From b5349f7563a8953af3a3d19215aec9ce15ec1bbb Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Fri, 13 Mar 2026 17:37:04 +0000 Subject: [PATCH] refactor: share startup auth token assertions --- src/gateway/startup-auth.test.ts | 64 +++++++++++++++++--------------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/src/gateway/startup-auth.test.ts b/src/gateway/startup-auth.test.ts index c2ad8a51915..bfd1912f28c 100644 --- a/src/gateway/startup-auth.test.ts +++ b/src/gateway/startup-auth.test.ts @@ -53,6 +53,28 @@ describe("ensureGatewayStartupAuth", () => { expect(mocks.writeConfigFile).not.toHaveBeenCalled(); } + async function expectResolvedToken(params: { + cfg: OpenClawConfig; + env: NodeJS.ProcessEnv; + expectedToken: string; + expectedConfiguredToken?: unknown; + }) { + const result = await ensureGatewayStartupAuth({ + cfg: params.cfg, + env: params.env, + persist: true, + }); + + expect(result.generatedToken).toBeUndefined(); + expect(result.persistedGeneratedToken).toBe(false); + expect(result.auth.mode).toBe("token"); + expect(result.auth.token).toBe(params.expectedToken); + if ("expectedConfiguredToken" in params) { + expect(result.cfg.gateway?.auth?.token).toEqual(params.expectedConfiguredToken); + } + expect(mocks.writeConfigFile).not.toHaveBeenCalled(); + } + it("generates and persists a token when startup auth is missing", async () => { const result = await ensureGatewayStartupAuth({ cfg: {}, @@ -138,7 +160,7 @@ describe("ensureGatewayStartupAuth", () => { }); it("resolves gateway.auth.token SecretRef before startup auth checks", async () => { - const result = await ensureGatewayStartupAuth({ + await expectResolvedToken({ cfg: { gateway: { auth: { @@ -155,23 +177,17 @@ describe("ensureGatewayStartupAuth", () => { env: { GW_TOKEN: "resolved-token", } as NodeJS.ProcessEnv, - persist: true, + expectedToken: "resolved-token", + expectedConfiguredToken: { + source: "env", + provider: "default", + id: "GW_TOKEN", + }, }); - - expect(result.generatedToken).toBeUndefined(); - expect(result.persistedGeneratedToken).toBe(false); - expect(result.auth.mode).toBe("token"); - expect(result.auth.token).toBe("resolved-token"); - expect(result.cfg.gateway?.auth?.token).toEqual({ - source: "env", - provider: "default", - id: "GW_TOKEN", - }); - expect(mocks.writeConfigFile).not.toHaveBeenCalled(); }); it("resolves env-template gateway.auth.token before env-token short-circuiting", async () => { - const result = await ensureGatewayStartupAuth({ + await expectResolvedToken({ cfg: { gateway: { auth: { @@ -183,19 +199,13 @@ describe("ensureGatewayStartupAuth", () => { env: { OPENCLAW_GATEWAY_TOKEN: "resolved-token", } as NodeJS.ProcessEnv, - persist: true, + expectedToken: "resolved-token", + expectedConfiguredToken: "${OPENCLAW_GATEWAY_TOKEN}", }); - - expect(result.generatedToken).toBeUndefined(); - expect(result.persistedGeneratedToken).toBe(false); - expect(result.auth.mode).toBe("token"); - expect(result.auth.token).toBe("resolved-token"); - expect(result.cfg.gateway?.auth?.token).toBe("${OPENCLAW_GATEWAY_TOKEN}"); - expect(mocks.writeConfigFile).not.toHaveBeenCalled(); }); it("uses OPENCLAW_GATEWAY_TOKEN without resolving configured token SecretRef", async () => { - const result = await ensureGatewayStartupAuth({ + await expectResolvedToken({ cfg: { gateway: { auth: { @@ -212,14 +222,8 @@ describe("ensureGatewayStartupAuth", () => { env: { OPENCLAW_GATEWAY_TOKEN: "token-from-env", } as NodeJS.ProcessEnv, - persist: true, + expectedToken: "token-from-env", }); - - expect(result.generatedToken).toBeUndefined(); - expect(result.persistedGeneratedToken).toBe(false); - expect(result.auth.mode).toBe("token"); - expect(result.auth.token).toBe("token-from-env"); - expect(mocks.writeConfigFile).not.toHaveBeenCalled(); }); it("fails when gateway.auth.token SecretRef is active and unresolved", async () => {