Skip to content

Commit b68b6a0

Browse files
davidruzickadavidruzicka
authored
Merge pull request #267 from davidruzicka/fix/ci-registry-lockfile
fix(ci): replace company registry URLs in lockfile, pin public registry; fix token-validation tests
2 parents ae54d9d + d85ec74 commit b68b6a0

3 files changed

Lines changed: 25 additions & 19 deletions

File tree

.npmrc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
registry=https://registry.npmjs.org

package-lock.json

Lines changed: 12 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/testing/token-validation.test.ts

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -259,16 +259,17 @@ describeIfListen('Token Validation Integration', () => {
259259
clientInfo: { name: 'test', version: '1.0.0' },
260260
},
261261
})
262-
.expect(401);
262+
.expect(200);
263263

264264
// Validation should have been called
265265
expect(validationCallCount).toBe(1);
266266
expect(lastValidationToken).toBe('invalid-token-xyz');
267267

268268
// Should not create session
269269
expect(response.headers['mcp-session-id']).toBeUndefined();
270-
expect(response.body.error).toBe('Unauthorized');
271-
expect(response.body.message).toContain('Invalid or expired');
270+
// JSON-RPC error response (HTTP 200 to avoid triggering OAuth flow in clients)
271+
expect(response.body.error).toBeDefined();
272+
expect(response.body.error.message).toContain('invalid or expired');
272273
});
273274

274275
it('should reject expired token', async () => {
@@ -289,10 +290,12 @@ describeIfListen('Token Validation Integration', () => {
289290
clientInfo: { name: 'test', version: '1.0.0' },
290291
},
291292
})
292-
.expect(401);
293+
.expect(200);
293294

294295
expect(validationCallCount).toBe(1);
295-
expect(response.body.error).toBe('Unauthorized');
296+
// JSON-RPC error response (HTTP 200 to avoid triggering OAuth flow in clients)
297+
expect(response.body.error).toBeDefined();
298+
expect(response.body.error.message).toContain('invalid or expired');
296299
});
297300
});
298301

@@ -355,9 +358,11 @@ describeIfListen('Token Validation Integration', () => {
355358
clientInfo: { name: 'test', version: '1.0.0' },
356359
},
357360
})
358-
.expect(401);
361+
.expect(200);
359362

360-
expect(response.body.error).toBe('Unauthorized');
363+
// JSON-RPC error response (HTTP 200 to avoid triggering OAuth flow in clients)
364+
expect(response.body.error).toBeDefined();
365+
expect(response.body.error.message).toContain('invalid or expired');
361366
});
362367
});
363368

0 commit comments

Comments
 (0)