tests for exercise 2 done

kentcdodds · kentcdodds · commit ae3f664240ca · 2025-09-15T17:09:16.000-07:00
diff --git a/exercises/02.init/01.problem.authenticate/test/index.test.ts b/exercises/02.init/01.problem.authenticate/test/index.test.ts
@@ -1,5 +1,4 @@
 import { test, expect, inject } from 'vitest'
-import { z } from 'zod'
 
 const mcpServerPort = inject('mcpServerPort')
 const mcpServerUrl = `http://localhost:${mcpServerPort}`
diff --git a/exercises/02.init/01.solution.authenticate/test/index.test.ts b/exercises/02.init/01.solution.authenticate/test/index.test.ts
@@ -1,5 +1,4 @@
 import { test, expect, inject } from 'vitest'
-import { z } from 'zod'
 
 const mcpServerPort = inject('mcpServerPort')
 const mcpServerUrl = `http://localhost:${mcpServerPort}`
diff --git a/exercises/02.init/02.problem.params/test/index.test.ts b/exercises/02.init/02.problem.params/test/index.test.ts
@@ -1,9 +1,56 @@
 import { test, expect, inject } from 'vitest'
-import { z } from 'zod'
 
 const mcpServerPort = inject('mcpServerPort')
 const mcpServerUrl = `http://localhost:${mcpServerPort}`
 
-test(`TODO: update this test title to describe the important thing we're working on in this exercise step`, async () => {
-	// TODO: implement this test
+test(`WWW-Authenticate header includes auth params when authorization is missing`, async () => {
+	const response = await fetch(`${mcpServerUrl}/mcp`)
+
+	expect(
+		response.status,
+		'🚨 Request without Authorization header should return 401 status',
+	).toBe(401)
+
+	const wwwAuthenticateHeader = response.headers.get('WWW-Authenticate')
+	expect(
+		wwwAuthenticateHeader,
+		'🚨 Response should include WWW-Authenticate header',
+	).toBeTruthy()
+
+	expect(
+		wwwAuthenticateHeader?.includes('Bearer'),
+		'🚨 WWW-Authenticate header should include Bearer scheme',
+	).toBe(true)
+
+	expect(
+		wwwAuthenticateHeader?.includes('realm="EpicMe"'),
+		'🚨 WWW-Authenticate header should include realm="EpicMe"',
+	).toBe(true)
+
+	expect(
+		wwwAuthenticateHeader?.includes('resource_metadata='),
+		'🚨 WWW-Authenticate header should include resource_metadata parameter',
+	).toBe(true)
+
+	// Extract the resource_metadata URL from the header
+	const resourceMetadataMatch = wwwAuthenticateHeader?.match(
+		/resource_metadata=([^,]+)/,
+	)
+	expect(
+		resourceMetadataMatch,
+		'🚨 Should be able to extract resource_metadata URL from WWW-Authenticate header',
+	).toBeTruthy()
+
+	const resourceMetadataUrl = resourceMetadataMatch?.[1]
+	expect(
+		resourceMetadataUrl,
+		'🚨 resource_metadata URL should not be empty',
+	).toBeTruthy()
+
+	// Verify the resource_metadata URL points to the correct endpoint
+	const expectedResourceMetadataUrl = `${mcpServerUrl}/.well-known/oauth-protected-resource/mcp`
+	expect(
+		resourceMetadataUrl,
+		`🚨 resource_metadata should point to ${expectedResourceMetadataUrl}`,
+	).toBe(expectedResourceMetadataUrl)
 })
diff --git a/exercises/02.init/02.solution.params/test/index.test.ts b/exercises/02.init/02.solution.params/test/index.test.ts
@@ -1,9 +1,56 @@
 import { test, expect, inject } from 'vitest'
-import { z } from 'zod'
 
 const mcpServerPort = inject('mcpServerPort')
 const mcpServerUrl = `http://localhost:${mcpServerPort}`
 
-test(`TODO: update this test title to describe the important thing we're working on in this exercise step`, async () => {
-	// TODO: implement this test
+test(`WWW-Authenticate header includes auth params when authorization is missing`, async () => {
+	const response = await fetch(`${mcpServerUrl}/mcp`)
+
+	expect(
+		response.status,
+		'🚨 Request without Authorization header should return 401 status',
+	).toBe(401)
+
+	const wwwAuthenticateHeader = response.headers.get('WWW-Authenticate')
+	expect(
+		wwwAuthenticateHeader,
+		'🚨 Response should include WWW-Authenticate header',
+	).toBeTruthy()
+
+	expect(
+		wwwAuthenticateHeader?.includes('Bearer'),
+		'🚨 WWW-Authenticate header should include Bearer scheme',
+	).toBe(true)
+
+	expect(
+		wwwAuthenticateHeader?.includes('realm="EpicMe"'),
+		'🚨 WWW-Authenticate header should include realm="EpicMe"',
+	).toBe(true)
+
+	expect(
+		wwwAuthenticateHeader?.includes('resource_metadata='),
+		'🚨 WWW-Authenticate header should include resource_metadata parameter',
+	).toBe(true)
+
+	// Extract the resource_metadata URL from the header
+	const resourceMetadataMatch = wwwAuthenticateHeader?.match(
+		/resource_metadata=([^,]+)/,
+	)
+	expect(
+		resourceMetadataMatch,
+		'🚨 Should be able to extract resource_metadata URL from WWW-Authenticate header',
+	).toBeTruthy()
+
+	const resourceMetadataUrl = resourceMetadataMatch?.[1]
+	expect(
+		resourceMetadataUrl,
+		'🚨 resource_metadata URL should not be empty',
+	).toBeTruthy()
+
+	// Verify the resource_metadata URL points to the correct endpoint
+	const expectedResourceMetadataUrl = `${mcpServerUrl}/.well-known/oauth-protected-resource/mcp`
+	expect(
+		resourceMetadataUrl,
+		`🚨 resource_metadata should point to ${expectedResourceMetadataUrl}`,
+	).toBe(expectedResourceMetadataUrl)
 })

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`import { test, expect, inject } from 'vitest'`
`2`		`-import { z } from 'zod'`
`3`	`2`
`4`	`3`	`const mcpServerPort = inject('mcpServerPort')`
`5`	`4`	const mcpServerUrl = `http://localhost:${mcpServerPort}`