326 lines
9.8 KiB
TypeScript
326 lines
9.8 KiB
TypeScript
/**
|
|
* @license
|
|
* Copyright 2025 Google LLC
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
|
|
import { promises as fs } from 'node:fs';
|
|
import * as path from 'node:path';
|
|
import {
|
|
MCPOAuthTokenStorage,
|
|
MCPOAuthToken,
|
|
MCPOAuthCredentials,
|
|
} from './oauth-token-storage.js';
|
|
|
|
// Mock file system operations
|
|
vi.mock('node:fs', () => ({
|
|
promises: {
|
|
readFile: vi.fn(),
|
|
writeFile: vi.fn(),
|
|
mkdir: vi.fn(),
|
|
unlink: vi.fn(),
|
|
},
|
|
}));
|
|
|
|
vi.mock('node:os', () => ({
|
|
homedir: vi.fn(() => '/mock/home'),
|
|
}));
|
|
|
|
describe('MCPOAuthTokenStorage', () => {
|
|
const mockToken: MCPOAuthToken = {
|
|
accessToken: 'access_token_123',
|
|
refreshToken: 'refresh_token_456',
|
|
tokenType: 'Bearer',
|
|
scope: 'read write',
|
|
expiresAt: Date.now() + 3600000, // 1 hour from now
|
|
};
|
|
|
|
const mockCredentials: MCPOAuthCredentials = {
|
|
serverName: 'test-server',
|
|
token: mockToken,
|
|
clientId: 'test-client-id',
|
|
tokenUrl: 'https://auth.example.com/token',
|
|
updatedAt: Date.now(),
|
|
};
|
|
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
vi.spyOn(console, 'error').mockImplementation(() => {});
|
|
});
|
|
|
|
afterEach(() => {
|
|
vi.restoreAllMocks();
|
|
});
|
|
|
|
describe('loadTokens', () => {
|
|
it('should return empty map when token file does not exist', async () => {
|
|
vi.mocked(fs.readFile).mockRejectedValue({ code: 'ENOENT' });
|
|
|
|
const tokens = await MCPOAuthTokenStorage.loadTokens();
|
|
|
|
expect(tokens.size).toBe(0);
|
|
expect(console.error).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should load tokens from file successfully', async () => {
|
|
const tokensArray = [mockCredentials];
|
|
vi.mocked(fs.readFile).mockResolvedValue(JSON.stringify(tokensArray));
|
|
|
|
const tokens = await MCPOAuthTokenStorage.loadTokens();
|
|
|
|
expect(tokens.size).toBe(1);
|
|
expect(tokens.get('test-server')).toEqual(mockCredentials);
|
|
expect(fs.readFile).toHaveBeenCalledWith(
|
|
path.join('/mock/home', '.gemini', 'mcp-oauth-tokens.json'),
|
|
'utf-8',
|
|
);
|
|
});
|
|
|
|
it('should handle corrupted token file gracefully', async () => {
|
|
vi.mocked(fs.readFile).mockResolvedValue('invalid json');
|
|
|
|
const tokens = await MCPOAuthTokenStorage.loadTokens();
|
|
|
|
expect(tokens.size).toBe(0);
|
|
expect(console.error).toHaveBeenCalledWith(
|
|
expect.stringContaining('Failed to load MCP OAuth tokens'),
|
|
);
|
|
});
|
|
|
|
it('should handle file read errors other than ENOENT', async () => {
|
|
const error = new Error('Permission denied');
|
|
vi.mocked(fs.readFile).mockRejectedValue(error);
|
|
|
|
const tokens = await MCPOAuthTokenStorage.loadTokens();
|
|
|
|
expect(tokens.size).toBe(0);
|
|
expect(console.error).toHaveBeenCalledWith(
|
|
expect.stringContaining('Failed to load MCP OAuth tokens'),
|
|
);
|
|
});
|
|
});
|
|
|
|
describe('saveToken', () => {
|
|
it('should save token with restricted permissions', async () => {
|
|
vi.mocked(fs.readFile).mockRejectedValue({ code: 'ENOENT' });
|
|
vi.mocked(fs.mkdir).mockResolvedValue(undefined);
|
|
vi.mocked(fs.writeFile).mockResolvedValue(undefined);
|
|
|
|
await MCPOAuthTokenStorage.saveToken(
|
|
'test-server',
|
|
mockToken,
|
|
'client-id',
|
|
'https://token.url',
|
|
);
|
|
|
|
expect(fs.mkdir).toHaveBeenCalledWith(
|
|
path.join('/mock/home', '.gemini'),
|
|
{ recursive: true },
|
|
);
|
|
expect(fs.writeFile).toHaveBeenCalledWith(
|
|
path.join('/mock/home', '.gemini', 'mcp-oauth-tokens.json'),
|
|
expect.stringContaining('test-server'),
|
|
{ mode: 0o600 },
|
|
);
|
|
});
|
|
|
|
it('should update existing token for same server', async () => {
|
|
const existingCredentials = {
|
|
...mockCredentials,
|
|
serverName: 'existing-server',
|
|
};
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([existingCredentials]),
|
|
);
|
|
vi.mocked(fs.writeFile).mockResolvedValue(undefined);
|
|
|
|
const newToken = { ...mockToken, accessToken: 'new_access_token' };
|
|
await MCPOAuthTokenStorage.saveToken('existing-server', newToken);
|
|
|
|
const writeCall = vi.mocked(fs.writeFile).mock.calls[0];
|
|
const savedData = JSON.parse(writeCall[1] as string);
|
|
|
|
expect(savedData).toHaveLength(1);
|
|
expect(savedData[0].token.accessToken).toBe('new_access_token');
|
|
expect(savedData[0].serverName).toBe('existing-server');
|
|
});
|
|
|
|
it('should handle write errors gracefully', async () => {
|
|
vi.mocked(fs.readFile).mockRejectedValue({ code: 'ENOENT' });
|
|
vi.mocked(fs.mkdir).mockResolvedValue(undefined);
|
|
const writeError = new Error('Disk full');
|
|
vi.mocked(fs.writeFile).mockRejectedValue(writeError);
|
|
|
|
await expect(
|
|
MCPOAuthTokenStorage.saveToken('test-server', mockToken),
|
|
).rejects.toThrow('Disk full');
|
|
|
|
expect(console.error).toHaveBeenCalledWith(
|
|
expect.stringContaining('Failed to save MCP OAuth token'),
|
|
);
|
|
});
|
|
});
|
|
|
|
describe('getToken', () => {
|
|
it('should return token for existing server', async () => {
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([mockCredentials]),
|
|
);
|
|
|
|
const result = await MCPOAuthTokenStorage.getToken('test-server');
|
|
|
|
expect(result).toEqual(mockCredentials);
|
|
});
|
|
|
|
it('should return null for non-existent server', async () => {
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([mockCredentials]),
|
|
);
|
|
|
|
const result = await MCPOAuthTokenStorage.getToken('non-existent');
|
|
|
|
expect(result).toBeNull();
|
|
});
|
|
|
|
it('should return null when no tokens file exists', async () => {
|
|
vi.mocked(fs.readFile).mockRejectedValue({ code: 'ENOENT' });
|
|
|
|
const result = await MCPOAuthTokenStorage.getToken('test-server');
|
|
|
|
expect(result).toBeNull();
|
|
});
|
|
});
|
|
|
|
describe('removeToken', () => {
|
|
it('should remove token for specific server', async () => {
|
|
const credentials1 = { ...mockCredentials, serverName: 'server1' };
|
|
const credentials2 = { ...mockCredentials, serverName: 'server2' };
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([credentials1, credentials2]),
|
|
);
|
|
vi.mocked(fs.writeFile).mockResolvedValue(undefined);
|
|
|
|
await MCPOAuthTokenStorage.removeToken('server1');
|
|
|
|
const writeCall = vi.mocked(fs.writeFile).mock.calls[0];
|
|
const savedData = JSON.parse(writeCall[1] as string);
|
|
|
|
expect(savedData).toHaveLength(1);
|
|
expect(savedData[0].serverName).toBe('server2');
|
|
});
|
|
|
|
it('should remove token file when no tokens remain', async () => {
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([mockCredentials]),
|
|
);
|
|
vi.mocked(fs.unlink).mockResolvedValue(undefined);
|
|
|
|
await MCPOAuthTokenStorage.removeToken('test-server');
|
|
|
|
expect(fs.unlink).toHaveBeenCalledWith(
|
|
path.join('/mock/home', '.gemini', 'mcp-oauth-tokens.json'),
|
|
);
|
|
expect(fs.writeFile).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should handle removal of non-existent token gracefully', async () => {
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([mockCredentials]),
|
|
);
|
|
|
|
await MCPOAuthTokenStorage.removeToken('non-existent');
|
|
|
|
expect(fs.writeFile).not.toHaveBeenCalled();
|
|
expect(fs.unlink).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should handle file operation errors gracefully', async () => {
|
|
vi.mocked(fs.readFile).mockResolvedValue(
|
|
JSON.stringify([mockCredentials]),
|
|
);
|
|
vi.mocked(fs.unlink).mockRejectedValue(new Error('Permission denied'));
|
|
|
|
await MCPOAuthTokenStorage.removeToken('test-server');
|
|
|
|
expect(console.error).toHaveBeenCalledWith(
|
|
expect.stringContaining('Failed to remove MCP OAuth token'),
|
|
);
|
|
});
|
|
});
|
|
|
|
describe('isTokenExpired', () => {
|
|
it('should return false for token without expiry', () => {
|
|
const tokenWithoutExpiry = { ...mockToken };
|
|
delete tokenWithoutExpiry.expiresAt;
|
|
|
|
const result = MCPOAuthTokenStorage.isTokenExpired(tokenWithoutExpiry);
|
|
|
|
expect(result).toBe(false);
|
|
});
|
|
|
|
it('should return false for valid token', () => {
|
|
const futureToken = {
|
|
...mockToken,
|
|
expiresAt: Date.now() + 3600000, // 1 hour from now
|
|
};
|
|
|
|
const result = MCPOAuthTokenStorage.isTokenExpired(futureToken);
|
|
|
|
expect(result).toBe(false);
|
|
});
|
|
|
|
it('should return true for expired token', () => {
|
|
const expiredToken = {
|
|
...mockToken,
|
|
expiresAt: Date.now() - 3600000, // 1 hour ago
|
|
};
|
|
|
|
const result = MCPOAuthTokenStorage.isTokenExpired(expiredToken);
|
|
|
|
expect(result).toBe(true);
|
|
});
|
|
|
|
it('should return true for token expiring within buffer time', () => {
|
|
const soonToExpireToken = {
|
|
...mockToken,
|
|
expiresAt: Date.now() + 60000, // 1 minute from now (within 5-minute buffer)
|
|
};
|
|
|
|
const result = MCPOAuthTokenStorage.isTokenExpired(soonToExpireToken);
|
|
|
|
expect(result).toBe(true);
|
|
});
|
|
});
|
|
|
|
describe('clearAllTokens', () => {
|
|
it('should remove token file successfully', async () => {
|
|
vi.mocked(fs.unlink).mockResolvedValue(undefined);
|
|
|
|
await MCPOAuthTokenStorage.clearAllTokens();
|
|
|
|
expect(fs.unlink).toHaveBeenCalledWith(
|
|
path.join('/mock/home', '.gemini', 'mcp-oauth-tokens.json'),
|
|
);
|
|
});
|
|
|
|
it('should handle non-existent file gracefully', async () => {
|
|
vi.mocked(fs.unlink).mockRejectedValue({ code: 'ENOENT' });
|
|
|
|
await MCPOAuthTokenStorage.clearAllTokens();
|
|
|
|
expect(console.error).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should handle other file errors gracefully', async () => {
|
|
vi.mocked(fs.unlink).mockRejectedValue(new Error('Permission denied'));
|
|
|
|
await MCPOAuthTokenStorage.clearAllTokens();
|
|
|
|
expect(console.error).toHaveBeenCalledWith(
|
|
expect.stringContaining('Failed to clear MCP OAuth tokens'),
|
|
);
|
|
});
|
|
});
|
|
});
|