Mizah/mizzkey
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

send WWW-Authenticate where it's possible

Browse source
This commit is contained in:
Kagami Sascha Rosylight 2023-06-27 21:21:06 +02:00
parent deb9ba146f
commit 1f38d624c0
1 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
packages/backend/test/e2e/oauth.ts
View file

@ -660,7 +660,27 @@ describe('OAuth', () => {
// invalid for other reasons. The resource SHOULD respond with // invalid for other reasons. The resource SHOULD respond with
// the HTTP 401 (Unauthorized) status code." // the HTTP 401 (Unauthorized) status code."
assert.strictEqual(createResponse.status, 401); assert.strictEqual(createResponse.status, 401);
assert.ok(createResponse.headers.has('WWW-Authenticate'));
let wwwAuthenticate = createResponse.headers.get('WWW-Authenticate');
assert.ok(wwwAuthenticate?.startsWith('Bearer realm="Misskey", error="invalid_token"'));
// Pattern 3: No token
createResponse = await relativeFetch('api/notes/create', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ text: 'test' }),
});
wwwAuthenticate = createResponse.headers.get('WWW-Authenticate');
// https://datatracker.ietf.org/doc/html/rfc6750.html#section-3.1
// "If the request lacks any authentication information (e.g., the client
// was unaware that authentication is necessary or attempted using an
// unsupported authentication method), the resource server SHOULD NOT
// include an error code or other error information."
assert.strictEqual(createResponse.status, 401);
assert.strictEqual(wwwAuthenticate, 'Bearer realm="Misskey"');
}); });
// https://datatracker.ietf.org/doc/html/rfc6749.html#section-3.1.2.4 // https://datatracker.ietf.org/doc/html/rfc6749.html#section-3.1.2.4