fix(core): restore auth consent in headless mode and add unit tests

ehedlund · ehedlund · commit 8d65d08f3c67 · 2026-02-20T14:29:11.000-05:00
diff --git a/packages/core/src/utils/authConsent.test.ts b/packages/core/src/utils/authConsent.test.ts
@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { describe, it, expect, vi } from 'vitest';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
 import type { Mock } from 'vitest';
 import readline from 'node:readline';
 import process from 'node:process';
@@ -27,73 +27,116 @@ vi.mock('./stdio.js', () => ({
 }));
 
 describe('getConsentForOauth', () => {
-  it('should use coreEvents when listeners are present', async () => {
+  beforeEach(() => {
     vi.restoreAllMocks();
-    const mockEmitConsentRequest = vi.spyOn(coreEvents, 'emitConsentRequest');
-    const mockListenerCount = vi
-      .spyOn(coreEvents, 'listenerCount')
-      .mockReturnValue(1);
+  });
 
-    mockEmitConsentRequest.mockImplementation((payload) => {
-      payload.onConfirm(true);
+  describe('in interactive mode', () => {
+    beforeEach(() => {
+      (isHeadlessMode as Mock).mockReturnValue(false);
     });
 
-    const result = await getConsentForOauth('Login required.');
+    it('should emit consent request when UI listeners are present', async () => {
+      const mockEmitConsentRequest = vi.spyOn(coreEvents, 'emitConsentRequest');
+      vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(1);
 
-    expect(result).toBe(true);
-    expect(mockEmitConsentRequest).toHaveBeenCalledWith(
-      expect.objectContaining({
-        prompt: expect.stringContaining(
-          'Login required. Opening authentication page in your browser.',
-        ),
-      }),
-    );
+      mockEmitConsentRequest.mockImplementation((payload) => {
+        payload.onConfirm(true);
+      });
 
-    mockListenerCount.mockRestore();
-    mockEmitConsentRequest.mockRestore();
-  });
+      const result = await getConsentForOauth('Login required.');
 
-  it('should use readline when no listeners are present and not headless', async () => {
-    vi.restoreAllMocks();
-    const mockListenerCount = vi
-      .spyOn(coreEvents, 'listenerCount')
-      .mockReturnValue(0);
-    (isHeadlessMode as Mock).mockReturnValue(false);
-
-    const mockReadline = {
-      on: vi.fn((event, callback) => {
-        if (event === 'line') {
-          callback('y');
-        }
-      }),
-      close: vi.fn(),
-    };
-    (readline.createInterface as Mock).mockReturnValue(mockReadline);
-
-    const result = await getConsentForOauth('Login required.');
-
-    expect(result).toBe(true);
-    expect(readline.createInterface).toHaveBeenCalled();
-    expect(writeToStdout).toHaveBeenCalledWith(
-      expect.stringContaining(
-        'Login required. Opening authentication page in your browser.',
-      ),
-    );
-
-    mockListenerCount.mockRestore();
+      expect(result).toBe(true);
+      expect(mockEmitConsentRequest).toHaveBeenCalledWith(
+        expect.objectContaining({
+          prompt: expect.stringContaining(
+            'Login required. Opening authentication page in your browser.',
+          ),
+        }),
+      );
+    });
+
+    it('should return false when user declines via UI', async () => {
+      const mockEmitConsentRequest = vi.spyOn(coreEvents, 'emitConsentRequest');
+      vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(1);
+
+      mockEmitConsentRequest.mockImplementation((payload) => {
+        payload.onConfirm(false);
+      });
+
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(false);
+    });
+
+    it('should throw FatalAuthenticationError when no UI listeners are present', async () => {
+      vi.spyOn(coreEvents, 'listenerCount').mockReturnValue(0);
+
+      await expect(getConsentForOauth('Login required.')).rejects.toThrow(
+        FatalAuthenticationError,
+      );
+    });
   });
 
-  it('should throw FatalAuthenticationError when no listeners and headless', async () => {
-    vi.restoreAllMocks();
-    const mockListenerCount = vi
-      .spyOn(coreEvents, 'listenerCount')
-      .mockReturnValue(0);
-    (isHeadlessMode as Mock).mockReturnValue(true);
+  describe('in non-interactive mode', () => {
+    beforeEach(() => {
+      (isHeadlessMode as Mock).mockReturnValue(true);
+    });
+
+    it('should use readline to prompt for consent', async () => {
+      const mockReadline = {
+        on: vi.fn((event, callback) => {
+          if (event === 'line') {
+            callback('y');
+          }
+        }),
+        close: vi.fn(),
+      };
+      (readline.createInterface as Mock).mockReturnValue(mockReadline);
+
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(true);
+      expect(readline.createInterface).toHaveBeenCalledWith(
+        expect.objectContaining({
+          terminal: true,
+        }),
+      );
+      expect(writeToStdout).toHaveBeenCalledWith(
+        expect.stringContaining('Login required.'),
+      );
+    });
 
-    await expect(getConsentForOauth('Login required.')).rejects.toThrow(
-      FatalAuthenticationError,
-    );
+    it('should accept empty response as "yes"', async () => {
+      const mockReadline = {
+        on: vi.fn((event, callback) => {
+          if (event === 'line') {
+            callback('');
+          }
+        }),
+        close: vi.fn(),
+      };
+      (readline.createInterface as Mock).mockReturnValue(mockReadline);
 
-    mockListenerCount.mockRestore();
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(true);
+    });
+
+    it('should return false when user declines via readline', async () => {
+      const mockReadline = {
+        on: vi.fn((event, callback) => {
+          if (event === 'line') {
+            callback('n');
+          }
+        }),
+        close: vi.fn(),
+      };
+      (readline.createInterface as Mock).mockReturnValue(mockReadline);
+
+      const result = await getConsentForOauth('Login required.');
+
+      expect(result).toBe(false);
+    });
   });
 });
diff --git a/packages/core/src/utils/authConsent.ts b/packages/core/src/utils/authConsent.ts
@@ -12,22 +12,21 @@ import { isHeadlessMode } from './headless.js';
 
 /**
  * Requests consent from the user for OAuth login.
- * Handles both TTY and non-TTY environments.
+ * Handles both interactive and non-interactive (headless) modes.
  */
 export async function getConsentForOauth(prompt: string): Promise<boolean> {
   const finalPrompt = prompt + ' Opening authentication page in your browser. ';
 
-  if (coreEvents.listenerCount(CoreEvent.ConsentRequest) === 0) {
-    if (isHeadlessMode()) {
-      throw new FatalAuthenticationError(
-        'Interactive consent could not be obtained.\n' +
-          'Please run Gemini CLI in an interactive terminal to authenticate, or use NO_BROWSER=true for manual authentication.',
-      );
-    }
+  if (isHeadlessMode()) {
     return getOauthConsentNonInteractive(finalPrompt);
+  } else if (coreEvents.listenerCount(CoreEvent.ConsentRequest) > 0) {
+    return getOauthConsentInteractive(finalPrompt);
   }
-
-  return getOauthConsentInteractive(finalPrompt);
+  throw new FatalAuthenticationError(
+    'Authentication consent could not be obtained.\n' +
+      'Please run Gemini CLI in an interactive terminal to authenticate, ' +
+      'or use NO_BROWSER=true for manual authentication.',
+  );
 }
 
 async function getOauthConsentNonInteractive(prompt: string) {
