Files
triggerdotdev--trigger.dev/apps/webapp/test/slackOAuthResultLog.test.ts
T
2026-07-13 13:32:57 +08:00

35 lines
1.2 KiB
TypeScript

import { describe, expect, it } from "vitest";
import { slackAccessResultLogFields } from "../app/models/slackOAuthResultLog.js";
const result = {
ok: true,
access_token: "xoxb-BOT-SECRET",
refresh_token: "xoxe-REFRESH-SECRET",
scope: "chat:write,channels:read",
team: { id: "T123" },
authed_user: { id: "U1", access_token: "xoxp-USER-SECRET" },
};
// Logged right after the Slack OAuth exchange — must never carry the tokens.
describe("slackAccessResultLogFields", () => {
it("emits only non-secret diagnostics, never the tokens", () => {
const fields = slackAccessResultLogFields(result);
const serialized = JSON.stringify(fields);
for (const token of ["xoxb-BOT-SECRET", "xoxp-USER-SECRET", "xoxe-REFRESH-SECRET"]) {
expect(serialized).not.toContain(token);
}
expect(fields).toEqual({
teamId: "T123",
scope: "chat:write,channels:read",
hasUserToken: true,
hasRefreshToken: true,
});
});
it("reports false when user/refresh tokens are absent", () => {
const fields = slackAccessResultLogFields({ team: { id: "T9" }, scope: "chat:write" });
expect(fields.hasUserToken).toBe(false);
expect(fields.hasRefreshToken).toBe(false);
});
});