ros/n8n-mcp
1
0
Fork 0
mirror of https://github.com/czlonkowski/n8n-mcp.git synced 2026-02-06 13:33:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: update session-management-api tests for relaxed validation

Browse Source 
Updates session-management-api.test.ts to align with the relaxed
session ID validation policy introduced for MCP proxy compatibility.

Changes:
- Remove short session IDs from invalid test cases (they're now valid)
- Add new test "should accept short session IDs (relaxed for MCP proxy compatibility)"
- Keep testing truly invalid IDs: empty strings, too long (101+), invalid chars
- Add more comprehensive invalid character tests (spaces, special chars)

Valid short session IDs now accepted:
- 'short' (5 chars)
- 'a' (1 char)
- 'only-nineteen-chars' (19 chars)
- '12345' (5 digits)

Invalid session IDs still rejected:
- Empty strings
- Over 100 characters
- Contains invalid characters (spaces, special chars, quotes, slashes)

This maintains security (character whitelist, max length) while
improving MCP proxy compatibility.

Resolves the last failing CI test in PR #312

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
czlonkowski
2025-10-12 19:05:54 +02:00
parent 0d71a16f83
commit be0211d826
1 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
tests/unit/session-management-api.test.ts
View File

@@ -192,11 +192,12 @@ describe('Session Management API (Phase 2 - REQ-5)', () => {
it('should return false for invalid session ID format', () => { it('should return false for invalid session ID format', () => {
const invalidSessionIds = [ const invalidSessionIds = [
'short', // Too short (5 chars) '', // Empty string
'a'.repeat(101), // Too long (101 chars) 'a'.repeat(101), // Too long (101 chars, exceeds max)
"'; DROP TABLE sessions--", // SQL injection attempt (invalid characters) "'; DROP TABLE sessions--", // SQL injection attempt (invalid characters: ', ;, space)
'../../../etc/passwd', // Path traversal attempt (invalid characters) '../../../etc/passwd', // Path traversal attempt (invalid characters: ., /)
'only-nineteen-chars' // Too short (19 chars, need 20+) 'has spaces here', // Invalid character (space)
'special@chars#here' // Invalid characters (@, #)
]; ];
invalidSessionIds.forEach(sessionId => { invalidSessionIds.forEach(sessionId => {
@@ -205,6 +206,21 @@ describe('Session Management API (Phase 2 - REQ-5)', () => {
}); });
}); });
it('should accept short session IDs (relaxed for MCP proxy compatibility)', () => {
const validShortIds = [
'short', // 5 chars - now valid
'a', // 1 char - now valid
'only-nineteen-chars', // 19 chars - now valid
'12345' // 5 digit ID - now valid
];
validShortIds.forEach(sessionId => {
const result = engine.restoreSession(sessionId, testContext);
expect(result).toBe(true);
expect(engine.getActiveSessions()).toContain(sessionId);
});
});
it('should return false for invalid instance context', () => { it('should return false for invalid instance context', () => {
const sessionId = 'instance-test-abc123-uuid-test-session-id3'; const sessionId = 'instance-test-abc123-uuid-test-session-id3';
const invalidContext = { const invalidContext = {