fix: tighten pairing guard and unblock landing gate (#60491) (thanks @eleqtrizit)

2026-05-05 13:50:22 +00:00 · 2026-04-04 16:04:50 +09:00
parent cb0b15a195
commit 0a5bce21a6
4 changed files with 34 additions and 22 deletions
--- a/src/cli/qr-cli.test.ts
+++ b/src/cli/qr-cli.test.ts
@@ -168,7 +168,7 @@ describe("registerQrCli", () => {
  }

  function parseLastLoggedQrJson() {
-    const raw = runtime.log.mock.calls.at(-1)?.[0];
+    const raw = vi.mocked(runtime.log).mock.calls.at(-1)?.[0];
    return JSON.parse(typeof raw === "string" ? raw : "{}") as {
      setupCode?: string;
      gatewayUrl?: string;
@@ -202,7 +202,7 @@ describe("registerQrCli", () => {
    runtimeState.resetRuntimeCapture();
    vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "");
    vi.stubEnv("OPENCLAW_GATEWAY_PASSWORD", "");
-    runtime.exit.mockImplementation(() => {
+    vi.mocked(runtime.exit).mockImplementation(() => {
      throw new Error("exit");
    });
  });
@@ -243,7 +243,10 @@ describe("registerQrCli", () => {
    await runQr([]);

    expect(qrGenerate).toHaveBeenCalledTimes(1);
-    const output = runtime.log.mock.calls.map((call) => readRuntimeCallText(call)).join("\n");
+    const output = vi
+      .mocked(runtime.log)
+      .mock.calls.map((call) => readRuntimeCallText(call))
+      .join("\n");
    expect(output).toContain("Pairing QR");
    expect(output).toContain("ASCII-QR");
    expect(output).toContain("Gateway:");
@@ -440,9 +443,11 @@ describe("registerQrCli", () => {
    await runQr(["--remote"]);

    expect(
-      runtime.log.mock.calls.some((call) =>
-        readRuntimeCallText(call).includes("gateway.remote.token inactive"),
-      ),
+      vi
+        .mocked(runtime.log)
+        .mock.calls.some((call) =>
+          readRuntimeCallText(call).includes("gateway.remote.token inactive"),
+        ),
    ).toBe(true);
  });

@@ -496,9 +501,11 @@ describe("registerQrCli", () => {
    const payload = parseLastLoggedQrJson();
    expect(payload.gatewayUrl).toBe("wss://remote.example.com:444");
    expect(
-      runtime.error.mock.calls.some((call) =>
-        readRuntimeCallText(call).includes("gateway.remote.password inactive"),
-      ),
+      vi
+        .mocked(runtime.error)
+        .mock.calls.some((call) =>
+          readRuntimeCallText(call).includes("gateway.remote.password inactive"),
+        ),
    ).toBe(true);
  });

@@ -539,7 +546,7 @@ describe("registerQrCli", () => {

    await runQr(["--json", "--remote"]);

-    const raw = runtime.log.mock.calls.at(-1)?.[0];
+    const raw = vi.mocked(runtime.log).mock.calls.at(-1)?.[0];
    const payload = JSON.parse(typeof raw === "string" ? raw : "{}") as {
      gatewayUrl?: string;
      auth?: string;
--- a/src/cli/qr-dashboard.integration.test.ts
+++ b/src/cli/qr-dashboard.integration.test.ts
@@ -133,7 +133,7 @@ describe("cli integration: qr + dashboard token SecretRef", () => {
    runtimeLogs.length = 0;
    runtimeErrors.length = 0;
    vi.clearAllMocks();
-    runtime.exit.mockImplementation(() => {});
+    vi.mocked(runtime.exit).mockImplementation(() => {});
    delete process.env.OPENCLAW_GATEWAY_TOKEN;
    delete process.env.OPENCLAW_GATEWAY_PASSWORD;
    delete process.env.SHARED_GATEWAY_TOKEN;
--- a/src/cli/update-cli.test.ts
+++ b/src/cli/update-cli.test.ts
@@ -747,11 +747,18 @@ describe("update-cli", () => {
    const pkgRoot = path.join(brewRoot, "openclaw");
    const brewNpm = path.join(brewPrefix, "bin", "npm");
    const win32PrefixNpm = path.join(brewPrefix, "npm.cmd");
-    const owningNpmCommands = new Set(
-      [brewNpm, path.resolve(brewNpm), win32PrefixNpm, path.resolve(win32PrefixNpm)].map(
-        (candidate) => path.normalize(candidate),
-      ),
-    );
+    const isOwningNpmCommand = (value: unknown): boolean => {
+      if (typeof value !== "string") {
+        return false;
+      }
+      const normalized = path.normalize(value);
+      return (
+        normalized !== path.normalize("npm") &&
+        path.isAbsolute(value) &&
+        normalized.includes(path.normalize(brewPrefix)) &&
+        /npm(?:\.cmd)?$/i.test(normalized)
+      );
+    };
    const pathNpmRoot = createCaseDir("nvm-root");
    mockPackageInstallStatus(pkgRoot);
    pathExists.mockResolvedValue(false);
@@ -777,11 +784,7 @@ describe("update-cli", () => {
          termination: "exit",
        };
      }
-      if (
-        owningNpmCommands.has(path.normalize(String(argv[0] ?? ""))) &&
-        argv[1] === "root" &&
-        argv[2] === "-g"
-      ) {
+      if (isOwningNpmCommand(argv[0]) && argv[1] === "root" && argv[2] === "-g") {
        return {
          stdout: `${brewRoot}\n`,
          stderr: "",
@@ -803,6 +806,7 @@ describe("update-cli", () => {

    await fs.mkdir(path.dirname(brewNpm), { recursive: true });
    await fs.writeFile(brewNpm, "", "utf8");
+    await fs.writeFile(win32PrefixNpm, "", "utf8");
    await updateCommand({ yes: true });

    platformSpy.mockRestore();
@@ -813,7 +817,7 @@ describe("update-cli", () => {
      .mock.calls.find(
        ([argv]) =>
          Array.isArray(argv) &&
-          owningNpmCommands.has(path.normalize(String(argv[0] ?? ""))) &&
+          isOwningNpmCommand(argv[0]) &&
          argv[1] === "i" &&
          argv[2] === "-g" &&
          argv[3] === "openclaw@latest",