Files
openclaw/apps/ios/Tests/TerminalHubScreenTests.swift
PollyBot13 a320f775f0 fix(ios): defer QR pairing after scanner dismissal (#99572)
* fix(ios): defer QR pairing after scanner dismissal

* fix(ios): process QR pairing after scanner dismissal

* fix(ios): harden QR scanner handoff

* fix(ios): give QR scanner dismissal more time

* fix(ios): keep onboarding open for QR trust prompt

* fix(ios): keep QR trust prompt owned by onboarding

* fix(ios): recover operator pairing after QR bootstrap

* fix(ios): cancel stale QR scanner handoffs

Co-authored-by: PollyBot13 <pollybot13@gmail.com>

* fix(ios): defer QR setup until onboarding closes

* fix(ios): keep QR setup links with visible settings

* fix(ios): consume setup links during onboarding

* fix(ios): handle setup links during onboarding launch

* fix(ios): route setup links through active onboarding

* fix(ios): harden QR gateway handoff

* fix(ios): cancel superseded gateway attempts

* fix(ios): serialize scanner result delivery

* fix(ios): prevent stale gateway reconnects

* fix(ios): serialize gateway target handoff

* fix(ios): disable stale gateway relaunch route

* fix(ios): await staged bootstrap reset

* test(ios): bound gateway reset handoff

* fix(ios): preserve explicit gateway handoff

* fix(ios): harden gateway lifecycle ownership

* chore(ios): sync native i18n inventory

* test(ios): align gateway ownership assertions

* refactor(ios): remove superseded gateway helpers

* fix(ios): keep gateway auth route scoped

* fix(ios): restore gateway target review state

* fix(protocol): refresh Swift plugin approval model

* test(ios): isolate state directory overrides

* fix(ios): preserve watch alerts across gateway switches

* fix(ios): bind deferred work to gateway ownership

* docs(changelog): credit iOS gateway handoff fix

* chore(i18n): sync native app inventory

* test(ios): remove unused Watch approval hooks

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-05 12:31:53 -07:00

150 lines
6.1 KiB
Swift

import Foundation
import Testing
@testable import OpenClaw
@testable import OpenClawKit
struct TerminalHubScreenTests {
private static func makeConfig(
url: URL,
token: String? = nil,
password: String? = nil,
allowStoredDeviceAuth: Bool = true,
deviceAuthGatewayID: String? = nil) -> GatewayConnectConfig
{
GatewayConnectConfig(
url: url,
stableID: "manual|gateway.example.com|443",
tls: nil,
token: token,
bootstrapToken: nil,
password: password,
nodeOptions: GatewayConnectOptions(
role: "node",
scopes: [],
caps: [],
commands: [],
permissions: [:],
clientId: "ios",
clientMode: "node",
clientDisplayName: "Phone",
allowStoredDeviceAuth: allowStoredDeviceAuth,
deviceAuthGatewayID: deviceAuthGatewayID))
}
@Test func `terminal URL flips scheme and carries only view parameter`() throws {
let config = try Self.makeConfig(
url: #require(URL(string: "wss://gateway.example.com:8443/ws")),
token: "secret-token")
let url = TerminalHubScreen.terminalURL(config: config)
#expect(url?.absoluteString == "https://gateway.example.com:8443/?view=terminal")
// Credentials must never ride in the page URL; they travel via the
// document-start auth user script instead.
#expect(url?.absoluteString.contains("secret-token") == false)
}
@Test func `terminal URL uses plain HTTP for insecure endpoints`() throws {
let config = try Self.makeConfig(url: #require(URL(string: "ws://192.168.1.10:18789")))
let url = TerminalHubScreen.terminalURL(config: config)
#expect(url?.absoluteString == "http://192.168.1.10:18789/?view=terminal")
}
@Test func `auth user script carries credentials gated to the page origin`() throws {
let config = try Self.makeConfig(
url: #require(URL(string: "wss://gateway.example.com:8443")),
token: " secret-token ",
password: "fallback-password")
let script = TerminalHubScreen.terminalAuthUserScript(config: config)
#expect(script?.contains("__OPENCLAW_NATIVE_CONTROL_AUTH__") == true)
// JSONSerialization escapes forward slashes, hence the `\/` literals.
#expect(script?.contains("\"https:\\/\\/gateway.example.com:8443\"") == true)
#expect(script?.contains("\"token\":\"secret-token\"") == true)
#expect(script?.contains("\"password\":\"fallback-password\"") == true)
#expect(script?.contains("\"gatewayUrl\":\"wss:\\/\\/gateway.example.com:8443\"") == true)
}
@Test func `auth user script falls back to stored operator token`() throws {
let config = try Self.makeConfig(
url: #require(URL(string: "wss://gateway.example.com:8443")),
token: nil,
password: nil)
let script = TerminalHubScreen.terminalAuthUserScript(
config: config,
storedOperatorToken: " stored-token ")
#expect(script?.contains("\"token\":\"stored-token\"") == true)
}
@Test func `auth user script loads the active gateway scoped operator token`() throws {
let gatewayID = "manual|terminal-\(UUID().uuidString)|443"
let identity = DeviceIdentityStore.loadOrCreate()
defer {
DeviceAuthStore.clearToken(
deviceId: identity.deviceId,
role: "operator",
gatewayID: gatewayID)
}
#expect(DeviceAuthStore.storeToken(
deviceId: identity.deviceId,
role: "operator",
token: "scoped-terminal-token",
gatewayID: gatewayID).token == "scoped-terminal-token")
let config = try Self.makeConfig(
url: #require(URL(string: "wss://gateway.example.com:8443")),
deviceAuthGatewayID: gatewayID)
let script = TerminalHubScreen.terminalAuthUserScript(config: config)
#expect(script?.contains("\"token\":\"scoped-terminal-token\"") == true)
}
@Test func `auth user script honors stored device auth suppression`() throws {
let gatewayID = "manual|terminal-suppressed-\(UUID().uuidString)|443"
let identity = DeviceIdentityStore.loadOrCreate()
defer {
DeviceAuthStore.clearToken(
deviceId: identity.deviceId,
role: "operator",
gatewayID: gatewayID)
}
#expect(DeviceAuthStore.storeToken(
deviceId: identity.deviceId,
role: "operator",
token: "stale-terminal-token",
gatewayID: gatewayID).token == "stale-terminal-token")
let config = try Self.makeConfig(
url: #require(URL(string: "wss://gateway.example.com:8443")),
password: "replacement-password",
allowStoredDeviceAuth: false,
deviceAuthGatewayID: gatewayID)
let script = TerminalHubScreen.terminalAuthUserScript(config: config)
#expect(script?.contains("stale-terminal-token") == false)
#expect(script?.contains("\"password\":\"replacement-password\"") == true)
}
@Test func `web content identity changes with stored operator token`() throws {
let config = try Self.makeConfig(url: #require(URL(string: "wss://gateway.example.com")))
#expect(
TerminalHubScreen.webContentIdentity(config: config, storedOperatorToken: "token-a") !=
TerminalHubScreen.webContentIdentity(config: config, storedOperatorToken: "token-b"))
}
@Test func `auth user script is omitted without credentials`() throws {
let config = try Self.makeConfig(url: #require(URL(string: "wss://gateway.example.com")), token: " ")
#expect(
TerminalHubScreen.terminalAuthUserScript(config: config, storedOperatorToken: nil) == nil)
#expect(
TerminalHubScreen.terminalAuthUserScript(config: nil, storedOperatorToken: nil) == nil)
}
}