github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 16:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(tests): dedupe control ui auth pairing fixtures

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-03 01:58:03 +00:00
parent fa4ff5f3d2
commit 25a2fe2bea
1 changed files with 75 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
src/gateway/server.auth.control-ui.suite.ts
View File

@@ -91,6 +91,65 @@ export function registerControlUiAndPairingSuite(): void {
expect(health.ok).toBe(true); expect(health.ok).toBe(true);
}; };
const connectControlUiWithoutDeviceAndExpectOk = async (params: {
ws: WebSocket;
token?: string;
password?: string;
}) => {
const res = await connectReq(params.ws, {
...(params.token ? { token: params.token } : {}),
...(params.password ? { password: params.password } : {}),
device: null,
client: { ...CONTROL_UI_CLIENT },
});
expect(res.ok).toBe(true);
await expectStatusAndHealthOk(params.ws);
};
const createOperatorIdentityFixture = async (identityPrefix: string) => {
const { mkdtemp } = await import("node:fs/promises");
const { tmpdir } = await import("node:os");
const { join } = await import("node:path");
const { loadOrCreateDeviceIdentity } = await import("../infra/device-identity.js");
const identityDir = await mkdtemp(join(tmpdir(), identityPrefix));
const identityPath = join(identityDir, "device.json");
const identity = loadOrCreateDeviceIdentity(identityPath);
return {
identityPath,
identity,
client: { ...TEST_OPERATOR_CLIENT },
};
};
const startServerWithOperatorIdentity = async (identityPrefix = "openclaw-device-scope-") => {
const { server, ws, port, prevToken } = await startServerWithClient("secret");
const { identityPath, identity, client } = await createOperatorIdentityFixture(identityPrefix);
return { server, ws, port, prevToken, identityPath, identity, client };
};
const getRequiredPairedMetadata = (
paired: Record<string, Record<string, unknown>>,
deviceId: string,
) => {
const metadata = paired[deviceId];
expect(metadata).toBeTruthy();
if (!metadata) {
throw new Error(`Expected paired metadata for deviceId=${deviceId}`);
}
return metadata;
};
const stripPairedMetadataRolesAndScopes = async (deviceId: string) => {
const { resolvePairingPaths, readJsonFile } = await import("../infra/pairing-files.js");
const { writeJsonAtomic } = await import("../infra/json-files.js");
const { pairedPath } = resolvePairingPaths(undefined, "devices");
const paired = (await readJsonFile<Record<string, Record<string, unknown>>>(pairedPath)) ?? {};
const legacy = getRequiredPairedMetadata(paired, deviceId);
delete legacy.roles;
delete legacy.scopes;
await writeJsonAtomic(pairedPath, paired);
};
const seedApprovedOperatorReadPairing = async (params: { const seedApprovedOperatorReadPairing = async (params: {
identityPrefix: string; identityPrefix: string;
clientId: string; clientId: string;
@@ -98,16 +157,10 @@ export function registerControlUiAndPairingSuite(): void {
displayName: string; displayName: string;
platform: string; platform: string;
}): Promise<{ identityPath: string; identity: { deviceId: string } }> => { }): Promise<{ identityPath: string; identity: { deviceId: string } }> => {
const { mkdtemp } = await import("node:fs/promises"); const { publicKeyRawBase64UrlFromPem } = await import("../infra/device-identity.js");
const { tmpdir } = await import("node:os");
const { join } = await import("node:path");
const { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem } =
await import("../infra/device-identity.js");
const { approveDevicePairing, requestDevicePairing } = const { approveDevicePairing, requestDevicePairing } =
await import("../infra/device-pairing.js"); await import("../infra/device-pairing.js");
const identityDir = await mkdtemp(join(tmpdir(), params.identityPrefix)); const { identityPath, identity } = await createOperatorIdentityFixture(params.identityPrefix);
const identityPath = join(identityDir, "device.json");
const identity = loadOrCreateDeviceIdentity(identityPath);
const devicePublicKey = publicKeyRawBase64UrlFromPem(identity.publicKeyPem); const devicePublicKey = publicKeyRawBase64UrlFromPem(identity.publicKeyPem);
const seeded = await requestDevicePairing({ const seeded = await requestDevicePairing({
deviceId: identity.deviceId, deviceId: identity.deviceId,
@@ -175,13 +228,7 @@ export function registerControlUiAndPairingSuite(): void {
const { server, ws, prevToken } = await startServerWithClient("secret", { const { server, ws, prevToken } = await startServerWithClient("secret", {
wsHeaders: { origin: "http://127.0.0.1" }, wsHeaders: { origin: "http://127.0.0.1" },
}); });
const res = await connectReq(ws, { await connectControlUiWithoutDeviceAndExpectOk({ ws, token: "secret" });
token: "secret",
device: null,
client: { ...CONTROL_UI_CLIENT },
});
expect(res.ok).toBe(true);
await expectStatusAndHealthOk(ws);
ws.close(); ws.close();
await server.close(); await server.close();
restoreGatewayToken(prevToken); restoreGatewayToken(prevToken);
@@ -192,13 +239,7 @@ export function registerControlUiAndPairingSuite(): void {
testState.gatewayAuth = { mode: "password", password: "secret" }; testState.gatewayAuth = { mode: "password", password: "secret" };
await withGatewayServer(async ({ port }) => { await withGatewayServer(async ({ port }) => {
const ws = await openWs(port, { origin: originForPort(port) }); const ws = await openWs(port, { origin: originForPort(port) });
const res = await connectReq(ws, { await connectControlUiWithoutDeviceAndExpectOk({ ws, password: "secret" });
password: "secret",
device: null,
client: { ...CONTROL_UI_CLIENT },
});
expect(res.ok).toBe(true);
await expectStatusAndHealthOk(ws);
ws.close(); ws.close();
}); });
}); });
@@ -450,16 +491,9 @@ export function registerControlUiAndPairingSuite(): void {
}); });
test("requires pairing for remote operator device identity with shared token auth", async () => { test("requires pairing for remote operator device identity with shared token auth", async () => {
const { mkdtemp } = await import("node:fs/promises");
const { tmpdir } = await import("node:os");
const { join } = await import("node:path");
const { loadOrCreateDeviceIdentity } = await import("../infra/device-identity.js");
const { getPairedDevice, listDevicePairing } = await import("../infra/device-pairing.js"); const { getPairedDevice, listDevicePairing } = await import("../infra/device-pairing.js");
const { server, ws, port, prevToken } = await startServerWithClient("secret"); const { server, ws, port, prevToken, identityPath, identity, client } =
const identityDir = await mkdtemp(join(tmpdir(), "openclaw-device-scope-")); await startServerWithOperatorIdentity();
const identityPath = join(identityDir, "device.json");
const identity = loadOrCreateDeviceIdentity(identityPath);
const client = { ...TEST_OPERATOR_CLIENT };
ws.close(); ws.close();
const wsRemoteRead = await openWs(port, { host: "gateway.example" }); const wsRemoteRead = await openWs(port, { host: "gateway.example" });
@@ -554,18 +588,12 @@ export function registerControlUiAndPairingSuite(): void {
}); });
test("merges remote node/operator pairing requests for the same unpaired device", async () => { test("merges remote node/operator pairing requests for the same unpaired device", async () => {
const { mkdtemp } = await import("node:fs/promises");
const { tmpdir } = await import("node:os");
const { join } = await import("node:path");
const { loadOrCreateDeviceIdentity } = await import("../infra/device-identity.js");
const { approveDevicePairing, getPairedDevice, listDevicePairing } = const { approveDevicePairing, getPairedDevice, listDevicePairing } =
await import("../infra/device-pairing.js"); await import("../infra/device-pairing.js");
const { server, ws, port, prevToken } = await startServerWithClient("secret"); const { server, ws, port, prevToken } = await startServerWithClient("secret");
ws.close(); ws.close();
const identityDir = await mkdtemp(join(tmpdir(), "openclaw-device-scope-")); const { identityPath, identity, client } =
const identityPath = join(identityDir, "device.json"); await createOperatorIdentityFixture("openclaw-device-scope-");
const identity = loadOrCreateDeviceIdentity(identityPath);
const client = { ...TEST_OPERATOR_CLIENT };
const connectWithNonce = async (role: "operator" | "node", scopes: string[]) => { const connectWithNonce = async (role: "operator" | "node", scopes: string[]) => {
const socket = new WebSocket(`ws://127.0.0.1:${port}`, { const socket = new WebSocket(`ws://127.0.0.1:${port}`, {
headers: { host: "gateway.example" }, headers: { host: "gateway.example" },
@@ -634,16 +662,9 @@ export function registerControlUiAndPairingSuite(): void {
}); });
test("allows operator.read connect when device is paired with operator.admin", async () => { test("allows operator.read connect when device is paired with operator.admin", async () => {
const { mkdtemp } = await import("node:fs/promises");
const { tmpdir } = await import("node:os");
const { join } = await import("node:path");
const { loadOrCreateDeviceIdentity } = await import("../infra/device-identity.js");
const { listDevicePairing } = await import("../infra/device-pairing.js"); const { listDevicePairing } = await import("../infra/device-pairing.js");
const { server, ws, port, prevToken } = await startServerWithClient("secret"); const { server, ws, port, prevToken, identityPath, identity, client } =
const identityDir = await mkdtemp(join(tmpdir(), "openclaw-device-scope-")); await startServerWithOperatorIdentity();
const identityPath = join(identityDir, "device.json");
const identity = loadOrCreateDeviceIdentity(identityPath);
const client = { ...TEST_OPERATOR_CLIENT };
const initialNonce = await readConnectChallengeNonce(ws); const initialNonce = await readConnectChallengeNonce(ws);
const initial = await connectReq(ws, { const initial = await connectReq(ws, {
@@ -687,18 +708,12 @@ export function registerControlUiAndPairingSuite(): void {
}); });
test("allows operator shared auth with legacy paired metadata", async () => { test("allows operator shared auth with legacy paired metadata", async () => {
const { mkdtemp } = await import("node:fs/promises"); const { publicKeyRawBase64UrlFromPem } = await import("../infra/device-identity.js");
const { tmpdir } = await import("node:os");
const { join } = await import("node:path");
const { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem } =
await import("../infra/device-identity.js");
const { resolvePairingPaths, readJsonFile } = await import("../infra/pairing-files.js");
const { writeJsonAtomic } = await import("../infra/json-files.js");
const { approveDevicePairing, getPairedDevice, listDevicePairing, requestDevicePairing } = const { approveDevicePairing, getPairedDevice, listDevicePairing, requestDevicePairing } =
await import("../infra/device-pairing.js"); await import("../infra/device-pairing.js");
const identityDir = await mkdtemp(join(tmpdir(), "openclaw-device-legacy-meta-")); const { identityPath, identity } = await createOperatorIdentityFixture(
const identityPath = join(identityDir, "device.json"); "openclaw-device-legacy-meta-",
const identity = loadOrCreateDeviceIdentity(identityPath); );
const deviceId = identity.deviceId; const deviceId = identity.deviceId;
const publicKey = publicKeyRawBase64UrlFromPem(identity.publicKeyPem); const publicKey = publicKeyRawBase64UrlFromPem(identity.publicKeyPem);
const pending = await requestDevicePairing({ const pending = await requestDevicePairing({
@@ -713,15 +728,7 @@ export function registerControlUiAndPairingSuite(): void {
}); });
await approveDevicePairing(pending.request.requestId); await approveDevicePairing(pending.request.requestId);
const { pairedPath } = resolvePairingPaths(undefined, "devices"); await stripPairedMetadataRolesAndScopes(deviceId);
const paired = (await readJsonFile<Record<string, Record<string, unknown>>>(pairedPath)) ?? {};
const legacy = paired[deviceId];
if (!legacy) {
throw new Error(`Expected paired metadata for deviceId=${deviceId}`);
}
delete legacy.roles;
delete legacy.scopes;
await writeJsonAtomic(pairedPath, paired);
const { server, ws, port, prevToken } = await startServerWithClient("secret"); const { server, ws, port, prevToken } = await startServerWithClient("secret");
let ws2: WebSocket | undefined; let ws2: WebSocket | undefined;
@@ -758,8 +765,6 @@ export function registerControlUiAndPairingSuite(): void {
}); });
test("auto-approves local scope upgrades even when paired metadata is legacy-shaped", async () => { test("auto-approves local scope upgrades even when paired metadata is legacy-shaped", async () => {
const { readJsonFile, resolvePairingPaths } = await import("../infra/pairing-files.js");
const { writeJsonAtomic } = await import("../infra/json-files.js");
const { getPairedDevice, listDevicePairing } = await import("../infra/device-pairing.js"); const { getPairedDevice, listDevicePairing } = await import("../infra/device-pairing.js");
const { identity, identityPath } = await seedApprovedOperatorReadPairing({ const { identity, identityPath } = await seedApprovedOperatorReadPairing({
identityPrefix: "openclaw-device-legacy-", identityPrefix: "openclaw-device-legacy-",
@@ -769,16 +774,7 @@ export function registerControlUiAndPairingSuite(): void {
platform: "test", platform: "test",
}); });
const { pairedPath } = resolvePairingPaths(undefined, "devices"); await stripPairedMetadataRolesAndScopes(identity.deviceId);
const paired = (await readJsonFile<Record<string, Record<string, unknown>>>(pairedPath)) ?? {};
const legacy = paired[identity.deviceId];
expect(legacy).toBeTruthy();
if (!legacy) {
throw new Error(`Expected paired metadata for deviceId=${identity.deviceId}`);
}
delete legacy.roles;
delete legacy.scopes;
await writeJsonAtomic(pairedPath, paired);
const { server, ws, port, prevToken } = await startServerWithClient("secret"); const { server, ws, port, prevToken } = await startServerWithClient("secret");
let ws2: WebSocket | undefined; let ws2: WebSocket | undefined;