@@ -34,6 +34,27 @@ function expectAuthErrorDetails(params: {
3434 }
3535}
3636
37+ async function expectSharedOperatorScopesCleared (
38+ port : number ,
39+ auth : { token ?: string ; password ?: string } ,
40+ ) {
41+ const ws = await openWs ( port ) ;
42+ try {
43+ const res = await connectReq ( ws , {
44+ ...auth ,
45+ scopes : [ "operator.admin" ] ,
46+ device : null ,
47+ } ) ;
48+ expect ( res . ok ) . toBe ( true ) ;
49+
50+ const adminRes = await rpcReq ( ws , "set-heartbeats" , { enabled : false } ) ;
51+ expect ( adminRes . ok ) . toBe ( false ) ;
52+ expect ( adminRes . error ?. message ) . toBe ( "missing scope: operator.admin" ) ;
53+ } finally {
54+ ws . close ( ) ;
55+ }
56+ }
57+
3758describe ( "gateway auth compatibility baseline" , ( ) => {
3859 describe ( "token mode" , ( ) => {
3960 let server : Awaited < ReturnType < typeof startGatewayServer > > ;
@@ -64,21 +85,7 @@ describe("gateway auth compatibility baseline", () => {
6485 } ) ;
6586
6687 test ( "clears client-declared scopes for shared-token operator connects" , async ( ) => {
67- const ws = await openWs ( port ) ;
68- try {
69- const res = await connectReq ( ws , {
70- token : "secret" ,
71- scopes : [ "operator.admin" ] ,
72- device : null ,
73- } ) ;
74- expect ( res . ok ) . toBe ( true ) ;
75-
76- const adminRes = await rpcReq ( ws , "set-heartbeats" , { enabled : false } ) ;
77- expect ( adminRes . ok ) . toBe ( false ) ;
78- expect ( adminRes . error ?. message ) . toBe ( "missing scope: operator.admin" ) ;
79- } finally {
80- ws . close ( ) ;
81- }
88+ await expectSharedOperatorScopesCleared ( port , { token : "secret" } ) ;
8289 } ) ;
8390
8491 test ( "returns stable token-missing details for control ui without token" , async ( ) => {
@@ -184,21 +191,7 @@ describe("gateway auth compatibility baseline", () => {
184191 } ) ;
185192
186193 test ( "clears client-declared scopes for shared-password operator connects" , async ( ) => {
187- const ws = await openWs ( port ) ;
188- try {
189- const res = await connectReq ( ws , {
190- password : "secret" ,
191- scopes : [ "operator.admin" ] ,
192- device : null ,
193- } ) ;
194- expect ( res . ok ) . toBe ( true ) ;
195-
196- const adminRes = await rpcReq ( ws , "set-heartbeats" , { enabled : false } ) ;
197- expect ( adminRes . ok ) . toBe ( false ) ;
198- expect ( adminRes . error ?. message ) . toBe ( "missing scope: operator.admin" ) ;
199- } finally {
200- ws . close ( ) ;
201- }
194+ await expectSharedOperatorScopesCleared ( port , { password : "secret" } ) ;
202195 } ) ;
203196 } ) ;
204197
0 commit comments