github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 21:48:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(tui): dedupe mode-specific exec secret fixtures

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-07 17:38:36 +00:00
parent e60b28fd1f
commit 66de964c59
1 changed files with 103 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
src/tui/gateway-chat.test.ts
View File

@@ -21,6 +21,67 @@ async function fileExists(filePath: string): Promise<boolean> {
} }
} }
type ModeExecProviderFixture = {
tokenMarker: string;
passwordMarker: string;
providers: {
tokenProvider: {
source: "exec";
command: string;
args: string[];
allowInsecurePath: true;
};
passwordProvider: {
source: "exec";
command: string;
args: string[];
allowInsecurePath: true;
};
};
};
async function withModeExecProviderFixture(
label: string,
run: (fixture: ModeExecProviderFixture) => Promise<void>,
) {
const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), `openclaw-tui-mode-${label}-`));
const tokenMarker = path.join(tempDir, "token-provider-ran");
const passwordMarker = path.join(tempDir, "password-provider-ran");
const tokenExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret
].join("");
const passwordExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret
].join("");
try {
await run({
tokenMarker,
passwordMarker,
providers: {
tokenProvider: {
source: "exec",
command: process.execPath,
args: ["-e", tokenExecProgram],
allowInsecurePath: true,
},
passwordProvider: {
source: "exec",
command: process.execPath,
args: ["-e", passwordExecProgram],
allowInsecurePath: true,
},
},
});
} finally {
await fs.rm(tempDir, { recursive: true, force: true });
}
}
describe("resolveGatewayConnection", () => { describe("resolveGatewayConnection", () => {
let envSnapshot: ReturnType<typeof captureEnv>; let envSnapshot: ReturnType<typeof captureEnv>;
@@ -259,108 +320,56 @@ describe("resolveGatewayConnection", () => {
}); });
it("resolves only token SecretRef when gateway.auth.mode is token", async () => { it("resolves only token SecretRef when gateway.auth.mode is token", async () => {
const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-tui-mode-token-")); await withModeExecProviderFixture(
const tokenMarker = path.join(tempDir, "token-provider-ran"); "token",
const passwordMarker = path.join(tempDir, "password-provider-ran"); async ({ tokenMarker, passwordMarker, providers }) => {
const tokenExecProgram = [ loadConfig.mockReturnValue({
"const fs=require('node:fs');", secrets: {
`fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, providers,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret
].join("");
const passwordExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret
].join("");
loadConfig.mockReturnValue({
secrets: {
providers: {
tokenProvider: {
source: "exec",
command: process.execPath,
args: ["-e", tokenExecProgram],
allowInsecurePath: true,
}, },
passwordProvider: { gateway: {
source: "exec", mode: "local",
command: process.execPath, auth: {
args: ["-e", passwordExecProgram], mode: "token",
allowInsecurePath: true, token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" },
password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" },
},
}, },
}, });
},
gateway: {
mode: "local",
auth: {
mode: "token",
token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" },
password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" },
},
},
});
try { const result = await resolveGatewayConnection({});
const result = await resolveGatewayConnection({}); expect(result.token).toBe("token-from-exec");
expect(result.token).toBe("token-from-exec"); expect(result.password).toBeUndefined();
expect(result.password).toBeUndefined(); expect(await fileExists(tokenMarker)).toBe(true);
expect(await fileExists(tokenMarker)).toBe(true); expect(await fileExists(passwordMarker)).toBe(false);
expect(await fileExists(passwordMarker)).toBe(false); },
} finally { );
await fs.rm(tempDir, { recursive: true, force: true });
}
}); });
it("resolves only password SecretRef when gateway.auth.mode is password", async () => { it("resolves only password SecretRef when gateway.auth.mode is password", async () => {
const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-tui-mode-password-")); await withModeExecProviderFixture(
const tokenMarker = path.join(tempDir, "token-provider-ran"); "password",
const passwordMarker = path.join(tempDir, "password-provider-ran"); async ({ tokenMarker, passwordMarker, providers }) => {
const tokenExecProgram = [ loadConfig.mockReturnValue({
"const fs=require('node:fs');", secrets: {
`fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, providers,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret
].join("");
const passwordExecProgram = [
"const fs=require('node:fs');",
`fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`,
"process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret
].join("");
loadConfig.mockReturnValue({
secrets: {
providers: {
tokenProvider: {
source: "exec",
command: process.execPath,
args: ["-e", tokenExecProgram],
allowInsecurePath: true,
}, },
passwordProvider: { gateway: {
source: "exec", mode: "local",
command: process.execPath, auth: {
args: ["-e", passwordExecProgram], mode: "password",
allowInsecurePath: true, token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" },
password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" },
},
}, },
}, });
},
gateway: {
mode: "local",
auth: {
mode: "password",
token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" },
password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" },
},
},
});
try { const result = await resolveGatewayConnection({});
const result = await resolveGatewayConnection({}); expect(result.password).toBe("password-from-exec");
expect(result.password).toBe("password-from-exec"); expect(result.token).toBeUndefined();
expect(result.token).toBeUndefined(); expect(await fileExists(tokenMarker)).toBe(false);
expect(await fileExists(tokenMarker)).toBe(false); expect(await fileExists(passwordMarker)).toBe(true);
expect(await fileExists(passwordMarker)).toBe(true); },
} finally { );
await fs.rm(tempDir, { recursive: true, force: true });
}
}); });
}); });