meta {
  name: Config - Unauthorized Device
  type: http
  seq: 3
}

get {
  url: {{baseUrl}}/api/v1/config
  body: none
  auth: none
}

headers {
  X-Password: invalid-password
}

assert {
  res.status: eq 200
  res.body.authorized: eq false
  res.body.config: isEmpty
}

docs {
  Get configuration for an unauthorized password.

  This request uses a password that is NOT in the authorized_devices.json list.
  Expected response shows authorized: false with empty config object.
}