test: enhance OAuth 2.0 Protected Resource tests for path-based resources

shulkx · shulkx · commit 5780d4dfffbf · 2025-09-27T01:38:18.000+08:00
- Renamed `test_metadata_endpoint` to `test_metadata_endpoint_with_path` for clarity.
- Added a new test `test_metadata_endpoint_root_path_returns_404` to verify 404 response for root path.
- Introduced fixtures `root_resource_app` and `root_resource_client` for testing root-level resources.
- Added `test_metadata_endpoint_without_path` to validate metadata retrieval for root-level resources.
diff --git a/tests/server/auth/test_protected_resource.py b/tests/server/auth/test_protected_resource.py
@@ -36,10 +36,11 @@ async def test_client(test_app: Starlette):
 
 
 @pytest.mark.anyio
-async def test_metadata_endpoint(test_client: httpx.AsyncClient):
-    """Test the OAuth 2.0 Protected Resource metadata endpoint."""
+async def test_metadata_endpoint_with_path(test_client: httpx.AsyncClient):
+    """Test the OAuth 2.0 Protected Resource metadata endpoint for path-based resource."""
 
-    response = await test_client.get("/.well-known/oauth-protected-resource")
+    # For resource with path "/resource", metadata should be accessible at the path-aware location
+    response = await test_client.get("/.well-known/oauth-protected-resource/resource")
     assert response.json() == snapshot(
         {
             "resource": "https://example.com/resource",
@@ -50,3 +51,55 @@ async def test_metadata_endpoint(test_client: httpx.AsyncClient):
             "bearer_methods_supported": ["header"],
         }
     )
+
+
+@pytest.mark.anyio
+async def test_metadata_endpoint_root_path_returns_404(test_client: httpx.AsyncClient):
+    """Test that root path returns 404 for path-based resource."""
+
+    # Root path should return 404 for path-based resources
+    response = await test_client.get("/.well-known/oauth-protected-resource")
+    assert response.status_code == 404
+
+
+@pytest.fixture
+def root_resource_app():
+    """Fixture to create protected resource routes for root-level resource."""
+
+    # Create routes for a resource without path component
+    protected_resource_routes = create_protected_resource_routes(
+        resource_url=AnyHttpUrl("https://example.com"),
+        authorization_servers=[AnyHttpUrl("https://auth.example.com")],
+        scopes_supported=["read"],
+        resource_name="Root Resource",
+    )
+
+    app = Starlette(routes=protected_resource_routes)
+    return app
+
+
+@pytest.fixture
+async def root_resource_client(root_resource_app: Starlette):
+    """Fixture to create an HTTP client for the root resource app."""
+    async with httpx.AsyncClient(
+        transport=httpx.ASGITransport(app=root_resource_app), base_url="https://mcptest.com"
+    ) as client:
+        yield client
+
+
+@pytest.mark.anyio
+async def test_metadata_endpoint_without_path(root_resource_client: httpx.AsyncClient):
+    """Test metadata endpoint for root-level resource."""
+
+    # For root resource, metadata should be at standard location
+    response = await root_resource_client.get("/.well-known/oauth-protected-resource")
+    assert response.status_code == 200
+    assert response.json() == snapshot(
+        {
+            "resource": "https://example.com/",
+            "authorization_servers": ["https://auth.example.com/"],
+            "scopes_supported": ["read"],
+            "resource_name": "Root Resource",
+            "bearer_methods_supported": ["header"],
+        }
+    )
