mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-08 15:40:50 +00:00
33154ce745
* feat(ollama): split interactive cloud and local setup * test(ollama): cover cloud onboarding flow * docs(ollama): simplify provider setup docs * docs(onboarding): update ollama wizard copy * fix(ollama): restore web search auth helper * fix(ollama): harden setup auth and ssrf handling * fix(ollama): address review regressions * fix(ollama): scope ssrf hardening to ollama * feat(ollama): add hybrid onboarding mode * fix(ollama): tighten cloud credential setup * refactor(ollama): distill host-backed setup modes * fix(ollama): preserve cloud api key in config * fix: simplify ollama onboarding (#67005)
88 lines
2.8 KiB
TypeScript
88 lines
2.8 KiB
TypeScript
import { describe, expect, it, vi } from "vitest";
|
|
|
|
const getProviderEnvVars = vi.hoisted(() => vi.fn(() => ["WHISPERX_API_KEY"]));
|
|
|
|
vi.mock("../secrets/provider-env-vars.js", () => ({
|
|
getProviderEnvVars,
|
|
}));
|
|
|
|
describe("provider auth env trust", () => {
|
|
it("buildApiKeyCredential excludes untrusted workspace plugin env vars for ref mode", async () => {
|
|
const { buildApiKeyCredential } = await import("./provider-auth-helpers.js");
|
|
const config = { plugins: {} };
|
|
|
|
const credential = buildApiKeyCredential("whisperx", "secret-value", undefined, {
|
|
secretInputMode: "ref",
|
|
config,
|
|
});
|
|
|
|
expect(getProviderEnvVars).toHaveBeenCalledWith("whisperx", {
|
|
config,
|
|
includeUntrustedWorkspacePlugins: false,
|
|
});
|
|
expect(credential).toMatchObject({
|
|
keyRef: { source: "env", provider: "default", id: "WHISPERX_API_KEY" },
|
|
});
|
|
});
|
|
|
|
it("buildApiKeyCredential keeps secret-ref-like input literal in plaintext mode", async () => {
|
|
const { buildApiKeyCredential } = await import("./provider-auth-helpers.js");
|
|
|
|
const credential = buildApiKeyCredential("ollama", "${AWS_SECRET_ACCESS_KEY}", undefined, {
|
|
secretInputMode: "plaintext",
|
|
});
|
|
|
|
expect(credential).toEqual({
|
|
type: "api_key",
|
|
provider: "ollama",
|
|
key: "${AWS_SECRET_ACCESS_KEY}",
|
|
});
|
|
});
|
|
|
|
it("resolveRefFallbackInput excludes untrusted workspace plugin env vars", async () => {
|
|
const { resolveRefFallbackInput } = await import("./provider-auth-ref.js");
|
|
const config = { plugins: {} };
|
|
|
|
const result = resolveRefFallbackInput({
|
|
config,
|
|
provider: "whisperx",
|
|
env: { WHISPERX_API_KEY: "test-secret" },
|
|
});
|
|
|
|
expect(getProviderEnvVars).toHaveBeenCalledWith("whisperx", {
|
|
config,
|
|
includeUntrustedWorkspacePlugins: false,
|
|
});
|
|
expect(result).toMatchObject({
|
|
ref: { source: "env", provider: "default", id: "WHISPERX_API_KEY" },
|
|
resolvedValue: "test-secret",
|
|
});
|
|
});
|
|
|
|
it("promptSecretRefForSetup keeps config-aware trusted env var suggestions", async () => {
|
|
const { promptSecretRefForSetup } = await import("./provider-auth-ref.js");
|
|
const config = { plugins: { allow: ["workspace-audio"] } };
|
|
const prompter = {
|
|
select: vi.fn(async () => "env"),
|
|
text: vi.fn(async () => "WHISPERX_API_KEY"),
|
|
note: vi.fn(async () => {}),
|
|
};
|
|
|
|
const result = await promptSecretRefForSetup({
|
|
config,
|
|
provider: "whisperx",
|
|
prompter: prompter as never,
|
|
env: { WHISPERX_API_KEY: "test-secret" },
|
|
});
|
|
|
|
expect(getProviderEnvVars).toHaveBeenCalledWith("whisperx", {
|
|
config,
|
|
includeUntrustedWorkspacePlugins: false,
|
|
});
|
|
expect(result).toMatchObject({
|
|
ref: { source: "env", provider: "default", id: "WHISPERX_API_KEY" },
|
|
resolvedValue: "test-secret",
|
|
});
|
|
});
|
|
});
|