vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 10:40:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
daabbce9a000604a0975f3ac7af890935bb29fba
openclaw/extensions/openai/openai-codex-cli-auth.test.ts
Vincent Koc 3587e0ef95 fix(codex): keep auth read diagnostics off stdout (#66451) 
* fix(codex): keep auth read diagnostics off stdout

* docs(changelog): fix codex auth entry

* fix(codex): sanitize auth read diagnostics

* Update CHANGELOG.md
2026-04-14 11:13:57 +01:00

149 lines
3.9 KiB
TypeScript
Raw Blame History

import fs from "node:fs";
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
const runtimeMocks = vi.hoisted(() => ({
debug: vi.fn(),
}));
vi.mock("openclaw/plugin-sdk/runtime-env", () => ({
createSubsystemLogger: () => ({
debug: runtimeMocks.debug,
}),
}));
import {
OPENAI_CODEX_DEFAULT_PROFILE_ID,
readOpenAICodexCliOAuthProfile,
} from "./openai-codex-cli-auth.js";
function buildJwt(payload: Record<string, unknown>) {
const encode = (value: Record<string, unknown>) =>
Buffer.from(JSON.stringify(value)).toString("base64url");
return `${encode({ alg: "none", typ: "JWT" })}.${encode(payload)}.sig`;
}
describe("readOpenAICodexCliOAuthProfile", () => {
beforeEach(() => {
vi.clearAllMocks();
});
afterEach(() => {
vi.restoreAllMocks();
});
it("reads Codex CLI chatgpt auth into the default OpenAI Codex profile", () => {
const accessToken = buildJwt({
exp: Math.floor(Date.now() / 1000) + 600,
"https://api.openai.com/profile": {
email: "codex@example.com",
},
});
vi.spyOn(fs, "readFileSync").mockReturnValue(
JSON.stringify({
auth_mode: "chatgpt",
tokens: {
access_token: accessToken,
refresh_token: "refresh-token",
account_id: "acct_123",
},
}),
);
const parsed = readOpenAICodexCliOAuthProfile({
store: { version: 1, profiles: {} },
});
expect(parsed).toMatchObject({
profileId: OPENAI_CODEX_DEFAULT_PROFILE_ID,
credential: {
type: "oauth",
provider: "openai-codex",
access: accessToken,
refresh: "refresh-token",
accountId: "acct_123",
email: "codex@example.com",
},
});
expect(parsed?.credential.expires).toBeGreaterThan(Date.now());
});
it("does not override a locally managed OpenAI Codex profile", () => {
vi.spyOn(fs, "readFileSync").mockReturnValue(
JSON.stringify({
auth_mode: "chatgpt",
tokens: {
access_token: "access-token",
refresh_token: "refresh-token",
},
}),
);
const parsed = readOpenAICodexCliOAuthProfile({
store: {
version: 1,
profiles: {
[OPENAI_CODEX_DEFAULT_PROFILE_ID]: {
type: "oauth",
provider: "openai-codex",
access: "local-access",
refresh: "local-refresh",
expires: Date.now() + 60_000,
},
},
},
});
expect(parsed).toBeNull();
});
it("returns null without logging when the Codex CLI auth file is missing", () => {
const error = Object.assign(new Error("missing"), {
code: "ENOENT",
});
vi.spyOn(fs, "readFileSync").mockImplementation(() => {
throw error;
});
const parsed = readOpenAICodexCliOAuthProfile({
store: { version: 1, profiles: {} },
});
expect(parsed).toBeNull();
expect(runtimeMocks.debug).not.toHaveBeenCalled();
});
it("logs a sanitized code for invalid auth JSON", () => {
vi.spyOn(fs, "readFileSync").mockReturnValue("{");
const parsed = readOpenAICodexCliOAuthProfile({
store: { version: 1, profiles: {} },
});
expect(parsed).toBeNull();
expect(runtimeMocks.debug).toHaveBeenCalledWith(
"Failed to read Codex CLI auth file (code=INVALID_JSON)",
);
});
it("does not leak auth file paths in debug logs for filesystem failures", () => {
const error = Object.assign(
new Error("EACCES: permission denied, open '/Users/alice/.codex/auth.json'"),
{
code: "EACCES",
},
);
vi.spyOn(fs, "readFileSync").mockImplementation(() => {
throw error;
});
const parsed = readOpenAICodexCliOAuthProfile({
store: { version: 1, profiles: {} },
});
expect(parsed).toBeNull();
expect(runtimeMocks.debug).toHaveBeenCalledWith(
"Failed to read Codex CLI auth file (code=EACCES)",
);
});
});
Reference in New Issue View Git Blame Copy Permalink