From 66de964c59da097cbd2d035ed17f96ebcc4c8e78 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sat, 7 Mar 2026 17:38:36 +0000 Subject: [PATCH] refactor(tui): dedupe mode-specific exec secret fixtures --- src/tui/gateway-chat.test.ts | 197 ++++++++++++++++++----------------- 1 file changed, 103 insertions(+), 94 deletions(-) diff --git a/src/tui/gateway-chat.test.ts b/src/tui/gateway-chat.test.ts index 2113abc7e..204172e4f 100644 --- a/src/tui/gateway-chat.test.ts +++ b/src/tui/gateway-chat.test.ts @@ -21,6 +21,67 @@ async function fileExists(filePath: string): Promise { } } +type ModeExecProviderFixture = { + tokenMarker: string; + passwordMarker: string; + providers: { + tokenProvider: { + source: "exec"; + command: string; + args: string[]; + allowInsecurePath: true; + }; + passwordProvider: { + source: "exec"; + command: string; + args: string[]; + allowInsecurePath: true; + }; + }; +}; + +async function withModeExecProviderFixture( + label: string, + run: (fixture: ModeExecProviderFixture) => Promise, +) { + const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), `openclaw-tui-mode-${label}-`)); + const tokenMarker = path.join(tempDir, "token-provider-ran"); + const passwordMarker = path.join(tempDir, "password-provider-ran"); + const tokenExecProgram = [ + "const fs=require('node:fs');", + `fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, + "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret + ].join(""); + const passwordExecProgram = [ + "const fs=require('node:fs');", + `fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`, + "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret + ].join(""); + + try { + await run({ + tokenMarker, + passwordMarker, + providers: { + tokenProvider: { + source: "exec", + command: process.execPath, + args: ["-e", tokenExecProgram], + allowInsecurePath: true, + }, + passwordProvider: { + source: "exec", + command: process.execPath, + args: ["-e", passwordExecProgram], + allowInsecurePath: true, + }, + }, + }); + } finally { + await fs.rm(tempDir, { recursive: true, force: true }); + } +} + describe("resolveGatewayConnection", () => { let envSnapshot: ReturnType; @@ -259,108 +320,56 @@ describe("resolveGatewayConnection", () => { }); it("resolves only token SecretRef when gateway.auth.mode is token", async () => { - const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-tui-mode-token-")); - const tokenMarker = path.join(tempDir, "token-provider-ran"); - const passwordMarker = path.join(tempDir, "password-provider-ran"); - const tokenExecProgram = [ - "const fs=require('node:fs');", - `fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret - ].join(""); - const passwordExecProgram = [ - "const fs=require('node:fs');", - `fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret - ].join(""); - - loadConfig.mockReturnValue({ - secrets: { - providers: { - tokenProvider: { - source: "exec", - command: process.execPath, - args: ["-e", tokenExecProgram], - allowInsecurePath: true, + await withModeExecProviderFixture( + "token", + async ({ tokenMarker, passwordMarker, providers }) => { + loadConfig.mockReturnValue({ + secrets: { + providers, }, - passwordProvider: { - source: "exec", - command: process.execPath, - args: ["-e", passwordExecProgram], - allowInsecurePath: true, + gateway: { + mode: "local", + auth: { + mode: "token", + token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" }, + password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" }, + }, }, - }, - }, - gateway: { - mode: "local", - auth: { - mode: "token", - token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" }, - password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" }, - }, - }, - }); + }); - try { - const result = await resolveGatewayConnection({}); - expect(result.token).toBe("token-from-exec"); - expect(result.password).toBeUndefined(); - expect(await fileExists(tokenMarker)).toBe(true); - expect(await fileExists(passwordMarker)).toBe(false); - } finally { - await fs.rm(tempDir, { recursive: true, force: true }); - } + const result = await resolveGatewayConnection({}); + expect(result.token).toBe("token-from-exec"); + expect(result.password).toBeUndefined(); + expect(await fileExists(tokenMarker)).toBe(true); + expect(await fileExists(passwordMarker)).toBe(false); + }, + ); }); it("resolves only password SecretRef when gateway.auth.mode is password", async () => { - const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-tui-mode-password-")); - const tokenMarker = path.join(tempDir, "token-provider-ran"); - const passwordMarker = path.join(tempDir, "password-provider-ran"); - const tokenExecProgram = [ - "const fs=require('node:fs');", - `fs.writeFileSync(${JSON.stringify(tokenMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { TOKEN_SECRET: 'token-from-exec' } }));", // pragma: allowlist secret - ].join(""); - const passwordExecProgram = [ - "const fs=require('node:fs');", - `fs.writeFileSync(${JSON.stringify(passwordMarker)},'1');`, - "process.stdout.write(JSON.stringify({ protocolVersion: 1, values: { PASSWORD_SECRET: 'password-from-exec' } }));", // pragma: allowlist secret - ].join(""); - - loadConfig.mockReturnValue({ - secrets: { - providers: { - tokenProvider: { - source: "exec", - command: process.execPath, - args: ["-e", tokenExecProgram], - allowInsecurePath: true, + await withModeExecProviderFixture( + "password", + async ({ tokenMarker, passwordMarker, providers }) => { + loadConfig.mockReturnValue({ + secrets: { + providers, }, - passwordProvider: { - source: "exec", - command: process.execPath, - args: ["-e", passwordExecProgram], - allowInsecurePath: true, + gateway: { + mode: "local", + auth: { + mode: "password", + token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" }, + password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" }, + }, }, - }, - }, - gateway: { - mode: "local", - auth: { - mode: "password", - token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" }, - password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" }, - }, - }, - }); + }); - try { - const result = await resolveGatewayConnection({}); - expect(result.password).toBe("password-from-exec"); - expect(result.token).toBeUndefined(); - expect(await fileExists(tokenMarker)).toBe(false); - expect(await fileExists(passwordMarker)).toBe(true); - } finally { - await fs.rm(tempDir, { recursive: true, force: true }); - } + const result = await resolveGatewayConnection({}); + expect(result.password).toBe("password-from-exec"); + expect(result.token).toBeUndefined(); + expect(await fileExists(tokenMarker)).toBe(false); + expect(await fileExists(passwordMarker)).toBe(true); + }, + ); }); });