mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-07-10 22:32:16 +02:00
test(mcp): cover per-request auth and workspace isolation
This commit is contained in:
parent
44d0f28c5f
commit
fa7d5f83f0
5 changed files with 172 additions and 2 deletions
40
surfsense_mcp/tests/test_auth_headers.py
Normal file
40
surfsense_mcp/tests/test_auth_headers.py
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
"""API key extraction from request headers: Bearer, fallback, and rejection."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from starlette.datastructures import Headers
|
||||
|
||||
from surfsense_mcp.core.auth.headers import extract_api_key
|
||||
|
||||
|
||||
def _headers(**pairs: str) -> Headers:
|
||||
return Headers(pairs)
|
||||
|
||||
|
||||
def test_reads_bearer_token():
|
||||
assert extract_api_key(_headers(authorization="Bearer ss_pat_abc")) == "ss_pat_abc"
|
||||
|
||||
|
||||
def test_bearer_scheme_is_case_insensitive():
|
||||
assert extract_api_key(_headers(authorization="bearer ss_pat_abc")) == "ss_pat_abc"
|
||||
|
||||
|
||||
def test_falls_back_to_x_api_key():
|
||||
assert extract_api_key(Headers({"x-api-key": "ss_pat_xyz"})) == "ss_pat_xyz"
|
||||
|
||||
|
||||
def test_bearer_wins_over_fallback():
|
||||
headers = Headers({"authorization": "Bearer primary", "x-api-key": "secondary"})
|
||||
assert extract_api_key(headers) == "primary"
|
||||
|
||||
|
||||
def test_missing_headers_return_none():
|
||||
assert extract_api_key(_headers()) is None
|
||||
|
||||
|
||||
def test_empty_bearer_is_rejected():
|
||||
assert extract_api_key(_headers(authorization="Bearer ")) is None
|
||||
|
||||
|
||||
def test_non_bearer_authorization_is_ignored():
|
||||
assert extract_api_key(_headers(authorization="Basic abc123")) is None
|
||||
Loading…
Add table
Add a link
Reference in a new issue