earl 0.5.2

AI-safe CLI for AI agents
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

mod common;

use chrono::{Duration, Utc};
use earl::auth::token_store::{OAuthTokenStore, StoredOAuthToken};
use secrecy::SecretString;

fn token(expires_at: Option<chrono::DateTime<Utc>>) -> StoredOAuthToken {
    StoredOAuthToken {
        access_token: "access-1".to_string(),
        refresh_token: Some("refresh-1".to_string()),
        token_type: Some("Bearer".to_string()),
        expires_at,
        scopes: vec!["repo".to_string()],
    }
}

#[test]
fn access_token_preserved_on_load() {
    let ws = common::temp_workspace();
    let secrets =
        common::in_memory_secret_manager(&ws.root.path().join("state/secrets-index.json"));
    let store = OAuthTokenStore::new(&secrets);

    store
        .save("github", &token(Some(Utc::now() + Duration::hours(1))))
        .unwrap();

    let loaded = store.load("github").unwrap().unwrap();
    assert_eq!(loaded.access_token, "access-1");
}

#[test]
fn refresh_token_preserved_on_load() {
    let ws = common::temp_workspace();
    let secrets =
        common::in_memory_secret_manager(&ws.root.path().join("state/secrets-index.json"));
    let store = OAuthTokenStore::new(&secrets);

    store
        .save("github", &token(Some(Utc::now() + Duration::hours(1))))
        .unwrap();

    let loaded = store.load("github").unwrap().unwrap();
    assert_eq!(loaded.refresh_token.as_deref(), Some("refresh-1"));
}

#[test]
fn delete_existing_token_returns_true() {
    let ws = common::temp_workspace();
    let secrets =
        common::in_memory_secret_manager(&ws.root.path().join("state/secrets-index.json"));
    let store = OAuthTokenStore::new(&secrets);

    store
        .save("github", &token(Some(Utc::now() + Duration::hours(1))))
        .unwrap();

    assert!(store.delete("github").unwrap());
}

#[test]
fn deleted_token_cannot_be_loaded() {
    let ws = common::temp_workspace();
    let secrets =
        common::in_memory_secret_manager(&ws.root.path().join("state/secrets-index.json"));
    let store = OAuthTokenStore::new(&secrets);

    store
        .save("github", &token(Some(Utc::now() + Duration::hours(1))))
        .unwrap();

    store.delete("github").unwrap();
    assert!(store.load("github").unwrap().is_none());
}

#[test]
fn token_store_reports_corrupted_payload() {
    let ws = common::temp_workspace();
    let secrets =
        common::in_memory_secret_manager(&ws.root.path().join("state/secrets-index.json"));

    secrets
        .set(
            "oauth2.github.token",
            SecretString::new("not-json".to_string().into()),
        )
        .unwrap();

    let store = OAuthTokenStore::new(&secrets);
    let err = store.load("github").unwrap_err();
    assert!(err.downcast_ref::<serde_json::Error>().is_some());
}

#[test]
fn past_token_is_expired() {
    let expired = token(Some(Utc::now() - Duration::seconds(1)));
    assert!(expired.is_expired());
}

#[test]
fn token_within_safety_window_is_expired() {
    let near_expiry = token(Some(Utc::now() + Duration::seconds(10)));
    assert!(near_expiry.is_expired());
}

#[test]
fn token_outside_safety_window_is_not_expired() {
    let valid = token(Some(Utc::now() + Duration::minutes(5)));
    assert!(!valid.is_expired());
}