pi-mono/packages/ai/test/oauth-device-code.test.ts
Vegard Stikbakke 8133c94db9 fix(ai): honor server-provided slow_down interval in device-code polling
GitHub's device flow documents slow_down as a rate limit: a poll that
arrives inside the throttle window is answered with slow_down instead of
the token, and the response's interval field reports the new required
minimum ("adds 5 seconds to the last interval"). A client that only
tracks its own +5s increment can stay behind the server's ratcheting
requirement when its timers fire early - common with WSL/VM clock drift
(microsoft/WSL#10006) - so every subsequent poll keeps hitting the rate
limit and login appears to hang forever even after the browser reports
the device as authorized.

Adopt the server-provided interval when a slow_down poll result carries
one, falling back to the RFC 8628 section 3.5 +5s increment otherwise.
GitHub Copilot passes the interval field through.

This restores part of the #1994 mitigations that were lost in the #4788
device-code refactor.

refs #6187
2026-07-03 22:26:12 +02:00

139 lines
4.1 KiB
TypeScript

import { afterEach, describe, expect, it, vi } from "vitest";
import { pollOAuthDeviceCodeFlow } from "../src/utils/oauth/device-code.ts";
describe("OAuth device-code polling", () => {
afterEach(() => {
vi.useRealTimers();
});
it("polls immediately and returns the completed value", async () => {
vi.useFakeTimers();
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
const pollTimes: number[] = [];
const poll = vi.fn(async () => {
pollTimes.push(Date.now());
return pollTimes.length === 1
? { status: "pending" as const }
: { status: "complete" as const, value: "token" };
});
const resultPromise = pollOAuthDeviceCodeFlow({
intervalSeconds: 2,
expiresInSeconds: 30,
poll,
});
await vi.advanceTimersByTimeAsync(0);
expect(pollTimes).toEqual([new Date("2026-03-09T00:00:00Z").getTime()]);
await vi.advanceTimersByTimeAsync(1999);
expect(pollTimes).toEqual([new Date("2026-03-09T00:00:00Z").getTime()]);
await vi.advanceTimersByTimeAsync(1);
await expect(resultPromise).resolves.toBe("token");
expect(pollTimes).toEqual([
new Date("2026-03-09T00:00:00Z").getTime(),
new Date("2026-03-09T00:00:02Z").getTime(),
]);
});
it("can wait before the first poll", async () => {
vi.useFakeTimers();
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
const pollTimes: number[] = [];
const resultPromise = pollOAuthDeviceCodeFlow({
intervalSeconds: 2,
expiresInSeconds: 30,
waitBeforeFirstPoll: true,
poll: async () => {
pollTimes.push(Date.now());
return { status: "complete" as const, value: "token" };
},
});
await vi.advanceTimersByTimeAsync(1999);
expect(pollTimes).toEqual([]);
await vi.advanceTimersByTimeAsync(1);
await expect(resultPromise).resolves.toBe("token");
expect(pollTimes).toEqual([new Date("2026-03-09T00:00:02Z").getTime()]);
});
it("increases the interval by 5 seconds after slow_down without a server interval", async () => {
vi.useFakeTimers();
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
const startTime = Date.now();
const pollTimes: number[] = [];
const results = [{ status: "slow_down" as const }, { status: "complete" as const, value: "token" }];
const resultPromise = pollOAuthDeviceCodeFlow({
intervalSeconds: 2,
expiresInSeconds: 900,
poll: async () => {
pollTimes.push(Date.now());
const result = results.shift();
if (!result) throw new Error("Unexpected extra poll");
return result;
},
});
await vi.advanceTimersByTimeAsync(0);
expect(pollTimes).toEqual([startTime]);
await vi.advanceTimersByTimeAsync(6999);
expect(pollTimes).toEqual([startTime]);
await vi.advanceTimersByTimeAsync(1);
await expect(resultPromise).resolves.toBe("token");
expect(pollTimes).toEqual([startTime, startTime + 7000]);
});
it("honors a server-provided slow_down interval", async () => {
vi.useFakeTimers();
vi.setSystemTime(new Date("2026-03-09T00:00:00Z"));
const startTime = Date.now();
const pollTimes: number[] = [];
const results = [
{ status: "slow_down" as const, intervalSeconds: 30 },
{ status: "complete" as const, value: "token" },
];
const resultPromise = pollOAuthDeviceCodeFlow({
intervalSeconds: 2,
expiresInSeconds: 900,
poll: async () => {
pollTimes.push(Date.now());
const result = results.shift();
if (!result) throw new Error("Unexpected extra poll");
return result;
},
});
await vi.advanceTimersByTimeAsync(0);
expect(pollTimes).toEqual([startTime]);
await vi.advanceTimersByTimeAsync(29999);
expect(pollTimes).toEqual([startTime]);
await vi.advanceTimersByTimeAsync(1);
await expect(resultPromise).resolves.toBe("token");
expect(pollTimes).toEqual([startTime, startTime + 30000]);
});
it("cancels an in-flight wait", async () => {
vi.useFakeTimers();
const controller = new AbortController();
const resultPromise = pollOAuthDeviceCodeFlow({
intervalSeconds: 5,
expiresInSeconds: 30,
poll: async () => ({ status: "pending" }),
signal: controller.signal,
});
controller.abort();
await expect(resultPromise).rejects.toThrow("Login cancelled");
});
});