feat(ext/sw): get_vault_settings + update_vault_settings popup-only messages

2026-04-24 18:56:17 -04:00
parent b52e49a51e
commit e47945d86a
3 changed files with 104 additions and 2 deletions
--- a/extension/src/service-worker/router/tests/router.test.ts
+++ b/extension/src/service-worker/router/tests/router.test.ts
@@ -654,3 +654,81 @@ describe('get_totp handler covers both Login.totp and Totp.config', () => {
    expect(res).toEqual({ ok: false, error: 'no_totp' });
  });
 });
+
+// --- get_vault_settings / update_vault_settings (β₂ Slice 3) ---
+
+describe('get_vault_settings / update_vault_settings', () => {
+  function primeUnlocked(state: RouterState): void {
+    vi.mocked(session.getCurrent).mockReturnValue({ free: () => {} } as never);
+    state.gitHost = {} as never;
+  }
+
+  beforeEach(() => {
+    vi.mocked(session.getCurrent).mockReset();
+    vi.mocked(vault.fetchAndDecryptSettings).mockReset();
+    vi.mocked(vault.encryptAndWriteSettings).mockReset();
+  });
+
+  it('get_vault_settings accepted from popup; returns VaultSettings', async () => {
+    const state = makeState();
+    primeUnlocked(state);
+    const mockSettings = {
+      trash_retention: { kind: 'days', value: 30 },
+      field_history_retention: { kind: 'forever' },
+      generator_defaults: {
+        kind: 'random', length: 20,
+        classes: { lower: true, upper: true, digits: true, symbols: true },
+        symbol_charset: { kind: 'safe_only' },
+      },
+      attachment_caps: {},
+      autofill_origin_acks: { 'github.com': 1000 },
+    };
+    vi.mocked(vault.fetchAndDecryptSettings).mockResolvedValueOnce(mockSettings as never);
+    const res = await route({ type: 'get_vault_settings' }, state, makePopupSender());
+    expect(res).toMatchObject({ ok: true });
+    if (res.ok) {
+      const d = res.data as { settings: typeof mockSettings };
+      expect(d.settings).toEqual(mockSettings);
+    }
+  });
+
+  it('get_vault_settings rejected from content', async () => {
+    const state = makeState();
+    const res = await route({ type: 'get_vault_settings' }, state, makeContentSender());
+    expect(res).toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+
+  it('update_vault_settings accepted from popup; calls encryptAndWriteSettings', async () => {
+    const state = makeState();
+    primeUnlocked(state);
+    vi.mocked(vault.encryptAndWriteSettings).mockResolvedValueOnce(undefined);
+    const newSettings = {
+      trash_retention: { kind: 'forever' },
+      field_history_retention: { kind: 'last_n', value: 5 },
+      generator_defaults: {
+        kind: 'bip39', word_count: 6, separator: '-', capitalization: 'lower',
+      },
+      attachment_caps: {},
+      autofill_origin_acks: {},
+    };
+    const res = await route(
+      { type: 'update_vault_settings', settings: newSettings as never },
+      state,
+      makePopupSender(),
+    );
+    expect(res).toMatchObject({ ok: true });
+    expect(vault.encryptAndWriteSettings).toHaveBeenCalledWith(
+      expect.anything(), expect.anything(), newSettings, expect.any(String),
+    );
+  });
+
+  it('update_vault_settings rejected from setup tab (not in SETUP_ALLOWED)', async () => {
+    const state = makeState();
+    const res = await route(
+      { type: 'update_vault_settings', settings: {} as never },
+      state,
+      makeSetupSender(),
+    );
+    expect(res).toEqual({ ok: false, error: 'unauthorized_sender' });
+  });
+});