MCPcopy
hub / github.com/fosrl/pangolin / testSiteOrgMatchLogic

Function testSiteOrgMatchLogic

server/middlewares/verifySiteAccess.test.ts:47–100  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

45// --- Tests ---
46
47function testSiteOrgMatchLogic() {
48 console.log("Running verifySiteAccess org-match logic tests...");
49
50 // Test 1: Same org — should match
51 {
52 const result = siteOrgMatchesExpectedOrg(
53 "org-attacker",
54 "org-attacker"
55 );
56 assertEquals(result, true, "Same org should match");
57 }
58
59 // Test 2: Different org — should NOT match (cross-org bypass scenario)
60 {
61 const result = siteOrgMatchesExpectedOrg("org-victim", "org-attacker");
62 assertEquals(
63 result,
64 false,
65 "Cross-org site should NOT match expected org"
66 );
67 }
68
69 // Test 3: Site orgId is null — should NOT match
70 {
71 const result = siteOrgMatchesExpectedOrg(null, "org-attacker");
72 assertEquals(result, false, "Null site orgId should NOT match");
73 }
74
75 // Test 4: Expected orgId is null — should NOT match
76 {
77 const result = siteOrgMatchesExpectedOrg("org-attacker", null);
78 assertEquals(result, false, "Null expected orgId should NOT match");
79 }
80
81 // Test 5: Both null — should NOT match
82 {
83 const result = siteOrgMatchesExpectedOrg(null, null);
84 assertEquals(result, false, "Both null should NOT match");
85 }
86
87 // Test 6: Empty string orgIds — should NOT match (empty string is falsy)
88 {
89 const result = siteOrgMatchesExpectedOrg("", "org-attacker");
90 assertEquals(result, false, "Empty site orgId should NOT match");
91 }
92
93 // Test 7: Undefined orgIds — should NOT match
94 {
95 const result = siteOrgMatchesExpectedOrg(undefined, "org-attacker");
96 assertEquals(result, false, "Undefined site orgId should NOT match");
97 }
98
99 console.log("All verifySiteAccess org-match logic tests passed.");
100}
101
102function testShouldRejectCrossOrgSite() {
103 console.log(

Callers 1

Calls 2

assertEqualsFunction · 0.90

Tested by

no test coverage detected