mirror of
https://github.com/czlonkowski/n8n-mcp.git
synced 2026-03-19 00:43:07 +00:00
0d71a16f83
Fixes 5 failing CI tests by relaxing session ID validation to accept any non-empty string with safe characters (alphanumeric, hyphens, underscores). Changes: - Remove 20-character minimum length requirement - Keep maximum 100-character length for DoS protection - Maintain character whitelist for injection protection - Update tests to reflect relaxed validation policy - Fix mock setup for N8NDocumentationMCPServer in tests Security protections maintained: - Character whitelist prevents SQL/NoSQL injection and path traversal - Maximum length limit prevents DoS attacks - Empty string validation ensures non-empty session IDs Tests fixed: ✅ DELETE /mcp endpoint now returns 404 (not 400) for non-existent sessions ✅ Session ID validation accepts short IDs like '12345', 'short-id' ✅ Idempotent session creation tests pass with proper mock setup Related to PR #312 (Complete Session Persistence Implementation) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>