python-sdk/test_validate_scope_fix.py at 5f25002700767beee8e24cf3756020d3f07aad15 · goingforstudying-ctrl/python-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"""Test for validate_scope fix when self.scope is None"""

import pytest

from mcp.shared.auth import ClientRegistration, InvalidScopeError


def test_validate_scope_with_none_scope_allows_all():
    """When client has no scope restriction (None), all requested scopes should be allowed."""
    client = ClientRegistration(
        client_id="test-client",
        client_secret="secret",
        scope=None,  # No scope restriction
        redirect_uris=["http://localhost/callback"],
    )

    # Should not raise - all scopes allowed when no restriction
    result = client.validate_scope("read write admin")
    assert result == ["read", "write", "admin"]


def test_validate_scope_with_empty_requested_returns_none():
    """When requested_scope is None, return None."""
    client = ClientRegistration(
        client_id="test-client",
        client_secret="secret",
        scope="read write",
        redirect_uris=["http://localhost/callback"],
    )

    result = client.validate_scope(None)
    assert result is None


def test_validate_scope_with_restrictions_enforced():
    """When client has scope restrictions, only allowed scopes pass."""
    client = ClientRegistration(
        client_id="test-client",
        client_secret="secret",
        scope="read write",
        redirect_uris=["http://localhost/callback"],
    )

    # Allowed scope
    result = client.validate_scope("read")
    assert result == ["read"]

    # Disallowed scope should raise
    with pytest.raises(InvalidScopeError):
        client.validate_scope("admin")