mirror of
https://github.com/badlogic/pi-mono.git
synced 2026-07-09 17:28:45 +00:00
GitHub's device flow documents slow_down as a rate limit: a poll that
arrives inside the throttle window is answered with slow_down instead of
the token, and the response's interval field reports the new required
minimum ("adds 5 seconds to the last interval"). A client that only
tracks its own +5s increment can stay behind the server's ratcheting
requirement when its timers fire early - common with WSL/VM clock drift
(microsoft/WSL#10006) - so every subsequent poll keeps hitting the rate
limit and login appears to hang forever even after the browser reports
the device as authorized.
Adopt the server-provided interval when a slow_down poll result carries
one, falling back to the RFC 8628 section 3.5 +5s increment otherwise.
GitHub Copilot passes the interval field through.
This restores part of the #1994 mitigations that were lost in the #4788
device-code refactor.
refs #6187
139 lines
4.1 KiB
TypeScript
139 lines
4.1 KiB
TypeScript
import { afterEach, describe, expect, it, vi } from "vitest";
|
|
import { pollOAuthDeviceCodeFlow } from "../src/utils/oauth/device-code.ts";
|
|
|
|
describe("OAuth device-code polling", () => {
|
|
afterEach(() => {
|
|
vi.useRealTimers();
|
|
});
|
|
|
|
it("polls immediately and returns the completed value", async () => {
|
|
vi.useFakeTimers();
|
|
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
|
|
|
|
const pollTimes: number[] = [];
|
|
const poll = vi.fn(async () => {
|
|
pollTimes.push(Date.now());
|
|
return pollTimes.length === 1
|
|
? { status: "pending" as const }
|
|
: { status: "complete" as const, value: "token" };
|
|
});
|
|
|
|
const resultPromise = pollOAuthDeviceCodeFlow({
|
|
intervalSeconds: 2,
|
|
expiresInSeconds: 30,
|
|
poll,
|
|
});
|
|
|
|
await vi.advanceTimersByTimeAsync(0);
|
|
expect(pollTimes).toEqual([new Date("2026-03-09T00:00:00Z").getTime()]);
|
|
|
|
await vi.advanceTimersByTimeAsync(1999);
|
|
expect(pollTimes).toEqual([new Date("2026-03-09T00:00:00Z").getTime()]);
|
|
|
|
await vi.advanceTimersByTimeAsync(1);
|
|
await expect(resultPromise).resolves.toBe("token");
|
|
expect(pollTimes).toEqual([
|
|
new Date("2026-03-09T00:00:00Z").getTime(),
|
|
new Date("2026-03-09T00:00:02Z").getTime(),
|
|
]);
|
|
});
|
|
|
|
it("can wait before the first poll", async () => {
|
|
vi.useFakeTimers();
|
|
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
|
|
|
|
const pollTimes: number[] = [];
|
|
const resultPromise = pollOAuthDeviceCodeFlow({
|
|
intervalSeconds: 2,
|
|
expiresInSeconds: 30,
|
|
waitBeforeFirstPoll: true,
|
|
poll: async () => {
|
|
pollTimes.push(Date.now());
|
|
return { status: "complete" as const, value: "token" };
|
|
},
|
|
});
|
|
|
|
await vi.advanceTimersByTimeAsync(1999);
|
|
expect(pollTimes).toEqual([]);
|
|
|
|
await vi.advanceTimersByTimeAsync(1);
|
|
await expect(resultPromise).resolves.toBe("token");
|
|
expect(pollTimes).toEqual([new Date("2026-03-09T00:00:02Z").getTime()]);
|
|
});
|
|
|
|
it("increases the interval by 5 seconds after slow_down without a server interval", async () => {
|
|
vi.useFakeTimers();
|
|
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
|
|
const startTime = Date.now();
|
|
|
|
const pollTimes: number[] = [];
|
|
const results = [{ status: "slow_down" as const }, { status: "complete" as const, value: "token" }];
|
|
const resultPromise = pollOAuthDeviceCodeFlow({
|
|
intervalSeconds: 2,
|
|
expiresInSeconds: 900,
|
|
poll: async () => {
|
|
pollTimes.push(Date.now());
|
|
const result = results.shift();
|
|
if (!result) throw new Error("Unexpected extra poll");
|
|
return result;
|
|
},
|
|
});
|
|
|
|
await vi.advanceTimersByTimeAsync(0);
|
|
expect(pollTimes).toEqual([startTime]);
|
|
|
|
await vi.advanceTimersByTimeAsync(6999);
|
|
expect(pollTimes).toEqual([startTime]);
|
|
|
|
await vi.advanceTimersByTimeAsync(1);
|
|
await expect(resultPromise).resolves.toBe("token");
|
|
expect(pollTimes).toEqual([startTime, startTime + 7000]);
|
|
});
|
|
|
|
it("honors a server-provided slow_down interval", async () => {
|
|
vi.useFakeTimers();
|
|
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
|
|
const startTime = Date.now();
|
|
|
|
const pollTimes: number[] = [];
|
|
const results = [
|
|
{ status: "slow_down" as const, intervalSeconds: 30 },
|
|
{ status: "complete" as const, value: "token" },
|
|
];
|
|
const resultPromise = pollOAuthDeviceCodeFlow({
|
|
intervalSeconds: 2,
|
|
expiresInSeconds: 900,
|
|
poll: async () => {
|
|
pollTimes.push(Date.now());
|
|
const result = results.shift();
|
|
if (!result) throw new Error("Unexpected extra poll");
|
|
return result;
|
|
},
|
|
});
|
|
|
|
await vi.advanceTimersByTimeAsync(0);
|
|
expect(pollTimes).toEqual([startTime]);
|
|
|
|
await vi.advanceTimersByTimeAsync(29999);
|
|
expect(pollTimes).toEqual([startTime]);
|
|
|
|
await vi.advanceTimersByTimeAsync(1);
|
|
await expect(resultPromise).resolves.toBe("token");
|
|
expect(pollTimes).toEqual([startTime, startTime + 30000]);
|
|
});
|
|
|
|
it("cancels an in-flight wait", async () => {
|
|
vi.useFakeTimers();
|
|
const controller = new AbortController();
|
|
|
|
const resultPromise = pollOAuthDeviceCodeFlow({
|
|
intervalSeconds: 5,
|
|
expiresInSeconds: 30,
|
|
poll: async () => ({ status: "pending" }),
|
|
signal: controller.signal,
|
|
});
|
|
|
|
controller.abort();
|
|
await expect(resultPromise).rejects.toThrow("Login cancelled");
|
|
});
|
|
});
|