@symbiosis-lab/moss-plugin-github 1.5.1

package/src/__tests__/auth.test.ts

@@ -0,0 +1,147 @@
+/**
+ * Unit tests for authentication module
+ */
+
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { hasRequiredScopes, CLIENT_ID, REQUIRED_SCOPES } from "../auth";
+import {
+  setupMockTauri,
+  type MockTauriContext,
+} from "@symbiosis-lab/moss-api/testing";
+
+// Track httpPost calls for header verification
+let httpPostCalls: Array<{ url: string; body: any; options: any }> = [];
+
+// Mock the moss-api module to track httpPost calls
+vi.mock("@symbiosis-lab/moss-api", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("@symbiosis-lab/moss-api")>();
+  return {
+    ...actual,
+    httpPost: vi.fn(async (url: string, body: any, options: any) => {
+      httpPostCalls.push({ url, body, options });
+      return actual.httpPost(url, body, options);
+    }),
+  };
+});
+
+// Mock the utils module to prevent actual IPC calls
+vi.mock("../utils", () => ({
+  reportProgress: vi.fn().mockResolvedValue(undefined),
+  reportError: vi.fn().mockResolvedValue(undefined),
+  setCurrentHookName: vi.fn(),
+  sleep: vi.fn().mockResolvedValue(undefined),
+}));
+
+describe("auth", () => {
+  describe("configuration", () => {
+    it("has a valid client ID", () => {
+      expect(CLIENT_ID).toBeDefined();
+      expect(CLIENT_ID.length).toBeGreaterThan(10);
+      // GitHub OAuth client IDs start with "Ov23"
+      expect(CLIENT_ID).toMatch(/^Ov/);
+    });
+
+    it("requires repo scope for gh-pages deployment", () => {
+      // gh-pages deployment pushes directly - no GitHub Actions needed
+      expect(REQUIRED_SCOPES).toContain("repo");
+      expect(REQUIRED_SCOPES).not.toContain("workflow");
+    });
+  });
+
+  describe("hasRequiredScopes", () => {
+    it("returns true when all required scopes are present", () => {
+      const scopes = ["repo", "user"];
+      expect(hasRequiredScopes(scopes)).toBe(true);
+    });
+
+    it("returns true with exact required scopes", () => {
+      const scopes = ["repo"];
+      expect(hasRequiredScopes(scopes)).toBe(true);
+    });
+
+    it("returns false when repo scope is missing", () => {
+      const scopes = ["user", "gist"];
+      expect(hasRequiredScopes(scopes)).toBe(false);
+    });
+
+    it("returns true with additional scopes beyond repo", () => {
+      const scopes = ["repo", "workflow", "user"];
+      expect(hasRequiredScopes(scopes)).toBe(true);
+    });
+
+    it("returns false with empty scopes", () => {
+      expect(hasRequiredScopes([])).toBe(false);
+    });
+
+    it("returns false with unrelated scopes only", () => {
+      const scopes = ["user", "read:org", "gist"];
+      expect(hasRequiredScopes(scopes)).toBe(false);
+    });
+  });
+
+  // ==========================================================================
+  // Phase 1: Origin Header Tests
+  // ==========================================================================
+  describe("OAuth requests include Origin header", () => {
+    let ctx: MockTauriContext;
+
+    beforeEach(() => {
+      ctx = setupMockTauri();
+      httpPostCalls = []; // Reset tracking
+    });
+
+    afterEach(() => {
+      ctx.cleanup();
+    });
+
+    it("requestDeviceCode includes Origin header", async () => {
+      // Setup mock response
+      ctx.urlConfig.setResponse("https://github.com/login/device/code", {
+        status: 200,
+        ok: true,
+        bodyBase64: btoa(JSON.stringify({
+          device_code: "test-device-code",
+          user_code: "TEST-CODE",
+          verification_uri: "https://github.com/login/device",
+          expires_in: 900,
+          interval: 5,
+        })),
+      });
+
+      const { requestDeviceCode } = await import("../auth");
+      await requestDeviceCode();
+
+      // Find the call to device code URL
+      const deviceCodeCall = httpPostCalls.find(
+        call => call.url === "https://github.com/login/device/code"
+      );
+
+      expect(deviceCodeCall).toBeDefined();
+      expect(deviceCodeCall?.options?.headers?.Origin).toBe("https://github.com");
+    });
+
+    it("pollForToken includes Origin header", async () => {
+      // Setup mock response
+      ctx.urlConfig.setResponse("https://github.com/login/oauth/access_token", {
+        status: 200,
+        ok: true,
+        bodyBase64: btoa(JSON.stringify({
+          access_token: "gho_test_token",
+          token_type: "bearer",
+          scope: "repo",
+        })),
+      });
+
+      const { pollForToken } = await import("../auth");
+      await pollForToken("test-device-code", 5);
+
+      // Find the call to token URL
+      const tokenCall = httpPostCalls.find(
+        call => call.url === "https://github.com/login/oauth/access_token"
+      );
+
+      expect(tokenCall).toBeDefined();
+      expect(tokenCall?.options?.headers?.Origin).toBe("https://github.com");
+    });
+  });
+});

package/src/__tests__/configure-domain.test.ts

@@ -0,0 +1,263 @@
+/**
+ * Tests for idempotent configure_domain hook
+ *
+ * The orchestrator calls configure_domain multiple times:
+ * 1. After DNS is configured (site may not be live yet)
+ * 2. After the site is verified live via HTTP 200
+ *
+ * The hook must check current state and do only the next needed step:
+ * - Phase 1: CNAME not set -> set it (without HTTPS enforcement)
+ * - Phase 2: CNAME set, no HTTPS -> enforce HTTPS
+ * - Phase 3: Fully configured -> no-op
+ */
+
+import { describe, it, expect, vi, beforeEach } from "vitest";
+
+// ============================================================================
+// Hoisted setup — runs before vi.mock factories and module imports
+// ============================================================================
+
+const { mockGetPages, mockSetCustomDomain, mockEnforceHttps } = vi.hoisted(() => {
+  // Provide `window` for main.ts module-scope plugin registration
+  // (main.ts: window.GithubPlugin = GithubPlugin)
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  (globalThis as any).window = globalThis;
+
+  return {
+    mockGetPages: vi.fn(),
+    mockSetCustomDomain: vi.fn(),
+    mockEnforceHttps: vi.fn(),
+  };
+});
+
+// ============================================================================
+// Mocks — must be declared before imports (vi.mock is hoisted)
+// ============================================================================
+
+vi.mock("../github-api", () => ({
+  getPages: (...args: unknown[]) => mockGetPages(...args),
+  setCustomDomain: (...args: unknown[]) => mockSetCustomDomain(...args),
+  enforceHttps: (...args: unknown[]) => mockEnforceHttps(...args),
+  // Stubs for other exports that main.ts imports
+  checkPagesStatus: vi.fn(),
+  ensurePagesSource: vi.fn(),
+  GITHUB_API_BASE: "https://api.github.com",
+  GITHUB_API_HEADERS: {},
+}));
+
+vi.mock("../github-deploy", () => ({
+  getOriginOwnerRepo: vi.fn().mockResolvedValue({ owner: "testuser", repo: "testrepo" }),
+  verifyRepoExists: vi.fn(),
+  deployViaGitPush: vi.fn(),
+}));
+
+vi.mock("../token", () => ({
+  getToken: vi.fn().mockResolvedValue("test-token-123"),
+  getTokenFromGit: vi.fn().mockResolvedValue(null),
+  storeToken: vi.fn(),
+}));
+
+vi.mock("../auth", () => ({
+  promptLogin: vi.fn(),
+  validateToken: vi.fn(),
+  hasRequiredScopes: vi.fn(),
+}));
+
+vi.mock("../repo-setup", () => ({
+  ensureGitHubRepo: vi.fn(),
+}));
+
+vi.mock("../git", () => ({
+  buildPagesUrl: vi.fn().mockReturnValue("https://testuser.github.io/testrepo"),
+  parseGitHubUrl: vi.fn(),
+}));
+
+vi.mock("../utils", () => ({
+  reportProgress: vi.fn(),
+  reportError: vi.fn(),
+  setCurrentHookName: vi.fn(),
+  showToast: vi.fn(),
+  closeBrowser: vi.fn(),
+}));
+
+vi.mock("@symbiosis-lab/moss-api", () => ({
+  getTauriCore: () => ({
+    invoke: vi.fn().mockResolvedValue("/usr/bin/git"),
+  }),
+  setMessageContext: vi.fn(),
+  reportProgress: vi.fn(),
+  reportError: vi.fn(),
+  showToast: vi.fn(),
+  dismissToast: vi.fn(),
+  closeBrowser: vi.fn(),
+  getPluginCookie: vi.fn(),
+  setPluginCookie: vi.fn(),
+  executeBinary: vi.fn(),
+  listSiteFilesWithSizes: vi.fn(),
+}));
+
+// ============================================================================
+// Import the function under test (after mocks are set up)
+// ============================================================================
+
+import { configure_domain } from "../main";
+import type { ConfigureDomainContext } from "../types";
+
+// ============================================================================
+// Test Helpers
+// ============================================================================
+
+function makeContext(domain: string): ConfigureDomainContext {
+  return {
+    domain,
+    deployment: {
+      method: "github-pages",
+      url: "https://testuser.github.io/testrepo",
+      deployed_at: "2026-01-01T00:00:00Z",
+      metadata: {},
+    },
+    project_info: {
+      name: "test-project",
+      version: "1.0.0",
+    } as ConfigureDomainContext["project_info"],
+    config: {},
+  };
+}
+
+// ============================================================================
+// Tests
+// ============================================================================
+
+describe("configure_domain (idempotent)", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Default mock: setCustomDomain succeeds
+    mockSetCustomDomain.mockResolvedValue(true);
+  });
+
+  // --------------------------------------------------------------------------
+  // 1. Pages not enabled
+  // --------------------------------------------------------------------------
+  it("returns failure when GitHub Pages is not enabled", async () => {
+    mockGetPages.mockResolvedValue(null);
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    expect(result.success).toBe(false);
+    expect(result.message).toContain("Deploy first");
+    expect(mockSetCustomDomain).not.toHaveBeenCalled();
+    expect(mockEnforceHttps).not.toHaveBeenCalled();
+  });
+
+  // --------------------------------------------------------------------------
+  // 2. CNAME not set
+  // --------------------------------------------------------------------------
+  it("sets CNAME when pages exist but cname is null", async () => {
+    mockGetPages.mockResolvedValue({ cname: null, https_enforced: false });
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    expect(result.success).toBe(true);
+    expect(mockSetCustomDomain).toHaveBeenCalledWith("testuser", "testrepo", "test-token-123", "example.com");
+    expect(mockEnforceHttps).not.toHaveBeenCalled();
+    expect(result.message).toContain("example.com");
+  });
+
+  // --------------------------------------------------------------------------
+  // 3. CNAME wrong
+  // --------------------------------------------------------------------------
+  it("sets CNAME when current cname differs from requested domain", async () => {
+    mockGetPages.mockResolvedValue({ cname: "old.com", https_enforced: false });
+
+    const result = await configure_domain(makeContext("new.com"));
+
+    expect(result.success).toBe(true);
+    expect(mockSetCustomDomain).toHaveBeenCalledWith("testuser", "testrepo", "test-token-123", "new.com");
+    expect(mockEnforceHttps).not.toHaveBeenCalled();
+  });
+
+  // --------------------------------------------------------------------------
+  // 4. CNAME set, HTTPS not enforced, enforce succeeds
+  // --------------------------------------------------------------------------
+  it("enforces HTTPS when CNAME is set but HTTPS is not enforced", async () => {
+    mockGetPages.mockResolvedValue({ cname: "example.com", https_enforced: false });
+    mockEnforceHttps.mockResolvedValue(true);
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    expect(result.success).toBe(true);
+    expect(result.message).toContain("HTTPS enforced");
+    expect(mockSetCustomDomain).not.toHaveBeenCalled();
+    expect(mockEnforceHttps).toHaveBeenCalledWith("testuser", "testrepo", "test-token-123");
+  });
+
+  // --------------------------------------------------------------------------
+  // 5. CNAME set, HTTPS not enforced, enforce fails (cert pending)
+  // --------------------------------------------------------------------------
+  it("returns success with pending message when HTTPS enforcement fails (cert not ready)", async () => {
+    mockGetPages.mockResolvedValue({ cname: "example.com", https_enforced: false });
+    mockEnforceHttps.mockResolvedValue(false);
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    // This is NOT a failure — cert will come eventually, orchestrator will retry
+    expect(result.success).toBe(true);
+    expect(result.message).toContain("pending");
+    expect(mockSetCustomDomain).not.toHaveBeenCalled();
+    expect(mockEnforceHttps).toHaveBeenCalled();
+  });
+
+  // --------------------------------------------------------------------------
+  // 6. Fully configured — no-op
+  // --------------------------------------------------------------------------
+  it("returns success without making API calls when fully configured", async () => {
+    mockGetPages.mockResolvedValue({ cname: "example.com", https_enforced: true });
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    expect(result.success).toBe(true);
+    expect(result.message).toContain("already configured");
+    expect(mockSetCustomDomain).not.toHaveBeenCalled();
+    expect(mockEnforceHttps).not.toHaveBeenCalled();
+  });
+
+  // --------------------------------------------------------------------------
+  // 7. Case-insensitive domain comparison
+  // --------------------------------------------------------------------------
+  it("treats domain comparison as case-insensitive", async () => {
+    mockGetPages.mockResolvedValue({ cname: "Example.COM", https_enforced: true });
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    // Should NOT try to set CNAME — domain matches (case-insensitive)
+    expect(result.success).toBe(true);
+    expect(mockSetCustomDomain).not.toHaveBeenCalled();
+    expect(mockEnforceHttps).not.toHaveBeenCalled();
+    expect(result.message).toContain("already configured");
+  });
+
+  // --------------------------------------------------------------------------
+  // 8. setCustomDomain throws an error
+  // --------------------------------------------------------------------------
+  it("returns failure when setCustomDomain throws", async () => {
+    mockGetPages.mockResolvedValue({ cname: null, https_enforced: false });
+    mockSetCustomDomain.mockRejectedValue(new Error("GitHub Pages API error (500): Internal Server Error"));
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    expect(result.success).toBe(false);
+    expect(result.message).toContain("GitHub Pages API error");
+  });
+
+  // --------------------------------------------------------------------------
+  // 9. getPages throws a network error
+  // --------------------------------------------------------------------------
+  it("returns failure when getPages throws a network error", async () => {
+    mockGetPages.mockRejectedValue(new Error("fetch failed"));
+
+    const result = await configure_domain(makeContext("example.com"));
+
+    expect(result.success).toBe(false);
+    expect(result.message).toContain("fetch failed");
+  });
+});