Skip to content

Commit feba7ea

Browse files
steipetesteipete
committed
refactor: share shared auth scope assertion
1 parent 3a21f8b commit feba7ea

File tree

1 file changed

+23
-30
lines changed

1 file changed

+23
-30
lines changed

src/gateway/server.auth.compat-baseline.test.ts

Lines changed: 23 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,27 @@ function expectAuthErrorDetails(params: {
3434
}
3535
}
3636

37+
async function expectSharedOperatorScopesCleared(
38+
port: number,
39+
auth: { token?: string; password?: string },
40+
) {
41+
const ws = await openWs(port);
42+
try {
43+
const res = await connectReq(ws, {
44+
...auth,
45+
scopes: ["operator.admin"],
46+
device: null,
47+
});
48+
expect(res.ok).toBe(true);
49+
50+
const adminRes = await rpcReq(ws, "set-heartbeats", { enabled: false });
51+
expect(adminRes.ok).toBe(false);
52+
expect(adminRes.error?.message).toBe("missing scope: operator.admin");
53+
} finally {
54+
ws.close();
55+
}
56+
}
57+
3758
describe("gateway auth compatibility baseline", () => {
3859
describe("token mode", () => {
3960
let server: Awaited<ReturnType<typeof startGatewayServer>>;
@@ -64,21 +85,7 @@ describe("gateway auth compatibility baseline", () => {
6485
});
6586

6687
test("clears client-declared scopes for shared-token operator connects", async () => {
67-
const ws = await openWs(port);
68-
try {
69-
const res = await connectReq(ws, {
70-
token: "secret",
71-
scopes: ["operator.admin"],
72-
device: null,
73-
});
74-
expect(res.ok).toBe(true);
75-
76-
const adminRes = await rpcReq(ws, "set-heartbeats", { enabled: false });
77-
expect(adminRes.ok).toBe(false);
78-
expect(adminRes.error?.message).toBe("missing scope: operator.admin");
79-
} finally {
80-
ws.close();
81-
}
88+
await expectSharedOperatorScopesCleared(port, { token: "secret" });
8289
});
8390

8491
test("returns stable token-missing details for control ui without token", async () => {
@@ -184,21 +191,7 @@ describe("gateway auth compatibility baseline", () => {
184191
});
185192

186193
test("clears client-declared scopes for shared-password operator connects", async () => {
187-
const ws = await openWs(port);
188-
try {
189-
const res = await connectReq(ws, {
190-
password: "secret",
191-
scopes: ["operator.admin"],
192-
device: null,
193-
});
194-
expect(res.ok).toBe(true);
195-
196-
const adminRes = await rpcReq(ws, "set-heartbeats", { enabled: false });
197-
expect(adminRes.ok).toBe(false);
198-
expect(adminRes.error?.message).toBe("missing scope: operator.admin");
199-
} finally {
200-
ws.close();
201-
}
194+
await expectSharedOperatorScopesCleared(port, { password: "secret" });
202195
});
203196
});
204197

0 commit comments

Comments
 (0)