fix: allow re-auth with another google account (#6544)

2025-08-19 17:06:25 -07:00 · 2025-08-19 17:06:25 -07:00 · 6505b0c8e1
parent 389102ec0e
commit 6505b0c8e1
2 changed files with 86 additions and 3 deletions
--- a/packages/core/src/code_assist/oauth2.test.ts
+++ b/packages/core/src/code_assist/oauth2.test.ts
@ -5,7 +5,12 @@
 */

 import { describe, it, expect, vi, beforeEach, afterEach, Mock } from 'vitest';
-import { getOauthClient, resetOauthClientForTesting } from './oauth2.js';
+import {
+  getOauthClient,
+  resetOauthClientForTesting,
+  clearCachedCredentialFile,
+  clearOauthClientCache,
+} from './oauth2.js';
 import { getCachedGoogleAccount } from '../utils/user_account.js';
 import { OAuth2Client, Compute } from 'google-auth-library';
 import * as fs from 'fs';
@ -510,4 +515,76 @@ describe('oauth2', () => {
      expect(mockSetCredentials).toHaveBeenCalledWith(cachedCreds);
    });
  });
+
+  describe('clearCachedCredentialFile', () => {
+    it('should clear cached credentials and Google account', async () => {
+      const cachedCreds = { refresh_token: 'test-token' };
+      const credsPath = path.join(tempHomeDir, '.gemini', 'oauth_creds.json');
+      await fs.promises.mkdir(path.dirname(credsPath), { recursive: true });
+      await fs.promises.writeFile(credsPath, JSON.stringify(cachedCreds));
+
+      const googleAccountPath = path.join(
+        tempHomeDir,
+        '.gemini',
+        'google_accounts.json',
+      );
+      const accountData = { active: 'test@example.com', old: [] };
+      await fs.promises.writeFile(
+        googleAccountPath,
+        JSON.stringify(accountData),
+      );
+
+      expect(fs.existsSync(credsPath)).toBe(true);
+      expect(fs.existsSync(googleAccountPath)).toBe(true);
+      expect(getCachedGoogleAccount()).toBe('test@example.com');
+
+      await clearCachedCredentialFile();
+      expect(fs.existsSync(credsPath)).toBe(false);
+      expect(getCachedGoogleAccount()).toBeNull();
+      const updatedAccountData = JSON.parse(
+        fs.readFileSync(googleAccountPath, 'utf-8'),
+      );
+      expect(updatedAccountData.active).toBeNull();
+      expect(updatedAccountData.old).toContain('test@example.com');
+    });
+
+    it('should clear the in-memory OAuth client cache', async () => {
+      const mockSetCredentials = vi.fn();
+      const mockGetAccessToken = vi
+        .fn()
+        .mockResolvedValue({ token: 'test-token' });
+      const mockGetTokenInfo = vi.fn().mockResolvedValue({});
+      const mockOAuth2Client = {
+        setCredentials: mockSetCredentials,
+        getAccessToken: mockGetAccessToken,
+        getTokenInfo: mockGetTokenInfo,
+        on: vi.fn(),
+      } as unknown as OAuth2Client;
+      (OAuth2Client as unknown as Mock).mockImplementation(
+        () => mockOAuth2Client,
+      );
+
+      // Pre-populate credentials to make getOauthClient resolve quickly
+      const credsPath = path.join(tempHomeDir, '.gemini', 'oauth_creds.json');
+      await fs.promises.mkdir(path.dirname(credsPath), { recursive: true });
+      await fs.promises.writeFile(
+        credsPath,
+        JSON.stringify({ refresh_token: 'token' }),
+      );
+
+      // First call, should create a client
+      await getOauthClient(AuthType.LOGIN_WITH_GOOGLE, mockConfig);
+      expect(OAuth2Client).toHaveBeenCalledTimes(1);
+
+      // Second call, should use cached client
+      await getOauthClient(AuthType.LOGIN_WITH_GOOGLE, mockConfig);
+      expect(OAuth2Client).toHaveBeenCalledTimes(1);
+
+      clearOauthClientCache();
+
+      // Third call, after clearing cache, should create a new client
+      await getOauthClient(AuthType.LOGIN_WITH_GOOGLE, mockConfig);
+      expect(OAuth2Client).toHaveBeenCalledTimes(2);
+    });
+  });
 });
--- a/packages/core/src/code_assist/oauth2.ts
+++ b/packages/core/src/code_assist/oauth2.ts
@ -391,13 +391,19 @@ function getCachedCredentialPath(): string {
  return path.join(os.homedir(), GEMINI_DIR, CREDENTIAL_FILENAME);
 }

+export function clearOauthClientCache() {
+  oauthClientPromises.clear();
+}
+
 export async function clearCachedCredentialFile() {
  try {
    await fs.rm(getCachedCredentialPath(), { force: true });
    // Clear the Google Account ID cache when credentials are cleared
    await clearCachedGoogleAccount();
-  } catch (_) {
-    /* empty */
+    // Clear the in-memory OAuth client cache to force re-authentication
+    clearOauthClientCache();
+  } catch (e) {
+    console.error('Failed to clear cached credentials:', e);
  }
 }