42e3d8d693
* Secrets: add inline allowlist review set * Secrets: narrow detect-secrets file exclusions * Secrets: exclude Docker fingerprint false positive * Secrets: allowlist test and docs false positives * Secrets: refresh baseline after allowlist updates * Secrets: fix gateway chat fixture pragma * Secrets: format pre-commit config * Android: keep talk mode fixture JSON valid * Feishu: rely on client timeout injection * Secrets: allowlist provider auth test fixtures * Secrets: allowlist onboard search fixtures * Secrets: allowlist onboard mode fixture * Secrets: allowlist gateway auth mode fixture * Secrets: allowlist APNS wake test key * Secrets: allowlist gateway reload fixtures * Secrets: allowlist moonshot video fixture * Secrets: allowlist auto audio fixture * Secrets: allowlist tiny audio fixture * Secrets: allowlist embeddings fixtures * Secrets: allowlist resolve fixtures * Secrets: allowlist target registry pattern fixtures * Secrets: allowlist gateway chat env fixture * Secrets: refresh baseline after fixture allowlists * Secrets: reapply gateway chat env allowlist * Secrets: reapply gateway chat env allowlist * Secrets: stabilize gateway chat env allowlist * Secrets: allowlist runtime snapshot save fixture * Secrets: allowlist oauth profile fixtures * Secrets: allowlist compaction identifier fixture * Secrets: allowlist model auth fixture * Secrets: allowlist model status fixtures * Secrets: allowlist custom onboarding fixture * Secrets: allowlist mattermost token summary fixtures * Secrets: allowlist gateway auth suite fixtures * Secrets: allowlist channel summary fixture * Secrets: allowlist provider usage auth fixtures * Secrets: allowlist media proxy fixture * Secrets: allowlist secrets audit fixtures * Secrets: refresh baseline after final fixture allowlists * Feishu: prefer explicit client timeout * Feishu: test direct timeout precedence
77 lines
2.2 KiB
TypeScript
77 lines
2.2 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import type { OpenClawConfig } from "../config/config.js";
|
|
import {
|
|
assertExplicitGatewayAuthModeWhenBothConfigured,
|
|
EXPLICIT_GATEWAY_AUTH_MODE_REQUIRED_ERROR,
|
|
hasAmbiguousGatewayAuthModeConfig,
|
|
} from "./auth-mode-policy.js";
|
|
|
|
describe("gateway auth mode policy", () => {
|
|
it("does not flag config when auth mode is explicit", () => {
|
|
const cfg: OpenClawConfig = {
|
|
gateway: {
|
|
auth: {
|
|
mode: "token",
|
|
token: "token-value",
|
|
password: "password-value", // pragma: allowlist secret
|
|
},
|
|
},
|
|
};
|
|
expect(hasAmbiguousGatewayAuthModeConfig(cfg)).toBe(false);
|
|
});
|
|
|
|
it("does not flag config when only one auth credential is configured", () => {
|
|
const cfg: OpenClawConfig = {
|
|
gateway: {
|
|
auth: {
|
|
token: "token-value",
|
|
},
|
|
},
|
|
};
|
|
expect(hasAmbiguousGatewayAuthModeConfig(cfg)).toBe(false);
|
|
});
|
|
|
|
it("flags config when both token and password are configured and mode is unset", () => {
|
|
const cfg: OpenClawConfig = {
|
|
gateway: {
|
|
auth: {
|
|
token: "token-value",
|
|
password: "password-value", // pragma: allowlist secret
|
|
},
|
|
},
|
|
};
|
|
expect(hasAmbiguousGatewayAuthModeConfig(cfg)).toBe(true);
|
|
});
|
|
|
|
it("flags config when both token/password SecretRefs are configured and mode is unset", () => {
|
|
const cfg: OpenClawConfig = {
|
|
gateway: {
|
|
auth: {
|
|
token: { source: "env", provider: "default", id: "GW_TOKEN" },
|
|
password: { source: "env", provider: "default", id: "GW_PASSWORD" },
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
};
|
|
expect(hasAmbiguousGatewayAuthModeConfig(cfg)).toBe(true);
|
|
});
|
|
|
|
it("throws the shared explicit-mode error for ambiguous dual auth config", () => {
|
|
const cfg: OpenClawConfig = {
|
|
gateway: {
|
|
auth: {
|
|
token: "token-value",
|
|
password: "password-value", // pragma: allowlist secret
|
|
},
|
|
},
|
|
};
|
|
expect(() => assertExplicitGatewayAuthModeWhenBothConfigured(cfg)).toThrow(
|
|
EXPLICIT_GATEWAY_AUTH_MODE_REQUIRED_ERROR,
|
|
);
|
|
});
|
|
});
|