summaryrefslogtreecommitdiff
path: root/packages/backend/test/e2e/api.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/test/e2e/api.ts')
-rw-r--r--packages/backend/test/e2e/api.ts40
1 files changed, 38 insertions, 2 deletions
diff --git a/packages/backend/test/e2e/api.ts b/packages/backend/test/e2e/api.ts
index def90ddc72..15da74931d 100644
--- a/packages/backend/test/e2e/api.ts
+++ b/packages/backend/test/e2e/api.ts
@@ -7,7 +7,7 @@ process.env.NODE_ENV = 'test';
import * as assert from 'assert';
import { IncomingMessage } from 'http';
-import { signup, api, startServer, successfulApiCall, failedApiCall, uploadFile, waitFire, connectStream } from '../utils.js';
+import { signup, api, startServer, successfulApiCall, failedApiCall, uploadFile, waitFire, connectStream, relativeFetch } from '../utils.js';
import type { INestApplicationContext } from '@nestjs/common';
import type * as misskey from 'misskey-js';
@@ -223,6 +223,42 @@ describe('API', () => {
assert.ok(result.headers.get('WWW-Authenticate')?.startsWith('Bearer realm="Misskey", error="invalid_request", error_description'));
});
- // TODO: insufficient_scope test (authテストが全然なくて書けない)
+ describe('invalid bearer format', () => {
+ test('No preceding bearer', async () => {
+ const result = await relativeFetch('api/notes/create', {
+ method: 'POST',
+ headers: {
+ Authorization: alice.token,
+ 'Content-Type': 'application/json',
+ },
+ body: JSON.stringify({ text: 'test' }),
+ });
+ assert.strictEqual(result.status, 401);
+ });
+
+ test('Lowercase bearer', async () => {
+ const result = await relativeFetch('api/notes/create', {
+ method: 'POST',
+ headers: {
+ Authorization: `bearer ${alice.token}`,
+ 'Content-Type': 'application/json',
+ },
+ body: JSON.stringify({ text: 'test' }),
+ });
+ assert.strictEqual(result.status, 401);
+ });
+
+ test('No space after bearer', async () => {
+ const result = await relativeFetch('api/notes/create', {
+ method: 'POST',
+ headers: {
+ Authorization: `Bearer${alice.token}`,
+ 'Content-Type': 'application/json',
+ },
+ body: JSON.stringify({ text: 'test' }),
+ });
+ assert.strictEqual(result.status, 401);
+ });
+ });
});
});
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-08 04:27:05 +0000