mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-18 23:21:35 +00:00
* fix(openai): bound Codex OAuth token response body reads with readResponseWithLimit Replace unbounded response.arrayBuffer() in postTokenForm with readResponseWithLimit using a 1 MiB cap to prevent OOM from oversized token endpoint responses. Add real node:http loopback server tests. * fix(openai): wrap readResponseWithLimit result in Uint8Array for TS BodyInit compat - Fixes TS2345: Buffer<ArrayBufferLike> not assignable to BodyInit - Resolves check-prod-types, check-test-types, and check-additional-extension-package-boundary CI failures Ref. https://github.com/openclaw/openclaw/pull/99479 * test(openai): verify OAuth response release --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
278 lines
8.6 KiB
TypeScript
278 lines
8.6 KiB
TypeScript
// Openai tests cover openai chatgpt oauth flow plugin behavior.
|
|
import { createServer, type Server } from "node:http";
|
|
import { afterEach, describe, expect, it, vi } from "vitest";
|
|
|
|
const ssrfMocks = vi.hoisted(() => ({
|
|
fetchWithSsrFGuard: vi.fn(),
|
|
}));
|
|
|
|
vi.mock("openclaw/plugin-sdk/ssrf-runtime", () => ({
|
|
fetchWithSsrFGuard: ssrfMocks.fetchWithSsrFGuard,
|
|
}));
|
|
|
|
import { openaiCodexOAuthProvider, testing } from "./openai-chatgpt-oauth-flow.runtime.js";
|
|
|
|
function timeoutError(): Error {
|
|
return new DOMException("timed out", "TimeoutError");
|
|
}
|
|
|
|
function mockTokenResponse(body: unknown, status = 200): void {
|
|
mockTokenResponseText(JSON.stringify(body), status);
|
|
}
|
|
|
|
function mockTokenResponseText(body: string, status = 200): void {
|
|
ssrfMocks.fetchWithSsrFGuard.mockResolvedValueOnce({
|
|
response: new Response(body, {
|
|
status,
|
|
headers: { "Content-Type": "application/json" },
|
|
}),
|
|
release: vi.fn(async () => undefined),
|
|
});
|
|
}
|
|
|
|
afterEach(() => {
|
|
ssrfMocks.fetchWithSsrFGuard.mockReset();
|
|
});
|
|
|
|
describe("OpenAI Codex OAuth flow", () => {
|
|
it("cancels provider login before opening the OAuth flow", async () => {
|
|
const controller = new AbortController();
|
|
controller.abort();
|
|
|
|
await expect(
|
|
openaiCodexOAuthProvider.login({
|
|
onAuth: vi.fn(),
|
|
onPrompt: vi.fn(async () => "unused-code"),
|
|
signal: controller.signal,
|
|
}),
|
|
).rejects.toThrow("Login cancelled");
|
|
});
|
|
|
|
it("does not open the OAuth flow after cancellation during setup", async () => {
|
|
const controller = new AbortController();
|
|
const onAuth = vi.fn();
|
|
const loginPromise = openaiCodexOAuthProvider.login({
|
|
onAuth,
|
|
onPrompt: vi.fn(async () => "unused-code"),
|
|
signal: controller.signal,
|
|
});
|
|
|
|
controller.abort();
|
|
|
|
await expect(loginPromise).rejects.toThrow("Login cancelled");
|
|
expect(onAuth).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("waits for Node OAuth runtime before creating an authorization flow", async () => {
|
|
const flow = await testing.createAuthorizationFlow("openclaw-test");
|
|
const url = new URL(flow.url);
|
|
|
|
expect(flow.state).toMatch(/^[a-f0-9]{32}$/u);
|
|
expect(url.searchParams.get("state")).toBe(flow.state);
|
|
expect(url.searchParams.get("originator")).toBe("openclaw-test");
|
|
const redirectUri = url.searchParams.get("redirect_uri");
|
|
expect(redirectUri).toBeTruthy();
|
|
expect(flow.redirectUri).toBe(redirectUri);
|
|
expect(testing.callbackHost).toBe(new URL(redirectUri ?? "").hostname);
|
|
});
|
|
|
|
it("builds callback redirect URIs from the configured loopback host", () => {
|
|
expect(testing.resolveRedirectUri("127.0.0.1")).toBe("http://127.0.0.1:1455/auth/callback");
|
|
});
|
|
|
|
it("rejects non-loopback callback bind hosts", () => {
|
|
expect(() => testing.resolveCallbackHost({ OPENCLAW_OAUTH_CALLBACK_HOST: "0.0.0.0" })).toThrow(
|
|
"callback host must be localhost, 127.0.0.1, or ::1",
|
|
);
|
|
});
|
|
|
|
it("times out token exchange requests", async () => {
|
|
ssrfMocks.fetchWithSsrFGuard.mockRejectedValueOnce(timeoutError());
|
|
|
|
const result = await testing.exchangeAuthorizationCode(
|
|
"code",
|
|
"verifier",
|
|
testing.resolveRedirectUri("localhost"),
|
|
{ timeoutMs: 5 },
|
|
);
|
|
|
|
expect(ssrfMocks.fetchWithSsrFGuard).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
auditContext: "openai-chatgpt-oauth-token",
|
|
timeoutMs: 5,
|
|
}),
|
|
);
|
|
expect(result).toMatchObject({
|
|
type: "failed",
|
|
message: "OpenAI Codex token exchange timed out after 5ms",
|
|
});
|
|
});
|
|
|
|
it("cancels token exchange requests with the caller signal", async () => {
|
|
const controller = new AbortController();
|
|
controller.abort();
|
|
|
|
const result = await testing.exchangeAuthorizationCode(
|
|
"code",
|
|
"verifier",
|
|
testing.resolveRedirectUri("localhost"),
|
|
{ signal: controller.signal, timeoutMs: 5 },
|
|
);
|
|
|
|
expect(ssrfMocks.fetchWithSsrFGuard).not.toHaveBeenCalled();
|
|
expect(result).toMatchObject({
|
|
type: "failed",
|
|
message: "Login cancelled",
|
|
});
|
|
});
|
|
|
|
it("rejects unsafe token exchange lifetimes", async () => {
|
|
mockTokenResponseText(
|
|
'{"access_token":"access-token","refresh_token":"refresh-token","expires_in":1e309}',
|
|
);
|
|
|
|
const result = await testing.exchangeAuthorizationCode(
|
|
"code",
|
|
"verifier",
|
|
testing.resolveRedirectUri("localhost"),
|
|
{ timeoutMs: 5 },
|
|
);
|
|
|
|
expect(result).toEqual({
|
|
type: "failed",
|
|
message: "OpenAI Codex token exchange response missing fields: expires_in",
|
|
});
|
|
});
|
|
|
|
it("times out token refresh requests", async () => {
|
|
ssrfMocks.fetchWithSsrFGuard.mockRejectedValueOnce(timeoutError());
|
|
|
|
const result = await testing.refreshAccessToken("old-refresh-token", { timeoutMs: 5 });
|
|
|
|
expect(ssrfMocks.fetchWithSsrFGuard).toHaveBeenCalledWith(
|
|
expect.objectContaining({
|
|
auditContext: "openai-chatgpt-oauth-token",
|
|
timeoutMs: 5,
|
|
}),
|
|
);
|
|
expect(result).toMatchObject({
|
|
type: "failed",
|
|
message: "OpenAI Codex token refresh timed out after 5ms",
|
|
});
|
|
});
|
|
|
|
it("rejects non-positive token refresh lifetimes", async () => {
|
|
mockTokenResponse({
|
|
access_token: "access-token",
|
|
refresh_token: "refresh-token",
|
|
expires_in: 0,
|
|
});
|
|
|
|
const result = await testing.refreshAccessToken("old-refresh-token", { timeoutMs: 5 });
|
|
|
|
expect(result).toEqual({
|
|
type: "failed",
|
|
message: "OpenAI Codex token refresh response missing fields: expires_in",
|
|
});
|
|
});
|
|
});
|
|
|
|
async function listenLoopbackServer(server: Server): Promise<number> {
|
|
return await new Promise<number>((resolve, reject) => {
|
|
server.once("error", reject);
|
|
server.listen(0, "127.0.0.1", () => {
|
|
server.off("error", reject);
|
|
const address = server.address();
|
|
if (!address || typeof address === "string") {
|
|
reject(new Error("expected loopback TCP address"));
|
|
return;
|
|
}
|
|
resolve(address.port);
|
|
});
|
|
});
|
|
}
|
|
|
|
async function closeServer(server: Server): Promise<void> {
|
|
await new Promise<void>((resolve) => {
|
|
server.close(() => resolve());
|
|
});
|
|
}
|
|
|
|
describe("OpenAI Codex OAuth bounded token response reads", () => {
|
|
it("reads under-cap token exchange responses from a real loopback HTTP server", async () => {
|
|
const validPayload = {
|
|
access_token: "access-token-loopback",
|
|
refresh_token: "refresh-token-loopback",
|
|
expires_in: 3600,
|
|
};
|
|
const server = createServer((_req, res) => {
|
|
res.writeHead(200, { "content-type": "application/json" });
|
|
res.end(JSON.stringify(validPayload));
|
|
});
|
|
const port = await listenLoopbackServer(server);
|
|
const release = vi.fn(async () => undefined);
|
|
|
|
try {
|
|
ssrfMocks.fetchWithSsrFGuard.mockImplementation(async ({ init, signal }) => {
|
|
const response = await globalThis.fetch(`http://127.0.0.1:${port}`, {
|
|
...init,
|
|
signal,
|
|
});
|
|
return { response, release };
|
|
});
|
|
|
|
const result = await testing.exchangeAuthorizationCode(
|
|
"code-loopback",
|
|
"verifier-loopback",
|
|
"http://localhost:1455/auth/callback",
|
|
{ timeoutMs: 5000 },
|
|
);
|
|
|
|
expect(result).toMatchObject({
|
|
type: "success",
|
|
access: "access-token-loopback",
|
|
refresh: "refresh-token-loopback",
|
|
});
|
|
expect(
|
|
(result as { type: "success"; access: string; refresh: string; expires: number }).expires,
|
|
).toBeGreaterThan(0);
|
|
expect(release).toHaveBeenCalledOnce();
|
|
} finally {
|
|
await closeServer(server);
|
|
}
|
|
});
|
|
|
|
it("rejects oversized token exchange responses from a real loopback HTTP server", async () => {
|
|
const oversizedPayload = "o".repeat(2 * 1024 * 1024); // 2 MiB > 1 MiB cap
|
|
const server = createServer((_req, res) => {
|
|
res.writeHead(200, { "content-type": "application/json" });
|
|
res.end(oversizedPayload);
|
|
});
|
|
const port = await listenLoopbackServer(server);
|
|
const release = vi.fn(async () => undefined);
|
|
|
|
try {
|
|
ssrfMocks.fetchWithSsrFGuard.mockImplementation(async ({ init, signal }) => {
|
|
const response = await globalThis.fetch(`http://127.0.0.1:${port}`, {
|
|
...init,
|
|
signal,
|
|
});
|
|
return { response, release };
|
|
});
|
|
|
|
const result = await testing.exchangeAuthorizationCode(
|
|
"code-loopback",
|
|
"verifier-loopback",
|
|
"http://localhost:1455/auth/callback",
|
|
{ timeoutMs: 5000 },
|
|
);
|
|
|
|
expect(result).toMatchObject({ type: "failed" });
|
|
expect((result as { type: "failed"; message: string }).message).toContain("too large");
|
|
expect(release).toHaveBeenCalledOnce();
|
|
} finally {
|
|
await closeServer(server);
|
|
}
|
|
});
|
|
});
|