(stateDir: string)
| 135 | } |
| 136 | |
| 137 | function testTransactionalTokenRotation(stateDir: string): void { |
| 138 | const store = new SqliteOAuthStore(stateDir); |
| 139 | try { |
| 140 | const client = new SqliteOAuthClientsStore(store, oauthConfig.allowedRedirectHosts).registerClient({ |
| 141 | redirect_uris: [redirectUri], |
| 142 | }); |
| 143 | const expiresAt = Math.floor(Date.now() / 1000) + 3600; |
| 144 | store.saveRefreshToken("old-refresh-hash", { |
| 145 | clientId: client.client_id, |
| 146 | scopes: ["devspace"], |
| 147 | expiresAt, |
| 148 | }); |
| 149 | |
| 150 | assert.equal( |
| 151 | store.saveTokenPair( |
| 152 | { |
| 153 | accessTokenHash: "new-access-hash", |
| 154 | accessToken: { clientId: client.client_id, scopes: ["devspace"], expiresAt }, |
| 155 | refreshTokenHash: "new-refresh-hash", |
| 156 | refreshToken: { clientId: client.client_id, scopes: ["devspace"], expiresAt }, |
| 157 | }, |
| 158 | "old-refresh-hash", |
| 159 | ), |
| 160 | true, |
| 161 | ); |
| 162 | assert.equal(store.getRefreshToken("old-refresh-hash"), undefined); |
| 163 | assert.ok(store.getAccessToken("new-access-hash")); |
| 164 | assert.ok(store.getRefreshToken("new-refresh-hash")); |
| 165 | |
| 166 | assert.equal( |
| 167 | store.saveTokenPair( |
| 168 | { |
| 169 | accessTokenHash: "losing-access-hash", |
| 170 | accessToken: { clientId: client.client_id, scopes: ["devspace"], expiresAt }, |
| 171 | refreshTokenHash: "losing-refresh-hash", |
| 172 | refreshToken: { clientId: client.client_id, scopes: ["devspace"], expiresAt }, |
| 173 | }, |
| 174 | "old-refresh-hash", |
| 175 | ), |
| 176 | false, |
| 177 | ); |
| 178 | assert.equal(store.getAccessToken("losing-access-hash"), undefined); |
| 179 | assert.equal(store.getRefreshToken("losing-refresh-hash"), undefined); |
| 180 | } finally { |
| 181 | store.close(); |
| 182 | } |
| 183 | } |
| 184 | |
| 185 | async function testProviderRestartRotationAndRevocation(stateDir: string): Promise<void> { |
| 186 | const firstProvider = new SingleUserOAuthProvider(oauthConfig, mcpUrl, stateDir); |
no test coverage detected