@openparachute/hub 0.7.4-rc.2 → 0.7.4-rc.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -11
- package/src/__tests__/admin-auth.test.ts +128 -0
- package/src/__tests__/admin-clients.test.ts +103 -1
- package/src/__tests__/admin-lock.test.ts +7 -1
- package/src/__tests__/admin-vaults.test.ts +216 -10
- package/src/__tests__/api-account-2fa.test.ts +453 -0
- package/src/__tests__/api-hub-upgrade.test.ts +59 -3
- package/src/__tests__/api-mint-token.test.ts +75 -0
- package/src/__tests__/api-modules.test.ts +143 -0
- package/src/__tests__/api-settings-root-redirect.test.ts +302 -0
- package/src/__tests__/auth.test.ts +336 -0
- package/src/__tests__/clients.test.ts +326 -8
- package/src/__tests__/cloudflare-connector-service.test.ts +3 -1
- package/src/__tests__/cors.test.ts +138 -1
- package/src/__tests__/doctor.test.ts +755 -0
- package/src/__tests__/hub-command.test.ts +69 -2
- package/src/__tests__/hub-server.test.ts +127 -5
- package/src/__tests__/hub-settings.test.ts +188 -0
- package/src/__tests__/init.test.ts +153 -0
- package/src/__tests__/jwt-sign.test.ts +27 -0
- package/src/__tests__/managed-unit.test.ts +62 -0
- package/src/__tests__/oauth-handlers.test.ts +626 -0
- package/src/__tests__/oauth-ui.test.ts +107 -1
- package/src/__tests__/scope-explanations.test.ts +19 -0
- package/src/__tests__/setup-gate.test.ts +111 -3
- package/src/__tests__/setup-wizard.test.ts +124 -7
- package/src/__tests__/supervisor.test.ts +25 -0
- package/src/__tests__/vault-names.test.ts +32 -3
- package/src/__tests__/vault-remove.test.ts +40 -19
- package/src/__tests__/well-known.test.ts +37 -2
- package/src/admin-agent-grants.ts +16 -1
- package/src/admin-auth.ts +13 -4
- package/src/admin-clients.ts +66 -5
- package/src/admin-grants.ts +11 -2
- package/src/admin-vaults.ts +77 -27
- package/src/api-account-2fa.ts +395 -0
- package/src/api-admin-lock.ts +7 -0
- package/src/api-hub-upgrade.ts +52 -4
- package/src/api-hub.ts +10 -1
- package/src/api-invites.ts +18 -3
- package/src/api-me.ts +11 -2
- package/src/api-mint-token.ts +16 -1
- package/src/api-modules.ts +119 -1
- package/src/api-revoke-token.ts +14 -1
- package/src/api-settings-hub-origin.ts +14 -1
- package/src/api-settings-root-redirect.ts +201 -0
- package/src/api-tokens.ts +14 -1
- package/src/api-users.ts +15 -6
- package/src/api-vault-caps.ts +11 -2
- package/src/cli.ts +56 -5
- package/src/clients.ts +178 -0
- package/src/commands/auth.ts +263 -1
- package/src/commands/doctor.ts +1250 -0
- package/src/commands/hub.ts +102 -1
- package/src/commands/init.ts +108 -0
- package/src/commands/vault-remove.ts +16 -24
- package/src/cors.ts +7 -3
- package/src/help.ts +65 -1
- package/src/hub-db.ts +14 -0
- package/src/hub-server.ts +173 -25
- package/src/hub-settings.ts +163 -1
- package/src/jwt-sign.ts +25 -6
- package/src/managed-unit.ts +30 -1
- package/src/oauth-handlers.ts +110 -7
- package/src/oauth-ui.ts +174 -0
- package/src/rate-limit.ts +28 -0
- package/src/scope-explanations.ts +2 -1
- package/src/setup-wizard.ts +40 -21
- package/src/supervisor.ts +46 -2
- package/src/vault-names.ts +15 -4
- package/src/well-known.ts +10 -1
- package/web/ui/dist/assets/{index--728BX3j.css → index-BcC4U5gM.css} +1 -1
- package/web/ui/dist/assets/index-CVqK1cV5.js +61 -0
- package/web/ui/dist/index.html +2 -2
- package/web/ui/dist/assets/index-DZzX_Enf.js +0 -61
|
@@ -398,6 +398,68 @@ describe("installManagedUnit — start:boolean (§7.1)", () => {
|
|
|
398
398
|
expect(f.calls).toContainEqual(["systemctl", "--user", "daemon-reload"]);
|
|
399
399
|
expect(f.calls.some((c) => c.includes("enable"))).toBe(false);
|
|
400
400
|
});
|
|
401
|
+
|
|
402
|
+
// #528: a per-command fake `run` so the linger probe + enable-linger can return
|
|
403
|
+
// distinct results. Non-linger commands (systemctl daemon-reload / enable) all
|
|
404
|
+
// succeed; only the linger sequence is scripted via `linger`.
|
|
405
|
+
function lingerDeps(linger: {
|
|
406
|
+
probe?: ServiceCommandResult;
|
|
407
|
+
enable?: ServiceCommandResult;
|
|
408
|
+
}): FakeDepsState {
|
|
409
|
+
const ok: ServiceCommandResult = { code: 0, stdout: "", stderr: "" };
|
|
410
|
+
return fakeDeps({
|
|
411
|
+
platform: "linux",
|
|
412
|
+
getuid: () => 1000,
|
|
413
|
+
userName: () => "op",
|
|
414
|
+
run: ((cmd: readonly string[]) => {
|
|
415
|
+
// `calls` is recorded by the default run; here we record into a closure
|
|
416
|
+
// list returned alongside via the returned FakeDepsState — but fakeDeps
|
|
417
|
+
// only records in its OWN default run. So push into a shared array.
|
|
418
|
+
recorded.push([...cmd]);
|
|
419
|
+
if (cmd[0] === "loginctl" && cmd[1] === "show-user") return linger.probe ?? ok;
|
|
420
|
+
if (cmd[0] === "loginctl" && cmd[1] === "enable-linger") return linger.enable ?? ok;
|
|
421
|
+
return ok;
|
|
422
|
+
}) as ManagedUnitDeps["run"],
|
|
423
|
+
});
|
|
424
|
+
}
|
|
425
|
+
// Shared recorder for the per-command run above (fakeDeps's own `calls` array
|
|
426
|
+
// isn't populated when we override `run`).
|
|
427
|
+
let recorded: string[][] = [];
|
|
428
|
+
|
|
429
|
+
test("#528: linger ALREADY on → no enable attempt, no warning (false-alarm fix)", () => {
|
|
430
|
+
recorded = [];
|
|
431
|
+
const f = lingerDeps({ probe: { code: 0, stdout: "Linger=yes\n", stderr: "" } });
|
|
432
|
+
const result = installManagedUnit({
|
|
433
|
+
unit: hubUnit(f.deps),
|
|
434
|
+
deps: f.deps,
|
|
435
|
+
messages: HUB_MESSAGES,
|
|
436
|
+
start: false,
|
|
437
|
+
});
|
|
438
|
+
// Probed current state...
|
|
439
|
+
expect(recorded).toContainEqual(["loginctl", "show-user", "op", "--property=Linger"]);
|
|
440
|
+
// ...and because it's already on, did NOT try to enable it.
|
|
441
|
+
expect(recorded.some((c) => c[0] === "loginctl" && c[1] === "enable-linger")).toBe(false);
|
|
442
|
+
// ...and emitted NO scary linger warning.
|
|
443
|
+
expect(result.messages).not.toContain(HUB_MESSAGES.lingerWarning);
|
|
444
|
+
});
|
|
445
|
+
|
|
446
|
+
test("#528: linger OFF + enable-linger fails → warning surfaces", () => {
|
|
447
|
+
recorded = [];
|
|
448
|
+
const f = lingerDeps({
|
|
449
|
+
probe: { code: 0, stdout: "Linger=no\n", stderr: "" },
|
|
450
|
+
enable: { code: 1, stdout: "", stderr: "operation not permitted" },
|
|
451
|
+
});
|
|
452
|
+
const result = installManagedUnit({
|
|
453
|
+
unit: hubUnit(f.deps),
|
|
454
|
+
deps: f.deps,
|
|
455
|
+
messages: HUB_MESSAGES,
|
|
456
|
+
start: false,
|
|
457
|
+
});
|
|
458
|
+
// Off → did attempt to enable...
|
|
459
|
+
expect(recorded).toContainEqual(["loginctl", "enable-linger", "op"]);
|
|
460
|
+
// ...and the genuine failure warns.
|
|
461
|
+
expect(result.messages).toContain(HUB_MESSAGES.lingerWarning);
|
|
462
|
+
});
|
|
401
463
|
});
|
|
402
464
|
|
|
403
465
|
// ---------------------------------------------------------------------------
|