MCPcopy Index your code
hub / github.com/coder/coder / TestMCPHTTP_E2E_UnauthenticatedAccess

Function TestMCPHTTP_E2E_UnauthenticatedAccess

coderd/mcp/mcp_e2e_test.go:165–221  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

163}
164
165func TestMCPHTTP_E2E_UnauthenticatedAccess(t *testing.T) {
166 t.Parallel()
167
168 // Setup Coder server
169 _, closer, api := coderdtest.NewWithAPI(t, nil)
170 defer closer.Close()
171
172 ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
173 defer cancel()
174
175 // Test direct HTTP request to verify 401 status code
176 mcpURL := api.AccessURL.String() + mcpserver.MCPEndpoint
177
178 // Make a POST request without authentication (MCP over HTTP uses POST)
179 //nolint:gosec // Test code using controlled localhost URL
180 req, err := http.NewRequestWithContext(ctx, "POST", mcpURL, strings.NewReader(`{"jsonrpc":"2.0","method":"initialize","params":{},"id":1}`))
181 require.NoError(t, err, "Should be able to create HTTP request")
182 req.Header.Set("Content-Type", "application/json")
183
184 client := &http.Client{}
185 resp, err := client.Do(req)
186 require.NoError(t, err, "Should be able to make HTTP request")
187 defer resp.Body.Close()
188
189 // Verify we get 401 Unauthorized
190 require.Equal(t, http.StatusUnauthorized, resp.StatusCode, "Should get HTTP 401 for unauthenticated access")
191
192 // Also test with MCP client to ensure it handles the error gracefully
193 mcpClient, err := mcpclient.NewStreamableHttpClient(mcpURL)
194 require.NoError(t, err, "Should be able to create MCP client without authentication")
195 defer func() {
196 if closeErr := mcpClient.Close(); closeErr != nil {
197 t.Logf("Failed to close MCP client: %v", closeErr)
198 }
199 }()
200
201 // Start client and try to initialize - this should fail due to authentication
202 err = mcpClient.Start(ctx)
203 if err != nil {
204 // Authentication failed at transport level - this is expected
205 t.Logf("Unauthenticated access test successful: Transport-level authentication error: %v", err)
206 return
207 }
208
209 initReq := mcp.InitializeRequest{
210 Params: mcp.InitializeParams{
211 ProtocolVersion: mcp.LATEST_PROTOCOL_VERSION,
212 ClientInfo: mcp.Implementation{
213 Name: "test-client-unauth",
214 Version: "1.0.0",
215 },
216 },
217 }
218
219 _, err = mcpClient.Initialize(ctx, initReq)
220 require.Error(t, err, "Should fail during MCP initialization without authentication")
221}
222

Callers

nothing calls this directly

Calls 10

NewWithAPIFunction · 0.92
InitializeMethod · 0.80
CloseMethod · 0.65
SetMethod · 0.65
DoMethod · 0.65
LogfMethod · 0.65
StartMethod · 0.65
StringMethod · 0.45
EqualMethod · 0.45
ErrorMethod · 0.45

Tested by

no test coverage detected