test: add tests for resource metadata URL construction and route consistency

shulkx · shulkx · commit d2d3c745e7b2 · 2025-09-27T14:53:15.000+08:00
- Introduced `TestMetadataUrlConstruction` to validate URL construction for various resource configurations.
- Added `TestRouteConsistency` to ensure consistency between generated metadata URLs and route paths.
- Enhanced existing tests for better clarity and coverage of edge cases in URL handling.
diff --git a/tests/server/auth/test_protected_resource.py b/tests/server/auth/test_protected_resource.py
@@ -8,7 +8,7 @@
 from pydantic import AnyHttpUrl
 from starlette.applications import Starlette
 
-from mcp.server.auth.routes import create_protected_resource_routes
+from mcp.server.auth.routes import build_resource_metadata_url, create_protected_resource_routes
 
 
 @pytest.fixture
@@ -103,3 +103,96 @@ async def test_metadata_endpoint_without_path(root_resource_client: httpx.AsyncC
             "bearer_methods_supported": ["header"],
         }
     )
+
+
+class TestMetadataUrlConstruction:
+    """Test URL construction utility function."""
+
+    def test_url_without_path(self):
+        """Test URL construction for resource without path component."""
+        resource_url = AnyHttpUrl("https://example.com")
+        result = build_resource_metadata_url(resource_url)
+        assert str(result) == "https://example.com/.well-known/oauth-protected-resource"
+
+    def test_url_with_path_component(self):
+        """Test URL construction for resource with path component."""
+        resource_url = AnyHttpUrl("https://example.com/mcp")
+        result = build_resource_metadata_url(resource_url)
+        assert str(result) == "https://example.com/.well-known/oauth-protected-resource/mcp"
+
+    def test_url_with_trailing_slash_only(self):
+        """Test URL construction for resource with trailing slash only."""
+        resource_url = AnyHttpUrl("https://example.com/")
+        result = build_resource_metadata_url(resource_url)
+        # Trailing slash should be treated as empty path
+        assert str(result) == "https://example.com/.well-known/oauth-protected-resource"
+
+    @pytest.mark.parametrize(
+        "resource_url,expected_url",
+        [
+            ("https://example.com", "https://example.com/.well-known/oauth-protected-resource"),
+            ("https://example.com/", "https://example.com/.well-known/oauth-protected-resource"),
+            ("https://example.com/mcp", "https://example.com/.well-known/oauth-protected-resource/mcp"),
+            ("http://localhost:8001/mcp", "http://localhost:8001/.well-known/oauth-protected-resource/mcp"),
+        ],
+    )
+    def test_various_resource_configurations(self, resource_url: str, expected_url: str):
+        """Test URL construction with various resource configurations."""
+        result = build_resource_metadata_url(AnyHttpUrl(resource_url))
+        assert str(result) == expected_url
+
+
+class TestRouteConsistency:
+    """Test consistency between URL generation and route registration."""
+
+    def test_route_path_matches_metadata_url(self):
+        """Test that route path matches the generated metadata URL."""
+        resource_url = AnyHttpUrl("https://example.com/mcp")
+
+        # Generate metadata URL
+        metadata_url = build_resource_metadata_url(resource_url)
+
+        # Create routes
+        routes = create_protected_resource_routes(
+            resource_url=resource_url,
+            authorization_servers=[AnyHttpUrl("https://auth.example.com")],
+        )
+
+        # Extract path from metadata URL
+        from urllib.parse import urlparse
+
+        metadata_path = urlparse(str(metadata_url)).path
+
+        # Verify consistency
+        assert len(routes) == 1
+        assert routes[0].path == metadata_path
+
+    @pytest.mark.parametrize(
+        "resource_url,expected_path",
+        [
+            ("https://example.com", "/.well-known/oauth-protected-resource"),
+            ("https://example.com/", "/.well-known/oauth-protected-resource"),
+            ("https://example.com/mcp", "/.well-known/oauth-protected-resource/mcp"),
+        ],
+    )
+    def test_consistent_paths_for_various_resources(self, resource_url: str, expected_path: str):
+        """Test that URL generation and route creation are consistent."""
+        resource_url_obj = AnyHttpUrl(resource_url)
+
+        # Test URL generation
+        metadata_url = build_resource_metadata_url(resource_url_obj)
+        from urllib.parse import urlparse
+
+        url_path = urlparse(str(metadata_url)).path
+
+        # Test route creation
+        routes = create_protected_resource_routes(
+            resource_url=resource_url_obj,
+            authorization_servers=[AnyHttpUrl("https://auth.example.com")],
+        )
+        route_path = routes[0].path
+
+        # Both should match expected path
+        assert url_path == expected_path
+        assert route_path == expected_path
+        assert url_path == route_path
