Molecule AI Dev Lead
84d9738b12
Three tests used ValidateAnyToken mock expectations and fallthrough behavior. Now that HandleConnect uses ValidateToken (token-to-workspace binding), update: - RejectsUnauthorizedCrossWorkspace: mock expects SELECT id+workspace_id (ValidateToken pattern); row returns workspace_id=ws-caller so validation passes, then CanCommunicate=false → 403 as before. - RejectsInvalidToken: add setupTestDB so ValidateToken has a real mock; with no ExpectQuery set, the query returns error → 401 Unauthorized (was 503 fall-through; 401 is the correct explicit rejection). - AllowsSiblingWorkspace: add setupTestDB + ValidateToken mock returning ws-pm binding; CanCommunicate=true → Docker nil → 503 as before. |
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| pkg/provisionhook | ||
| .ci-force | ||
| .gitignore | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||