mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-10 18:46:07 +00:00
* fix(ios): defer QR pairing after scanner dismissal * fix(ios): process QR pairing after scanner dismissal * fix(ios): harden QR scanner handoff * fix(ios): give QR scanner dismissal more time * fix(ios): keep onboarding open for QR trust prompt * fix(ios): keep QR trust prompt owned by onboarding * fix(ios): recover operator pairing after QR bootstrap * fix(ios): cancel stale QR scanner handoffs Co-authored-by: PollyBot13 <pollybot13@gmail.com> * fix(ios): defer QR setup until onboarding closes * fix(ios): keep QR setup links with visible settings * fix(ios): consume setup links during onboarding * fix(ios): handle setup links during onboarding launch * fix(ios): route setup links through active onboarding * fix(ios): harden QR gateway handoff * fix(ios): cancel superseded gateway attempts * fix(ios): serialize scanner result delivery * fix(ios): prevent stale gateway reconnects * fix(ios): serialize gateway target handoff * fix(ios): disable stale gateway relaunch route * fix(ios): await staged bootstrap reset * test(ios): bound gateway reset handoff * fix(ios): preserve explicit gateway handoff * fix(ios): harden gateway lifecycle ownership * chore(ios): sync native i18n inventory * test(ios): align gateway ownership assertions * refactor(ios): remove superseded gateway helpers * fix(ios): keep gateway auth route scoped * fix(ios): restore gateway target review state * fix(protocol): refresh Swift plugin approval model * test(ios): isolate state directory overrides * fix(ios): preserve watch alerts across gateway switches * fix(ios): bind deferred work to gateway ownership * docs(changelog): credit iOS gateway handoff fix * chore(i18n): sync native app inventory * test(ios): remove unused Watch approval hooks --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
150 lines
6.1 KiB
Swift
150 lines
6.1 KiB
Swift
import Foundation
|
|
import Testing
|
|
@testable import OpenClaw
|
|
@testable import OpenClawKit
|
|
|
|
struct TerminalHubScreenTests {
|
|
private static func makeConfig(
|
|
url: URL,
|
|
token: String? = nil,
|
|
password: String? = nil,
|
|
allowStoredDeviceAuth: Bool = true,
|
|
deviceAuthGatewayID: String? = nil) -> GatewayConnectConfig
|
|
{
|
|
GatewayConnectConfig(
|
|
url: url,
|
|
stableID: "manual|gateway.example.com|443",
|
|
tls: nil,
|
|
token: token,
|
|
bootstrapToken: nil,
|
|
password: password,
|
|
nodeOptions: GatewayConnectOptions(
|
|
role: "node",
|
|
scopes: [],
|
|
caps: [],
|
|
commands: [],
|
|
permissions: [:],
|
|
clientId: "ios",
|
|
clientMode: "node",
|
|
clientDisplayName: "Phone",
|
|
allowStoredDeviceAuth: allowStoredDeviceAuth,
|
|
deviceAuthGatewayID: deviceAuthGatewayID))
|
|
}
|
|
|
|
@Test func `terminal URL flips scheme and carries only view parameter`() throws {
|
|
let config = try Self.makeConfig(
|
|
url: #require(URL(string: "wss://gateway.example.com:8443/ws")),
|
|
token: "secret-token")
|
|
|
|
let url = TerminalHubScreen.terminalURL(config: config)
|
|
|
|
#expect(url?.absoluteString == "https://gateway.example.com:8443/?view=terminal")
|
|
// Credentials must never ride in the page URL; they travel via the
|
|
// document-start auth user script instead.
|
|
#expect(url?.absoluteString.contains("secret-token") == false)
|
|
}
|
|
|
|
@Test func `terminal URL uses plain HTTP for insecure endpoints`() throws {
|
|
let config = try Self.makeConfig(url: #require(URL(string: "ws://192.168.1.10:18789")))
|
|
|
|
let url = TerminalHubScreen.terminalURL(config: config)
|
|
|
|
#expect(url?.absoluteString == "http://192.168.1.10:18789/?view=terminal")
|
|
}
|
|
|
|
@Test func `auth user script carries credentials gated to the page origin`() throws {
|
|
let config = try Self.makeConfig(
|
|
url: #require(URL(string: "wss://gateway.example.com:8443")),
|
|
token: " secret-token ",
|
|
password: "fallback-password")
|
|
|
|
let script = TerminalHubScreen.terminalAuthUserScript(config: config)
|
|
|
|
#expect(script?.contains("__OPENCLAW_NATIVE_CONTROL_AUTH__") == true)
|
|
// JSONSerialization escapes forward slashes, hence the `\/` literals.
|
|
#expect(script?.contains("\"https:\\/\\/gateway.example.com:8443\"") == true)
|
|
#expect(script?.contains("\"token\":\"secret-token\"") == true)
|
|
#expect(script?.contains("\"password\":\"fallback-password\"") == true)
|
|
#expect(script?.contains("\"gatewayUrl\":\"wss:\\/\\/gateway.example.com:8443\"") == true)
|
|
}
|
|
|
|
@Test func `auth user script falls back to stored operator token`() throws {
|
|
let config = try Self.makeConfig(
|
|
url: #require(URL(string: "wss://gateway.example.com:8443")),
|
|
token: nil,
|
|
password: nil)
|
|
|
|
let script = TerminalHubScreen.terminalAuthUserScript(
|
|
config: config,
|
|
storedOperatorToken: " stored-token ")
|
|
|
|
#expect(script?.contains("\"token\":\"stored-token\"") == true)
|
|
}
|
|
|
|
@Test func `auth user script loads the active gateway scoped operator token`() throws {
|
|
let gatewayID = "manual|terminal-\(UUID().uuidString)|443"
|
|
let identity = DeviceIdentityStore.loadOrCreate()
|
|
defer {
|
|
DeviceAuthStore.clearToken(
|
|
deviceId: identity.deviceId,
|
|
role: "operator",
|
|
gatewayID: gatewayID)
|
|
}
|
|
#expect(DeviceAuthStore.storeToken(
|
|
deviceId: identity.deviceId,
|
|
role: "operator",
|
|
token: "scoped-terminal-token",
|
|
gatewayID: gatewayID).token == "scoped-terminal-token")
|
|
let config = try Self.makeConfig(
|
|
url: #require(URL(string: "wss://gateway.example.com:8443")),
|
|
deviceAuthGatewayID: gatewayID)
|
|
|
|
let script = TerminalHubScreen.terminalAuthUserScript(config: config)
|
|
|
|
#expect(script?.contains("\"token\":\"scoped-terminal-token\"") == true)
|
|
}
|
|
|
|
@Test func `auth user script honors stored device auth suppression`() throws {
|
|
let gatewayID = "manual|terminal-suppressed-\(UUID().uuidString)|443"
|
|
let identity = DeviceIdentityStore.loadOrCreate()
|
|
defer {
|
|
DeviceAuthStore.clearToken(
|
|
deviceId: identity.deviceId,
|
|
role: "operator",
|
|
gatewayID: gatewayID)
|
|
}
|
|
#expect(DeviceAuthStore.storeToken(
|
|
deviceId: identity.deviceId,
|
|
role: "operator",
|
|
token: "stale-terminal-token",
|
|
gatewayID: gatewayID).token == "stale-terminal-token")
|
|
let config = try Self.makeConfig(
|
|
url: #require(URL(string: "wss://gateway.example.com:8443")),
|
|
password: "replacement-password",
|
|
allowStoredDeviceAuth: false,
|
|
deviceAuthGatewayID: gatewayID)
|
|
|
|
let script = TerminalHubScreen.terminalAuthUserScript(config: config)
|
|
|
|
#expect(script?.contains("stale-terminal-token") == false)
|
|
#expect(script?.contains("\"password\":\"replacement-password\"") == true)
|
|
}
|
|
|
|
@Test func `web content identity changes with stored operator token`() throws {
|
|
let config = try Self.makeConfig(url: #require(URL(string: "wss://gateway.example.com")))
|
|
|
|
#expect(
|
|
TerminalHubScreen.webContentIdentity(config: config, storedOperatorToken: "token-a") !=
|
|
TerminalHubScreen.webContentIdentity(config: config, storedOperatorToken: "token-b"))
|
|
}
|
|
|
|
@Test func `auth user script is omitted without credentials`() throws {
|
|
let config = try Self.makeConfig(url: #require(URL(string: "wss://gateway.example.com")), token: " ")
|
|
|
|
#expect(
|
|
TerminalHubScreen.terminalAuthUserScript(config: config, storedOperatorToken: nil) == nil)
|
|
#expect(
|
|
TerminalHubScreen.terminalAuthUserScript(config: nil, storedOperatorToken: nil) == nil)
|
|
}
|
|
}
|