(t *testing.T)
| 163 | } |
| 164 | |
| 165 | func TestMCPHTTP_E2E_UnauthenticatedAccess(t *testing.T) { |
| 166 | t.Parallel() |
| 167 | |
| 168 | // Setup Coder server |
| 169 | _, closer, api := coderdtest.NewWithAPI(t, nil) |
| 170 | defer closer.Close() |
| 171 | |
| 172 | ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) |
| 173 | defer cancel() |
| 174 | |
| 175 | // Test direct HTTP request to verify 401 status code |
| 176 | mcpURL := api.AccessURL.String() + mcpserver.MCPEndpoint |
| 177 | |
| 178 | // Make a POST request without authentication (MCP over HTTP uses POST) |
| 179 | //nolint:gosec // Test code using controlled localhost URL |
| 180 | req, err := http.NewRequestWithContext(ctx, "POST", mcpURL, strings.NewReader(`{"jsonrpc":"2.0","method":"initialize","params":{},"id":1}`)) |
| 181 | require.NoError(t, err, "Should be able to create HTTP request") |
| 182 | req.Header.Set("Content-Type", "application/json") |
| 183 | |
| 184 | client := &http.Client{} |
| 185 | resp, err := client.Do(req) |
| 186 | require.NoError(t, err, "Should be able to make HTTP request") |
| 187 | defer resp.Body.Close() |
| 188 | |
| 189 | // Verify we get 401 Unauthorized |
| 190 | require.Equal(t, http.StatusUnauthorized, resp.StatusCode, "Should get HTTP 401 for unauthenticated access") |
| 191 | |
| 192 | // Also test with MCP client to ensure it handles the error gracefully |
| 193 | mcpClient, err := mcpclient.NewStreamableHttpClient(mcpURL) |
| 194 | require.NoError(t, err, "Should be able to create MCP client without authentication") |
| 195 | defer func() { |
| 196 | if closeErr := mcpClient.Close(); closeErr != nil { |
| 197 | t.Logf("Failed to close MCP client: %v", closeErr) |
| 198 | } |
| 199 | }() |
| 200 | |
| 201 | // Start client and try to initialize - this should fail due to authentication |
| 202 | err = mcpClient.Start(ctx) |
| 203 | if err != nil { |
| 204 | // Authentication failed at transport level - this is expected |
| 205 | t.Logf("Unauthenticated access test successful: Transport-level authentication error: %v", err) |
| 206 | return |
| 207 | } |
| 208 | |
| 209 | initReq := mcp.InitializeRequest{ |
| 210 | Params: mcp.InitializeParams{ |
| 211 | ProtocolVersion: mcp.LATEST_PROTOCOL_VERSION, |
| 212 | ClientInfo: mcp.Implementation{ |
| 213 | Name: "test-client-unauth", |
| 214 | Version: "1.0.0", |
| 215 | }, |
| 216 | }, |
| 217 | } |
| 218 | |
| 219 | _, err = mcpClient.Initialize(ctx, initReq) |
| 220 | require.Error(t, err, "Should fail during MCP initialization without authentication") |
| 221 | } |
| 222 |
nothing calls this directly
no test coverage detected