test(chutes): require redirect URL in manual oauth

2026-02-19 18:39:20 -05:00 · 2026-02-15 04:16:12 +01:00
parent a324031801
commit cdeedd8093
2 changed files with 32 additions and 12 deletions
--- a/src/commands/auth-choice.e2e.test.ts
+++ b/src/commands/auth-choice.e2e.test.ts
@@ -1094,7 +1094,26 @@ describe("applyAuthChoice", () => {
    });
    vi.stubGlobal("fetch", fetchSpy);

-    const text = vi.fn().mockResolvedValue("code_manual");
+    const runtime: RuntimeEnv = {
+      log: vi.fn(),
+      error: vi.fn(),
+      exit: vi.fn((code: number) => {
+        throw new Error(`exit:${code}`);
+      }),
+    };
+    const text: WizardPrompter["text"] = vi.fn(async (params) => {
+      if (params.message === "Paste the redirect URL") {
+        const lastLog = runtime.log.mock.calls.at(-1)?.[0];
+        const urlLine = typeof lastLog === "string" ? lastLog : String(lastLog ?? "");
+        const urlMatch = urlLine.match(/https?:\/\/\S+/)?.[0] ?? "";
+        const state = urlMatch ? new URL(urlMatch).searchParams.get("state") : null;
+        if (!state) {
+          throw new Error("missing state in oauth URL");
+        }
+        return `?code=code_manual&state=${state}`;
+      }
+      return "code_manual";
+    });
    const select: WizardPrompter["select"] = vi.fn(
      async (params) => params.options[0]?.value as never,
    );
@@ -1109,13 +1128,6 @@ describe("applyAuthChoice", () => {
      confirm: vi.fn(async () => false),
      progress: vi.fn(() => ({ update: noop, stop: noop })),
    };
-    const runtime: RuntimeEnv = {
-      log: vi.fn(),
-      error: vi.fn(),
-      exit: vi.fn((code: number) => {
-        throw new Error(`exit:${code}`);
-      }),
-    };

    const result = await applyAuthChoice({
      authChoice: "chutes",
--- a/src/commands/chutes-oauth.e2e.test.ts
+++ b/src/commands/chutes-oauth.e2e.test.ts
@@ -73,7 +73,7 @@ describe("loginChutes", () => {
    expect(creds.email).toBe("local-user");
  });

-  it("supports manual flow with pasted code", async () => {
+  it("supports manual flow with pasted redirect URL", async () => {
    const fetchFn: typeof fetch = async (input) => {
      const url = urlToString(input);
      if (url === CHUTES_TOKEN_ENDPOINT) {
@@ -95,6 +95,7 @@ describe("loginChutes", () => {
      return new Response("not found", { status: 404 });
    };

+    let capturedState: string | null = null;
    const creds = await loginChutes({
      app: {
        clientId: "cid_test",
@@ -102,8 +103,15 @@ describe("loginChutes", () => {
        scopes: ["openid"],
      },
      manual: true,
-      onAuth: async () => {},
-      onPrompt: async () => "code_manual",
+      onAuth: async ({ url }) => {
+        capturedState = new URL(url).searchParams.get("state");
+      },
+      onPrompt: async () => {
+        if (!capturedState) {
+          throw new Error("missing state");
+        }
+        return `?code=code_manual&state=${capturedState}`;
+      },
      fetchFn,
    });

@@ -154,7 +162,7 @@ describe("loginChutes", () => {
        expect(parsed.searchParams.get("state")).toBe("state_456");
        expect(parsed.searchParams.get("state")).not.toBe("verifier_123");
      },
-      onPrompt: async () => "code_manual",
+      onPrompt: async () => "?code=code_manual&state=state_456",
      fetchFn,
    });