fix(core): restore auth consent in headless mode and add unit tests (#19689)

2026-03-16 09:01:17 -07:00 · 2026-02-20 15:31:43 -05:00
parent a01d7e9a05
commit c04602f209
4 changed files with 133 additions and 64 deletions
--- a/packages/core/src/code_assist/oauth2.test.ts
+++ b/packages/core/src/code_assist/oauth2.test.ts
@@ -32,6 +32,7 @@ import { writeToStdout } from '../utils/stdio.js';
 import { FatalCancellationError } from '../utils/errors.js';
 import process from 'node:process';
 import { coreEvents } from '../utils/events.js';
+import { isHeadlessMode } from '../utils/headless.js';

 vi.mock('node:os', async (importOriginal) => {
  const actual = await importOriginal<typeof import('node:os')>();
@@ -54,6 +55,9 @@ vi.mock('http');
 vi.mock('open');
 vi.mock('crypto');
 vi.mock('node:readline');
+vi.mock('../utils/headless.js', () => ({
+  isHeadlessMode: vi.fn(),
+}));
 vi.mock('../utils/browser.js', () => ({
  shouldAttemptBrowserLaunch: () => true,
 }));
@@ -98,6 +102,12 @@ global.fetch = vi.fn();

 describe('oauth2', () => {
  beforeEach(() => {
+    vi.mocked(isHeadlessMode).mockReturnValue(false);
+    (readline.createInterface as Mock).mockReturnValue({
+      question: vi.fn((_query, callback) => callback('')),
+      close: vi.fn(),
+      on: vi.fn(),
+    });
    vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(1);
    vi.spyOn(coreEvents, 'emitConsentRequest').mockImplementation((payload) => {
      payload.onConfirm(true);
--- a/packages/core/src/mcp/oauth-provider.test.ts
+++ b/packages/core/src/mcp/oauth-provider.test.ts
@@ -36,6 +36,23 @@ vi.mock('../utils/events.js', () => ({
 vi.mock('../utils/authConsent.js', () => ({
  getConsentForOauth: vi.fn(() => Promise.resolve(true)),
 }));
+vi.mock('../utils/headless.js', () => ({
+  isHeadlessMode: vi.fn(() => false),
+}));
+vi.mock('node:readline', () => ({
+  default: {
+    createInterface: vi.fn(() => ({
+      question: vi.fn((_query, callback) => callback('')),
+      close: vi.fn(),
+      on: vi.fn(),
+    })),
+  },
+  createInterface: vi.fn(() => ({
+    question: vi.fn((_query, callback) => callback('')),
+    close: vi.fn(),
+    on: vi.fn(),
+  })),
+}));

 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import * as http from 'node:http';
--- a/packages/core/src/utils/authConsent.test.ts
+++ b/packages/core/src/utils/authConsent.test.ts
@@ -4,7 +4,7 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import { describe, it, expect, vi } from 'vitest';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
 import type { Mock } from 'vitest';
 import readline from 'node:readline';
 import process from 'node:process';
@@ -27,73 +27,116 @@ vi.mock('./stdio.js', () => ({
 }));

 describe('getConsentForOauth', () => {
-  it('should use coreEvents when listeners are present', async () => {
+  beforeEach(() => {
    vi.restoreAllMocks();
-    const mockEmitConsentRequest = vi.spyOn(coreEvents, 'emitConsentRequest');
-    const mockListenerCount = vi
-      .spyOn(coreEvents, 'listenerCount')
-      .mockReturnValue(1);
+  });

-    mockEmitConsentRequest.mockImplementation((payload) => {
-      payload.onConfirm(true);
+  describe('in interactive mode', () => {
+    beforeEach(() => {
+      (isHeadlessMode as Mock).mockReturnValue(false);
    });

-    const result = await getConsentForOauth('Login required.');
+    it('should emit consent request when UI listeners are present', async () => {
+      const mockEmitConsentRequest = vi.spyOn(coreEvents, 'emitConsentRequest');
+      vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(1);

-    expect(result).toBe(true);
-    expect(mockEmitConsentRequest).toHaveBeenCalledWith(
-      expect.objectContaining({
-        prompt: expect.stringContaining(
-          'Login required. Opening authentication page in your browser.',
-        ),
-      }),
-    );
+      mockEmitConsentRequest.mockImplementation((payload) => {
+        payload.onConfirm(true);
+      });

-    mockListenerCount.mockRestore();
-    mockEmitConsentRequest.mockRestore();
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(true);
+      expect(mockEmitConsentRequest).toHaveBeenCalledWith(
+        expect.objectContaining({
+          prompt: expect.stringContaining(
+            'Login required. Opening authentication page in your browser.',
+          ),
+        }),
+      );
+    });
+
+    it('should return false when user declines via UI', async () => {
+      const mockEmitConsentRequest = vi.spyOn(coreEvents, 'emitConsentRequest');
+      vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(1);
+
+      mockEmitConsentRequest.mockImplementation((payload) => {
+        payload.onConfirm(false);
+      });
+
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(false);
+    });
+
+    it('should throw FatalAuthenticationError when no UI listeners are present', async () => {
+      vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(0);
+
+      await expect(getConsentForOauth('Login required.')).rejects.toThrow(
+        FatalAuthenticationError,
+      );
+    });
  });

-  it('should use readline when no listeners are present and not headless', async () => {
-    vi.restoreAllMocks();
-    const mockListenerCount = vi
-      .spyOn(coreEvents, 'listenerCount')
-      .mockReturnValue(0);
-    (isHeadlessMode as Mock).mockReturnValue(false);
+  describe('in non-interactive mode', () => {
+    beforeEach(() => {
+      (isHeadlessMode as Mock).mockReturnValue(true);
+    });

-    const mockReadline = {
-      on: vi.fn((event, callback) => {
-        if (event === 'line') {
-          callback('y');
-        }
-      }),
-      close: vi.fn(),
-    };
-    (readline.createInterface as Mock).mockReturnValue(mockReadline);
+    it('should use readline to prompt for consent', async () => {
+      const mockReadline = {
+        on: vi.fn((event, callback) => {
+          if (event === 'line') {
+            callback('y');
+          }
+        }),
+        close: vi.fn(),
+      };
+      (readline.createInterface as Mock).mockReturnValue(mockReadline);

-    const result = await getConsentForOauth('Login required.');
+      const result = await getConsentForOauth('Login required.');

-    expect(result).toBe(true);
-    expect(readline.createInterface).toHaveBeenCalled();
-    expect(writeToStdout).toHaveBeenCalledWith(
-      expect.stringContaining(
-        'Login required. Opening authentication page in your browser.',
-      ),
-    );
+      expect(result).toBe(true);
+      expect(readline.createInterface).toHaveBeenCalledWith(
+        expect.objectContaining({
+          terminal: true,
+        }),
+      );
+      expect(writeToStdout).toHaveBeenCalledWith(
+        expect.stringContaining('Login required.'),
+      );
+    });

-    mockListenerCount.mockRestore();
-  });
+    it('should accept empty response as "yes"', async () => {
+      const mockReadline = {
+        on: vi.fn((event, callback) => {
+          if (event === 'line') {
+            callback('');
+          }
+        }),
+        close: vi.fn(),
+      };
+      (readline.createInterface as Mock).mockReturnValue(mockReadline);

-  it('should throw FatalAuthenticationError when no listeners and headless', async () => {
-    vi.restoreAllMocks();
-    const mockListenerCount = vi
-      .spyOn(coreEvents, 'listenerCount')
-      .mockReturnValue(0);
-    (isHeadlessMode as Mock).mockReturnValue(true);
+      const result = await getConsentForOauth('Login required.');

-    await expect(getConsentForOauth('Login required.')).rejects.toThrow(
-      FatalAuthenticationError,
-    );
+      expect(result).toBe(true);
+    });

-    mockListenerCount.mockRestore();
+    it('should return false when user declines via readline', async () => {
+      const mockReadline = {
+        on: vi.fn((event, callback) => {
+          if (event === 'line') {
+            callback('n');
+          }
+        }),
+        close: vi.fn(),
+      };
+      (readline.createInterface as Mock).mockReturnValue(mockReadline);
+
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(false);
+    });
  });
 });
--- a/packages/core/src/utils/authConsent.ts
+++ b/packages/core/src/utils/authConsent.ts
@@ -12,22 +12,21 @@ import { isHeadlessMode } from './headless.js';

 /**
 * Requests consent from the user for OAuth login.
- * Handles both TTY and non-TTY environments.
+ * Handles both interactive and non-interactive (headless) modes.
 */
 export async function getConsentForOauth(prompt: string): Promise<boolean> {
  const finalPrompt = prompt + ' Opening authentication page in your browser. ';

-  if (coreEvents.listenerCount(CoreEvent.ConsentRequest) === 0) {
-    if (isHeadlessMode()) {
-      throw new FatalAuthenticationError(
-        'Interactive consent could not be obtained.\n' +
-          'Please run Gemini CLI in an interactive terminal to authenticate, or use NO_BROWSER=true for manual authentication.',
-      );
-    }
+  if (isHeadlessMode()) {
    return getOauthConsentNonInteractive(finalPrompt);
+  } else if (coreEvents.listenerCount(CoreEvent.ConsentRequest) > 0) {
+    return getOauthConsentInteractive(finalPrompt);
  }
-
-  return getOauthConsentInteractive(finalPrompt);
+  throw new FatalAuthenticationError(
+    'Authentication consent could not be obtained.\n' +
+      'Please run Gemini CLI in an interactive terminal to authenticate, ' +
+      'or use NO_BROWSER=true for manual authentication.',
+  );
 }

 async function getOauthConsentNonInteractive(prompt: string) {