mirrors/mcphub
1
0
Fork 0
mirror of https://github.com/samanhappy/mcphub.git synced 2025-12-24 02:39:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix authentication bypass vulnerability by using loadOriginalSettings for bearer auth validation

Browse Source 
Co-authored-by: samanhappy <2755122+samanhappy@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-11-23 06:42:40 +00:00
parent 259241f295
commit 9bcc96f207
3 changed files with 54 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/security/auth-bypass.test.ts
View File

@@ -243,7 +243,8 @@ describe('Authentication Bypass Security Tests', () => {
});
// With valid bearer token, should succeed (200 or 202)
expect([200, 202]).toContain(response.status);
expect(response.status).toBeGreaterThanOrEqual(200);
expect(response.status).toBeLessThan(300);
});
it('should reject invalid bearer token', async () => {
@@ -299,11 +300,12 @@ describe('Authentication Bypass Security Tests', () => {
const response = await request(httpServer)
.get('/admin/sse/alice-private')
.set('Authorization', 'Bearer supersecret-value')
.set('Accept', 'text/event-stream');
.set('Accept', 'text/event-stream')
.timeout(5000); // Add timeout to prevent hanging
// Should establish SSE connection (200)
expect(response.status).toBe(200);
});
}, 10000); // Increase test timeout
});
describe('Global Routes - Bearer Auth Enforcement', () => {
@@ -341,7 +343,8 @@ describe('Authentication Bypass Security Tests', () => {
},
});
expect([200, 202]).toContain(response.status);
expect(response.status).toBeGreaterThanOrEqual(200);
expect(response.status).toBeLessThan(300);
});
});