Skip to content

Commit e2e57a2

Browse files
docs(session-affinity): trim test docstrings
Drop review-process meta and historical framing from the auth-context and deny-path test docstrings; keep the present-tense description of what each test verifies. Signed-off-by: Pratik Gandhi <gandhipratik203@gmail.com>
1 parent 2305bde commit e2e57a2

4 files changed

Lines changed: 10 additions & 16 deletions

File tree

tests/unit/mcpgateway/middleware/test_csrf_middleware.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -234,10 +234,10 @@ async def test_exempt_path_passes_without_token():
234234
async def test_internal_mcp_dispatch_is_csrf_exempt_by_default():
235235
"""``/_internal/mcp/*`` is CSRF-exempt by default (loopback-only, HMAC-gated).
236236
237-
Regression for the cross-worker forward 403: the affinity dispatch posts to
238-
the trusted-internal endpoint, which must not require a CSRF token. Without
239-
the exemption, custom AUTH_HEADER_NAME deployments (whose bearer the CSRF
240-
short-circuit can't find) would 403 on the inner dispatch.
237+
The affinity dispatch posts to the trusted-internal endpoint, which must not
238+
require a CSRF token. Without the exemption, custom AUTH_HEADER_NAME
239+
deployments (whose bearer the CSRF short-circuit can't find) would 403 on the
240+
inner dispatch.
241241
"""
242242
# First-Party
243243
from mcpgateway.config import settings as real_settings

tests/unit/mcpgateway/services/test_session_affinity.py

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1523,10 +1523,8 @@ async def request(self, *, method, url, headers=None, content=None, timeout=None
15231523
async def as_post_rpc(self, *, content=None, headers=None, timeout=None):
15241524
"""Adapter so this fake can stand in for ``utils.internal_http.post_rpc_in_process``.
15251525
1526-
After PR #4987 the executor dispatches via a single helper instead of
1527-
constructing its own ``httpx.AsyncClient``. Patching the helper to this
1528-
method lets the existing fake capture ``content``/``headers``/``timeout``
1529-
for the call-site assertions.
1526+
Patching the helper to this method lets the fake capture
1527+
``content``/``headers``/``timeout`` for the call-site assertions.
15301528
"""
15311529
self.last_post_kwargs = {"content": content, "headers": headers, "timeout": timeout}
15321530
if self._raise_exc is not None:
@@ -2422,9 +2420,8 @@ async def test_execute_forwarded_http_request_preserves_custom_auth_header():
24222420
"""Executor side: the bearer is preserved under the CONFIGURED auth header.
24232421
24242422
On a deployment with ``AUTH_HEADER_NAME=X-MCP-Gateway-Auth`` the CSRF bearer
2425-
short-circuit keys on that header (``get_auth_header_value``). Hardcoding
2426-
``authorization`` would drop the bearer and risk a 403 on the inner dispatch.
2427-
Regression for the review finding on custom auth-header deployments.
2423+
short-circuit keys on that header, so hardcoding ``authorization`` would drop
2424+
the bearer and risk a 403 on the inner dispatch.
24282425
"""
24292426
# Third-Party
24302427
import orjson

tests/unit/mcpgateway/transports/test_streamablehttp_transport.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8911,8 +8911,7 @@ async def test_local_affinity_post_preserves_custom_auth_header(monkeypatch):
89118911
"""Owner-direct dispatch preserves the bearer under the CONFIGURED auth header.
89128912

89138913
On ``AUTH_HEADER_NAME=X-MCP-Gateway-Auth`` the bearer rides that header and
8914-
the CSRF short-circuit keys on it. Hardcoding ``authorization`` would drop it.
8915-
Regression for the review finding, owner-direct path.
8914+
the CSRF short-circuit keys on it, so hardcoding ``authorization`` would drop it.
89168915
"""
89178916
# Third-Party
89188917
import orjson

tests/unit/mcpgateway/utils/test_passthrough_headers.py

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -506,9 +506,7 @@ class TestLoopbackSkipTrustedInternalHeaders:
506506
server-established identity), ``x-contextforge-mcp-runtime``, and the HMAC.
507507
If the loopback passthrough echoed a client-supplied copy of those, a caller
508508
could spoof the trusted identity while the server's valid HMAC still rode
509-
along (the trusted headers are set, then passthrough is ``update()``-d over
510-
them). The loopback skip set must strip them. Regression for the review
511-
finding on trusted-header overwrite.
509+
along. The loopback skip set must strip them.
512510
"""
513511

514512
def test_filter_strips_trusted_internal_headers(self):

0 commit comments

Comments
 (0)