Trek_CN/server/tests/unit/middleware
jubnl 20bf9c2312
security: close SEC-H4/H6 gaps from second-pass review
- SEC-H6: remove conditional audience check in mcp/index.ts — audience is
  now always enforced against the mcpResource URL. Add migration to revoke
  pre-existing oauth_tokens with audience=NULL so dead rows don't linger.
- SEC-H4: validate doc.issuer against config.issuer inside discover() to
  prevent a MITM'd discovery doc from supplying a crafted expected issuer.
  verifyIdToken caller now passes config.issuer as ground truth, not
  doc.issuer.
- tests: cover three new OIDC callback failure paths (no_id_token,
  id_token_invalid, subject_mismatch) and two idempotency caps (key length
  >128 chars returns 400, body >256 KiB skips caching).
2026-04-20 21:35:30 +02:00
..
auth.test.ts test: expand test suite to 87.3% backend coverage 2026-04-06 20:08:30 +02:00
idempotency.test.ts security: close SEC-H4/H6 gaps from second-pass review 2026-04-20 21:35:30 +02:00
mfaPolicy.test.ts Add comprehensive backend test suite (#339) 2026-04-03 13:17:53 +02:00
tripAccess.test.ts test: expand test suite to 87.3% backend coverage 2026-04-06 20:08:30 +02:00
validate.test.ts Add comprehensive backend test suite (#339) 2026-04-03 13:17:53 +02:00