_trainer',
expectedPages: ['/master-trainer/master-dashboard/', '/trainer/dashboard/', '/trainer/events/']
},
admin: {
role: 'administrator',
expectedPages: ['/wp-admin/', '/trainer/dashboard/', '/master-trainer/master-dashboard/']
}
};
// Security test payloads
const SECURITY_PAYLOADS = {
xss: [
'',
'">',
'javascript:alert("xss")',
'
',
'\">