spec: update api consistency
Align optimistic locking conflict payload, update websocket docs, and adjust tests.
This commit is contained in:
beabigegg
@@ -0,0 +1,18 @@
|
||||
## MODIFIED Requirements
|
||||
### Requirement: Secure WebSocket Authentication
|
||||
The system SHALL authenticate WebSocket connections without exposing tokens in URL query parameters.
|
||||
|
||||
#### Scenario: WebSocket connection with token in first message
|
||||
- **WHEN** client connects to WebSocket endpoint without a query token
|
||||
- **THEN** server waits for authentication message containing JWT token
|
||||
- **THEN** server validates token before accepting further messages
|
||||
- **THEN** server sends an authentication acknowledgment message
|
||||
|
||||
#### Scenario: WebSocket connection with invalid token
|
||||
- **WHEN** client sends an invalid or expired token
|
||||
- **THEN** server sends an error message indicating invalid or expired token
|
||||
- **THEN** server closes the connection with an authentication error code
|
||||
|
||||
#### Scenario: WebSocket connection timeout without authentication
|
||||
- **WHEN** client connects but does not send authentication within 10 seconds
|
||||
- **THEN** server closes the connection with appropriate error code
|
||||
Reference in New Issue
Block a user