From 9b23e5ce1f52bcc1ada3f534d81ed62fc6f6cbd5 Mon Sep 17 00:00:00 2001
From: tyler <tyler@mb-air.local>
Date: Sun, 22 Feb 2026 10:32:00 +0800
Subject: [PATCH] test: fix flaky auth tests when OPENCLAW_GATEWAY_TOKEN is
 present

---
 ...s-open-profile-unknown-returns-404.test.ts | 15 ++++++++++++++
 src/gateway/server-runtime-config.test.ts     | 20 +++++++++++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/browser/server.post-tabs-open-profile-unknown-returns-404.test.ts b/src/browser/server.post-tabs-open-profile-unknown-returns-404.test.ts
index 3d68bf0ee..ceaf47212 100644
--- a/src/browser/server.post-tabs-open-profile-unknown-returns-404.test.ts
+++ b/src/browser/server.post-tabs-open-profile-unknown-returns-404.test.ts
@@ -66,6 +66,11 @@ describe("profile CRUD endpoints", () => {
     state.prevGatewayPort = process.env.OPENCLAW_GATEWAY_PORT;
     process.env.OPENCLAW_GATEWAY_PORT = String(state.testPort - 2);
 
+    state.prevGatewayToken = process.env.OPENCLAW_GATEWAY_TOKEN;
+    state.prevGatewayPassword = process.env.OPENCLAW_GATEWAY_PASSWORD;
+    delete process.env.OPENCLAW_GATEWAY_TOKEN;
+    delete process.env.OPENCLAW_GATEWAY_PASSWORD;
+
     vi.stubGlobal(
       "fetch",
       vi.fn(async (url: string) => {
@@ -82,6 +87,16 @@ describe("profile CRUD endpoints", () => {
     vi.unstubAllGlobals();
     vi.restoreAllMocks();
     restoreGatewayPortEnv(state.prevGatewayPort);
+    if (state.prevGatewayToken !== undefined) {
+      process.env.OPENCLAW_GATEWAY_TOKEN = state.prevGatewayToken;
+    } else {
+      delete process.env.OPENCLAW_GATEWAY_TOKEN;
+    }
+    if (state.prevGatewayPassword !== undefined) {
+      process.env.OPENCLAW_GATEWAY_PASSWORD = state.prevGatewayPassword;
+    } else {
+      delete process.env.OPENCLAW_GATEWAY_PASSWORD;
+    }
     await stopBrowserControlServer();
   });
 
diff --git a/src/gateway/server-runtime-config.test.ts b/src/gateway/server-runtime-config.test.ts
index 74e06ce41..2c2b30e9d 100644
--- a/src/gateway/server-runtime-config.test.ts
+++ b/src/gateway/server-runtime-config.test.ts
@@ -1,4 +1,4 @@
-import { describe, expect, it } from "vitest";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
 import { resolveGatewayRuntimeConfig } from "./server-runtime-config.js";
 
 const TRUSTED_PROXY_AUTH = {
@@ -103,6 +103,21 @@ describe("resolveGatewayRuntimeConfig", () => {
   });
 
   describe("token/password auth modes", () => {
+    let originalToken: string | undefined;
+
+    beforeEach(() => {
+      originalToken = process.env.OPENCLAW_GATEWAY_TOKEN;
+      delete process.env.OPENCLAW_GATEWAY_TOKEN;
+    });
+
+    afterEach(() => {
+      if (originalToken !== undefined) {
+        process.env.OPENCLAW_GATEWAY_TOKEN = originalToken;
+      } else {
+        delete process.env.OPENCLAW_GATEWAY_TOKEN;
+      }
+    });
+
     it.each([
       {
         name: "lan binding with token",
@@ -126,7 +141,8 @@ describe("resolveGatewayRuntimeConfig", () => {
       {
         name: "token mode without token",
         cfg: { gateway: { bind: "lan" as const, auth: { mode: "token" as const } } },
-        expectedMessage: "gateway auth mode is token, but no token was configured",
+        expectedMessage:
+          "gateway auth mode is token, but no token was configured (set gateway.auth.token or OPENCLAW_GATEWAY_TOKEN)",
       },
       {
         name: "lan binding with explicit none auth",