feat(cli): refactor auth flow and add test coverage

Author: brandonkachen

bun.lock

@@ -35,6 +35,7 @@
     "@codebuff/sdk": "workspace:*",
     "@opentui/core": "^0.1.28",
     "@opentui/react": "^0.1.28",
+    "@tanstack/react-query": "^5.62.8",
     "commander": "^14.0.1",
     "immer": "^10.1.3",
     "open": "^10.1.0",

cli/package.json

@@ -2,12 +2,14 @@ import { describe, test, expect } from 'bun:test'
 import { spawn } from 'child_process'
 import stripAnsi from 'strip-ansi'
 import path from 'path'
-import { isSDKBuilt } from './test-utils'
+import { isSDKBuilt, ensureCliTestEnv } from './test-utils'
 
 const CLI_PATH = path.join(__dirname, '../index.tsx')
 const TIMEOUT_MS = 10000
 const sdkBuilt = isSDKBuilt()
 
+ensureCliTestEnv()
+
 function runCLI(args: string[]): Promise<{ stdout: string; stderr: string; exitCode: number | null }> {
   return new Promise((resolve, reject) => {
     const proc = spawn('bun', ['run', CLI_PATH, ...args], {
@@ -86,11 +88,18 @@ describe.skipIf(!sdkBuilt)('CLI End-to-End Tests', () => {
     })
 
     let started = false
-    proc.stdout?.on('data', () => {
-      started = true
+    await new Promise<void>((resolve) => {
+      const timeout = setTimeout(() => {
+        resolve()
+      }, 800)
+
+      proc.stdout?.once('data', () => {
+        started = true
+        clearTimeout(timeout)
+        resolve()
+      })
     })
 
-    await new Promise(resolve => setTimeout(resolve, 1000))
     proc.kill('SIGTERM')
 
     expect(started).toBe(true)
@@ -103,11 +112,18 @@ describe.skipIf(!sdkBuilt)('CLI End-to-End Tests', () => {
     })
 
     let started = false
-    proc.stdout?.on('data', () => {
-      started = true
+    await new Promise<void>((resolve) => {
+      const timeout = setTimeout(() => {
+        resolve()
+      }, 800)
+
+      proc.stdout?.once('data', () => {
+        started = true
+        clearTimeout(timeout)
+        resolve()
+      })
     })
 
-    await new Promise(resolve => setTimeout(resolve, 1000))
     proc.kill('SIGTERM')
 
     expect(started).toBe(true)

cli/src/__tests__/e2e-cli.test.ts

@@ -0,0 +1,164 @@
+import { describe, test, expect, mock } from 'bun:test'
+
+import {
+  generateLoginUrl,
+  pollLoginStatus,
+  type LoginUrlResponse,
+} from '../../login/login-flow'
+
+import type { Logger } from '@codebuff/common/types/contracts/logger'
+
+const createLogger = (): Logger & Record<string, ReturnType<typeof mock>> => ({
+  info: mock(() => {}),
+  error: mock(() => {}),
+  warn: mock(() => {}),
+  debug: mock(() => {}),
+})
+
+describe('First-Time Login Flow (helpers)', () => {
+  test('generateLoginUrl posts fingerprint id and returns payload', async () => {
+    const logger = createLogger()
+    const responsePayload: LoginUrlResponse = {
+      loginUrl: 'https://cli.test/login?code=abc123',
+      fingerprintHash: 'hash-123',
+      expiresAt: '2025-12-31T23:59:59Z',
+    }
+
+    const fetchMock = mock(async (input: RequestInfo, init?: RequestInit) => {
+      expect(typeof input).toBe('string')
+      expect(String(input)).toBe('https://cli.test/api/auth/cli/code')
+      expect(init?.method).toBe('POST')
+      expect(init?.headers).toEqual({ 'Content-Type': 'application/json' })
+      expect(init?.body).toBe(JSON.stringify({ fingerprintId: 'finger-001' }))
+      return new Response(JSON.stringify(responsePayload), { status: 200 })
+    })
+
+    const result = await generateLoginUrl(
+      { fetch: fetchMock as any, logger },
+      { baseUrl: 'https://cli.test', fingerprintId: 'finger-001' },
+    )
+
+    expect(result).toEqual(responsePayload)
+    expect(fetchMock.mock.calls.length).toBe(1)
+  })
+
+  test('pollLoginStatus resolves with user after handling transient 401 responses', async () => {
+    const logger = createLogger()
+    const responses: Array<Response> = [
+      new Response(null, { status: 401 }),
+      new Response(null, { status: 401 }),
+      new Response(
+        JSON.stringify({
+          user: {
+            id: 'new-user-123',
+            name: 'New User',
+            email: 'new@codebuff.dev',
+            authToken: 'token-123',
+          },
+        }),
+        { status: 200 },
+      ),
+    ]
+    let callCount = 0
+
+    const fetchMock = mock(async (input: RequestInfo) => {
+      const url = new URL(String(input))
+      expect(url.searchParams.get('fingerprintId')).toBe('finger-abc')
+      expect(url.searchParams.get('fingerprintHash')).toBe('hash-xyz')
+      expect(url.searchParams.get('expiresAt')).toBe('2030-01-02T03:04:05Z')
+
+      const response = responses[callCount] ?? responses[responses.length - 1]
+      callCount += 1
+      return response
+    })
+
+    const result = await pollLoginStatus(
+      {
+        fetch: fetchMock as any,
+        sleep: async () => {},
+        logger,
+      },
+      {
+        baseUrl: 'https://cli.test',
+        fingerprintId: 'finger-abc',
+        fingerprintHash: 'hash-xyz',
+        expiresAt: '2030-01-02T03:04:05Z',
+      },
+    )
+
+    expect(result.status).toBe('success')
+    expect(result.attempts).toBe(3)
+    expect(result).toHaveProperty('user')
+    expect(
+      (result as { user: { id: string } }).user.id,
+    ).toBe('new-user-123')
+    expect(fetchMock.mock.calls.length).toBe(3)
+  })
+
+  test('pollLoginStatus times out when user never appears', async () => {
+    const logger = createLogger()
+    let nowTime = 0
+    const intervalMs = 5000
+    const timeoutMs = 20000
+
+    const fetchMock = mock(async () => {
+      return new Response(null, { status: 401 })
+    })
+
+    const sleep = async () => {
+      nowTime += intervalMs
+    }
+
+    const result = await pollLoginStatus(
+      {
+        fetch: fetchMock as any,
+        sleep,
+        logger,
+        now: () => nowTime,
+      },
+      {
+        baseUrl: 'https://cli.test',
+        fingerprintId: 'finger-timeout',
+        fingerprintHash: 'hash-timeout',
+        expiresAt: '2030-01-02T03:04:05Z',
+        intervalMs,
+        timeoutMs,
+      },
+    )
+
+    expect(result.status).toBe('timeout')
+    expect(fetchMock.mock.calls.length).toBeGreaterThan(0)
+  })
+
+  test('pollLoginStatus stops when caller aborts', async () => {
+    const logger = createLogger()
+    let attempts = 0
+    const fetchMock = mock(async () => {
+      attempts += 1
+      return new Response(null, { status: 401 })
+    })
+
+    let shouldContinue = true
+
+    const resultPromise = pollLoginStatus(
+      {
+        fetch: fetchMock as any,
+        sleep: async () => {
+          shouldContinue = false
+        },
+        logger,
+      },
+      {
+        baseUrl: 'https://cli.test',
+        fingerprintId: 'finger-abort',
+        fingerprintHash: 'hash-abort',
+        expiresAt: '2030-01-02T03:04:05Z',
+        shouldContinue: () => shouldContinue,
+      },
+    )
+
+    const result = await resultPromise
+    expect(result.status).toBe('aborted')
+    expect(fetchMock.mock.calls.length).toBeGreaterThan(0)
+  })
+})

cli/src/__tests__/e2e/first-time-login.test.ts

@@ -0,0 +1,97 @@
+import { describe, test, expect, beforeEach, afterEach, mock, spyOn } from 'bun:test'
+import fs from 'fs'
+import os from 'os'
+import path from 'path'
+
+import {
+  saveUserCredentials,
+  getUserCredentials,
+  logoutUser,
+  type User,
+} from '../../utils/auth'
+
+import type { Logger } from '@codebuff/common/types/contracts/logger'
+
+const ORIGINAL_USER: User = {
+  id: 'user-001',
+  name: 'CLI Tester',
+  email: 'tester@codebuff.dev',
+  authToken: 'token-original',
+  fingerprintId: 'fingerprint-original',
+  fingerprintHash: 'fingerprint-hash-original',
+}
+
+const RELOGIN_USER: User = {
+  ...ORIGINAL_USER,
+  authToken: 'token-after-relogin',
+  fingerprintId: 'fingerprint-new',
+  fingerprintHash: 'fingerprint-hash-new',
+}
+
+const createLogger = (): Logger & Record<string, ReturnType<typeof mock>> => ({
+  info: mock(() => {}),
+  error: mock(() => {}),
+  warn: mock(() => {}),
+  debug: mock(() => {}),
+})
+
+describe('Logout and Re-login helpers', () => {
+  let tempConfigDir: string
+
+  beforeEach(() => {
+    tempConfigDir = fs.mkdtempSync(path.join(os.tmpdir(), 'manicode-logout-'))
+  })
+
+  afterEach(() => {
+    if (fs.existsSync(tempConfigDir)) {
+      fs.rmSync(tempConfigDir, { recursive: true, force: true })
+    }
+    mock.restore()
+  })
+
+  const mockConfigPaths = () => {
+    const authModule = require('../../utils/auth') as typeof import('../../utils/auth')
+    spyOn(authModule, 'getConfigDir').mockReturnValue(tempConfigDir)
+    spyOn(authModule, 'getCredentialsPath').mockReturnValue(
+      path.join(tempConfigDir, 'credentials.json'),
+    )
+  }
+
+  test('logoutUser removes credentials file and returns true', async () => {
+    mockConfigPaths()
+    saveUserCredentials(ORIGINAL_USER)
+
+    const credentialsPath = path.join(tempConfigDir, 'credentials.json')
+    expect(fs.existsSync(credentialsPath)).toBe(true)
+
+    const result = await logoutUser(createLogger())
+    expect(result).toBe(true)
+    expect(fs.existsSync(credentialsPath)).toBe(false)
+  })
+
+  test('re-login can persist new credentials after logout', async () => {
+    mockConfigPaths()
+
+    saveUserCredentials(ORIGINAL_USER)
+    const firstLoaded = getUserCredentials()
+    expect(firstLoaded?.authToken).toBe('token-original')
+
+    await logoutUser(createLogger())
+    expect(getUserCredentials()).toBeNull()
+
+    saveUserCredentials(RELOGIN_USER)
+    const reloaded = getUserCredentials()
+    expect(reloaded?.authToken).toBe('token-after-relogin')
+    expect(reloaded?.fingerprintId).toBe('fingerprint-new')
+  })
+
+  test('logoutUser is idempotent when credentials are already missing', async () => {
+    mockConfigPaths()
+
+    const resultFirst = await logoutUser(createLogger())
+    expect(resultFirst).toBe(true)
+
+    const resultSecond = await logoutUser(createLogger())
+    expect(resultSecond).toBe(true)
+  })
+})