Test for www-authenticate header

WebThingsIO · Aug 2, 2024 · 34fb33f · 34fb33f
1 parent b1c1ffc
commit 34fb33f
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/src/test/integration/oauth-test.ts b/src/test/integration/oauth-test.ts
@@ -162,6 +162,18 @@ describe('oauth/', function () {
     customCallbackHandler = customCallbackHandlerProvided || null;
   }
 
+  it('rejects request with no JWT', async () => {
+    setupOAuth();
+
+    // Try using the access token
+    let res = await chai
+      .request(server)
+      .get(Constants.THINGS_PATH)
+      .set('Accept', 'application/json')
+    expect(res.status).toEqual(401);
+    expect(res.get('WWW-Authenticate')).toEqual('Bearer');
+  });
+
   it('performs simple authorization', async () => {
     setupOAuth();
 
@@ -204,6 +216,7 @@ describe('oauth/', function () {
       .set('Accept', 'application/json')
       .set(...headerAuth(jwt));
     expect(err.status).toEqual(403);
+    expect(err.header).toHaveProperty('www-authenticate');
 
     res = await chai
       .request(server)
@@ -489,6 +502,7 @@ describe('oauth/', function () {
       .set('Accept', 'application/json')
       .set(...headerAuth(jwt));
     expect(err.status).toEqual(403);
+    expect(err.header).toHaveProperty('www-authenticate');
   });
 
   it('rejects use of authorization code as access token', async () => {
@@ -522,5 +536,6 @@ describe('oauth/', function () {
       .set('Accept', 'application/json')
       .set(...headerAuth(jwt));
     expect(err.status).toEqual(403);
+    expect(err.header).toHaveProperty('www-authenticate');
   });
 });