nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor: share startup auth token assertions

This commit is contained in:
Peter Steinberger 2026-03-13 17:37:04 +00:00
parent 8633d2e0a9
commit b5349f7563
1 changed files with 34 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/gateway/startup-auth.test.ts
View File

@ -53,6 +53,28 @@ describe("ensureGatewayStartupAuth", () => {
expect(mocks.writeConfigFile).not.toHaveBeenCalled();
}
async function expectResolvedToken(params: {
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
expectedToken: string;
expectedConfiguredToken?: unknown;
}) {
const result = await ensureGatewayStartupAuth({
cfg: params.cfg,
env: params.env,
persist: true,
});
expect(result.generatedToken).toBeUndefined();
expect(result.persistedGeneratedToken).toBe(false);
expect(result.auth.mode).toBe("token");
expect(result.auth.token).toBe(params.expectedToken);
if ("expectedConfiguredToken" in params) {
expect(result.cfg.gateway?.auth?.token).toEqual(params.expectedConfiguredToken);
}
expect(mocks.writeConfigFile).not.toHaveBeenCalled();
}
it("generates and persists a token when startup auth is missing", async () => {
const result = await ensureGatewayStartupAuth({
cfg: {},
@ -138,7 +160,7 @@ describe("ensureGatewayStartupAuth", () => {
});
it("resolves gateway.auth.token SecretRef before startup auth checks", async () => {
const result = await ensureGatewayStartupAuth({
await expectResolvedToken({
cfg: {
gateway: {
auth: {
@ -155,23 +177,17 @@ describe("ensureGatewayStartupAuth", () => {
env: {
GW_TOKEN: "resolved-token",
} as NodeJS.ProcessEnv,
persist: true,
expectedToken: "resolved-token",
expectedConfiguredToken: {
source: "env",
provider: "default",
id: "GW_TOKEN",
},
});
expect(result.generatedToken).toBeUndefined();
expect(result.persistedGeneratedToken).toBe(false);
expect(result.auth.mode).toBe("token");
expect(result.auth.token).toBe("resolved-token");
expect(result.cfg.gateway?.auth?.token).toEqual({
source: "env",
provider: "default",
id: "GW_TOKEN",
});
expect(mocks.writeConfigFile).not.toHaveBeenCalled();
});
it("resolves env-template gateway.auth.token before env-token short-circuiting", async () => {
const result = await ensureGatewayStartupAuth({
await expectResolvedToken({
cfg: {
gateway: {
auth: {
@ -183,19 +199,13 @@ describe("ensureGatewayStartupAuth", () => {
env: {
OPENCLAW_GATEWAY_TOKEN: "resolved-token",
} as NodeJS.ProcessEnv,
persist: true,
expectedToken: "resolved-token",
expectedConfiguredToken: "${OPENCLAW_GATEWAY_TOKEN}",
});
expect(result.generatedToken).toBeUndefined();
expect(result.persistedGeneratedToken).toBe(false);
expect(result.auth.mode).toBe("token");
expect(result.auth.token).toBe("resolved-token");
expect(result.cfg.gateway?.auth?.token).toBe("${OPENCLAW_GATEWAY_TOKEN}");
expect(mocks.writeConfigFile).not.toHaveBeenCalled();
});
it("uses OPENCLAW_GATEWAY_TOKEN without resolving configured token SecretRef", async () => {
const result = await ensureGatewayStartupAuth({
await expectResolvedToken({
cfg: {
gateway: {
auth: {
@ -212,14 +222,8 @@ describe("ensureGatewayStartupAuth", () => {
env: {
OPENCLAW_GATEWAY_TOKEN: "token-from-env",
} as NodeJS.ProcessEnv,
persist: true,
expectedToken: "token-from-env",
});
expect(result.generatedToken).toBeUndefined();
expect(result.persistedGeneratedToken).toBe(false);
expect(result.auth.mode).toBe("token");
expect(result.auth.token).toBe("token-from-env");
expect(mocks.writeConfigFile).not.toHaveBeenCalled();
});
it("fails when gateway.auth.token SecretRef is active and unresolved", async () => {