Skip to content

Commit aab7e71

Browse files
fix(tests): update 403 to 404 for cross-tenant session access (#3360)
#3360 changed cross-tenant session access from 403 to 404 to avoid tenant enumeration. Two tests still asserted 403.
1 parent 7a75457 commit aab7e71

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

src/__tests__/dashboard-session-auth.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -200,7 +200,7 @@ describe('dashboard session cookie request auth', () => {
200200
url: '/v1/owned/other-tenant',
201201
headers: { cookie: cookieHeader(dashboardSession.sessionId) },
202202
});
203-
expect(otherTenant.statusCode).toBe(403);
203+
expect(otherTenant.statusCode).toBe(404);
204204
});
205205

206206
it('filters global SSE events for tenant-scoped dashboard sessions', () => {

src/__tests__/multitenancy-1944.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -400,7 +400,7 @@ describe('Multi-tenancy (#1944) — requireOwnership with tenant', () => {
400400
const result = requireOwnership(sessions, 's-1', reply, 'globex-key', 'globex');
401401

402402
expect(result).toBeNull();
403-
expect(reply.status).toHaveBeenCalledWith(403);
403+
expect(reply.status).toHaveBeenCalledWith(404);
404404
});
405405

406406
it('allows same-tenant access', async () => {

0 commit comments

Comments
 (0)