feat(security) - Make oauth token storage implement the shared interface (#7802)

Co-authored-by: Shi Shu <shii@google.com>
2026-04-27 13:34:15 -07:00 · 2025-09-05 12:08:50 -04:00
parent af52b04e6f
commit 918ab3c2ec
6 changed files with 99 additions and 76 deletions
@@ -14,16 +14,16 @@ vi.mock('../utils/secure-browser-launcher.js', () => ({
 vi.mock('node:crypto');
 vi.mock('./oauth-token-storage.js', () => {
  const mockSaveToken = vi.fn();
-  const mockGetToken = vi.fn();
+  const mockGetCredentials = vi.fn();
  const mockIsTokenExpired = vi.fn();
-  const mockRemoveToken = vi.fn();
+  const mockdeleteCredentials = vi.fn();

  return {
    MCPOAuthTokenStorage: vi.fn(() => ({
      saveToken: mockSaveToken,
-      getToken: mockGetToken,
+      getCredentials: mockGetCredentials,
      isTokenExpired: mockIsTokenExpired,
-      removeToken: mockRemoveToken,
+      deleteCredentials: mockdeleteCredentials,
    })),
  };
 });
@@ -163,7 +163,7 @@ describe('MCPOAuthProvider', () => {
    // Mock token storage
    const tokenStorage = new MCPOAuthTokenStorage();
    vi.mocked(tokenStorage.saveToken).mockResolvedValue(undefined);
-    vi.mocked(tokenStorage.getToken).mockResolvedValue(null);
+    vi.mocked(tokenStorage.getCredentials).mockResolvedValue(null);
  });

  afterEach(() => {
@@ -638,7 +638,9 @@ describe('MCPOAuthProvider', () => {
      };

      const tokenStorage = new MCPOAuthTokenStorage();
-      vi.mocked(tokenStorage.getToken).mockResolvedValue(validCredentials);
+      vi.mocked(tokenStorage.getCredentials).mockResolvedValue(
+        validCredentials,
+      );
      vi.mocked(tokenStorage.isTokenExpired).mockReturnValue(false);

      const authProvider = new MCPOAuthProvider();
@@ -660,7 +662,9 @@ describe('MCPOAuthProvider', () => {
      };

      const tokenStorage = new MCPOAuthTokenStorage();
-      vi.mocked(tokenStorage.getToken).mockResolvedValue(expiredCredentials);
+      vi.mocked(tokenStorage.getCredentials).mockResolvedValue(
+        expiredCredentials,
+      );
      vi.mocked(tokenStorage.isTokenExpired).mockReturnValue(true);

      const refreshResponse = {
@@ -697,7 +701,7 @@ describe('MCPOAuthProvider', () => {

    it('should return null when no credentials exist', async () => {
      const tokenStorage = new MCPOAuthTokenStorage();
-      vi.mocked(tokenStorage.getToken).mockResolvedValue(null);
+      vi.mocked(tokenStorage.getCredentials).mockResolvedValue(null);

      const authProvider = new MCPOAuthProvider();
      const result = await authProvider.getValidToken(
@@ -718,9 +722,11 @@ describe('MCPOAuthProvider', () => {
      };

      const tokenStorage = new MCPOAuthTokenStorage();
-      vi.mocked(tokenStorage.getToken).mockResolvedValue(expiredCredentials);
+      vi.mocked(tokenStorage.getCredentials).mockResolvedValue(
+        expiredCredentials,
+      );
      vi.mocked(tokenStorage.isTokenExpired).mockReturnValue(true);
-      vi.mocked(tokenStorage.removeToken).mockResolvedValue(undefined);
+      vi.mocked(tokenStorage.deleteCredentials).mockResolvedValue(undefined);

      mockFetch.mockResolvedValueOnce(
        createMockResponse({
@@ -738,7 +744,9 @@ describe('MCPOAuthProvider', () => {
      );

      expect(result).toBeNull();
-      expect(tokenStorage.removeToken).toHaveBeenCalledWith('test-server');
+      expect(tokenStorage.deleteCredentials).toHaveBeenCalledWith(
+        'test-server',
+      );
      expect(console.error).toHaveBeenCalledWith(
        expect.stringContaining('Failed to refresh token'),
      );
@@ -758,7 +766,9 @@ describe('MCPOAuthProvider', () => {
      };

      const tokenStorage = new MCPOAuthTokenStorage();
-      vi.mocked(tokenStorage.getToken).mockResolvedValue(tokenWithoutRefresh);
+      vi.mocked(tokenStorage.getCredentials).mockResolvedValue(
+        tokenWithoutRefresh,
+      );
      vi.mocked(tokenStorage.isTokenExpired).mockReturnValue(true);

      const authProvider = new MCPOAuthProvider();