dcda8769cc
* feat(mcp-oauth): add oauth field to ClaudeCodeMcpServer schema Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * feat(mcp-oauth): add RFC 7591 Dynamic Client Registration * feat(mcp-oauth): add RFC 9728 PRM + RFC 8414 AS discovery * feat(mcp-oauth): add secure token storage with {host}/{resource} key format * feat(mcp-oauth): add dynamic port OAuth callback server * feat(mcp-oauth): add RFC 8707 Resource Indicators * feat(mcp-oauth): implement full-spec McpOAuthProvider * feat(mcp-oauth): add step-up authorization handler * feat(mcp-oauth): integrate authProvider into SkillMcpManager * feat(doctor): add MCP OAuth token status check * feat(cli): add mcp oauth subcommand structure * feat(cli): implement mcp oauth login command * fix(mcp-oauth): address cubic review — security, correctness, and test issues - Remove @ts-nocheck from provider.ts, storage.ts, provider.test.ts - Fix server resource leak on missing code/state (close + reject) - Fix command injection in openBrowser (spawn array args, cross-platform) - Mock McpOAuthProvider in login.test.ts for deterministic CI - Recreate auth provider with merged scopes in step-up flow - Add listAllTokens() for global status listing - Fix logout to accept --server-url for correct token deletion - Support both quoted and unquoted WWW-Authenticate params (RFC 2617) - Save/restore OPENCODE_CONFIG_DIR in storage.test.ts - Fix index.test.ts: vitest → bun:test * fix(mcp-oauth): use explorer instead of cmd /c start on Windows to prevent shell injection * fix(mcp-oauth): address remaining cubic review issues - Add 5-minute timeout to provider callback server to prevent indefinite hangs - Persist client registration from token storage across process restarts - Require --server-url for logout to match token storage key format - Use listTokensByHost for server-specific status lookups - Fix callback-server test to handle promise rejection ordering - Fix provider test port expectations (8912 → 19877) - Fix cli-guide.md duplicate Section 7 numbering - Fix manager test for login-on-missing-tokens behavior * fix(mcp-oauth): address final review issues - P1: Redact token values in status.ts output to prevent credential leakage - P2: Read OAuth error response body before throwing in token exchange - Test: Fix mcp-oauth doctor test to use epoch seconds (not milliseconds) --------- Co-authored-by: justsisyphus <justsisyphus@users.noreply.github.com> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
124 lines
4.1 KiB
TypeScript
124 lines
4.1 KiB
TypeScript
import { describe, it, expect } from "bun:test"
|
|
import { Command } from "commander"
|
|
import { createMcpOAuthCommand } from "./index"
|
|
|
|
describe("mcp oauth command", () => {
|
|
|
|
describe("command structure", () => {
|
|
it("creates mcp command group with oauth subcommand", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
|
|
// when
|
|
const subcommands = mcpCommand.commands.map((cmd: Command) => cmd.name())
|
|
|
|
// then
|
|
expect(subcommands).toContain("oauth")
|
|
})
|
|
|
|
it("oauth subcommand has login, logout, and status subcommands", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
|
|
// when
|
|
const subcommands = oauthCommand?.commands.map((cmd: Command) => cmd.name()) ?? []
|
|
|
|
// then
|
|
expect(subcommands).toContain("login")
|
|
expect(subcommands).toContain("logout")
|
|
expect(subcommands).toContain("status")
|
|
})
|
|
})
|
|
|
|
describe("login subcommand", () => {
|
|
it("exists and has description", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
|
|
|
|
// when
|
|
const description = loginCommand?.description() ?? ""
|
|
|
|
// then
|
|
expect(loginCommand).toBeDefined()
|
|
expect(description).toContain("OAuth")
|
|
})
|
|
|
|
it("accepts --server-url option", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
|
|
|
|
// when
|
|
const options = loginCommand?.options ?? []
|
|
const serverUrlOption = options.find((opt: { long?: string }) => opt.long === "--server-url")
|
|
|
|
// then
|
|
expect(serverUrlOption).toBeDefined()
|
|
})
|
|
|
|
it("accepts --client-id option", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
|
|
|
|
// when
|
|
const options = loginCommand?.options ?? []
|
|
const clientIdOption = options.find((opt: { long?: string }) => opt.long === "--client-id")
|
|
|
|
// then
|
|
expect(clientIdOption).toBeDefined()
|
|
})
|
|
|
|
it("accepts --scopes option", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
|
|
|
|
// when
|
|
const options = loginCommand?.options ?? []
|
|
const scopesOption = options.find((opt: { long?: string }) => opt.long === "--scopes")
|
|
|
|
// then
|
|
expect(scopesOption).toBeDefined()
|
|
})
|
|
})
|
|
|
|
describe("logout subcommand", () => {
|
|
it("exists and has description", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
const logoutCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "logout")
|
|
|
|
// when
|
|
const description = logoutCommand?.description() ?? ""
|
|
|
|
// then
|
|
expect(logoutCommand).toBeDefined()
|
|
expect(description).toContain("tokens")
|
|
})
|
|
})
|
|
|
|
describe("status subcommand", () => {
|
|
it("exists and has description", () => {
|
|
// given
|
|
const mcpCommand = createMcpOAuthCommand()
|
|
const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
|
|
const statusCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "status")
|
|
|
|
// when
|
|
const description = statusCommand?.description() ?? ""
|
|
|
|
// then
|
|
expect(statusCommand).toBeDefined()
|
|
expect(description).toContain("status")
|
|
})
|
|
})
|
|
})
|