molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity

fix(tests): add auth headers to e2e GET /events + /bundles/export (post #167)

Browse Source 
PR #167 gated /events and /bundles/export/:id behind AdminAuth. The e2e
script's 3 calls to these routes were unauthenticated and broke when the
runner picked them up for the first time on PR #186 (self-hosted runner
migration). Same admin-gate contract, same fix pattern as the #99/#110
e2e hotfixes.

POST /bundles/import is left unauthenticated because by that point in
the script both workspaces have been deleted and #110 revoked their
tokens, so HasAnyLiveTokenGlobal=0 and AdminAuth fails-open.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hongming Wang 2026-04-15 10:33:38 -07:00
parent 8ad818fd16
commit 8d0007995e
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tests/e2e/test_api.sh
View File

@ -123,11 +123,11 @@ check "PATCH /workspaces/:id (name)" '"status":"updated"' "$R"
R=$(curl -s "$BASE/workspaces/$ECHO_ID")
check "Name updated" '"name":"Echo Agent v2"' "$R"
# Test 17: Events
R=$(curl -s "$BASE/events")
# Test 17: Events (#165 / PR #167 — now admin-gated, bearer required)
R=$(curl -s "$BASE/events" -H "Authorization: Bearer $ECHO_TOKEN")
check "GET /events (has events)" 'WORKSPACE_ONLINE' "$R"
R=$(curl -s "$BASE/events/$ECHO_ID")
R=$(curl -s "$BASE/events/$ECHO_ID" -H "Authorization: Bearer $ECHO_TOKEN")
check "GET /events/:id (has events for echo)" 'WORKSPACE_ONLINE' "$R"
# Test 18: Update card
@ -253,8 +253,8 @@ check "List after delete (count=1)" "1" "$COUNT"
echo ""
echo "--- Bundle Round-Trip Test ---"
# Export the summarizer workspace
BUNDLE=$(curl -s "$BASE/bundles/export/$SUM_ID")
# Export the summarizer workspace (#165 / PR #167 — admin-gated)
BUNDLE=$(curl -s "$BASE/bundles/export/$SUM_ID" -H "Authorization: Bearer $SUM_TOKEN")
check "GET /bundles/export/:id" '"name":"Summarizer Agent"' "$BUNDLE"
# Capture original config for comparison
@ -321,8 +321,8 @@ check "Register re-imported workspace" '"status":"registered"' "$R"
# revoked when SUM_ID was deleted above — use this one for cleanup instead.
NEW_TOKEN=$(echo "$R" | e2e_extract_token)
# Re-export and verify agent_card survives the round-trip
REBUNDLE=$(curl -s "$BASE/bundles/export/$NEW_ID")
# Re-export and verify agent_card survives the round-trip (#165 / PR #167 — admin-gated)
REBUNDLE=$(curl -s "$BASE/bundles/export/$NEW_ID" -H "Authorization: Bearer $NEW_TOKEN")
check "Re-exported bundle has agent_card" '"agent_card"' "$REBUNDLE"
# Clean up — use the token just issued to the re-imported workspace