146 lines
6.0 KiB
Swift
146 lines
6.0 KiB
Swift
import CodexBarCore
|
|
import Foundation
|
|
import Testing
|
|
@testable import CodexBar
|
|
|
|
@MainActor
|
|
extension CodexAccountScopedRefreshTests {
|
|
@Test
|
|
func `shared workspace rejects stale member results without fingerprints`() {
|
|
self.assertSharedWorkspaceMemberSwitchRejectsStaleResults(
|
|
suite: "CodexAccountScopedRefreshTests-shared-workspace-nil-fingerprint",
|
|
authFingerprint: nil)
|
|
}
|
|
|
|
@Test
|
|
func `shared workspace rejects stale member results with stable fingerprints`() {
|
|
self.assertSharedWorkspaceMemberSwitchRejectsStaleResults(
|
|
suite: "CodexAccountScopedRefreshTests-shared-workspace-stable-fingerprint",
|
|
authFingerprint: "stable-auth")
|
|
}
|
|
|
|
@Test
|
|
func `provider identity without email fails every scoped guard closed`() {
|
|
let settings = self.makeSettingsStore(
|
|
suite: "CodexAccountScopedRefreshTests-provider-identity-missing-email")
|
|
settings.refreshFrequency = .manual
|
|
settings._test_liveSystemCodexAccount = self.providerAccount(
|
|
email: " ",
|
|
authFingerprint: nil,
|
|
workspaceLabel: "Workspace")
|
|
|
|
let store = self.makeUsageStore(settings: settings)
|
|
let expectedGuard = CodexAccountScopedRefreshGuard(
|
|
source: .liveSystem,
|
|
identity: .providerAccount(id: "shared-workspace"),
|
|
accountKey: nil,
|
|
authFingerprint: nil)
|
|
|
|
self.expectEveryScopedGuardRejects(
|
|
store: store,
|
|
expectedGuard: expectedGuard,
|
|
staleEmail: nil)
|
|
#expect(!UsageStore.codexScopedRefreshGuardsMatchAccount(expectedGuard, expectedGuard))
|
|
}
|
|
|
|
@Test
|
|
func `same member auth rotation keeps success admission policy`() {
|
|
let settings = self.makeSettingsStore(
|
|
suite: "CodexAccountScopedRefreshTests-same-member-auth-rotation")
|
|
settings.refreshFrequency = .manual
|
|
settings._test_liveSystemCodexAccount = self.providerAccount(
|
|
email: "Member@Example.com",
|
|
authFingerprint: "old-auth",
|
|
workspaceLabel: "Old label")
|
|
|
|
let store = self.makeUsageStore(settings: settings)
|
|
let expectedGuard = store.freshCodexAccountScopedRefreshGuard()
|
|
|
|
settings._test_liveSystemCodexAccount = self.providerAccount(
|
|
email: " member@example.com ",
|
|
authFingerprint: "new-auth",
|
|
workspaceLabel: "New label")
|
|
|
|
let usage = self.codexSnapshot(email: "member@example.com", usedPercent: 25)
|
|
#expect(store.shouldApplyCodexUsageResult(expectedGuard: expectedGuard, usage: usage))
|
|
#expect(store.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard))
|
|
#expect(store.shouldApplyOpenAIDashboardRefreshGuard(
|
|
expectedGuard: expectedGuard,
|
|
routingTargetEmail: "member@example.com"))
|
|
#expect(store.shouldApplyOpenAIDashboardPolicyResult(
|
|
expectedGuard: expectedGuard,
|
|
routingTargetEmail: "member@example.com"))
|
|
#expect(!store.shouldApplyCodexScopedFailure(expectedGuard: expectedGuard))
|
|
#expect(!store.shouldApplyCodexScopedNonUsageFailure(expectedGuard: expectedGuard))
|
|
#expect(!store.shouldApplyOpenAIWebNonSuccessResult(
|
|
expectedGuard: expectedGuard,
|
|
routingTargetEmail: "member@example.com"))
|
|
}
|
|
|
|
private func assertSharedWorkspaceMemberSwitchRejectsStaleResults(
|
|
suite: String,
|
|
authFingerprint: String?)
|
|
{
|
|
let settings = self.makeSettingsStore(suite: suite)
|
|
settings.refreshFrequency = .manual
|
|
settings._test_liveSystemCodexAccount = self.providerAccount(
|
|
email: "alpha@example.com",
|
|
authFingerprint: authFingerprint,
|
|
workspaceLabel: "Alpha")
|
|
|
|
let store = self.makeUsageStore(settings: settings)
|
|
let expectedGuard = store.freshCodexAccountScopedRefreshGuard()
|
|
#expect(expectedGuard.identity == .providerAccount(id: "shared-workspace"))
|
|
#expect(expectedGuard.accountKey == "alpha@example.com")
|
|
|
|
settings._test_liveSystemCodexAccount = self.providerAccount(
|
|
email: "beta@example.com",
|
|
authFingerprint: authFingerprint,
|
|
workspaceLabel: "Beta")
|
|
|
|
self.expectEveryScopedGuardRejects(
|
|
store: store,
|
|
expectedGuard: expectedGuard,
|
|
staleEmail: "alpha@example.com")
|
|
#expect(!UsageStore.codexScopedRefreshGuardsMatchAccount(
|
|
expectedGuard,
|
|
store.freshCodexAccountScopedRefreshGuard()))
|
|
}
|
|
|
|
private func expectEveryScopedGuardRejects(
|
|
store: UsageStore,
|
|
expectedGuard: CodexAccountScopedRefreshGuard,
|
|
staleEmail: String?)
|
|
{
|
|
let usage = self.codexSnapshot(email: staleEmail ?? "", usedPercent: 25)
|
|
#expect(!store.shouldApplyCodexUsageResult(expectedGuard: expectedGuard, usage: usage))
|
|
#expect(!store.shouldApplyCodexScopedFailure(expectedGuard: expectedGuard))
|
|
#expect(!store.shouldApplyCodexScopedNonUsageResult(expectedGuard: expectedGuard))
|
|
#expect(!store.shouldApplyCodexScopedNonUsageFailure(expectedGuard: expectedGuard))
|
|
#expect(!store.shouldApplyOpenAIDashboardRefreshGuard(
|
|
expectedGuard: expectedGuard,
|
|
routingTargetEmail: staleEmail))
|
|
#expect(!store.shouldApplyOpenAIWebNonSuccessResult(
|
|
expectedGuard: expectedGuard,
|
|
routingTargetEmail: staleEmail))
|
|
#expect(!store.shouldApplyOpenAIDashboardPolicyResult(
|
|
expectedGuard: expectedGuard,
|
|
routingTargetEmail: staleEmail))
|
|
}
|
|
|
|
private func providerAccount(
|
|
email: String,
|
|
authFingerprint: String?,
|
|
workspaceLabel: String) -> ObservedSystemCodexAccount
|
|
{
|
|
ObservedSystemCodexAccount(
|
|
email: email,
|
|
workspaceLabel: workspaceLabel,
|
|
workspaceAccountID: "shared-workspace",
|
|
authFingerprint: authFingerprint,
|
|
codexHomePath: "/Users/test/.codex",
|
|
observedAt: Date(),
|
|
identity: .providerAccount(id: "shared-workspace"))
|
|
}
|
|
}
|