MALIO-DEV/Inventory
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
46ea3ca8ad4fe3424a81033f9f86660c7dfc2333
Inventory/tests/Mcp/Security/McpHeaderAuthenticatorTest.php
Matthieu 98caaa148d feat(mcp) : add McpHeaderAuthenticator with rate limiting 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 12:07:32 +01:00

85 lines
2.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Tests\Mcp\Security;
use App\Tests\AbstractApiTestCase;
use stdClass;
/**
* @internal
*/
class McpHeaderAuthenticatorTest extends AbstractApiTestCase
{
public function testMcpEndpointRejectsWithoutCredentials(): void
{
$client = static::createClient();
$client->request('POST', '/_mcp', [
'headers' => ['Content-Type' => 'application/json'],
'body' => $this->mcpRequest(),
]);
$this->assertResponseStatusCodeSame(401);
}
public function testMcpEndpointRejectsInvalidPassword(): void
{
$profile = $this->createProfile(
roles: ['ROLE_VIEWER'],
password: 'correct-password',
);
$client = static::createClient();
$client->request('POST', '/_mcp', [
'headers' => [
'Content-Type' => 'application/json',
'X-Profile-Id' => $profile->getId(),
'X-Profile-Password' => 'wrong-password',
],
'body' => $this->mcpRequest(),
]);
$this->assertResponseStatusCodeSame(401);
}
public function testMcpEndpointAcceptsValidCredentials(): void
{
$profile = $this->createProfile(
roles: ['ROLE_VIEWER'],
password: 'valid-password',
);
$client = static::createClient();
$client->request('POST', '/_mcp', [
'headers' => [
'Content-Type' => 'application/json',
'X-Profile-Id' => $profile->getId(),
'X-Profile-Password' => 'valid-password',
],
'body' => $this->mcpRequest(),
]);
$this->assertResponseStatusCodeSame(200);
}
private function mcpRequest(array $headers = [], array $body = []): string
{
$default = [
'jsonrpc' => '2.0',
'method' => 'initialize',
'params' => [
'protocolVersion' => '2025-03-26',
'capabilities' => new stdClass(),
'clientInfo' => ['name' => 'test', 'version' => '1.0'],
],
'id' => 1,
];
return json_encode(array_merge($default, $body));
}
}
Reference in New Issue View Git Blame Copy Permalink