Files
FlowPilot/tests/background-cpa-state-plumbing.test.js
T
cnxwzy f9f8df19d3 fix: harden CPA auth flow with API callback/state checks
Move CPA oauth url/callback handling to management API first, persist state/origin runtime keys, and fail fast on invalid callback or missing management auth to reduce flaky panel-driven auth failures.
2026-04-27 19:13:22 +08:00

40 lines
1.4 KiB
JavaScript

const test = require('node:test');
const assert = require('node:assert/strict');
const fs = require('node:fs');
test('background step-1 state plumbing persists and resets cpa oauth runtime keys', () => {
const source = fs.readFileSync('background.js', 'utf8');
assert.match(source, /cpaOAuthState:\s*null/);
assert.match(source, /cpaManagementOrigin:\s*null/);
assert.match(source, /payload\.cpaOAuthState[^\n]*updates\.cpaOAuthState/);
assert.match(source, /payload\.cpaManagementOrigin[^\n]*updates\.cpaManagementOrigin/);
assert.match(source, /if \(step <= 1\) \{[\s\S]*cpaOAuthState:\s*null,[\s\S]*cpaManagementOrigin:\s*null,/);
});
test('message router step-1 handler stores cpa oauth runtime keys', async () => {
const source = fs.readFileSync('background/message-router.js', 'utf8');
const globalScope = {};
const api = new Function('self', `${source}; return self.MultiPageBackgroundMessageRouter;`)(globalScope);
const updates = [];
const router = api.createMessageRouter({
broadcastDataUpdate: () => {},
setState: async (payload) => {
updates.push(payload);
},
});
await router.handleStepData(1, {
cpaOAuthState: 'oauth-state-1',
cpaManagementOrigin: 'http://localhost:8317',
});
assert.deepStrictEqual(updates, [
{
cpaOAuthState: 'oauth-state-1',
cpaManagementOrigin: 'http://localhost:8317',
},
]);
});