fix: use Hermes session endpoint for login token validation (#227)
Co-authored-by: Han <hanzckernel@users.noreply.github.com>
This commit is contained in:
Zhicheng Han
@@ -57,7 +57,7 @@ async function handleTokenLogin() {
|
||||
errorMsg.value = "";
|
||||
|
||||
try {
|
||||
const res = await fetch("/api/sessions", {
|
||||
const res = await fetch("/api/hermes/sessions", {
|
||||
headers: { Authorization: `Bearer ${key}` },
|
||||
});
|
||||
|
||||
|
||||
@@ -0,0 +1,75 @@
|
||||
// @vitest-environment jsdom
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
import { mount } from '@vue/test-utils'
|
||||
|
||||
const mockReplace = vi.hoisted(() => vi.fn())
|
||||
const mockFetchAuthStatus = vi.hoisted(() => vi.fn())
|
||||
const mockLoginWithPassword = vi.hoisted(() => vi.fn())
|
||||
const mockSetApiKey = vi.hoisted(() => vi.fn())
|
||||
const mockHasApiKey = vi.hoisted(() => vi.fn())
|
||||
|
||||
vi.mock('vue-router', () => ({
|
||||
useRouter: () => ({
|
||||
replace: mockReplace,
|
||||
}),
|
||||
}))
|
||||
|
||||
vi.mock('vue-i18n', () => ({
|
||||
useI18n: () => ({
|
||||
t: (key: string) => key,
|
||||
}),
|
||||
}))
|
||||
|
||||
vi.mock('@/api/client', () => ({
|
||||
setApiKey: mockSetApiKey,
|
||||
hasApiKey: mockHasApiKey,
|
||||
}))
|
||||
|
||||
vi.mock('@/api/auth', () => ({
|
||||
fetchAuthStatus: mockFetchAuthStatus,
|
||||
loginWithPassword: mockLoginWithPassword,
|
||||
}))
|
||||
|
||||
import LoginView from '@/views/LoginView.vue'
|
||||
|
||||
const mockFetch = vi.fn()
|
||||
vi.stubGlobal('fetch', mockFetch)
|
||||
|
||||
describe('LoginView token login', () => {
|
||||
beforeEach(() => {
|
||||
delete (window as any).__LOGIN_TOKEN__
|
||||
vi.clearAllMocks()
|
||||
mockHasApiKey.mockReturnValue(false)
|
||||
mockFetchAuthStatus.mockResolvedValue({ hasPasswordLogin: false })
|
||||
mockFetch.mockResolvedValue({ ok: true, status: 200 })
|
||||
})
|
||||
|
||||
it('validates token login against the Hermes sessions endpoint', async () => {
|
||||
const wrapper = mount(LoginView)
|
||||
|
||||
await wrapper.find('input.login-input').setValue('secret-token')
|
||||
await wrapper.find('form.login-form').trigger('submit')
|
||||
|
||||
expect(mockFetch).toHaveBeenCalledOnce()
|
||||
expect(mockFetch).toHaveBeenCalledWith('/api/hermes/sessions', {
|
||||
headers: { Authorization: 'Bearer secret-token' },
|
||||
})
|
||||
expect(mockSetApiKey).toHaveBeenCalledWith('secret-token')
|
||||
expect(mockReplace).toHaveBeenCalledWith('/hermes/chat')
|
||||
})
|
||||
|
||||
it('keeps the existing invalid-token behavior on 401', async () => {
|
||||
mockFetch.mockResolvedValue({ ok: false, status: 401 })
|
||||
const wrapper = mount(LoginView)
|
||||
|
||||
await wrapper.find('input.login-input').setValue('bad-token')
|
||||
await wrapper.find('form.login-form').trigger('submit')
|
||||
|
||||
expect(mockFetch).toHaveBeenCalledWith('/api/hermes/sessions', {
|
||||
headers: { Authorization: 'Bearer bad-token' },
|
||||
})
|
||||
expect(wrapper.find('.login-error').text()).toBe('login.invalidToken')
|
||||
expect(mockSetApiKey).not.toHaveBeenCalled()
|
||||
expect(mockReplace).not.toHaveBeenCalled()
|
||||
})
|
||||
})
|
||||
Reference in New Issue
Block a user