@@ -143,7 +143,10 @@ async function issuePairingScopedTokenForAdminApprovedDevice(name: string): Prom
143143 } ;
144144}
145145
146- async function issueMixedRolePairingScopedDevice ( name : string ) : Promise < {
146+ async function issueMixedRolePairingScopedDevice (
147+ name : string ,
148+ opts ?: { platform ?: string } ,
149+ ) : Promise < {
147150 deviceId : string ;
148151 identityPath : string ;
149152 identity : ReturnType < typeof loadDeviceIdentity > [ "identity" ] ;
@@ -157,7 +160,7 @@ async function issueMixedRolePairingScopedDevice(name: string): Promise<{
157160 role : "operator" ,
158161 roles : [ "operator" , "node" ] ,
159162 scopes : [ "operator.pairing" ] ,
160- platform : "linux" ,
163+ ... ( opts ?. platform ? { platform : opts . platform } : { } ) ,
161164 clientId : GATEWAY_CLIENT_NAMES . TEST ,
162165 clientMode : GATEWAY_CLIENT_MODES . TEST ,
163166 } ) ;
@@ -387,9 +390,7 @@ describe("gateway device.token.rotate/revoke ownership guard (IDOR)", () => {
387390 deviceIdentity : device . identity ,
388391 timeoutMessage : "timeout waiting for revoked node reconnect" ,
389392 } ) ,
390- ) . rejects . toThrow (
391- "pairing required: device is asking for a higher role than currently approved" ,
392- ) ;
393+ ) . rejects . toThrow ( "role upgrade pending approval" ) ;
393394
394395 const pairedAfterReconnect = await getPairedDevice ( device . deviceId ) ;
395396 expect ( pairedAfterReconnect ?. tokens ?. node ?. token ) . toBe ( revokedNodeToken ?. token ) ;
@@ -403,7 +404,9 @@ describe("gateway device.token.rotate/revoke ownership guard (IDOR)", () => {
403404
404405 test ( "rejects local node reconnect with metadata mismatch after node token revocation" , async ( ) => {
405406 const started = await startServerWithClient ( "secret" ) ;
406- const device = await issueMixedRolePairingScopedDevice ( "same-device-node-metadata-reconnect" ) ;
407+ const device = await issueMixedRolePairingScopedDevice ( "same-device-node-metadata-reconnect" , {
408+ platform : "linux" ,
409+ } ) ;
407410
408411 try {
409412 await connectOk ( started . ws ) ;
@@ -490,9 +493,7 @@ describe("gateway device.token.rotate/revoke ownership guard (IDOR)", () => {
490493 deviceIdentity : device . identity ,
491494 timeoutMessage : "timeout waiting for denied removal node reconnect" ,
492495 } ) ,
493- ) . rejects . toThrow (
494- "pairing required: device is asking for a higher role than currently approved" ,
495- ) ;
496+ ) . rejects . toThrow ( "role upgrade pending approval" ) ;
496497
497498 const pairedAfterReconnect = await getPairedDevice ( device . deviceId ) ;
498499 expect ( pairedAfterReconnect ?. tokens ?. node ?. token ) . toBe ( revokedNodeToken ?. token ) ;
0 commit comments