Test the case of an invalid session identifier (#4594)

Co-authored-by: Tobie Morgan Hitchcock <tobie@surrealdb.com>

tests/common/tests.rs

@@ -1853,6 +1853,21 @@ async fn session_id_defined_both() {
 	server.finish().unwrap();
 }
 
+#[test(tokio::test)]
+async fn session_id_invalid() {
+	// Setup database server
+	let (addr, mut server) = common::start_server_with_defaults().await.unwrap();
+	// We specify a request identifier via a specific SurrealDB header
+	let mut headers = HeaderMap::new();
+	headers.insert("surreal-id", HeaderValue::from_static("123")); // Not a valid UUIDv4
+	// Connect to WebSocket
+	let socket = Socket::connect_with_headers(&addr, SERVER, FORMAT, headers).await;
+	assert!(socket.is_err(), "unexpected success using connecting with invalid id header");
+
+	// Test passed
+	server.finish().unwrap();
+}
+
 #[test(tokio::test)]
 async fn session_id_undefined() {
 	// Setup database server

tests/http_integration.rs

@@ -348,6 +348,29 @@ mod http_integration {
 			let body = res.text().await.unwrap();
 			assert!(body.contains("00000000-0000-0000-0000-000000000000"), "body: {body}");
 		}
+
+		// Request with invalid header, should fail
+		{
+			// Prepare HTTP client with header
+			let mut headers = reqwest::header::HeaderMap::new();
+			let ns = Ulid::new().to_string();
+			let db = Ulid::new().to_string();
+			headers.insert("surreal-ns", ns.parse().unwrap());
+			headers.insert("surreal-db", db.parse().unwrap());
+			headers.insert(
+				"surreal-id",
+				HeaderValue::from_static("123"), // Not a valid UUIDv4
+			);
+			headers.insert(header::ACCEPT, "application/json".parse().unwrap());
+			let client = reqwest::Client::builder()
+				.connect_timeout(Duration::from_millis(10))
+				.default_headers(headers)
+				.build()
+				.unwrap();
+
+			let res = client.post(url).body("SELECT VALUE id FROM $session").send().await.unwrap();
+			assert_eq!(res.status(), 401);
+		}
 	}
 
 	#[test(tokio::test)]