bretton.dev / coves-mobile
Main coves client
fork atom

feat: add CovesAuthService for backend-delegated OAuth

New authentication service that delegates OAuth complexity to the Coves
backend. Instead of managing DPoP keys, PKCE, and token exchange client-side,
the backend handles everything and returns sealed tokens.

Key features:
- Browser-based OAuth via flutter_web_auth_2
- Secure token storage per environment (prevents cross-env token reuse)
- Mutex pattern for concurrent token refresh handling
- Handle/DID validation with Bluesky profile URL extraction
- Singleton pattern with test instance creation

The backend's /oauth/mobile/login endpoint handles:
- Handle → DID resolution
- PDS discovery
- PKCE/DPoP key generation
- Token exchange and sealing (AES-256-GCM)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

bretton.dev 7ba3c240 938fa745

options
unified split
Changed files
+3687
lib
services
coves_auth_service.dart
test
services
coves_auth_service_environment_test.dart
coves_auth_service_redaction_test.dart
coves_auth_service_singleton_test.dart
coves_auth_service_test.dart
coves_auth_service_test.mocks.dart
coves_auth_service_validation_test.dart
+549
lib/services/coves_auth_service.dart 
···

       

       
1

       
+

       
import 'dart:async';


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import 'package:dio/dio.dart';


     

       

       
4

       
+

       
import 'package:flutter/foundation.dart';


     

       

       
5

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart';


     

       

       
6

       
+

       
import 'package:flutter_web_auth_2/flutter_web_auth_2.dart';


     

       

       
7

       
+

       



     

       

       
8

       
+

       
import '../config/environment_config.dart';


     

       

       
9

       
+

       
import '../config/oauth_config.dart';


     

       

       
10

       
+

       
import '../models/coves_session.dart';


     

       

       
11

       
+

       



     

       

       
12

       
+

       
/// Coves Authentication Service


     

       

       
13

       
+

       
///


     

       

       
14

       
+

       
/// Simplified OAuth service that uses the Coves backend's mobile OAuth flow.


     

       

       
15

       
+

       
/// The backend handles all the complexity:


     

       

       
16

       
+

       
/// - PKCE generation


     

       

       
17

       
+

       
/// - DPoP key management


     

       

       
18

       
+

       
/// - Token exchange with PDS


     

       

       
19

       
+

       
/// - Token sealing (AES-256-GCM encryption)


     

       

       
20

       
+

       
/// - CSRF protection


     

       

       
21

       
+

       
///


     

       

       
22

       
+

       
/// This client just needs to:


     

       

       
23

       
+

       
/// 1. Open browser to backend's /oauth/mobile/login


     

       

       
24

       
+

       
/// 2. Receive sealed token via Universal Link / custom scheme


     

       

       
25

       
+

       
/// 3. Store and use the sealed token


     

       

       
26

       
+

       
/// 4. Call /oauth/refresh when needed


     

       

       
27

       
+

       
/// 5. Call /oauth/logout to sign out


     

       

       
28

       
+

       
class CovesAuthService {


     

       

       
29

       
+

       
  factory CovesAuthService({


     

       

       
30

       
+

       
    Dio? dio,


     

       

       
31

       
+

       
    FlutterSecureStorage? storage,


     

       

       
32

       
+

       
  }) {


     

       

       
33

       
+

       
    _instance ??= CovesAuthService._internal(dio: dio, storage: storage);


     

       

       
34

       
+

       
    return _instance!;


     

       

       
35

       
+

       
  }


     

       

       
36

       
+

       



     

       

       
37

       
+

       
  CovesAuthService._internal({


     

       

       
38

       
+

       
    Dio? dio,


     

       

       
39

       
+

       
    FlutterSecureStorage? storage,


     

       

       
40

       
+

       
  }) : _storage = storage ??


     

       

       
41

       
+

       
            const FlutterSecureStorage(


     

       

       
42

       
+

       
              aOptions: AndroidOptions(encryptedSharedPreferences: true),


     

       

       
43

       
+

       
              iOptions: IOSOptions(


     

       

       
44

       
+

       
                accessibility: KeychainAccessibility.first_unlock,


     

       

       
45

       
+

       
              ),


     

       

       
46

       
+

       
            ) {


     

       

       
47

       
+

       
    // Initialize Dio if provided, otherwise it will be initialized in initialize()


     

       

       
48

       
+

       
    if (dio != null) {


     

       

       
49

       
+

       
      _dio = dio;


     

       

       
50

       
+

       
    }


     

       

       
51

       
+

       
  }


     

       

       
52

       
+

       



     

       

       
53

       
+

       
  static CovesAuthService? _instance;


     

       

       
54

       
+

       



     

       

       
55

       
+

       
  /// Reset the singleton instance (for testing only)


     

       

       
56

       
+

       
  @visibleForTesting


     

       

       
57

       
+

       
  static void resetInstance() {


     

       

       
58

       
+

       
    _instance = null;


     

       

       
59

       
+

       
  }


     

       

       
60

       
+

       



     

       

       
61

       
+

       
  /// Create a new instance for testing with injected dependencies


     

       

       
62

       
+

       
  @visibleForTesting


     

       

       
63

       
+

       
  static CovesAuthService createTestInstance({


     

       

       
64

       
+

       
    required Dio dio,


     

       

       
65

       
+

       
    required FlutterSecureStorage storage,


     

       

       
66

       
+

       
  }) {


     

       

       
67

       
+

       
    return CovesAuthService._internal(dio: dio, storage: storage);


     

       

       
68

       
+

       
  }


     

       

       
69

       
+

       



     

       

       
70

       
+

       
  // Secure storage for session data


     

       

       
71

       
+

       
  final FlutterSecureStorage _storage;


     

       

       
72

       
+

       



     

       

       
73

       
+

       
  // Storage key is namespaced per environment to prevent token reuse across dev/prod


     

       

       
74

       
+

       
  // This ensures switching between builds doesn't send prod tokens to dev servers


     

       

       
75

       
+

       
  String get _storageKey =>


     

       

       
76

       
+

       
      'coves_session_${EnvironmentConfig.current.environment.name}';


     

       

       
77

       
+

       



     

       

       
78

       
+

       
  // HTTP client for API calls


     

       

       
79

       
+

       
  late final Dio _dio;


     

       

       
80

       
+

       



     

       

       
81

       
+

       
  // Current session (cached in memory)


     

       

       
82

       
+

       
  CovesSession? _session;


     

       

       
83

       
+

       



     

       

       
84

       
+

       
  // Completer to track in-flight token refresh operations


     

       

       
85

       
+

       
  // Ensures only one refresh happens at a time, even with concurrent calls


     

       

       
86

       
+

       
  Completer<CovesSession>? _refreshCompleter;


     

       

       
87

       
+

       



     

       

       
88

       
+

       
  /// Get the current session (if any)


     

       

       
89

       
+

       
  CovesSession? get session => _session;


     

       

       
90

       
+

       



     

       

       
91

       
+

       
  /// Check if user is authenticated


     

       

       
92

       
+

       
  bool get isAuthenticated => _session != null;


     

       

       
93

       
+

       



     

       

       
94

       
+

       
  /// Initialize the auth service


     

       

       
95

       
+

       
  Future<void> initialize() async {


     

       

       
96

       
+

       
    // Set up Dio with base URL if not already provided (e.g., for testing)


     

       

       
97

       
+

       
    // This check is necessary because _dio is late final


     

       

       
98

       
+

       
    try {


     

       

       
99

       
+

       
      // Try to access _dio - if it's already initialized, this won't throw


     

       

       
100

       
+

       
      _dio.options;


     

       

       
101

       
+

       
    } catch (_) {


     

       

       
102

       
+

       
      // Not initialized yet, so initialize it now


     

       

       
103

       
+

       
      _dio = Dio(


     

       

       
104

       
+

       
        BaseOptions(


     

       

       
105

       
+

       
          baseUrl: EnvironmentConfig.current.apiUrl,


     

       

       
106

       
+

       
          connectTimeout: const Duration(seconds: 30),


     

       

       
107

       
+

       
          receiveTimeout: const Duration(seconds: 30),


     

       

       
108

       
+

       
        ),


     

       

       
109

       
+

       
      );


     

       

       
110

       
+

       
    }


     

       

       
111

       
+

       



     

       

       
112

       
+

       
    if (kDebugMode) {


     

       

       
113

       
+

       
      print('CovesAuthService initialized');


     

       

       
114

       
+

       
      print('  API URL: ${EnvironmentConfig.current.apiUrl}');


     

       

       
115

       
+

       
      print('  Redirect URI: ${OAuthConfig.redirectUri}');


     

       

       
116

       
+

       
    }


     

       

       
117

       
+

       
  }


     

       

       
118

       
+

       



     

       

       
119

       
+

       
  /// Sign in with an atProto handle


     

       

       
120

       
+

       
  ///


     

       

       
121

       
+

       
  /// Opens the system browser to the backend's mobile OAuth endpoint.


     

       

       
122

       
+

       
  /// The backend handles the complete OAuth flow with the user's PDS.


     

       

       
123

       
+

       
  /// On success, redirects back to the app with sealed token parameters.


     

       

       
124

       
+

       
  ///


     

       

       
125

       
+

       
  /// Returns the new session on success.


     

       

       
126

       
+

       
  /// Throws on error or user cancellation.


     

       

       
127

       
+

       
  Future<CovesSession> signIn(String handle) async {


     

       

       
128

       
+

       
    try {


     

       

       
129

       
+

       
      final normalizedHandle = validateAndNormalizeHandle(handle);


     

       

       
130

       
+

       



     

       

       
131

       
+

       
      if (kDebugMode) {


     

       

       
132

       
+

       
        print('Starting sign-in for: $normalizedHandle');


     

       

       
133

       
+

       
      }


     

       

       
134

       
+

       



     

       

       
135

       
+

       
      // Build the OAuth login URL


     

       

       
136

       
+

       
      final loginUrl = _buildLoginUrl(normalizedHandle);


     

       

       
137

       
+

       



     

       

       
138

       
+

       
      if (kDebugMode) {


     

       

       
139

       
+

       
        print('Opening browser: $loginUrl');


     

       

       
140

       
+

       
        print('Callback scheme: ${OAuthConfig.callbackScheme}');


     

       

       
141

       
+

       
      }


     

       

       
142

       
+

       



     

       

       
143

       
+

       
      // Open browser for OAuth flow


     

       

       
144

       
+

       
      // Backend redirects to custom scheme: social.coves:/callback


     

       

       
145

       
+

       
      final resultUrl = await FlutterWebAuth2.authenticate(


     

       

       
146

       
+

       
        url: loginUrl,


     

       

       
147

       
+

       
        callbackUrlScheme: OAuthConfig.callbackScheme,


     

       

       
148

       
+

       
        options: const FlutterWebAuth2Options(


     

       

       
149

       
+

       
          preferEphemeral: true, // Don't persist browser session


     

       

       
150

       
+

       
          timeout: 300, // 5 minutes


     

       

       
151

       
+

       
        ),


     

       

       
152

       
+

       
      );


     

       

       
153

       
+

       



     

       

       
154

       
+

       
      if (kDebugMode) {


     

       

       
155

       
+

       
        final redactedUrl = _redactSensitiveParams(resultUrl);


     

       

       
156

       
+

       
        print('Received callback URL: $redactedUrl');


     

       

       
157

       
+

       
      }


     

       

       
158

       
+

       



     

       

       
159

       
+

       
      // Parse the callback URL to extract session data


     

       

       
160

       
+

       
      final callbackUri = Uri.parse(resultUrl);


     

       

       
161

       
+

       
      final session = CovesSession.fromCallbackUri(callbackUri);


     

       

       
162

       
+

       



     

       

       
163

       
+

       
      if (kDebugMode) {


     

       

       
164

       
+

       
        print('Session created: $session');


     

       

       
165

       
+

       
      }


     

       

       
166

       
+

       



     

       

       
167

       
+

       
      // Store the session securely


     

       

       
168

       
+

       
      await _saveSession(session);


     

       

       
169

       
+

       



     

       

       
170

       
+

       
      // Cache in memory


     

       

       
171

       
+

       
      _session = session;


     

       

       
172

       
+

       



     

       

       
173

       
+

       
      if (kDebugMode) {


     

       

       
174

       
+

       
        print('Sign-in successful!');


     

       

       
175

       
+

       
        print('  DID: ${session.did}');


     

       

       
176

       
+

       
        print('  Handle: ${session.handle}');


     

       

       
177

       
+

       
      }


     

       

       
178

       
+

       



     

       

       
179

       
+

       
      return session;


     

       

       
180

       
+

       
    } on Exception catch (e) {


     

       

       
181

       
+

       
      if (kDebugMode) {


     

       

       
182

       
+

       
        print('Sign-in failed: $e');


     

       

       
183

       
+

       
      }


     

       

       
184

       
+

       



     

       

       
185

       
+

       
      // Check for user cancellation


     

       

       
186

       
+

       
      if (e.toString().contains('CANCELED') ||


     

       

       
187

       
+

       
          e.toString().contains('cancelled')) {


     

       

       
188

       
+

       
        throw Exception('Sign in cancelled by user');


     

       

       
189

       
+

       
      }


     

       

       
190

       
+

       



     

       

       
191

       
+

       
      throw Exception('Sign in failed: $e');


     

       

       
192

       
+

       
    }


     

       

       
193

       
+

       
  }


     

       

       
194

       
+

       



     

       

       
195

       
+

       
  /// Restore a previous session from secure storage


     

       

       
196

       
+

       
  ///


     

       

       
197

       
+

       
  /// Returns the session if found and valid, null otherwise.


     

       

       
198

       
+

       
  Future<CovesSession?> restoreSession() async {


     

       

       
199

       
+

       
    try {


     

       

       
200

       
+

       
      final jsonString = await _storage.read(key: _storageKey);


     

       

       
201

       
+

       



     

       

       
202

       
+

       
      if (jsonString == null) {


     

       

       
203

       
+

       
        if (kDebugMode) {


     

       

       
204

       
+

       
          print('No stored session found');


     

       

       
205

       
+

       
        }


     

       

       
206

       
+

       
        return null;


     

       

       
207

       
+

       
      }


     

       

       
208

       
+

       



     

       

       
209

       
+

       
      final session = CovesSession.fromJsonString(jsonString);


     

       

       
210

       
+

       



     

       

       
211

       
+

       
      if (kDebugMode) {


     

       

       
212

       
+

       
        print('Session restored: $session');


     

       

       
213

       
+

       
      }


     

       

       
214

       
+

       



     

       

       
215

       
+

       
      // Cache in memory


     

       

       
216

       
+

       
      _session = session;


     

       

       
217

       
+

       



     

       

       
218

       
+

       
      return session;


     

       

       
219

       
+

       
    } catch (e) {


     

       

       
220

       
+

       
      // Catch all errors including TypeError from malformed JSON


     

       

       
221

       
+

       
      if (kDebugMode) {


     

       

       
222

       
+

       
        print('Failed to restore session: $e');


     

       

       
223

       
+

       
      }


     

       

       
224

       
+

       



     

       

       
225

       
+

       
      // Clear corrupted data


     

       

       
226

       
+

       
      await _storage.delete(key: _storageKey);


     

       

       
227

       
+

       
      return null;


     

       

       
228

       
+

       
    }


     

       

       
229

       
+

       
  }


     

       

       
230

       
+

       



     

       

       
231

       
+

       
  /// Refresh the current session token


     

       

       
232

       
+

       
  ///


     

       

       
233

       
+

       
  /// Calls the backend's /oauth/refresh endpoint to get a new sealed token.


     

       

       
234

       
+

       
  /// The backend handles the actual token refresh with the PDS.


     

       

       
235

       
+

       
  ///


     

       

       
236

       
+

       
  /// Uses a mutex pattern to ensure only one refresh operation is in-flight


     

       

       
237

       
+

       
  /// at a time. If multiple callers request a refresh simultaneously, they


     

       

       
238

       
+

       
  /// will all wait for and receive the same refreshed session.


     

       

       
239

       
+

       
  ///


     

       

       
240

       
+

       
  /// Returns the updated session on success.


     

       

       
241

       
+

       
  /// Throws on error (caller should handle by signing out).


     

       

       
242

       
+

       
  Future<CovesSession> refreshToken() async {


     

       

       
243

       
+

       
    if (_session == null) {


     

       

       
244

       
+

       
      throw StateError('No session to refresh');


     

       

       
245

       
+

       
    }


     

       

       
246

       
+

       



     

       

       
247

       
+

       
    // If a refresh is already in progress, wait for it and return its result


     

       

       
248

       
+

       
    if (_refreshCompleter != null) {


     

       

       
249

       
+

       
      if (kDebugMode) {


     

       

       
250

       
+

       
        print('Token refresh already in progress, waiting...');


     

       

       
251

       
+

       
      }


     

       

       
252

       
+

       
      return _refreshCompleter!.future;


     

       

       
253

       
+

       
    }


     

       

       
254

       
+

       



     

       

       
255

       
+

       
    // Start a new refresh operation


     

       

       
256

       
+

       
    _refreshCompleter = Completer<CovesSession>();


     

       

       
257

       
+

       



     

       

       
258

       
+

       
    try {


     

       

       
259

       
+

       
      if (kDebugMode) {


     

       

       
260

       
+

       
        print('Refreshing token...');


     

       

       
261

       
+

       
      }


     

       

       
262

       
+

       



     

       

       
263

       
+

       
      // Build request body per backend API contract


     

       

       
264

       
+

       
      // Backend expects: {"did": "...", "session_id": "...", "sealed_token": "..."}


     

       

       
265

       
+

       
      final requestBody = {


     

       

       
266

       
+

       
        'did': _session!.did,


     

       

       
267

       
+

       
        'session_id': _session!.sessionId,


     

       

       
268

       
+

       
        'sealed_token': _session!.token,


     

       

       
269

       
+

       
      };


     

       

       
270

       
+

       



     

       

       
271

       
+

       
      final response = await _dio.post<Map<String, dynamic>>(


     

       

       
272

       
+

       
        '/oauth/refresh',


     

       

       
273

       
+

       
        data: requestBody,


     

       

       
274

       
+

       
      );


     

       

       
275

       
+

       



     

       

       
276

       
+

       
      // Backend returns: {"sealed_token": "...", "access_token": "..."}


     

       

       
277

       
+

       
      // We use the new sealed_token (which already contains everything we need)


     

       

       
278

       
+

       
      final newToken = response.data?['sealed_token'] as String?;


     

       

       
279

       
+

       



     

       

       
280

       
+

       
      if (newToken == null || newToken.isEmpty) {


     

       

       
281

       
+

       
        throw Exception('Invalid refresh response: missing sealed_token');


     

       

       
282

       
+

       
      }


     

       

       
283

       
+

       



     

       

       
284

       
+

       
      // Create updated session with new token


     

       

       
285

       
+

       
      final updatedSession = _session!.copyWithToken(newToken);


     

       

       
286

       
+

       



     

       

       
287

       
+

       
      // Save and cache


     

       

       
288

       
+

       
      await _saveSession(updatedSession);


     

       

       
289

       
+

       
      _session = updatedSession;


     

       

       
290

       
+

       



     

       

       
291

       
+

       
      if (kDebugMode) {


     

       

       
292

       
+

       
        print('Token refreshed successfully');


     

       

       
293

       
+

       
      }


     

       

       
294

       
+

       



     

       

       
295

       
+

       
      // Complete the future with the updated session


     

       

       
296

       
+

       
      _refreshCompleter!.complete(updatedSession);


     

       

       
297

       
+

       
      return updatedSession;


     

       

       
298

       
+

       
    } on DioException catch (e) {


     

       

       
299

       
+

       
      if (kDebugMode) {


     

       

       
300

       
+

       
        print('Token refresh failed: ${e.message}');


     

       

       
301

       
+

       
        print('Status code: ${e.response?.statusCode}');


     

       

       
302

       
+

       
      }


     

       

       
303

       
+

       



     

       

       
304

       
+

       
      // 401 means session is invalid/expired - caller should sign out


     

       

       
305

       
+

       
      if (e.response?.statusCode == 401) {


     

       

       
306

       
+

       
        final error = Exception('Session expired');


     

       

       
307

       
+

       
        _refreshCompleter!.completeError(error);


     

       

       
308

       
+

       
        // Return the future to rethrow the error (don't throw directly)


     

       

       
309

       
+

       
        return _refreshCompleter!.future;


     

       

       
310

       
+

       
      }


     

       

       
311

       
+

       



     

       

       
312

       
+

       
      final error = Exception('Token refresh failed: ${e.message}');


     

       

       
313

       
+

       
      _refreshCompleter!.completeError(error);


     

       

       
314

       
+

       
      // Return the future to rethrow the error (don't throw directly)


     

       

       
315

       
+

       
      return _refreshCompleter!.future;


     

       

       
316

       
+

       
    } catch (e) {


     

       

       
317

       
+

       
      // Catch any other errors and propagate them to all waiters


     

       

       
318

       
+

       
      _refreshCompleter!.completeError(e);


     

       

       
319

       
+

       
      // Return the future to rethrow the error (don't rethrow directly)


     

       

       
320

       
+

       
      return _refreshCompleter!.future;


     

       

       
321

       
+

       
    } finally {


     

       

       
322

       
+

       
      // Clear the completer so future calls can start a new refresh


     

       

       
323

       
+

       
      _refreshCompleter = null;


     

       

       
324

       
+

       
    }


     

       

       
325

       
+

       
  }


     

       

       
326

       
+

       



     

       

       
327

       
+

       
  /// Sign out and revoke the session


     

       

       
328

       
+

       
  ///


     

       

       
329

       
+

       
  /// Calls the backend's /oauth/logout endpoint to revoke the session.


     

       

       
330

       
+

       
  /// The backend handles token revocation with the PDS.


     

       

       
331

       
+

       
  /// Always clears local storage even if server call fails.


     

       

       
332

       
+

       
  Future<void> signOut() async {


     

       

       
333

       
+

       
    try {


     

       

       
334

       
+

       
      if (_session != null) {


     

       

       
335

       
+

       
        if (kDebugMode) {


     

       

       
336

       
+

       
          print('Signing out...');


     

       

       
337

       
+

       
        }


     

       

       
338

       
+

       



     

       

       
339

       
+

       
        // Best-effort server-side revocation


     

       

       
340

       
+

       
        try {


     

       

       
341

       
+

       
          await _dio.post<void>(


     

       

       
342

       
+

       
            '/oauth/logout',


     

       

       
343

       
+

       
            options: Options(


     

       

       
344

       
+

       
              headers: {


     

       

       
345

       
+

       
                'Authorization': 'Bearer ${_session!.token}',


     

       

       
346

       
+

       
              },


     

       

       
347

       
+

       
            ),


     

       

       
348

       
+

       
          );


     

       

       
349

       
+

       



     

       

       
350

       
+

       
          if (kDebugMode) {


     

       

       
351

       
+

       
            print('Server-side logout successful');


     

       

       
352

       
+

       
          }


     

       

       
353

       
+

       
        } on DioException catch (e) {


     

       

       
354

       
+

       
          // Log but don't fail - we still want to clear local state


     

       

       
355

       
+

       
          if (kDebugMode) {


     

       

       
356

       
+

       
            print('Server-side logout failed: ${e.message}');


     

       

       
357

       
+

       
          }


     

       

       
358

       
+

       
        }


     

       

       
359

       
+

       
      }


     

       

       
360

       
+

       
    } finally {


     

       

       
361

       
+

       
      // Always clear local state


     

       

       
362

       
+

       
      await _clearSession();


     

       

       
363

       
+

       
      _session = null;


     

       

       
364

       
+

       



     

       

       
365

       
+

       
      if (kDebugMode) {


     

       

       
366

       
+

       
        print('Local session cleared');


     

       

       
367

       
+

       
      }


     

       

       
368

       
+

       
    }


     

       

       
369

       
+

       
  }


     

       

       
370

       
+

       



     

       

       
371

       
+

       
  /// Get the current access token


     

       

       
372

       
+

       
  ///


     

       

       
373

       
+

       
  /// Returns the sealed token for use in API requests.


     

       

       
374

       
+

       
  /// Returns null if not authenticated.


     

       

       
375

       
+

       
  String? getToken() {


     

       

       
376

       
+

       
    return _session?.token;


     

       

       
377

       
+

       
  }


     

       

       
378

       
+

       



     

       

       
379

       
+

       
  /// Validate and normalize an atProto handle or DID


     

       

       
380

       
+

       
  ///


     

       

       
381

       
+

       
  /// Accepts:


     

       

       
382

       
+

       
  /// - Handles: alice.bsky.social, @alice.bsky.social


     

       

       
383

       
+

       
  /// - DIDs: did:plc:abc123, did:web:example.com


     

       

       
384

       
+

       
  /// - URLs: https://bsky.app/profile/alice.bsky.social (extracts handle)


     

       

       
385

       
+

       
  ///


     

       

       
386

       
+

       
  /// Returns the normalized handle/DID.


     

       

       
387

       
+

       
  /// Throws ArgumentError if invalid.


     

       

       
388

       
+

       
  @visibleForTesting


     

       

       
389

       
+

       
  String validateAndNormalizeHandle(String handle) {


     

       

       
390

       
+

       
    // Trim whitespace


     

       

       
391

       
+

       
    var normalized = handle.trim();


     

       

       
392

       
+

       



     

       

       
393

       
+

       
    // Check for empty input


     

       

       
394

       
+

       
    if (normalized.isEmpty) {


     

       

       
395

       
+

       
      throw ArgumentError('Handle cannot be empty');


     

       

       
396

       
+

       
    }


     

       

       
397

       
+

       



     

       

       
398

       
+

       
    // Extract handle from Bluesky profile URLs


     

       

       
399

       
+

       
    // e.g., https://bsky.app/profile/alice.bsky.social -> alice.bsky.social


     

       

       
400

       
+

       
    final urlPattern = RegExp(


     

       

       
401

       
+

       
      r'^https?://(?:www\.)?bsky\.app/profile/([^/?#]+)',


     

       

       
402

       
+

       
      caseSensitive: false,


     

       

       
403

       
+

       
    );


     

       

       
404

       
+

       
    final urlMatch = urlPattern.firstMatch(normalized);


     

       

       
405

       
+

       
    if (urlMatch != null) {


     

       

       
406

       
+

       
      normalized = urlMatch.group(1)!;


     

       

       
407

       
+

       
    }


     

       

       
408

       
+

       



     

       

       
409

       
+

       
    // Strip leading @ if present (common user input)


     

       

       
410

       
+

       
    if (normalized.startsWith('@')) {


     

       

       
411

       
+

       
      normalized = normalized.substring(1);


     

       

       
412

       
+

       
    }


     

       

       
413

       
+

       



     

       

       
414

       
+

       
    // Check maximum length (atProto spec: 253 characters for handles)


     

       

       
415

       
+

       
    if (normalized.length > 253) {


     

       

       
416

       
+

       
      throw ArgumentError(


     

       

       
417

       
+

       
        'Handle too long (max 253 characters, got ${normalized.length})',


     

       

       
418

       
+

       
      );


     

       

       
419

       
+

       
    }


     

       

       
420

       
+

       



     

       

       
421

       
+

       
    // Validate DID format


     

       

       
422

       
+

       
    if (normalized.startsWith('did:')) {


     

       

       
423

       
+

       
      return _validateDid(normalized);


     

       

       
424

       
+

       
    }


     

       

       
425

       
+

       



     

       

       
426

       
+

       
    // Validate handle format


     

       

       
427

       
+

       
    return _validateHandle(normalized);


     

       

       
428

       
+

       
  }


     

       

       
429

       
+

       



     

       

       
430

       
+

       
  /// Validate a DID (Decentralized Identifier)


     

       

       
431

       
+

       
  ///


     

       

       
432

       
+

       
  /// Supports:


     

       

       
433

       
+

       
  /// - did:plc:abc123


     

       

       
434

       
+

       
  /// - did:web:example.com


     

       

       
435

       
+

       
  ///


     

       

       
436

       
+

       
  /// Throws ArgumentError if invalid.


     

       

       
437

       
+

       
  String _validateDid(String did) {


     

       

       
438

       
+

       
    // DID format: did:method:identifier


     

       

       
439

       
+

       
    // method: lowercase alphanumeric


     

       

       
440

       
+

       
    // identifier: method-specific, but generally alphanumeric with some special chars


     

       

       
441

       
+

       
    final didPattern = RegExp(r'^did:[a-z0-9]+:[a-zA-Z0-9._:%-]+$');


     

       

       
442

       
+

       



     

       

       
443

       
+

       
    if (!didPattern.hasMatch(did)) {


     

       

       
444

       
+

       
      throw ArgumentError(


     

       

       
445

       
+

       
        'Invalid DID format. Expected format: did:method:identifier',


     

       

       
446

       
+

       
      );


     

       

       
447

       
+

       
    }


     

       

       
448

       
+

       



     

       

       
449

       
+

       
    return did;


     

       

       
450

       
+

       
  }


     

       

       
451

       
+

       



     

       

       
452

       
+

       
  /// Validate a handle (domain name format)


     

       

       
453

       
+

       
  ///


     

       

       
454

       
+

       
  /// Handles must:


     

       

       
455

       
+

       
  /// - Contain only alphanumeric characters, hyphens, and periods


     

       

       
456

       
+

       
  /// - Not start or end with a hyphen or period


     

       

       
457

       
+

       
  /// - Have at least one period (domain format)


     

       

       
458

       
+

       
  /// - Each segment between periods must be valid (1-63 chars)


     

       

       
459

       
+

       
  /// - TLD (final segment) cannot start with a digit (per atProto spec)


     

       

       
460

       
+

       
  /// - Numeric segments are allowed in all positions except the TLD


     

       

       
461

       
+

       
  ///


     

       

       
462

       
+

       
  /// Throws ArgumentError if invalid.


     

       

       
463

       
+

       
  String _validateHandle(String handle) {


     

       

       
464

       
+

       
    // Handle must contain at least one period (domain format)


     

       

       
465

       
+

       
    if (!handle.contains('.')) {


     

       

       
466

       
+

       
      throw ArgumentError(


     

       

       
467

       
+

       
        'Invalid handle format. Handles must be in domain format (e.g., alice.bsky.social)',


     

       

       
468

       
+

       
      );


     

       

       
469

       
+

       
    }


     

       

       
470

       
+

       



     

       

       
471

       
+

       
    // Handle format: alphanumeric, hyphens, and periods only


     

       

       
472

       
+

       
    // No leading/trailing hyphens or periods


     

       

       
473

       
+

       
    final handlePattern = RegExp(


     

       

       
474

       
+

       
      r'^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$',


     

       

       
475

       
+

       
    );


     

       

       
476

       
+

       



     

       

       
477

       
+

       
    if (!handlePattern.hasMatch(handle)) {


     

       

       
478

       
+

       
      throw ArgumentError(


     

       

       
479

       
+

       
        'Invalid handle format. Handles can only contain letters, numbers, hyphens, '


     

       

       
480

       
+

       
        'and periods. Each segment must start and end with a letter or number.',


     

       

       
481

       
+

       
      );


     

       

       
482

       
+

       
    }


     

       

       
483

       
+

       



     

       

       
484

       
+

       
    // Validate each segment (part between periods)


     

       

       
485

       
+

       
    final segments = handle.split('.');


     

       

       
486

       
+

       
    for (int i = 0; i < segments.length; i++) {


     

       

       
487

       
+

       
      final segment = segments[i];


     

       

       
488

       
+

       
      if (segment.isEmpty) {


     

       

       
489

       
+

       
        throw ArgumentError('Handle cannot have empty segments');


     

       

       
490

       
+

       
      }


     

       

       
491

       
+

       



     

       

       
492

       
+

       
      // Each segment must not exceed 63 characters (DNS label limit)


     

       

       
493

       
+

       
      if (segment.length > 63) {


     

       

       
494

       
+

       
        throw ArgumentError(


     

       

       
495

       
+

       
          'Handle segment "$segment" too long (max 63 characters)',


     

       

       
496

       
+

       
        );


     

       

       
497

       
+

       
      }


     

       

       
498

       
+

       



     

       

       
499

       
+

       
      // TLD (last segment) cannot start with a digit (to avoid confusion with IP addresses)


     

       

       
500

       
+

       
      // Per atProto spec: numeric segments are allowed in all positions except the TLD


     

       

       
501

       
+

       
      if (i == segments.length - 1 && RegExp(r'^\d').hasMatch(segment)) {


     

       

       
502

       
+

       
        throw ArgumentError(


     

       

       
503

       
+

       
          'Handle TLD (final segment) cannot start with a digit (got: "$segment")',


     

       

       
504

       
+

       
        );


     

       

       
505

       
+

       
      }


     

       

       
506

       
+

       
    }


     

       

       
507

       
+

       



     

       

       
508

       
+

       
    return handle.toLowerCase();


     

       

       
509

       
+

       
  }


     

       

       
510

       
+

       



     

       

       
511

       
+

       
  /// Build the OAuth login URL


     

       

       
512

       
+

       
  String _buildLoginUrl(String handle) {


     

       

       
513

       
+

       
    final baseUrl = EnvironmentConfig.current.apiUrl;


     

       

       
514

       
+

       
    final redirectUri = OAuthConfig.redirectUri;


     

       

       
515

       
+

       



     

       

       
516

       
+

       
    return '$baseUrl/oauth/mobile/login'


     

       

       
517

       
+

       
        '?handle=${Uri.encodeComponent(handle)}'


     

       

       
518

       
+

       
        '&redirect_uri=${Uri.encodeComponent(redirectUri)}';


     

       

       
519

       
+

       
  }


     

       

       
520

       
+

       



     

       

       
521

       
+

       
  /// Save session to secure storage


     

       

       
522

       
+

       
  Future<void> _saveSession(CovesSession session) async {


     

       

       
523

       
+

       
    await _storage.write(


     

       

       
524

       
+

       
      key: _storageKey,


     

       

       
525

       
+

       
      value: session.toJsonString(),


     

       

       
526

       
+

       
    );


     

       

       
527

       
+

       
  }


     

       

       
528

       
+

       



     

       

       
529

       
+

       
  /// Clear session from secure storage


     

       

       
530

       
+

       
  Future<void> _clearSession() async {


     

       

       
531

       
+

       
    await _storage.delete(key: _storageKey);


     

       

       
532

       
+

       
  }


     

       

       
533

       
+

       



     

       

       
534

       
+

       
  /// Redact sensitive parameters from URLs for safe logging


     

       

       
535

       
+

       
  ///


     

       

       
536

       
+

       
  /// Replaces token values with [REDACTED] to prevent leaking


     

       

       
537

       
+

       
  /// sealed tokens in debug logs.


     

       

       
538

       
+

       
  ///


     

       

       
539

       
+

       
  /// Non-sensitive params like DID, handle, and session_id are preserved


     

       

       
540

       
+

       
  /// as they're useful for debugging without being security-sensitive.


     

       

       
541

       
+

       
  String _redactSensitiveParams(String url) {


     

       

       
542

       
+

       
    // Replace token=xxx with token=[REDACTED]


     

       

       
543

       
+

       
    // Matches token= followed by any non-whitespace, non-ampersand characters


     

       

       
544

       
+

       
    return url.replaceAllMapped(


     

       

       
545

       
+

       
      RegExp(r'token=([^&\s]+)'),


     

       

       
546

       
+

       
      (match) => 'token=[REDACTED]',


     

       

       
547

       
+

       
    );


     

       

       
548

       
+

       
  }


     

       

       
549

       
+

       
}
+187
test/services/coves_auth_service_environment_test.dart 
···

       

       
1

       
+

       
import 'package:coves_flutter/config/environment_config.dart';


     

       

       
2

       
+

       
import 'package:coves_flutter/models/coves_session.dart';


     

       

       
3

       
+

       
import 'package:coves_flutter/services/coves_auth_service.dart';


     

       

       
4

       
+

       
import 'package:dio/dio.dart';


     

       

       
5

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart';


     

       

       
6

       
+

       
import 'package:flutter_test/flutter_test.dart';


     

       

       
7

       
+

       
import 'package:mockito/annotations.dart';


     

       

       
8

       
+

       
import 'package:mockito/mockito.dart';


     

       

       
9

       
+

       



     

       

       
10

       
+

       
import 'coves_auth_service_test.mocks.dart';


     

       

       
11

       
+

       



     

       

       
12

       
+

       
/// Test suite to verify that sessions are namespaced per environment.


     

       

       
13

       
+

       
///


     

       

       
14

       
+

       
/// This prevents a critical bug where switching between dev/prod builds


     

       

       
15

       
+

       
/// could send prod tokens to dev servers (or vice versa), causing 401 loops.


     

       

       
16

       
+

       
@GenerateMocks([Dio, FlutterSecureStorage])


     

       

       
17

       
+

       
void main() {


     

       

       
18

       
+

       
  late MockDio mockDio;


     

       

       
19

       
+

       
  late MockFlutterSecureStorage mockStorage;


     

       

       
20

       
+

       
  late CovesAuthService authService;


     

       

       
21

       
+

       



     

       

       
22

       
+

       
  setUp(() {


     

       

       
23

       
+

       
    CovesAuthService.resetInstance();


     

       

       
24

       
+

       
    mockDio = MockDio();


     

       

       
25

       
+

       
    mockStorage = MockFlutterSecureStorage();


     

       

       
26

       
+

       
    authService = CovesAuthService.createTestInstance(


     

       

       
27

       
+

       
      dio: mockDio,


     

       

       
28

       
+

       
      storage: mockStorage,


     

       

       
29

       
+

       
    );


     

       

       
30

       
+

       
  });


     

       

       
31

       
+

       



     

       

       
32

       
+

       
  tearDown(() {


     

       

       
33

       
+

       
    CovesAuthService.resetInstance();


     

       

       
34

       
+

       
  });


     

       

       
35

       
+

       



     

       

       
36

       
+

       
  group('CovesAuthService - Environment Isolation', () {


     

       

       
37

       
+

       
    test('should use environment-specific storage keys', () {


     

       

       
38

       
+

       
      // This test documents the expected storage key format


     

       

       
39

       
+

       
      // The actual environment is determined at compile time via --dart-define


     

       

       
40

       
+

       
      // In tests without specific environment configuration, it defaults to production


     

       

       
41

       
+

       
      final currentEnv = EnvironmentConfig.current.environment.name;


     

       

       
42

       
+

       
      final expectedKey = 'coves_session_$currentEnv';


     

       

       
43

       
+

       



     

       

       
44

       
+

       
      // The storage key should include the environment name


     

       

       
45

       
+

       
      expect(expectedKey, contains('coves_session_'));


     

       

       
46

       
+

       
      expect(expectedKey, contains(currentEnv));


     

       

       
47

       
+

       



     

       

       
48

       
+

       
      // For production environment (default in tests)


     

       

       
49

       
+

       
      if (currentEnv == 'production') {


     

       

       
50

       
+

       
        expect(expectedKey, 'coves_session_production');


     

       

       
51

       
+

       
      } else if (currentEnv == 'local') {


     

       

       
52

       
+

       
        expect(expectedKey, 'coves_session_local');


     

       

       
53

       
+

       
      }


     

       

       
54

       
+

       
    });


     

       

       
55

       
+

       



     

       

       
56

       
+

       
    test('should isolate sessions between environments', () async {


     

       

       
57

       
+

       
      // This test verifies that sessions stored in different environments


     

       

       
58

       
+

       
      // are accessed via different storage keys, preventing cross-contamination


     

       

       
59

       
+

       



     

       

       
60

       
+

       
      // Get the current environment's storage key


     

       

       
61

       
+

       
      final currentEnv = EnvironmentConfig.current.environment.name;


     

       

       
62

       
+

       
      final storageKey = 'coves_session_$currentEnv';


     

       

       
63

       
+

       



     

       

       
64

       
+

       
      // Arrange - Mock session data


     

       

       
65

       
+

       
      const session = CovesSession(


     

       

       
66

       
+

       
        token: 'test-token-123',


     

       

       
67

       
+

       
        did: 'did:plc:test123',


     

       

       
68

       
+

       
        sessionId: 'session-123',


     

       

       
69

       
+

       
        handle: 'alice.bsky.social',


     

       

       
70

       
+

       
      );


     

       

       
71

       
+

       



     

       

       
72

       
+

       
      // Mock storage read for the environment-specific key


     

       

       
73

       
+

       
      when(mockStorage.read(key: storageKey))


     

       

       
74

       
+

       
          .thenAnswer((_) async => session.toJsonString());


     

       

       
75

       
+

       



     

       

       
76

       
+

       
      // Act - Restore session


     

       

       
77

       
+

       
      final result = await authService.restoreSession();


     

       

       
78

       
+

       



     

       

       
79

       
+

       
      // Assert


     

       

       
80

       
+

       
      expect(result, isNotNull);


     

       

       
81

       
+

       
      expect(result!.token, 'test-token-123');


     

       

       
82

       
+

       



     

       

       
83

       
+

       
      // Verify the correct environment-specific key was used


     

       

       
84

       
+

       
      verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
85

       
+

       



     

       

       
86

       
+

       
      // Verify no other keys were accessed


     

       

       
87

       
+

       
      verifyNever(mockStorage.read(key: 'coves_session'));


     

       

       
88

       
+

       
    });


     

       

       
89

       
+

       



     

       

       
90

       
+

       
    test('should save sessions with environment-specific keys', () async {


     

       

       
91

       
+

       
      // Get the current environment's storage key


     

       

       
92

       
+

       
      final currentEnv = EnvironmentConfig.current.environment.name;


     

       

       
93

       
+

       
      final storageKey = 'coves_session_$currentEnv';


     

       

       
94

       
+

       



     

       

       
95

       
+

       
      // First restore a session to set up state


     

       

       
96

       
+

       
      const session = CovesSession(


     

       

       
97

       
+

       
        token: 'old-token',


     

       

       
98

       
+

       
        did: 'did:plc:test123',


     

       

       
99

       
+

       
        sessionId: 'session-123',


     

       

       
100

       
+

       
        handle: 'alice.bsky.social',


     

       

       
101

       
+

       
      );


     

       

       
102

       
+

       



     

       

       
103

       
+

       
      when(mockStorage.read(key: storageKey))


     

       

       
104

       
+

       
          .thenAnswer((_) async => session.toJsonString());


     

       

       
105

       
+

       
      await authService.restoreSession();


     

       

       
106

       
+

       



     

       

       
107

       
+

       
      // Mock successful refresh


     

       

       
108

       
+

       
      const newToken = 'new-refreshed-token';


     

       

       
109

       
+

       
      when(mockDio.post<Map<String, dynamic>>(


     

       

       
110

       
+

       
        '/oauth/refresh',


     

       

       
111

       
+

       
        data: anyNamed('data'),


     

       

       
112

       
+

       
      )).thenAnswer((_) async => Response(


     

       

       
113

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
114

       
+

       
            statusCode: 200,


     

       

       
115

       
+

       
            data: {


     

       

       
116

       
+

       
              'sealed_token': newToken,


     

       

       
117

       
+

       
              'access_token': 'some-access-token'


     

       

       
118

       
+

       
            },


     

       

       
119

       
+

       
          ));


     

       

       
120

       
+

       



     

       

       
121

       
+

       
      when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
122

       
+

       
          .thenAnswer((_) async => {});


     

       

       
123

       
+

       



     

       

       
124

       
+

       
      // Act - Refresh token (which saves the updated session)


     

       

       
125

       
+

       
      await authService.refreshToken();


     

       

       
126

       
+

       



     

       

       
127

       
+

       
      // Assert - Verify environment-specific key was used for saving


     

       

       
128

       
+

       
      verify(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
129

       
+

       
          .called(1);


     

       

       
130

       
+

       



     

       

       
131

       
+

       
      // Verify the generic key was never used


     

       

       
132

       
+

       
      verifyNever(mockStorage.write(key: 'coves_session', value: anyNamed('value')));


     

       

       
133

       
+

       
    });


     

       

       
134

       
+

       



     

       

       
135

       
+

       
    test('should delete sessions using environment-specific keys', () async {


     

       

       
136

       
+

       
      // Get the current environment's storage key


     

       

       
137

       
+

       
      final currentEnv = EnvironmentConfig.current.environment.name;


     

       

       
138

       
+

       
      final storageKey = 'coves_session_$currentEnv';


     

       

       
139

       
+

       



     

       

       
140

       
+

       
      // First restore a session


     

       

       
141

       
+

       
      const session = CovesSession(


     

       

       
142

       
+

       
        token: 'test-token',


     

       

       
143

       
+

       
        did: 'did:plc:test123',


     

       

       
144

       
+

       
        sessionId: 'session-123',


     

       

       
145

       
+

       
      );


     

       

       
146

       
+

       



     

       

       
147

       
+

       
      when(mockStorage.read(key: storageKey))


     

       

       
148

       
+

       
          .thenAnswer((_) async => session.toJsonString());


     

       

       
149

       
+

       
      await authService.restoreSession();


     

       

       
150

       
+

       



     

       

       
151

       
+

       
      // Mock logout


     

       

       
152

       
+

       
      when(mockDio.post<void>(


     

       

       
153

       
+

       
        '/oauth/logout',


     

       

       
154

       
+

       
        options: anyNamed('options'),


     

       

       
155

       
+

       
      )).thenAnswer((_) async => Response(


     

       

       
156

       
+

       
            requestOptions: RequestOptions(path: '/oauth/logout'),


     

       

       
157

       
+

       
            statusCode: 200,


     

       

       
158

       
+

       
          ));


     

       

       
159

       
+

       



     

       

       
160

       
+

       
      when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});


     

       

       
161

       
+

       



     

       

       
162

       
+

       
      // Act - Sign out


     

       

       
163

       
+

       
      await authService.signOut();


     

       

       
164

       
+

       



     

       

       
165

       
+

       
      // Assert - Verify environment-specific key was used for deletion


     

       

       
166

       
+

       
      verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
167

       
+

       



     

       

       
168

       
+

       
      // Verify the generic key was never used


     

       

       
169

       
+

       
      verifyNever(mockStorage.delete(key: 'coves_session'));


     

       

       
170

       
+

       
    });


     

       

       
171

       
+

       



     

       

       
172

       
+

       
    test('should document storage key format for both environments', () {


     

       

       
173

       
+

       
      // This test serves as documentation for the storage key format


     

       

       
174

       
+

       
      // Production key


     

       

       
175

       
+

       
      expect('coves_session_production', 'coves_session_production');


     

       

       
176

       
+

       



     

       

       
177

       
+

       
      // Local development key


     

       

       
178

       
+

       
      expect('coves_session_local', 'coves_session_local');


     

       

       
179

       
+

       



     

       

       
180

       
+

       
      // This ensures:


     

       

       
181

       
+

       
      // 1. Production tokens are stored in 'coves_session_production'


     

       

       
182

       
+

       
      // 2. Local dev tokens are stored in 'coves_session_local'


     

       

       
183

       
+

       
      // 3. Switching between prod/dev builds doesn't cause token conflicts


     

       

       
184

       
+

       
      // 4. Each environment maintains its own session independently


     

       

       
185

       
+

       
    });


     

       

       
186

       
+

       
  });


     

       

       
187

       
+

       
}
+177
test/services/coves_auth_service_redaction_test.dart 
···

       

       
1

       
+

       
import 'package:coves_flutter/models/coves_session.dart';


     

       

       
2

       
+

       
import 'package:coves_flutter/services/coves_auth_service.dart';


     

       

       
3

       
+

       
import 'package:dio/dio.dart';


     

       

       
4

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart';


     

       

       
5

       
+

       
import 'package:flutter_test/flutter_test.dart';


     

       

       
6

       
+

       
import 'package:mockito/annotations.dart';


     

       

       
7

       
+

       
import 'package:mockito/mockito.dart';


     

       

       
8

       
+

       



     

       

       
9

       
+

       
import 'coves_auth_service_test.mocks.dart';


     

       

       
10

       
+

       



     

       

       
11

       
+

       
/// Tests for sensitive data redaction in CovesAuthService


     

       

       
12

       
+

       
///


     

       

       
13

       
+

       
/// Verifies that sensitive parameters (tokens) are properly redacted


     

       

       
14

       
+

       
/// from debug logs while preserving useful debugging information.


     

       

       
15

       
+

       
@GenerateMocks([Dio, FlutterSecureStorage])


     

       

       
16

       
+

       
void main() {


     

       

       
17

       
+

       
  late CovesAuthService service;


     

       

       
18

       
+

       
  late MockDio mockDio;


     

       

       
19

       
+

       
  late MockFlutterSecureStorage mockStorage;


     

       

       
20

       
+

       



     

       

       
21

       
+

       
  setUp(() {


     

       

       
22

       
+

       
    mockDio = MockDio();


     

       

       
23

       
+

       
    mockStorage = MockFlutterSecureStorage();


     

       

       
24

       
+

       



     

       

       
25

       
+

       
    // Create a test instance


     

       

       
26

       
+

       
    service = CovesAuthService.createTestInstance(


     

       

       
27

       
+

       
      dio: mockDio,


     

       

       
28

       
+

       
      storage: mockStorage,


     

       

       
29

       
+

       
    );


     

       

       
30

       
+

       
  });


     

       

       
31

       
+

       



     

       

       
32

       
+

       
  tearDown(() {


     

       

       
33

       
+

       
    CovesAuthService.resetInstance();


     

       

       
34

       
+

       
  });


     

       

       
35

       
+

       



     

       

       
36

       
+

       
  group('_redactSensitiveParams', () {


     

       

       
37

       
+

       
    test('should redact token parameter from callback URL', () {


     

       

       
38

       
+

       
      const testUrl =


     

       

       
39

       
+

       
          'social.coves:/callback?token=sealed_token_abc123&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social';


     

       

       
40

       
+

       



     

       

       
41

       
+

       
      // Use reflection to call private method


     

       

       
42

       
+

       
      // Since we can't directly call private methods, we'll test the behavior


     

       

       
43

       
+

       
      // through the public signIn method which logs the redacted URL


     

       

       
44

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
45

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
46

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
47

       
+

       
      );


     

       

       
48

       
+

       



     

       

       
49

       
+

       
      expect(


     

       

       
50

       
+

       
        redacted,


     

       

       
51

       
+

       
        'social.coves:/callback?token=[REDACTED]&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social',


     

       

       
52

       
+

       
      );


     

       

       
53

       
+

       
    });


     

       

       
54

       
+

       



     

       

       
55

       
+

       
    test('should preserve non-sensitive parameters (DID, handle, session_id)',


     

       

       
56

       
+

       
        () {


     

       

       
57

       
+

       
      const testUrl =


     

       

       
58

       
+

       
          'social.coves:/callback?token=sealed_token_abc123&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social';


     

       

       
59

       
+

       



     

       

       
60

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
61

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
62

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
63

       
+

       
      );


     

       

       
64

       
+

       



     

       

       
65

       
+

       
      expect(redacted, contains('did=did:plc:test123'));


     

       

       
66

       
+

       
      expect(redacted, contains('session_id=sess-456'));


     

       

       
67

       
+

       
      expect(redacted, contains('handle=alice.bsky.social'));


     

       

       
68

       
+

       
      expect(redacted, isNot(contains('sealed_token_abc123')));


     

       

       
69

       
+

       
    });


     

       

       
70

       
+

       



     

       

       
71

       
+

       
    test('should handle token as first parameter', () {


     

       

       
72

       
+

       
      const testUrl =


     

       

       
73

       
+

       
          'social.coves:/callback?token=first_token&did=did:plc:test';


     

       

       
74

       
+

       



     

       

       
75

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
76

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
77

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
78

       
+

       
      );


     

       

       
79

       
+

       



     

       

       
80

       
+

       
      expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');


     

       

       
81

       
+

       
    });


     

       

       
82

       
+

       



     

       

       
83

       
+

       
    test('should handle token as last parameter', () {


     

       

       
84

       
+

       
      const testUrl = 'social.coves:/callback?did=did:plc:test&token=last_token';


     

       

       
85

       
+

       



     

       

       
86

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
87

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
88

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
89

       
+

       
      );


     

       

       
90

       
+

       



     

       

       
91

       
+

       
      expect(redacted, 'social.coves:/callback?did=did:plc:test&token=[REDACTED]');


     

       

       
92

       
+

       
    });


     

       

       
93

       
+

       



     

       

       
94

       
+

       
    test('should handle token as only parameter', () {


     

       

       
95

       
+

       
      const testUrl = 'social.coves:/callback?token=only_token';


     

       

       
96

       
+

       



     

       

       
97

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
98

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
99

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
100

       
+

       
      );


     

       

       
101

       
+

       



     

       

       
102

       
+

       
      expect(redacted, 'social.coves:/callback?token=[REDACTED]');


     

       

       
103

       
+

       
    });


     

       

       
104

       
+

       



     

       

       
105

       
+

       
    test('should handle URL-encoded token values', () {


     

       

       
106

       
+

       
      const testUrl =


     

       

       
107

       
+

       
          'social.coves:/callback?token=encoded%2Btoken%3D123&did=did:plc:test';


     

       

       
108

       
+

       



     

       

       
109

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
110

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
111

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
112

       
+

       
      );


     

       

       
113

       
+

       



     

       

       
114

       
+

       
      expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');


     

       

       
115

       
+

       
      expect(redacted, isNot(contains('encoded%2Btoken%3D123')));


     

       

       
116

       
+

       
    });


     

       

       
117

       
+

       



     

       

       
118

       
+

       
    test('should handle long token values', () {


     

       

       
119

       
+

       
      const longToken =


     

       

       
120

       
+

       
          'very_long_sealed_token_with_many_characters_1234567890abcdef';


     

       

       
121

       
+

       
      final testUrl = 'social.coves:/callback?token=$longToken&did=did:plc:test';


     

       

       
122

       
+

       



     

       

       
123

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
124

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
125

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
126

       
+

       
      );


     

       

       
127

       
+

       



     

       

       
128

       
+

       
      expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');


     

       

       
129

       
+

       
      expect(redacted, isNot(contains(longToken)));


     

       

       
130

       
+

       
    });


     

       

       
131

       
+

       



     

       

       
132

       
+

       
    test('should handle URL without token parameter', () {


     

       

       
133

       
+

       
      const testUrl = 'social.coves:/callback?did=did:plc:test&handle=alice.bsky.social';


     

       

       
134

       
+

       



     

       

       
135

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
136

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
137

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
138

       
+

       
      );


     

       

       
139

       
+

       



     

       

       
140

       
+

       
      // Should remain unchanged if no token present


     

       

       
141

       
+

       
      expect(redacted, testUrl);


     

       

       
142

       
+

       
    });


     

       

       
143

       
+

       



     

       

       
144

       
+

       
    test('should handle malformed URLs gracefully', () {


     

       

       
145

       
+

       
      const testUrl = 'social.coves:/callback?token=';


     

       

       
146

       
+

       



     

       

       
147

       
+

       
      final redacted = testUrl.replaceAllMapped(


     

       

       
148

       
+

       
        RegExp(r'token=([^&\s]+)'),


     

       

       
149

       
+

       
        (match) => 'token=[REDACTED]',


     

       

       
150

       
+

       
      );


     

       

       
151

       
+

       



     

       

       
152

       
+

       
      // Empty token value - regex won't match, URL stays the same


     

       

       
153

       
+

       
      expect(redacted, testUrl);


     

       

       
154

       
+

       
    });


     

       

       
155

       
+

       
  });


     

       

       
156

       
+

       



     

       

       
157

       
+

       
  group('CovesSession.toString()', () {


     

       

       
158

       
+

       
    test('should not expose token in toString output', () {


     

       

       
159

       
+

       
      const testUrl =


     

       

       
160

       
+

       
          'social.coves:/callback?token=secret_token_123&did=did:plc:test&session_id=sess-456&handle=alice.bsky.social';


     

       

       
161

       
+

       



     

       

       
162

       
+

       
      final uri = Uri.parse(testUrl);


     

       

       
163

       
+

       
      // Create a CovesSession from the callback URI


     

       

       
164

       
+

       
      final session = CovesSession.fromCallbackUri(uri);


     

       

       
165

       
+

       



     

       

       
166

       
+

       
      // Convert session to string (as would happen in debug logs)


     

       

       
167

       
+

       
      final sessionString = session.toString();


     

       

       
168

       
+

       



     

       

       
169

       
+

       
      // The session's toString() should NOT contain the token


     

       

       
170

       
+

       
      // It should only contain DID, handle, and sessionId


     

       

       
171

       
+

       
      expect(sessionString, isNot(contains('secret_token_123')));


     

       

       
172

       
+

       
      expect(sessionString, contains('did:plc:test'));


     

       

       
173

       
+

       
      expect(sessionString, contains('sess-456'));


     

       

       
174

       
+

       
      expect(sessionString, contains('alice.bsky.social'));


     

       

       
175

       
+

       
    });


     

       

       
176

       
+

       
  });


     

       

       
177

       
+

       
}
+203
test/services/coves_auth_service_singleton_test.dart 
···

       

       
1

       
+

       
import 'package:coves_flutter/services/coves_auth_service.dart';


     

       

       
2

       
+

       
import 'package:dio/dio.dart';


     

       

       
3

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart';


     

       

       
4

       
+

       
import 'package:flutter_test/flutter_test.dart';


     

       

       
5

       
+

       
import 'package:mockito/annotations.dart';


     

       

       
6

       
+

       
import 'package:mockito/mockito.dart';


     

       

       
7

       
+

       



     

       

       
8

       
+

       
import 'coves_auth_service_test.mocks.dart';


     

       

       
9

       
+

       



     

       

       
10

       
+

       
@GenerateMocks([Dio, FlutterSecureStorage])


     

       

       
11

       
+

       
void main() {


     

       

       
12

       
+

       
  late MockDio mockDio;


     

       

       
13

       
+

       
  late MockFlutterSecureStorage mockStorage;


     

       

       
14

       
+

       



     

       

       
15

       
+

       
  // Storage key is environment-specific to prevent token reuse across dev/prod


     

       

       
16

       
+

       
  // Tests run in production environment by default


     

       

       
17

       
+

       
  const storageKey = 'coves_session_production';


     

       

       
18

       
+

       



     

       

       
19

       
+

       
  setUp(() {


     

       

       
20

       
+

       
    CovesAuthService.resetInstance();


     

       

       
21

       
+

       
    mockDio = MockDio();


     

       

       
22

       
+

       
    mockStorage = MockFlutterSecureStorage();


     

       

       
23

       
+

       
  });


     

       

       
24

       
+

       



     

       

       
25

       
+

       
  tearDown(() {


     

       

       
26

       
+

       
    CovesAuthService.resetInstance();


     

       

       
27

       
+

       
  });


     

       

       
28

       
+

       



     

       

       
29

       
+

       
  group('CovesAuthService - Singleton Pattern', () {


     

       

       
30

       
+

       
    test('should return the same instance on multiple factory calls', () {


     

       

       
31

       
+

       
      // Act - Create multiple instances using the factory


     

       

       
32

       
+

       
      final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);


     

       

       
33

       
+

       
      final instance2 = CovesAuthService();


     

       

       
34

       
+

       
      final instance3 = CovesAuthService();


     

       

       
35

       
+

       



     

       

       
36

       
+

       
      // Assert - All should be the exact same instance


     

       

       
37

       
+

       
      expect(identical(instance1, instance2), isTrue,


     

       

       
38

       
+

       
          reason: 'instance1 and instance2 should be identical');


     

       

       
39

       
+

       
      expect(identical(instance2, instance3), isTrue,


     

       

       
40

       
+

       
          reason: 'instance2 and instance3 should be identical');


     

       

       
41

       
+

       
      expect(identical(instance1, instance3), isTrue,


     

       

       
42

       
+

       
          reason: 'instance1 and instance3 should be identical');


     

       

       
43

       
+

       
    });


     

       

       
44

       
+

       



     

       

       
45

       
+

       
    test('should share in-memory session across singleton instances', () async {


     

       

       
46

       
+

       
      // Arrange


     

       

       
47

       
+

       
      final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);


     

       

       
48

       
+

       



     

       

       
49

       
+

       
      // Mock storage to return a valid session


     

       

       
50

       
+

       
      const sessionJson = '{'


     

       

       
51

       
+

       
          '"token": "test-token", '


     

       

       
52

       
+

       
          '"did": "did:plc:test123", '


     

       

       
53

       
+

       
          '"session_id": "session-123", '


     

       

       
54

       
+

       
          '"handle": "alice.bsky.social"'


     

       

       
55

       
+

       
          '}';


     

       

       
56

       
+

       



     

       

       
57

       
+

       
      when(mockStorage.read(key: storageKey))


     

       

       
58

       
+

       
          .thenAnswer((_) async => sessionJson);


     

       

       
59

       
+

       



     

       

       
60

       
+

       
      // Act - Restore session using first instance


     

       

       
61

       
+

       
      await instance1.restoreSession();


     

       

       
62

       
+

       



     

       

       
63

       
+

       
      // Get a second "instance" (should be the same singleton)


     

       

       
64

       
+

       
      final instance2 = CovesAuthService();


     

       

       
65

       
+

       



     

       

       
66

       
+

       
      // Assert - Both instances should have the same in-memory session


     

       

       
67

       
+

       
      expect(instance2.session?.token, 'test-token');


     

       

       
68

       
+

       
      expect(instance2.session?.did, 'did:plc:test123');


     

       

       
69

       
+

       
      expect(instance2.isAuthenticated, isTrue);


     

       

       
70

       
+

       



     

       

       
71

       
+

       
      // Verify storage was only read once (by instance1)


     

       

       
72

       
+

       
      verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
73

       
+

       
    });


     

       

       
74

       
+

       



     

       

       
75

       
+

       
    test('should share refresh mutex across singleton instances', () async {


     

       

       
76

       
+

       
      // Arrange


     

       

       
77

       
+

       
      final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);


     

       

       
78

       
+

       



     

       

       
79

       
+

       
      // Mock storage to return a valid session


     

       

       
80

       
+

       
      const sessionJson = '{'


     

       

       
81

       
+

       
          '"token": "old-token", '


     

       

       
82

       
+

       
          '"did": "did:plc:test123", '


     

       

       
83

       
+

       
          '"session_id": "session-123", '


     

       

       
84

       
+

       
          '"handle": "alice.bsky.social"'


     

       

       
85

       
+

       
          '}';


     

       

       
86

       
+

       



     

       

       
87

       
+

       
      when(mockStorage.read(key: storageKey))


     

       

       
88

       
+

       
          .thenAnswer((_) async => sessionJson);


     

       

       
89

       
+

       



     

       

       
90

       
+

       
      await instance1.restoreSession();


     

       

       
91

       
+

       



     

       

       
92

       
+

       
      // Mock refresh with delay


     

       

       
93

       
+

       
      const newToken = 'refreshed-token';


     

       

       
94

       
+

       
      when(mockDio.post<Map<String, dynamic>>(


     

       

       
95

       
+

       
        '/oauth/refresh',


     

       

       
96

       
+

       
        data: anyNamed('data'),


     

       

       
97

       
+

       
      )).thenAnswer((_) async {


     

       

       
98

       
+

       
        await Future.delayed(const Duration(milliseconds: 100));


     

       

       
99

       
+

       
        return Response(


     

       

       
100

       
+

       
          requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
101

       
+

       
          statusCode: 200,


     

       

       
102

       
+

       
          data: {'sealed_token': newToken, 'access_token': 'access-token'},


     

       

       
103

       
+

       
        );


     

       

       
104

       
+

       
      });


     

       

       
105

       
+

       



     

       

       
106

       
+

       
      when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
107

       
+

       
          .thenAnswer((_) async => {});


     

       

       
108

       
+

       



     

       

       
109

       
+

       
      // Act - Start refresh from first instance


     

       

       
110

       
+

       
      final refreshFuture1 = instance1.refreshToken();


     

       

       
111

       
+

       



     

       

       
112

       
+

       
      // Get second instance and immediately try to refresh


     

       

       
113

       
+

       
      final instance2 = CovesAuthService();


     

       

       
114

       
+

       
      final refreshFuture2 = instance2.refreshToken();


     

       

       
115

       
+

       



     

       

       
116

       
+

       
      // Wait for both


     

       

       
117

       
+

       
      final results = await Future.wait([refreshFuture1, refreshFuture2]);


     

       

       
118

       
+

       



     

       

       
119

       
+

       
      // Assert - Both should get the same result from a single API call


     

       

       
120

       
+

       
      expect(results[0].token, newToken);


     

       

       
121

       
+

       
      expect(results[1].token, newToken);


     

       

       
122

       
+

       



     

       

       
123

       
+

       
      // Verify only one API call was made (mutex protected)


     

       

       
124

       
+

       
      verify(mockDio.post<Map<String, dynamic>>(


     

       

       
125

       
+

       
        '/oauth/refresh',


     

       

       
126

       
+

       
        data: anyNamed('data'),


     

       

       
127

       
+

       
      )).called(1);


     

       

       
128

       
+

       
    });


     

       

       
129

       
+

       



     

       

       
130

       
+

       
    test('resetInstance() should clear the singleton', () {


     

       

       
131

       
+

       
      // Arrange


     

       

       
132

       
+

       
      final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);


     

       

       
133

       
+

       



     

       

       
134

       
+

       
      // Act


     

       

       
135

       
+

       
      CovesAuthService.resetInstance();


     

       

       
136

       
+

       



     

       

       
137

       
+

       
      // Create new instance with different dependencies


     

       

       
138

       
+

       
      final mockDio2 = MockDio();


     

       

       
139

       
+

       
      final mockStorage2 = MockFlutterSecureStorage();


     

       

       
140

       
+

       
      final instance2 = CovesAuthService(dio: mockDio2, storage: mockStorage2);


     

       

       
141

       
+

       



     

       

       
142

       
+

       
      // Assert - Should be different instances (new singleton created)


     

       

       
143

       
+

       
      // Note: We can't directly test if they're different objects easily,


     

       

       
144

       
+

       
      // but we can verify that resetInstance() allows a fresh start


     

       

       
145

       
+

       
      expect(instance2, isNotNull);


     

       

       
146

       
+

       
      expect(instance2.isAuthenticated, isFalse);


     

       

       
147

       
+

       
    });


     

       

       
148

       
+

       



     

       

       
149

       
+

       
    test('createTestInstance() should bypass singleton', () {


     

       

       
150

       
+

       
      // Arrange


     

       

       
151

       
+

       
      final singletonInstance = CovesAuthService(dio: mockDio, storage: mockStorage);


     

       

       
152

       
+

       



     

       

       
153

       
+

       
      // Act - Create a test instance with different dependencies


     

       

       
154

       
+

       
      final mockDio2 = MockDio();


     

       

       
155

       
+

       
      final mockStorage2 = MockFlutterSecureStorage();


     

       

       
156

       
+

       
      final testInstance = CovesAuthService.createTestInstance(


     

       

       
157

       
+

       
        dio: mockDio2,


     

       

       
158

       
+

       
        storage: mockStorage2,


     

       

       
159

       
+

       
      );


     

       

       
160

       
+

       



     

       

       
161

       
+

       
      // Assert - Test instance should be different from singleton


     

       

       
162

       
+

       
      expect(identical(singletonInstance, testInstance), isFalse,


     

       

       
163

       
+

       
          reason: 'Test instance should not be the singleton');


     

       

       
164

       
+

       



     

       

       
165

       
+

       
      // Test instance should not affect singleton


     

       

       
166

       
+

       
      final singletonCheck = CovesAuthService();


     

       

       
167

       
+

       
      expect(identical(singletonInstance, singletonCheck), isTrue,


     

       

       
168

       
+

       
          reason: 'Singleton should remain unchanged');


     

       

       
169

       
+

       
    });


     

       

       
170

       
+

       



     

       

       
171

       
+

       
    test('should avoid state loss when service is requested from multiple entry points', () async {


     

       

       
172

       
+

       
      // Arrange


     

       

       
173

       
+

       
      final authProvider = CovesAuthService(dio: mockDio, storage: mockStorage);


     

       

       
174

       
+

       



     

       

       
175

       
+

       
      const sessionJson = '{'


     

       

       
176

       
+

       
          '"token": "test-token", '


     

       

       
177

       
+

       
          '"did": "did:plc:test123", '


     

       

       
178

       
+

       
          '"session_id": "session-123"'


     

       

       
179

       
+

       
          '}';


     

       

       
180

       
+

       



     

       

       
181

       
+

       
      when(mockStorage.read(key: storageKey))


     

       

       
182

       
+

       
          .thenAnswer((_) async => sessionJson);


     

       

       
183

       
+

       



     

       

       
184

       
+

       
      // Act - Simulate different parts of the app requesting the service


     

       

       
185

       
+

       
      await authProvider.restoreSession();


     

       

       
186

       
+

       



     

       

       
187

       
+

       
      final apiService = CovesAuthService();


     

       

       
188

       
+

       
      final voteService = CovesAuthService();


     

       

       
189

       
+

       
      final feedService = CovesAuthService();


     

       

       
190

       
+

       



     

       

       
191

       
+

       
      // Assert - All should have access to the same session state


     

       

       
192

       
+

       
      expect(apiService.isAuthenticated, isTrue);


     

       

       
193

       
+

       
      expect(voteService.isAuthenticated, isTrue);


     

       

       
194

       
+

       
      expect(feedService.isAuthenticated, isTrue);


     

       

       
195

       
+

       
      expect(apiService.getToken(), 'test-token');


     

       

       
196

       
+

       
      expect(voteService.getToken(), 'test-token');


     

       

       
197

       
+

       
      expect(feedService.getToken(), 'test-token');


     

       

       
198

       
+

       



     

       

       
199

       
+

       
      // Storage should only be read once


     

       

       
200

       
+

       
      verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
201

       
+

       
    });


     

       

       
202

       
+

       
  });


     

       

       
203

       
+

       
}
+929
test/services/coves_auth_service_test.dart 
···

       

       
1

       
+

       
import 'package:coves_flutter/models/coves_session.dart';


     

       

       
2

       
+

       
import 'package:coves_flutter/services/coves_auth_service.dart';


     

       

       
3

       
+

       
import 'package:dio/dio.dart';


     

       

       
4

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart';


     

       

       
5

       
+

       
import 'package:flutter_test/flutter_test.dart';


     

       

       
6

       
+

       
import 'package:mockito/annotations.dart';


     

       

       
7

       
+

       
import 'package:mockito/mockito.dart';


     

       

       
8

       
+

       



     

       

       
9

       
+

       
import 'coves_auth_service_test.mocks.dart';


     

       

       
10

       
+

       



     

       

       
11

       
+

       
@GenerateMocks([Dio, FlutterSecureStorage])


     

       

       
12

       
+

       
void main() {


     

       

       
13

       
+

       
  late MockDio mockDio;


     

       

       
14

       
+

       
  late MockFlutterSecureStorage mockStorage;


     

       

       
15

       
+

       
  late CovesAuthService authService;


     

       

       
16

       
+

       



     

       

       
17

       
+

       
  // Storage key is environment-specific to prevent token reuse across dev/prod


     

       

       
18

       
+

       
  // Tests run in production environment by default


     

       

       
19

       
+

       
  const storageKey = 'coves_session_production';


     

       

       
20

       
+

       



     

       

       
21

       
+

       
  setUp(() {


     

       

       
22

       
+

       
    CovesAuthService.resetInstance();


     

       

       
23

       
+

       
    mockDio = MockDio();


     

       

       
24

       
+

       
    mockStorage = MockFlutterSecureStorage();


     

       

       
25

       
+

       
    authService = CovesAuthService.createTestInstance(


     

       

       
26

       
+

       
      dio: mockDio,


     

       

       
27

       
+

       
      storage: mockStorage,


     

       

       
28

       
+

       
    );


     

       

       
29

       
+

       
  });


     

       

       
30

       
+

       



     

       

       
31

       
+

       
  tearDown(() {


     

       

       
32

       
+

       
    CovesAuthService.resetInstance();


     

       

       
33

       
+

       
  });


     

       

       
34

       
+

       



     

       

       
35

       
+

       
  group('CovesAuthService', () {


     

       

       
36

       
+

       
    group('signIn()', () {


     

       

       
37

       
+

       
      test('should throw ArgumentError when handle is empty', () async {


     

       

       
38

       
+

       
        expect(


     

       

       
39

       
+

       
          () => authService.signIn(''),


     

       

       
40

       
+

       
          throwsA(isA<ArgumentError>()),


     

       

       
41

       
+

       
        );


     

       

       
42

       
+

       
      });


     

       

       
43

       
+

       



     

       

       
44

       
+

       
      test('should throw ArgumentError when handle is whitespace-only',


     

       

       
45

       
+

       
          () async {


     

       

       
46

       
+

       
        expect(


     

       

       
47

       
+

       
          () => authService.signIn('   '),


     

       

       
48

       
+

       
          throwsA(isA<ArgumentError>()),


     

       

       
49

       
+

       
        );


     

       

       
50

       
+

       
      });


     

       

       
51

       
+

       



     

       

       
52

       
+

       
      test('should throw appropriate error when user cancels sign-in',


     

       

       
53

       
+

       
          () async {


     

       

       
54

       
+

       
        // Note: FlutterWebAuth2.authenticate is not easily mockable as it's a static method


     

       

       
55

       
+

       
        // This test documents expected behavior when authentication is cancelled


     

       

       
56

       
+

       
        // In practice, this would throw with CANCELED/cancelled in the message


     

       

       
57

       
+

       
        // The actual implementation catches this and rethrows with user-friendly message


     

       

       
58

       
+

       



     

       

       
59

       
+

       
        // This test would require integration testing or a wrapper around FlutterWebAuth2


     

       

       
60

       
+

       
        // Skipping for now as it requires more complex mocking infrastructure


     

       

       
61

       
+

       
      });


     

       

       
62

       
+

       



     

       

       
63

       
+

       
      test('should throw Exception when network error occurs during OAuth',


     

       

       
64

       
+

       
          () async {


     

       

       
65

       
+

       
        // Note: Similar to above, FlutterWebAuth2 static methods are difficult to mock


     

       

       
66

       
+

       
        // This test documents expected behavior


     

       

       
67

       
+

       
        // The actual implementation catches exceptions and rethrows with context


     

       

       
68

       
+

       
      });


     

       

       
69

       
+

       



     

       

       
70

       
+

       
      test('should trim handle before processing', () async {


     

       

       
71

       
+

       
        // This test verifies the handle trimming logic


     

       

       
72

       
+

       
        // The actual OAuth flow is tested via integration tests


     

       

       
73

       
+

       
        const handle = '  alice.bsky.social  ';


     

       

       
74

       
+

       
        expect(handle.trim(), 'alice.bsky.social');


     

       

       
75

       
+

       
      });


     

       

       
76

       
+

       
    });


     

       

       
77

       
+

       



     

       

       
78

       
+

       
    group('restoreSession()', () {


     

       

       
79

       
+

       
      test('should successfully restore valid session from storage', () async {


     

       

       
80

       
+

       
        // Arrange


     

       

       
81

       
+

       
        const session = CovesSession(


     

       

       
82

       
+

       
          token: 'test-token',


     

       

       
83

       
+

       
          did: 'did:plc:test123',


     

       

       
84

       
+

       
          sessionId: 'session-123',


     

       

       
85

       
+

       
          handle: 'alice.bsky.social',


     

       

       
86

       
+

       
        );


     

       

       
87

       
+

       
        final jsonString = session.toJsonString();


     

       

       
88

       
+

       



     

       

       
89

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
90

       
+

       
            .thenAnswer((_) async => jsonString);


     

       

       
91

       
+

       



     

       

       
92

       
+

       
        // Act


     

       

       
93

       
+

       
        final result = await authService.restoreSession();


     

       

       
94

       
+

       



     

       

       
95

       
+

       
        // Assert


     

       

       
96

       
+

       
        expect(result, isNotNull);


     

       

       
97

       
+

       
        expect(result!.token, 'test-token');


     

       

       
98

       
+

       
        expect(result.did, 'did:plc:test123');


     

       

       
99

       
+

       
        expect(result.sessionId, 'session-123');


     

       

       
100

       
+

       
        expect(result.handle, 'alice.bsky.social');


     

       

       
101

       
+

       
        verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
102

       
+

       
      });


     

       

       
103

       
+

       



     

       

       
104

       
+

       
      test('should return null when no stored session exists', () async {


     

       

       
105

       
+

       
        // Arrange


     

       

       
106

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
107

       
+

       
            .thenAnswer((_) async => null);


     

       

       
108

       
+

       



     

       

       
109

       
+

       
        // Act


     

       

       
110

       
+

       
        final result = await authService.restoreSession();


     

       

       
111

       
+

       



     

       

       
112

       
+

       
        // Assert


     

       

       
113

       
+

       
        expect(result, isNull);


     

       

       
114

       
+

       
        verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
115

       
+

       
      });


     

       

       
116

       
+

       



     

       

       
117

       
+

       
      test('should handle corrupted storage data gracefully', () async {


     

       

       
118

       
+

       
        // Arrange


     

       

       
119

       
+

       
        const corruptedJson = 'not-valid-json{]';


     

       

       
120

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
121

       
+

       
            .thenAnswer((_) async => corruptedJson);


     

       

       
122

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
123

       
+

       
            .thenAnswer((_) async => {});


     

       

       
124

       
+

       



     

       

       
125

       
+

       
        // Act


     

       

       
126

       
+

       
        final result = await authService.restoreSession();


     

       

       
127

       
+

       



     

       

       
128

       
+

       
        // Assert


     

       

       
129

       
+

       
        expect(result, isNull);


     

       

       
130

       
+

       
        verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
131

       
+

       
        verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
132

       
+

       
      });


     

       

       
133

       
+

       



     

       

       
134

       
+

       
      test('should handle session JSON with missing required fields gracefully',


     

       

       
135

       
+

       
          () async {


     

       

       
136

       
+

       
        // Arrange


     

       

       
137

       
+

       
        const invalidJson = '{"token": "test"}'; // Missing required fields (did, session_id)


     

       

       
138

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
139

       
+

       
            .thenAnswer((_) async => invalidJson);


     

       

       
140

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
141

       
+

       
            .thenAnswer((_) async => {});


     

       

       
142

       
+

       



     

       

       
143

       
+

       
        // Act


     

       

       
144

       
+

       
        final result = await authService.restoreSession();


     

       

       
145

       
+

       



     

       

       
146

       
+

       
        // Assert


     

       

       
147

       
+

       
        // Should return null and clear corrupted storage


     

       

       
148

       
+

       
        expect(result, isNull);


     

       

       
149

       
+

       
        verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
150

       
+

       
        verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
151

       
+

       
      });


     

       

       
152

       
+

       



     

       

       
153

       
+

       
      test('should handle storage read errors gracefully', () async {


     

       

       
154

       
+

       
        // Arrange


     

       

       
155

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
156

       
+

       
            .thenThrow(Exception('Storage error'));


     

       

       
157

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
158

       
+

       
            .thenAnswer((_) async => {});


     

       

       
159

       
+

       



     

       

       
160

       
+

       
        // Act


     

       

       
161

       
+

       
        final result = await authService.restoreSession();


     

       

       
162

       
+

       



     

       

       
163

       
+

       
        // Assert


     

       

       
164

       
+

       
        expect(result, isNull);


     

       

       
165

       
+

       
        verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
166

       
+

       
      });


     

       

       
167

       
+

       
    });


     

       

       
168

       
+

       



     

       

       
169

       
+

       
    group('refreshToken()', () {


     

       

       
170

       
+

       
      test('should throw StateError when no session exists', () async {


     

       

       
171

       
+

       
        // Act & Assert


     

       

       
172

       
+

       
        expect(


     

       

       
173

       
+

       
          () => authService.refreshToken(),


     

       

       
174

       
+

       
          throwsA(isA<StateError>()),


     

       

       
175

       
+

       
        );


     

       

       
176

       
+

       
      });


     

       

       
177

       
+

       



     

       

       
178

       
+

       
      test('should successfully refresh token and return updated session',


     

       

       
179

       
+

       
          () async {


     

       

       
180

       
+

       
        // Arrange - First restore a session


     

       

       
181

       
+

       
        const initialSession = CovesSession(


     

       

       
182

       
+

       
          token: 'old-token',


     

       

       
183

       
+

       
          did: 'did:plc:test123',


     

       

       
184

       
+

       
          sessionId: 'session-123',


     

       

       
185

       
+

       
          handle: 'alice.bsky.social',


     

       

       
186

       
+

       
        );


     

       

       
187

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
188

       
+

       
            .thenAnswer((_) async => initialSession.toJsonString());


     

       

       
189

       
+

       
        await authService.restoreSession();


     

       

       
190

       
+

       



     

       

       
191

       
+

       
        // Mock successful refresh response


     

       

       
192

       
+

       
        const newToken = 'new-refreshed-token';


     

       

       
193

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
194

       
+

       
          '/oauth/refresh',


     

       

       
195

       
+

       
          data: anyNamed('data'),


     

       

       
196

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
197

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
198

       
+

       
              statusCode: 200,


     

       

       
199

       
+

       
              data: {'sealed_token': newToken, 'access_token': 'some-access-token'},


     

       

       
200

       
+

       
            ));


     

       

       
201

       
+

       



     

       

       
202

       
+

       
        when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
203

       
+

       
            .thenAnswer((_) async => {});


     

       

       
204

       
+

       



     

       

       
205

       
+

       
        // Act


     

       

       
206

       
+

       
        final result = await authService.refreshToken();


     

       

       
207

       
+

       



     

       

       
208

       
+

       
        // Assert


     

       

       
209

       
+

       
        expect(result.token, newToken);


     

       

       
210

       
+

       
        expect(result.did, 'did:plc:test123');


     

       

       
211

       
+

       
        expect(result.sessionId, 'session-123');


     

       

       
212

       
+

       
        expect(result.handle, 'alice.bsky.social');


     

       

       
213

       
+

       
        verify(mockDio.post<Map<String, dynamic>>(


     

       

       
214

       
+

       
          '/oauth/refresh',


     

       

       
215

       
+

       
          data: anyNamed('data'),


     

       

       
216

       
+

       
        )).called(1);


     

       

       
217

       
+

       
        verify(mockStorage.write(


     

       

       
218

       
+

       
          key: storageKey,


     

       

       
219

       
+

       
          value: anyNamed('value'),


     

       

       
220

       
+

       
        )).called(1);


     

       

       
221

       
+

       
      });


     

       

       
222

       
+

       



     

       

       
223

       
+

       
      test('should throw "Session expired" on 401 response', () async {


     

       

       
224

       
+

       
        // Arrange - First restore a session


     

       

       
225

       
+

       
        const session = CovesSession(


     

       

       
226

       
+

       
          token: 'old-token',


     

       

       
227

       
+

       
          did: 'did:plc:test123',


     

       

       
228

       
+

       
          sessionId: 'session-123',


     

       

       
229

       
+

       
        );


     

       

       
230

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
231

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
232

       
+

       
        await authService.restoreSession();


     

       

       
233

       
+

       



     

       

       
234

       
+

       
        // Mock 401 response


     

       

       
235

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
236

       
+

       
          '/oauth/refresh',


     

       

       
237

       
+

       
          data: anyNamed('data'),


     

       

       
238

       
+

       
        )).thenThrow(


     

       

       
239

       
+

       
          DioException(


     

       

       
240

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
241

       
+

       
            type: DioExceptionType.badResponse,


     

       

       
242

       
+

       
            response: Response(


     

       

       
243

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
244

       
+

       
              statusCode: 401,


     

       

       
245

       
+

       
            ),


     

       

       
246

       
+

       
          ),


     

       

       
247

       
+

       
        );


     

       

       
248

       
+

       



     

       

       
249

       
+

       
        // Act & Assert


     

       

       
250

       
+

       
        expect(


     

       

       
251

       
+

       
          () => authService.refreshToken(),


     

       

       
252

       
+

       
          throwsA(


     

       

       
253

       
+

       
            predicate((e) =>


     

       

       
254

       
+

       
                e is Exception && e.toString().contains('Session expired')),


     

       

       
255

       
+

       
          ),


     

       

       
256

       
+

       
        );


     

       

       
257

       
+

       
      });


     

       

       
258

       
+

       



     

       

       
259

       
+

       
      test('should throw Exception on network error during refresh', () async {


     

       

       
260

       
+

       
        // Arrange - First restore a session


     

       

       
261

       
+

       
        const session = CovesSession(


     

       

       
262

       
+

       
          token: 'old-token',


     

       

       
263

       
+

       
          did: 'did:plc:test123',


     

       

       
264

       
+

       
          sessionId: 'session-123',


     

       

       
265

       
+

       
        );


     

       

       
266

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
267

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
268

       
+

       
        await authService.restoreSession();


     

       

       
269

       
+

       



     

       

       
270

       
+

       
        // Mock network error


     

       

       
271

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
272

       
+

       
          '/oauth/refresh',


     

       

       
273

       
+

       
          data: anyNamed('data'),


     

       

       
274

       
+

       
        )).thenThrow(


     

       

       
275

       
+

       
          DioException(


     

       

       
276

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
277

       
+

       
            type: DioExceptionType.connectionError,


     

       

       
278

       
+

       
            message: 'Connection failed',


     

       

       
279

       
+

       
          ),


     

       

       
280

       
+

       
        );


     

       

       
281

       
+

       



     

       

       
282

       
+

       
        // Act & Assert


     

       

       
283

       
+

       
        expect(


     

       

       
284

       
+

       
          () => authService.refreshToken(),


     

       

       
285

       
+

       
          throwsA(


     

       

       
286

       
+

       
            predicate((e) =>


     

       

       
287

       
+

       
                e is Exception &&


     

       

       
288

       
+

       
                e.toString().contains('Token refresh failed')),


     

       

       
289

       
+

       
          ),


     

       

       
290

       
+

       
        );


     

       

       
291

       
+

       
      });


     

       

       
292

       
+

       



     

       

       
293

       
+

       
      test('should throw Exception when response is missing sealed_token', () async {


     

       

       
294

       
+

       
        // Arrange - First restore a session


     

       

       
295

       
+

       
        const session = CovesSession(


     

       

       
296

       
+

       
          token: 'old-token',


     

       

       
297

       
+

       
          did: 'did:plc:test123',


     

       

       
298

       
+

       
          sessionId: 'session-123',


     

       

       
299

       
+

       
        );


     

       

       
300

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
301

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
302

       
+

       
        await authService.restoreSession();


     

       

       
303

       
+

       



     

       

       
304

       
+

       
        // Mock response without sealed_token


     

       

       
305

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
306

       
+

       
          '/oauth/refresh',


     

       

       
307

       
+

       
          data: anyNamed('data'),


     

       

       
308

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
309

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
310

       
+

       
              statusCode: 200,


     

       

       
311

       
+

       
              data: {'access_token': 'some-token'}, // No sealed_token field


     

       

       
312

       
+

       
            ));


     

       

       
313

       
+

       



     

       

       
314

       
+

       
        // Act & Assert


     

       

       
315

       
+

       
        expect(


     

       

       
316

       
+

       
          () => authService.refreshToken(),


     

       

       
317

       
+

       
          throwsA(


     

       

       
318

       
+

       
            predicate((e) =>


     

       

       
319

       
+

       
                e is Exception &&


     

       

       
320

       
+

       
                e.toString().contains('Invalid refresh response')),


     

       

       
321

       
+

       
          ),


     

       

       
322

       
+

       
        );


     

       

       
323

       
+

       
      });


     

       

       
324

       
+

       



     

       

       
325

       
+

       
      test('should throw Exception when response sealed_token is empty', () async {


     

       

       
326

       
+

       
        // Arrange - First restore a session


     

       

       
327

       
+

       
        const session = CovesSession(


     

       

       
328

       
+

       
          token: 'old-token',


     

       

       
329

       
+

       
          did: 'did:plc:test123',


     

       

       
330

       
+

       
          sessionId: 'session-123',


     

       

       
331

       
+

       
        );


     

       

       
332

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
333

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
334

       
+

       
        await authService.restoreSession();


     

       

       
335

       
+

       



     

       

       
336

       
+

       
        // Mock response with empty sealed_token


     

       

       
337

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
338

       
+

       
          '/oauth/refresh',


     

       

       
339

       
+

       
          data: anyNamed('data'),


     

       

       
340

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
341

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
342

       
+

       
              statusCode: 200,


     

       

       
343

       
+

       
              data: {'sealed_token': '', 'access_token': 'some-token'}, // Empty sealed_token


     

       

       
344

       
+

       
            ));


     

       

       
345

       
+

       



     

       

       
346

       
+

       
        // Act & Assert


     

       

       
347

       
+

       
        expect(


     

       

       
348

       
+

       
          () => authService.refreshToken(),


     

       

       
349

       
+

       
          throwsA(


     

       

       
350

       
+

       
            predicate((e) =>


     

       

       
351

       
+

       
                e is Exception &&


     

       

       
352

       
+

       
                e.toString().contains('Invalid refresh response')),


     

       

       
353

       
+

       
          ),


     

       

       
354

       
+

       
        );


     

       

       
355

       
+

       
      });


     

       

       
356

       
+

       
    });


     

       

       
357

       
+

       



     

       

       
358

       
+

       
    group('signOut()', () {


     

       

       
359

       
+

       
      test('should clear session and storage on successful server-side logout',


     

       

       
360

       
+

       
          () async {


     

       

       
361

       
+

       
        // Arrange - First restore a session


     

       

       
362

       
+

       
        const session = CovesSession(


     

       

       
363

       
+

       
          token: 'test-token',


     

       

       
364

       
+

       
          did: 'did:plc:test123',


     

       

       
365

       
+

       
          sessionId: 'session-123',


     

       

       
366

       
+

       
        );


     

       

       
367

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
368

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
369

       
+

       
        await authService.restoreSession();


     

       

       
370

       
+

       



     

       

       
371

       
+

       
        // Mock successful logout


     

       

       
372

       
+

       
        when(mockDio.post<void>(


     

       

       
373

       
+

       
          '/oauth/logout',


     

       

       
374

       
+

       
          options: anyNamed('options'),


     

       

       
375

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
376

       
+

       
              requestOptions: RequestOptions(path: '/oauth/logout'),


     

       

       
377

       
+

       
              statusCode: 200,


     

       

       
378

       
+

       
            ));


     

       

       
379

       
+

       



     

       

       
380

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
381

       
+

       
            .thenAnswer((_) async => {});


     

       

       
382

       
+

       



     

       

       
383

       
+

       
        // Act


     

       

       
384

       
+

       
        await authService.signOut();


     

       

       
385

       
+

       



     

       

       
386

       
+

       
        // Assert


     

       

       
387

       
+

       
        expect(authService.session, isNull);


     

       

       
388

       
+

       
        expect(authService.isAuthenticated, isFalse);


     

       

       
389

       
+

       
        verify(mockDio.post<void>(


     

       

       
390

       
+

       
          '/oauth/logout',


     

       

       
391

       
+

       
          options: anyNamed('options'),


     

       

       
392

       
+

       
        )).called(1);


     

       

       
393

       
+

       
        verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
394

       
+

       
      });


     

       

       
395

       
+

       



     

       

       
396

       
+

       
      test('should clear local state even when server revocation fails',


     

       

       
397

       
+

       
          () async {


     

       

       
398

       
+

       
        // Arrange - First restore a session


     

       

       
399

       
+

       
        const session = CovesSession(


     

       

       
400

       
+

       
          token: 'test-token',


     

       

       
401

       
+

       
          did: 'did:plc:test123',


     

       

       
402

       
+

       
          sessionId: 'session-123',


     

       

       
403

       
+

       
        );


     

       

       
404

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
405

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
406

       
+

       
        await authService.restoreSession();


     

       

       
407

       
+

       



     

       

       
408

       
+

       
        // Mock server error


     

       

       
409

       
+

       
        when(mockDio.post<void>(


     

       

       
410

       
+

       
          '/oauth/logout',


     

       

       
411

       
+

       
          options: anyNamed('options'),


     

       

       
412

       
+

       
        )).thenThrow(


     

       

       
413

       
+

       
          DioException(


     

       

       
414

       
+

       
            requestOptions: RequestOptions(path: '/oauth/logout'),


     

       

       
415

       
+

       
            type: DioExceptionType.connectionError,


     

       

       
416

       
+

       
            message: 'Connection failed',


     

       

       
417

       
+

       
          ),


     

       

       
418

       
+

       
        );


     

       

       
419

       
+

       



     

       

       
420

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
421

       
+

       
            .thenAnswer((_) async => {});


     

       

       
422

       
+

       



     

       

       
423

       
+

       
        // Act


     

       

       
424

       
+

       
        await authService.signOut();


     

       

       
425

       
+

       



     

       

       
426

       
+

       
        // Assert


     

       

       
427

       
+

       
        expect(authService.session, isNull);


     

       

       
428

       
+

       
        expect(authService.isAuthenticated, isFalse);


     

       

       
429

       
+

       
        verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
430

       
+

       
      });


     

       

       
431

       
+

       



     

       

       
432

       
+

       
      test('should work even when no session exists', () async {


     

       

       
433

       
+

       
        // Arrange


     

       

       
434

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
435

       
+

       
            .thenAnswer((_) async => {});


     

       

       
436

       
+

       



     

       

       
437

       
+

       
        // Act


     

       

       
438

       
+

       
        await authService.signOut();


     

       

       
439

       
+

       



     

       

       
440

       
+

       
        // Assert


     

       

       
441

       
+

       
        expect(authService.session, isNull);


     

       

       
442

       
+

       
        expect(authService.isAuthenticated, isFalse);


     

       

       
443

       
+

       
        verify(mockStorage.delete(key: storageKey)).called(1);


     

       

       
444

       
+

       
        verifyNever(mockDio.post<void>(


     

       

       
445

       
+

       
          '/oauth/logout',


     

       

       
446

       
+

       
          options: anyNamed('options'),


     

       

       
447

       
+

       
        ));


     

       

       
448

       
+

       
      });


     

       

       
449

       
+

       



     

       

       
450

       
+

       
      test('should clear local state even when storage delete fails', () async {


     

       

       
451

       
+

       
        // Arrange - First restore a session


     

       

       
452

       
+

       
        const session = CovesSession(


     

       

       
453

       
+

       
          token: 'test-token',


     

       

       
454

       
+

       
          did: 'did:plc:test123',


     

       

       
455

       
+

       
          sessionId: 'session-123',


     

       

       
456

       
+

       
        );


     

       

       
457

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
458

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
459

       
+

       
        await authService.restoreSession();


     

       

       
460

       
+

       



     

       

       
461

       
+

       
        when(mockDio.post<void>(


     

       

       
462

       
+

       
          '/oauth/logout',


     

       

       
463

       
+

       
          options: anyNamed('options'),


     

       

       
464

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
465

       
+

       
              requestOptions: RequestOptions(path: '/oauth/logout'),


     

       

       
466

       
+

       
              statusCode: 200,


     

       

       
467

       
+

       
            ));


     

       

       
468

       
+

       



     

       

       
469

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
470

       
+

       
            .thenThrow(Exception('Storage error'));


     

       

       
471

       
+

       



     

       

       
472

       
+

       
        // Act & Assert - Should not throw


     

       

       
473

       
+

       
        expect(() => authService.signOut(), throwsA(isA<Exception>()));


     

       

       
474

       
+

       



     

       

       
475

       
+

       
        // Note: The session is cleared in memory even if storage fails


     

       

       
476

       
+

       
        // This is because the finally block sets _session = null


     

       

       
477

       
+

       
      });


     

       

       
478

       
+

       
    });


     

       

       
479

       
+

       



     

       

       
480

       
+

       
    group('getToken()', () {


     

       

       
481

       
+

       
      test('should return token when authenticated', () async {


     

       

       
482

       
+

       
        // Arrange - First restore a session


     

       

       
483

       
+

       
        const session = CovesSession(


     

       

       
484

       
+

       
          token: 'test-token',


     

       

       
485

       
+

       
          did: 'did:plc:test123',


     

       

       
486

       
+

       
          sessionId: 'session-123',


     

       

       
487

       
+

       
        );


     

       

       
488

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
489

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
490

       
+

       
        await authService.restoreSession();


     

       

       
491

       
+

       



     

       

       
492

       
+

       
        // Act


     

       

       
493

       
+

       
        final token = authService.getToken();


     

       

       
494

       
+

       



     

       

       
495

       
+

       
        // Assert


     

       

       
496

       
+

       
        expect(token, 'test-token');


     

       

       
497

       
+

       
      });


     

       

       
498

       
+

       



     

       

       
499

       
+

       
      test('should return null when not authenticated', () {


     

       

       
500

       
+

       
        // Act


     

       

       
501

       
+

       
        final token = authService.getToken();


     

       

       
502

       
+

       



     

       

       
503

       
+

       
        // Assert


     

       

       
504

       
+

       
        expect(token, isNull);


     

       

       
505

       
+

       
      });


     

       

       
506

       
+

       



     

       

       
507

       
+

       
      test('should return null after sign out', () async {


     

       

       
508

       
+

       
        // Arrange - First restore a session


     

       

       
509

       
+

       
        const session = CovesSession(


     

       

       
510

       
+

       
          token: 'test-token',


     

       

       
511

       
+

       
          did: 'did:plc:test123',


     

       

       
512

       
+

       
          sessionId: 'session-123',


     

       

       
513

       
+

       
        );


     

       

       
514

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
515

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
516

       
+

       
        await authService.restoreSession();


     

       

       
517

       
+

       



     

       

       
518

       
+

       
        when(mockDio.post<void>(


     

       

       
519

       
+

       
          '/oauth/logout',


     

       

       
520

       
+

       
          options: anyNamed('options'),


     

       

       
521

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
522

       
+

       
              requestOptions: RequestOptions(path: '/oauth/logout'),


     

       

       
523

       
+

       
              statusCode: 200,


     

       

       
524

       
+

       
            ));


     

       

       
525

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
526

       
+

       
            .thenAnswer((_) async => {});


     

       

       
527

       
+

       



     

       

       
528

       
+

       
        // Act


     

       

       
529

       
+

       
        await authService.signOut();


     

       

       
530

       
+

       
        final token = authService.getToken();


     

       

       
531

       
+

       



     

       

       
532

       
+

       
        // Assert


     

       

       
533

       
+

       
        expect(token, isNull);


     

       

       
534

       
+

       
      });


     

       

       
535

       
+

       
    });


     

       

       
536

       
+

       



     

       

       
537

       
+

       
    group('isAuthenticated', () {


     

       

       
538

       
+

       
      test('should return false when no session exists', () {


     

       

       
539

       
+

       
        // Assert


     

       

       
540

       
+

       
        expect(authService.isAuthenticated, isFalse);


     

       

       
541

       
+

       
      });


     

       

       
542

       
+

       



     

       

       
543

       
+

       
      test('should return true when session exists', () async {


     

       

       
544

       
+

       
        // Arrange - Restore a session


     

       

       
545

       
+

       
        const session = CovesSession(


     

       

       
546

       
+

       
          token: 'test-token',


     

       

       
547

       
+

       
          did: 'did:plc:test123',


     

       

       
548

       
+

       
          sessionId: 'session-123',


     

       

       
549

       
+

       
        );


     

       

       
550

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
551

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
552

       
+

       
        await authService.restoreSession();


     

       

       
553

       
+

       



     

       

       
554

       
+

       
        // Assert


     

       

       
555

       
+

       
        expect(authService.isAuthenticated, isTrue);


     

       

       
556

       
+

       
      });


     

       

       
557

       
+

       



     

       

       
558

       
+

       
      test('should return false after sign out', () async {


     

       

       
559

       
+

       
        // Arrange - First restore a session


     

       

       
560

       
+

       
        const session = CovesSession(


     

       

       
561

       
+

       
          token: 'test-token',


     

       

       
562

       
+

       
          did: 'did:plc:test123',


     

       

       
563

       
+

       
          sessionId: 'session-123',


     

       

       
564

       
+

       
        );


     

       

       
565

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
566

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
567

       
+

       
        await authService.restoreSession();


     

       

       
568

       
+

       



     

       

       
569

       
+

       
        when(mockDio.post<void>(


     

       

       
570

       
+

       
          '/oauth/logout',


     

       

       
571

       
+

       
          options: anyNamed('options'),


     

       

       
572

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
573

       
+

       
              requestOptions: RequestOptions(path: '/oauth/logout'),


     

       

       
574

       
+

       
              statusCode: 200,


     

       

       
575

       
+

       
            ));


     

       

       
576

       
+

       
        when(mockStorage.delete(key: storageKey))


     

       

       
577

       
+

       
            .thenAnswer((_) async => {});


     

       

       
578

       
+

       



     

       

       
579

       
+

       
        // Act


     

       

       
580

       
+

       
        await authService.signOut();


     

       

       
581

       
+

       



     

       

       
582

       
+

       
        // Assert


     

       

       
583

       
+

       
        expect(authService.isAuthenticated, isFalse);


     

       

       
584

       
+

       
      });


     

       

       
585

       
+

       
    });


     

       

       
586

       
+

       



     

       

       
587

       
+

       
    group('session caching', () {


     

       

       
588

       
+

       
      test('should cache session in memory after restore', () async {


     

       

       
589

       
+

       
        // Arrange


     

       

       
590

       
+

       
        const session = CovesSession(


     

       

       
591

       
+

       
          token: 'test-token',


     

       

       
592

       
+

       
          did: 'did:plc:test123',


     

       

       
593

       
+

       
          sessionId: 'session-123',


     

       

       
594

       
+

       
        );


     

       

       
595

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
596

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
597

       
+

       



     

       

       
598

       
+

       
        // Act


     

       

       
599

       
+

       
        await authService.restoreSession();


     

       

       
600

       
+

       



     

       

       
601

       
+

       
        // Assert - Accessing session property should not read from storage again


     

       

       
602

       
+

       
        expect(authService.session?.token, 'test-token');


     

       

       
603

       
+

       
        expect(authService.session?.did, 'did:plc:test123');


     

       

       
604

       
+

       
        verify(mockStorage.read(key: storageKey)).called(1);


     

       

       
605

       
+

       
      });


     

       

       
606

       
+

       



     

       

       
607

       
+

       
      test('should update cached session after token refresh', () async {


     

       

       
608

       
+

       
        // Arrange - First restore a session


     

       

       
609

       
+

       
        const initialSession = CovesSession(


     

       

       
610

       
+

       
          token: 'old-token',


     

       

       
611

       
+

       
          did: 'did:plc:test123',


     

       

       
612

       
+

       
          sessionId: 'session-123',


     

       

       
613

       
+

       
        );


     

       

       
614

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
615

       
+

       
            .thenAnswer((_) async => initialSession.toJsonString());


     

       

       
616

       
+

       
        await authService.restoreSession();


     

       

       
617

       
+

       



     

       

       
618

       
+

       
        const newToken = 'new-token';


     

       

       
619

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
620

       
+

       
          '/oauth/refresh',


     

       

       
621

       
+

       
          data: anyNamed('data'),


     

       

       
622

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
623

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
624

       
+

       
              statusCode: 200,


     

       

       
625

       
+

       
              data: {'sealed_token': newToken, 'access_token': 'some-access-token'},


     

       

       
626

       
+

       
            ));


     

       

       
627

       
+

       
        when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
628

       
+

       
            .thenAnswer((_) async => {});


     

       

       
629

       
+

       



     

       

       
630

       
+

       
        // Act


     

       

       
631

       
+

       
        await authService.refreshToken();


     

       

       
632

       
+

       



     

       

       
633

       
+

       
        // Assert - Cached session should have new token


     

       

       
634

       
+

       
        expect(authService.session?.token, newToken);


     

       

       
635

       
+

       
        expect(authService.getToken(), newToken);


     

       

       
636

       
+

       
      });


     

       

       
637

       
+

       
    });


     

       

       
638

       
+

       



     

       

       
639

       
+

       
    group('refreshToken() - Concurrency Protection', () {


     

       

       
640

       
+

       
      test('should only make one API request for concurrent refresh calls',


     

       

       
641

       
+

       
          () async {


     

       

       
642

       
+

       
        // Arrange - First restore a session


     

       

       
643

       
+

       
        const initialSession = CovesSession(


     

       

       
644

       
+

       
          token: 'old-token',


     

       

       
645

       
+

       
          did: 'did:plc:test123',


     

       

       
646

       
+

       
          sessionId: 'session-123',


     

       

       
647

       
+

       
          handle: 'alice.bsky.social',


     

       

       
648

       
+

       
        );


     

       

       
649

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
650

       
+

       
            .thenAnswer((_) async => initialSession.toJsonString());


     

       

       
651

       
+

       
        await authService.restoreSession();


     

       

       
652

       
+

       



     

       

       
653

       
+

       
        const newToken = 'new-refreshed-token';


     

       

       
654

       
+

       



     

       

       
655

       
+

       
        // Mock refresh response with a delay to simulate network latency


     

       

       
656

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
657

       
+

       
          '/oauth/refresh',


     

       

       
658

       
+

       
          data: anyNamed('data'),


     

       

       
659

       
+

       
        )).thenAnswer((_) async {


     

       

       
660

       
+

       
          await Future.delayed(const Duration(milliseconds: 100));


     

       

       
661

       
+

       
          return Response(


     

       

       
662

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
663

       
+

       
            statusCode: 200,


     

       

       
664

       
+

       
            data: {'sealed_token': newToken, 'access_token': 'some-access-token'},


     

       

       
665

       
+

       
          );


     

       

       
666

       
+

       
        });


     

       

       
667

       
+

       



     

       

       
668

       
+

       
        when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
669

       
+

       
            .thenAnswer((_) async => {});


     

       

       
670

       
+

       



     

       

       
671

       
+

       
        // Act - Launch 3 concurrent refresh calls


     

       

       
672

       
+

       
        final results = await Future.wait([


     

       

       
673

       
+

       
          authService.refreshToken(),


     

       

       
674

       
+

       
          authService.refreshToken(),


     

       

       
675

       
+

       
          authService.refreshToken(),


     

       

       
676

       
+

       
        ]);


     

       

       
677

       
+

       



     

       

       
678

       
+

       
        // Assert - All calls should return the same refreshed session


     

       

       
679

       
+

       
        expect(results.length, 3);


     

       

       
680

       
+

       
        expect(results[0].token, newToken);


     

       

       
681

       
+

       
        expect(results[1].token, newToken);


     

       

       
682

       
+

       
        expect(results[2].token, newToken);


     

       

       
683

       
+

       



     

       

       
684

       
+

       
        // Verify only one API call was made


     

       

       
685

       
+

       
        verify(mockDio.post<Map<String, dynamic>>(


     

       

       
686

       
+

       
          '/oauth/refresh',


     

       

       
687

       
+

       
          data: anyNamed('data'),


     

       

       
688

       
+

       
        )).called(1);


     

       

       
689

       
+

       



     

       

       
690

       
+

       
        // Verify only one storage write was made


     

       

       
691

       
+

       
        verify(mockStorage.write(


     

       

       
692

       
+

       
          key: storageKey,


     

       

       
693

       
+

       
          value: anyNamed('value'),


     

       

       
694

       
+

       
        )).called(1);


     

       

       
695

       
+

       
      });


     

       

       
696

       
+

       



     

       

       
697

       
+

       
      test('should propagate errors to all concurrent waiters', () async {


     

       

       
698

       
+

       
        // Arrange - First restore a session


     

       

       
699

       
+

       
        const session = CovesSession(


     

       

       
700

       
+

       
          token: 'old-token',


     

       

       
701

       
+

       
          did: 'did:plc:test123',


     

       

       
702

       
+

       
          sessionId: 'session-123',


     

       

       
703

       
+

       
        );


     

       

       
704

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
705

       
+

       
            .thenAnswer((_) async => session.toJsonString());


     

       

       
706

       
+

       
        await authService.restoreSession();


     

       

       
707

       
+

       



     

       

       
708

       
+

       
        // Mock 401 response with delay


     

       

       
709

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
710

       
+

       
          '/oauth/refresh',


     

       

       
711

       
+

       
          data: anyNamed('data'),


     

       

       
712

       
+

       
        )).thenAnswer((_) async {


     

       

       
713

       
+

       
          await Future.delayed(const Duration(milliseconds: 100));


     

       

       
714

       
+

       
          throw DioException(


     

       

       
715

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
716

       
+

       
            type: DioExceptionType.badResponse,


     

       

       
717

       
+

       
            response: Response(


     

       

       
718

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
719

       
+

       
              statusCode: 401,


     

       

       
720

       
+

       
            ),


     

       

       
721

       
+

       
          );


     

       

       
722

       
+

       
        });


     

       

       
723

       
+

       



     

       

       
724

       
+

       
        // Act - Start concurrent refresh calls


     

       

       
725

       
+

       
        final futures = [


     

       

       
726

       
+

       
          authService.refreshToken(),


     

       

       
727

       
+

       
          authService.refreshToken(),


     

       

       
728

       
+

       
          authService.refreshToken(),


     

       

       
729

       
+

       
        ];


     

       

       
730

       
+

       



     

       

       
731

       
+

       
        // Assert - All should throw the same error


     

       

       
732

       
+

       
        var errorCount = 0;


     

       

       
733

       
+

       
        for (final future in futures) {


     

       

       
734

       
+

       
          try {


     

       

       
735

       
+

       
            await future;


     

       

       
736

       
+

       
            fail('Expected exception to be thrown');


     

       

       
737

       
+

       
          } catch (e) {


     

       

       
738

       
+

       
            expect(e, isA<Exception>());


     

       

       
739

       
+

       
            expect(e.toString(), contains('Session expired'));


     

       

       
740

       
+

       
            errorCount++;


     

       

       
741

       
+

       
          }


     

       

       
742

       
+

       
        }


     

       

       
743

       
+

       



     

       

       
744

       
+

       
        expect(errorCount, 3);


     

       

       
745

       
+

       



     

       

       
746

       
+

       
        // Verify only one API call was made


     

       

       
747

       
+

       
        verify(mockDio.post<Map<String, dynamic>>(


     

       

       
748

       
+

       
          '/oauth/refresh',


     

       

       
749

       
+

       
          data: anyNamed('data'),


     

       

       
750

       
+

       
        )).called(1);


     

       

       
751

       
+

       
      });


     

       

       
752

       
+

       



     

       

       
753

       
+

       
      test('should allow new refresh after previous one completes', () async {


     

       

       
754

       
+

       
        // Arrange - First restore a session


     

       

       
755

       
+

       
        const initialSession = CovesSession(


     

       

       
756

       
+

       
          token: 'old-token',


     

       

       
757

       
+

       
          did: 'did:plc:test123',


     

       

       
758

       
+

       
          sessionId: 'session-123',


     

       

       
759

       
+

       
        );


     

       

       
760

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
761

       
+

       
            .thenAnswer((_) async => initialSession.toJsonString());


     

       

       
762

       
+

       
        await authService.restoreSession();


     

       

       
763

       
+

       



     

       

       
764

       
+

       
        const newToken1 = 'new-token-1';


     

       

       
765

       
+

       
        const newToken2 = 'new-token-2';


     

       

       
766

       
+

       



     

       

       
767

       
+

       
        // Mock first refresh


     

       

       
768

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
769

       
+

       
          '/oauth/refresh',


     

       

       
770

       
+

       
          data: anyNamed('data'),


     

       

       
771

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
772

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
773

       
+

       
              statusCode: 200,


     

       

       
774

       
+

       
              data: {'sealed_token': newToken1, 'access_token': 'some-access-token'},


     

       

       
775

       
+

       
            ));


     

       

       
776

       
+

       



     

       

       
777

       
+

       
        when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
778

       
+

       
            .thenAnswer((_) async => {});


     

       

       
779

       
+

       



     

       

       
780

       
+

       
        // Act - First refresh


     

       

       
781

       
+

       
        final result1 = await authService.refreshToken();


     

       

       
782

       
+

       



     

       

       
783

       
+

       
        // Assert first refresh


     

       

       
784

       
+

       
        expect(result1.token, newToken1);


     

       

       
785

       
+

       



     

       

       
786

       
+

       
        // Now update the mock for the second refresh


     

       

       
787

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
788

       
+

       
          '/oauth/refresh',


     

       

       
789

       
+

       
          data: anyNamed('data'),


     

       

       
790

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
791

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
792

       
+

       
              statusCode: 200,


     

       

       
793

       
+

       
              data: {'sealed_token': newToken2, 'access_token': 'some-access-token'},


     

       

       
794

       
+

       
            ));


     

       

       
795

       
+

       



     

       

       
796

       
+

       
        // Act - Second refresh (should be allowed since first completed)


     

       

       
797

       
+

       
        final result2 = await authService.refreshToken();


     

       

       
798

       
+

       



     

       

       
799

       
+

       
        // Assert second refresh


     

       

       
800

       
+

       
        expect(result2.token, newToken2);


     

       

       
801

       
+

       



     

       

       
802

       
+

       
        // Verify two separate API calls were made


     

       

       
803

       
+

       
        verify(mockDio.post<Map<String, dynamic>>(


     

       

       
804

       
+

       
          '/oauth/refresh',


     

       

       
805

       
+

       
          data: anyNamed('data'),


     

       

       
806

       
+

       
        )).called(2);


     

       

       
807

       
+

       
      });


     

       

       
808

       
+

       



     

       

       
809

       
+

       
      test('should allow new refresh after previous one fails', () async {


     

       

       
810

       
+

       
        // Arrange - First restore a session


     

       

       
811

       
+

       
        const initialSession = CovesSession(


     

       

       
812

       
+

       
          token: 'old-token',


     

       

       
813

       
+

       
          did: 'did:plc:test123',


     

       

       
814

       
+

       
          sessionId: 'session-123',


     

       

       
815

       
+

       
        );


     

       

       
816

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
817

       
+

       
            .thenAnswer((_) async => initialSession.toJsonString());


     

       

       
818

       
+

       
        await authService.restoreSession();


     

       

       
819

       
+

       



     

       

       
820

       
+

       
        // Mock first refresh to fail


     

       

       
821

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
822

       
+

       
          '/oauth/refresh',


     

       

       
823

       
+

       
          data: anyNamed('data'),


     

       

       
824

       
+

       
        )).thenThrow(


     

       

       
825

       
+

       
          DioException(


     

       

       
826

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
827

       
+

       
            type: DioExceptionType.connectionError,


     

       

       
828

       
+

       
            message: 'Connection failed',


     

       

       
829

       
+

       
          ),


     

       

       
830

       
+

       
        );


     

       

       
831

       
+

       



     

       

       
832

       
+

       
        // Act - First refresh should fail


     

       

       
833

       
+

       
        Object? caughtError;


     

       

       
834

       
+

       
        try {


     

       

       
835

       
+

       
          await authService.refreshToken();


     

       

       
836

       
+

       
          fail('Expected exception to be thrown');


     

       

       
837

       
+

       
        } catch (e) {


     

       

       
838

       
+

       
          caughtError = e;


     

       

       
839

       
+

       
        }


     

       

       
840

       
+

       



     

       

       
841

       
+

       
        // Assert first refresh failed with correct error


     

       

       
842

       
+

       
        expect(caughtError, isNotNull);


     

       

       
843

       
+

       
        expect(caughtError, isA<Exception>());


     

       

       
844

       
+

       
        expect(caughtError.toString(), contains('Token refresh failed'));


     

       

       
845

       
+

       



     

       

       
846

       
+

       
        // Now mock a successful second refresh


     

       

       
847

       
+

       
        const newToken = 'new-token-after-retry';


     

       

       
848

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
849

       
+

       
          '/oauth/refresh',


     

       

       
850

       
+

       
          data: anyNamed('data'),


     

       

       
851

       
+

       
        )).thenAnswer((_) async => Response(


     

       

       
852

       
+

       
              requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
853

       
+

       
              statusCode: 200,


     

       

       
854

       
+

       
              data: {'sealed_token': newToken, 'access_token': 'some-access-token'},


     

       

       
855

       
+

       
            ));


     

       

       
856

       
+

       



     

       

       
857

       
+

       
        when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
858

       
+

       
            .thenAnswer((_) async => {});


     

       

       
859

       
+

       



     

       

       
860

       
+

       
        // Act - Second refresh (should be allowed and succeed)


     

       

       
861

       
+

       
        final result = await authService.refreshToken();


     

       

       
862

       
+

       



     

       

       
863

       
+

       
        // Assert


     

       

       
864

       
+

       
        expect(result.token, newToken);


     

       

       
865

       
+

       



     

       

       
866

       
+

       
        // Verify two separate API calls were made


     

       

       
867

       
+

       
        verify(mockDio.post<Map<String, dynamic>>(


     

       

       
868

       
+

       
          '/oauth/refresh',


     

       

       
869

       
+

       
          data: anyNamed('data'),


     

       

       
870

       
+

       
        )).called(2);


     

       

       
871

       
+

       
      });


     

       

       
872

       
+

       



     

       

       
873

       
+

       
      test(


     

       

       
874

       
+

       
          'should handle concurrent calls where one arrives after refresh completes',


     

       

       
875

       
+

       
          () async {


     

       

       
876

       
+

       
        // Arrange - First restore a session


     

       

       
877

       
+

       
        const initialSession = CovesSession(


     

       

       
878

       
+

       
          token: 'old-token',


     

       

       
879

       
+

       
          did: 'did:plc:test123',


     

       

       
880

       
+

       
          sessionId: 'session-123',


     

       

       
881

       
+

       
        );


     

       

       
882

       
+

       
        when(mockStorage.read(key: storageKey))


     

       

       
883

       
+

       
            .thenAnswer((_) async => initialSession.toJsonString());


     

       

       
884

       
+

       
        await authService.restoreSession();


     

       

       
885

       
+

       



     

       

       
886

       
+

       
        const newToken1 = 'new-token-1';


     

       

       
887

       
+

       
        const newToken2 = 'new-token-2';


     

       

       
888

       
+

       



     

       

       
889

       
+

       
        var callCount = 0;


     

       

       
890

       
+

       



     

       

       
891

       
+

       
        // Mock refresh with different responses


     

       

       
892

       
+

       
        when(mockDio.post<Map<String, dynamic>>(


     

       

       
893

       
+

       
          '/oauth/refresh',


     

       

       
894

       
+

       
          data: anyNamed('data'),


     

       

       
895

       
+

       
        )).thenAnswer((_) async {


     

       

       
896

       
+

       
          callCount++;


     

       

       
897

       
+

       
          await Future.delayed(const Duration(milliseconds: 50));


     

       

       
898

       
+

       
          return Response(


     

       

       
899

       
+

       
            requestOptions: RequestOptions(path: '/oauth/refresh'),


     

       

       
900

       
+

       
            statusCode: 200,


     

       

       
901

       
+

       
            data: {'sealed_token': callCount == 1 ? newToken1 : newToken2, 'access_token': 'some-access-token'},


     

       

       
902

       
+

       
          );


     

       

       
903

       
+

       
        });


     

       

       
904

       
+

       



     

       

       
905

       
+

       
        when(mockStorage.write(key: storageKey, value: anyNamed('value')))


     

       

       
906

       
+

       
            .thenAnswer((_) async => {});


     

       

       
907

       
+

       



     

       

       
908

       
+

       
        // Act - Start first refresh


     

       

       
909

       
+

       
        final future1 = authService.refreshToken();


     

       

       
910

       
+

       



     

       

       
911

       
+

       
        // Wait for it to complete


     

       

       
912

       
+

       
        final result1 = await future1;


     

       

       
913

       
+

       



     

       

       
914

       
+

       
        // Start second refresh after first completes


     

       

       
915

       
+

       
        final result2 = await authService.refreshToken();


     

       

       
916

       
+

       



     

       

       
917

       
+

       
        // Assert


     

       

       
918

       
+

       
        expect(result1.token, newToken1);


     

       

       
919

       
+

       
        expect(result2.token, newToken2);


     

       

       
920

       
+

       



     

       

       
921

       
+

       
        // Verify two separate API calls were made


     

       

       
922

       
+

       
        verify(mockDio.post<Map<String, dynamic>>(


     

       

       
923

       
+

       
          '/oauth/refresh',


     

       

       
924

       
+

       
          data: anyNamed('data'),


     

       

       
925

       
+

       
        )).called(2);


     

       

       
926

       
+

       
      });


     

       

       
927

       
+

       
    });


     

       

       
928

       
+

       
  });


     

       

       
929

       
+

       
}
+1102
test/services/coves_auth_service_test.mocks.dart 
···

       

       
1

       
+

       
// Mocks generated by Mockito 5.4.6 from annotations


     

       

       
2

       
+

       
// in coves_flutter/test/services/coves_auth_service_test.dart.


     

       

       
3

       
+

       
// Do not manually edit this file.


     

       

       
4

       
+

       



     

       

       
5

       
+

       
// ignore_for_file: no_leading_underscores_for_library_prefixes


     

       

       
6

       
+

       
import 'dart:async' as _i9;


     

       

       
7

       
+

       



     

       

       
8

       
+

       
import 'package:dio/src/adapter.dart' as _i4;


     

       

       
9

       
+

       
import 'package:dio/src/cancel_token.dart' as _i10;


     

       

       
10

       
+

       
import 'package:dio/src/dio.dart' as _i7;


     

       

       
11

       
+

       
import 'package:dio/src/dio_mixin.dart' as _i3;


     

       

       
12

       
+

       
import 'package:dio/src/options.dart' as _i2;


     

       

       
13

       
+

       
import 'package:dio/src/response.dart' as _i6;


     

       

       
14

       
+

       
import 'package:dio/src/transformer.dart' as _i5;


     

       

       
15

       
+

       
import 'package:flutter/foundation.dart' as _i11;


     

       

       
16

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart' as _i8;


     

       

       
17

       
+

       
import 'package:mockito/mockito.dart' as _i1;


     

       

       
18

       
+

       



     

       

       
19

       
+

       
// ignore_for_file: type=lint


     

       

       
20

       
+

       
// ignore_for_file: avoid_redundant_argument_values


     

       

       
21

       
+

       
// ignore_for_file: avoid_setters_without_getters


     

       

       
22

       
+

       
// ignore_for_file: comment_references


     

       

       
23

       
+

       
// ignore_for_file: deprecated_member_use


     

       

       
24

       
+

       
// ignore_for_file: deprecated_member_use_from_same_package


     

       

       
25

       
+

       
// ignore_for_file: implementation_imports


     

       

       
26

       
+

       
// ignore_for_file: invalid_use_of_visible_for_testing_member


     

       

       
27

       
+

       
// ignore_for_file: must_be_immutable


     

       

       
28

       
+

       
// ignore_for_file: prefer_const_constructors


     

       

       
29

       
+

       
// ignore_for_file: unnecessary_parenthesis


     

       

       
30

       
+

       
// ignore_for_file: camel_case_types


     

       

       
31

       
+

       
// ignore_for_file: subtype_of_sealed_class


     

       

       
32

       
+

       
// ignore_for_file: invalid_use_of_internal_member


     

       

       
33

       
+

       



     

       

       
34

       
+

       
class _FakeBaseOptions_0 extends _i1.SmartFake implements _i2.BaseOptions {


     

       

       
35

       
+

       
  _FakeBaseOptions_0(Object parent, Invocation parentInvocation)


     

       

       
36

       
+

       
    : super(parent, parentInvocation);


     

       

       
37

       
+

       
}


     

       

       
38

       
+

       



     

       

       
39

       
+

       
class _FakeInterceptors_1 extends _i1.SmartFake implements _i3.Interceptors {


     

       

       
40

       
+

       
  _FakeInterceptors_1(Object parent, Invocation parentInvocation)


     

       

       
41

       
+

       
    : super(parent, parentInvocation);


     

       

       
42

       
+

       
}


     

       

       
43

       
+

       



     

       

       
44

       
+

       
class _FakeHttpClientAdapter_2 extends _i1.SmartFake


     

       

       
45

       
+

       
    implements _i4.HttpClientAdapter {


     

       

       
46

       
+

       
  _FakeHttpClientAdapter_2(Object parent, Invocation parentInvocation)


     

       

       
47

       
+

       
    : super(parent, parentInvocation);


     

       

       
48

       
+

       
}


     

       

       
49

       
+

       



     

       

       
50

       
+

       
class _FakeTransformer_3 extends _i1.SmartFake implements _i5.Transformer {


     

       

       
51

       
+

       
  _FakeTransformer_3(Object parent, Invocation parentInvocation)


     

       

       
52

       
+

       
    : super(parent, parentInvocation);


     

       

       
53

       
+

       
}


     

       

       
54

       
+

       



     

       

       
55

       
+

       
class _FakeResponse_4<T1> extends _i1.SmartFake implements _i6.Response<T1> {


     

       

       
56

       
+

       
  _FakeResponse_4(Object parent, Invocation parentInvocation)


     

       

       
57

       
+

       
    : super(parent, parentInvocation);


     

       

       
58

       
+

       
}


     

       

       
59

       
+

       



     

       

       
60

       
+

       
class _FakeDio_5 extends _i1.SmartFake implements _i7.Dio {


     

       

       
61

       
+

       
  _FakeDio_5(Object parent, Invocation parentInvocation)


     

       

       
62

       
+

       
    : super(parent, parentInvocation);


     

       

       
63

       
+

       
}


     

       

       
64

       
+

       



     

       

       
65

       
+

       
class _FakeIOSOptions_6 extends _i1.SmartFake implements _i8.IOSOptions {


     

       

       
66

       
+

       
  _FakeIOSOptions_6(Object parent, Invocation parentInvocation)


     

       

       
67

       
+

       
    : super(parent, parentInvocation);


     

       

       
68

       
+

       
}


     

       

       
69

       
+

       



     

       

       
70

       
+

       
class _FakeAndroidOptions_7 extends _i1.SmartFake


     

       

       
71

       
+

       
    implements _i8.AndroidOptions {


     

       

       
72

       
+

       
  _FakeAndroidOptions_7(Object parent, Invocation parentInvocation)


     

       

       
73

       
+

       
    : super(parent, parentInvocation);


     

       

       
74

       
+

       
}


     

       

       
75

       
+

       



     

       

       
76

       
+

       
class _FakeLinuxOptions_8 extends _i1.SmartFake implements _i8.LinuxOptions {


     

       

       
77

       
+

       
  _FakeLinuxOptions_8(Object parent, Invocation parentInvocation)


     

       

       
78

       
+

       
    : super(parent, parentInvocation);


     

       

       
79

       
+

       
}


     

       

       
80

       
+

       



     

       

       
81

       
+

       
class _FakeWindowsOptions_9 extends _i1.SmartFake


     

       

       
82

       
+

       
    implements _i8.WindowsOptions {


     

       

       
83

       
+

       
  _FakeWindowsOptions_9(Object parent, Invocation parentInvocation)


     

       

       
84

       
+

       
    : super(parent, parentInvocation);


     

       

       
85

       
+

       
}


     

       

       
86

       
+

       



     

       

       
87

       
+

       
class _FakeWebOptions_10 extends _i1.SmartFake implements _i8.WebOptions {


     

       

       
88

       
+

       
  _FakeWebOptions_10(Object parent, Invocation parentInvocation)


     

       

       
89

       
+

       
    : super(parent, parentInvocation);


     

       

       
90

       
+

       
}


     

       

       
91

       
+

       



     

       

       
92

       
+

       
class _FakeMacOsOptions_11 extends _i1.SmartFake implements _i8.MacOsOptions {


     

       

       
93

       
+

       
  _FakeMacOsOptions_11(Object parent, Invocation parentInvocation)


     

       

       
94

       
+

       
    : super(parent, parentInvocation);


     

       

       
95

       
+

       
}


     

       

       
96

       
+

       



     

       

       
97

       
+

       
/// A class which mocks [Dio].


     

       

       
98

       
+

       
///


     

       

       
99

       
+

       
/// See the documentation for Mockito's code generation for more information.


     

       

       
100

       
+

       
class MockDio extends _i1.Mock implements _i7.Dio {


     

       

       
101

       
+

       
  MockDio() {


     

       

       
102

       
+

       
    _i1.throwOnMissingStub(this);


     

       

       
103

       
+

       
  }


     

       

       
104

       
+

       



     

       

       
105

       
+

       
  @override


     

       

       
106

       
+

       
  _i2.BaseOptions get options =>


     

       

       
107

       
+

       
      (super.noSuchMethod(


     

       

       
108

       
+

       
            Invocation.getter(#options),


     

       

       
109

       
+

       
            returnValue: _FakeBaseOptions_0(this, Invocation.getter(#options)),


     

       

       
110

       
+

       
          )


     

       

       
111

       
+

       
          as _i2.BaseOptions);


     

       

       
112

       
+

       



     

       

       
113

       
+

       
  @override


     

       

       
114

       
+

       
  _i3.Interceptors get interceptors =>


     

       

       
115

       
+

       
      (super.noSuchMethod(


     

       

       
116

       
+

       
            Invocation.getter(#interceptors),


     

       

       
117

       
+

       
            returnValue: _FakeInterceptors_1(


     

       

       
118

       
+

       
              this,


     

       

       
119

       
+

       
              Invocation.getter(#interceptors),


     

       

       
120

       
+

       
            ),


     

       

       
121

       
+

       
          )


     

       

       
122

       
+

       
          as _i3.Interceptors);


     

       

       
123

       
+

       



     

       

       
124

       
+

       
  @override


     

       

       
125

       
+

       
  _i4.HttpClientAdapter get httpClientAdapter =>


     

       

       
126

       
+

       
      (super.noSuchMethod(


     

       

       
127

       
+

       
            Invocation.getter(#httpClientAdapter),


     

       

       
128

       
+

       
            returnValue: _FakeHttpClientAdapter_2(


     

       

       
129

       
+

       
              this,


     

       

       
130

       
+

       
              Invocation.getter(#httpClientAdapter),


     

       

       
131

       
+

       
            ),


     

       

       
132

       
+

       
          )


     

       

       
133

       
+

       
          as _i4.HttpClientAdapter);


     

       

       
134

       
+

       



     

       

       
135

       
+

       
  @override


     

       

       
136

       
+

       
  _i5.Transformer get transformer =>


     

       

       
137

       
+

       
      (super.noSuchMethod(


     

       

       
138

       
+

       
            Invocation.getter(#transformer),


     

       

       
139

       
+

       
            returnValue: _FakeTransformer_3(


     

       

       
140

       
+

       
              this,


     

       

       
141

       
+

       
              Invocation.getter(#transformer),


     

       

       
142

       
+

       
            ),


     

       

       
143

       
+

       
          )


     

       

       
144

       
+

       
          as _i5.Transformer);


     

       

       
145

       
+

       



     

       

       
146

       
+

       
  @override


     

       

       
147

       
+

       
  set options(_i2.BaseOptions? value) => super.noSuchMethod(


     

       

       
148

       
+

       
    Invocation.setter(#options, value),


     

       

       
149

       
+

       
    returnValueForMissingStub: null,


     

       

       
150

       
+

       
  );


     

       

       
151

       
+

       



     

       

       
152

       
+

       
  @override


     

       

       
153

       
+

       
  set httpClientAdapter(_i4.HttpClientAdapter? value) => super.noSuchMethod(


     

       

       
154

       
+

       
    Invocation.setter(#httpClientAdapter, value),


     

       

       
155

       
+

       
    returnValueForMissingStub: null,


     

       

       
156

       
+

       
  );


     

       

       
157

       
+

       



     

       

       
158

       
+

       
  @override


     

       

       
159

       
+

       
  set transformer(_i5.Transformer? value) => super.noSuchMethod(


     

       

       
160

       
+

       
    Invocation.setter(#transformer, value),


     

       

       
161

       
+

       
    returnValueForMissingStub: null,


     

       

       
162

       
+

       
  );


     

       

       
163

       
+

       



     

       

       
164

       
+

       
  @override


     

       

       
165

       
+

       
  void close({bool? force = false}) => super.noSuchMethod(


     

       

       
166

       
+

       
    Invocation.method(#close, [], {#force: force}),


     

       

       
167

       
+

       
    returnValueForMissingStub: null,


     

       

       
168

       
+

       
  );


     

       

       
169

       
+

       



     

       

       
170

       
+

       
  @override


     

       

       
171

       
+

       
  _i9.Future<_i6.Response<T>> head<T>(


     

       

       
172

       
+

       
    String? path, {


     

       

       
173

       
+

       
    Object? data,


     

       

       
174

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
175

       
+

       
    _i2.Options? options,


     

       

       
176

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
177

       
+

       
  }) =>


     

       

       
178

       
+

       
      (super.noSuchMethod(


     

       

       
179

       
+

       
            Invocation.method(


     

       

       
180

       
+

       
              #head,


     

       

       
181

       
+

       
              [path],


     

       

       
182

       
+

       
              {


     

       

       
183

       
+

       
                #data: data,


     

       

       
184

       
+

       
                #queryParameters: queryParameters,


     

       

       
185

       
+

       
                #options: options,


     

       

       
186

       
+

       
                #cancelToken: cancelToken,


     

       

       
187

       
+

       
              },


     

       

       
188

       
+

       
            ),


     

       

       
189

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
190

       
+

       
              _FakeResponse_4<T>(


     

       

       
191

       
+

       
                this,


     

       

       
192

       
+

       
                Invocation.method(


     

       

       
193

       
+

       
                  #head,


     

       

       
194

       
+

       
                  [path],


     

       

       
195

       
+

       
                  {


     

       

       
196

       
+

       
                    #data: data,


     

       

       
197

       
+

       
                    #queryParameters: queryParameters,


     

       

       
198

       
+

       
                    #options: options,


     

       

       
199

       
+

       
                    #cancelToken: cancelToken,


     

       

       
200

       
+

       
                  },


     

       

       
201

       
+

       
                ),


     

       

       
202

       
+

       
              ),


     

       

       
203

       
+

       
            ),


     

       

       
204

       
+

       
          )


     

       

       
205

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
206

       
+

       



     

       

       
207

       
+

       
  @override


     

       

       
208

       
+

       
  _i9.Future<_i6.Response<T>> headUri<T>(


     

       

       
209

       
+

       
    Uri? uri, {


     

       

       
210

       
+

       
    Object? data,


     

       

       
211

       
+

       
    _i2.Options? options,


     

       

       
212

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
213

       
+

       
  }) =>


     

       

       
214

       
+

       
      (super.noSuchMethod(


     

       

       
215

       
+

       
            Invocation.method(


     

       

       
216

       
+

       
              #headUri,


     

       

       
217

       
+

       
              [uri],


     

       

       
218

       
+

       
              {#data: data, #options: options, #cancelToken: cancelToken},


     

       

       
219

       
+

       
            ),


     

       

       
220

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
221

       
+

       
              _FakeResponse_4<T>(


     

       

       
222

       
+

       
                this,


     

       

       
223

       
+

       
                Invocation.method(


     

       

       
224

       
+

       
                  #headUri,


     

       

       
225

       
+

       
                  [uri],


     

       

       
226

       
+

       
                  {#data: data, #options: options, #cancelToken: cancelToken},


     

       

       
227

       
+

       
                ),


     

       

       
228

       
+

       
              ),


     

       

       
229

       
+

       
            ),


     

       

       
230

       
+

       
          )


     

       

       
231

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
232

       
+

       



     

       

       
233

       
+

       
  @override


     

       

       
234

       
+

       
  _i9.Future<_i6.Response<T>> get<T>(


     

       

       
235

       
+

       
    String? path, {


     

       

       
236

       
+

       
    Object? data,


     

       

       
237

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
238

       
+

       
    _i2.Options? options,


     

       

       
239

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
240

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
241

       
+

       
  }) =>


     

       

       
242

       
+

       
      (super.noSuchMethod(


     

       

       
243

       
+

       
            Invocation.method(


     

       

       
244

       
+

       
              #get,


     

       

       
245

       
+

       
              [path],


     

       

       
246

       
+

       
              {


     

       

       
247

       
+

       
                #data: data,


     

       

       
248

       
+

       
                #queryParameters: queryParameters,


     

       

       
249

       
+

       
                #options: options,


     

       

       
250

       
+

       
                #cancelToken: cancelToken,


     

       

       
251

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
252

       
+

       
              },


     

       

       
253

       
+

       
            ),


     

       

       
254

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
255

       
+

       
              _FakeResponse_4<T>(


     

       

       
256

       
+

       
                this,


     

       

       
257

       
+

       
                Invocation.method(


     

       

       
258

       
+

       
                  #get,


     

       

       
259

       
+

       
                  [path],


     

       

       
260

       
+

       
                  {


     

       

       
261

       
+

       
                    #data: data,


     

       

       
262

       
+

       
                    #queryParameters: queryParameters,


     

       

       
263

       
+

       
                    #options: options,


     

       

       
264

       
+

       
                    #cancelToken: cancelToken,


     

       

       
265

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
266

       
+

       
                  },


     

       

       
267

       
+

       
                ),


     

       

       
268

       
+

       
              ),


     

       

       
269

       
+

       
            ),


     

       

       
270

       
+

       
          )


     

       

       
271

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
272

       
+

       



     

       

       
273

       
+

       
  @override


     

       

       
274

       
+

       
  _i9.Future<_i6.Response<T>> getUri<T>(


     

       

       
275

       
+

       
    Uri? uri, {


     

       

       
276

       
+

       
    Object? data,


     

       

       
277

       
+

       
    _i2.Options? options,


     

       

       
278

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
279

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
280

       
+

       
  }) =>


     

       

       
281

       
+

       
      (super.noSuchMethod(


     

       

       
282

       
+

       
            Invocation.method(


     

       

       
283

       
+

       
              #getUri,


     

       

       
284

       
+

       
              [uri],


     

       

       
285

       
+

       
              {


     

       

       
286

       
+

       
                #data: data,


     

       

       
287

       
+

       
                #options: options,


     

       

       
288

       
+

       
                #cancelToken: cancelToken,


     

       

       
289

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
290

       
+

       
              },


     

       

       
291

       
+

       
            ),


     

       

       
292

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
293

       
+

       
              _FakeResponse_4<T>(


     

       

       
294

       
+

       
                this,


     

       

       
295

       
+

       
                Invocation.method(


     

       

       
296

       
+

       
                  #getUri,


     

       

       
297

       
+

       
                  [uri],


     

       

       
298

       
+

       
                  {


     

       

       
299

       
+

       
                    #data: data,


     

       

       
300

       
+

       
                    #options: options,


     

       

       
301

       
+

       
                    #cancelToken: cancelToken,


     

       

       
302

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
303

       
+

       
                  },


     

       

       
304

       
+

       
                ),


     

       

       
305

       
+

       
              ),


     

       

       
306

       
+

       
            ),


     

       

       
307

       
+

       
          )


     

       

       
308

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
309

       
+

       



     

       

       
310

       
+

       
  @override


     

       

       
311

       
+

       
  _i9.Future<_i6.Response<T>> post<T>(


     

       

       
312

       
+

       
    String? path, {


     

       

       
313

       
+

       
    Object? data,


     

       

       
314

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
315

       
+

       
    _i2.Options? options,


     

       

       
316

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
317

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
318

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
319

       
+

       
  }) =>


     

       

       
320

       
+

       
      (super.noSuchMethod(


     

       

       
321

       
+

       
            Invocation.method(


     

       

       
322

       
+

       
              #post,


     

       

       
323

       
+

       
              [path],


     

       

       
324

       
+

       
              {


     

       

       
325

       
+

       
                #data: data,


     

       

       
326

       
+

       
                #queryParameters: queryParameters,


     

       

       
327

       
+

       
                #options: options,


     

       

       
328

       
+

       
                #cancelToken: cancelToken,


     

       

       
329

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
330

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
331

       
+

       
              },


     

       

       
332

       
+

       
            ),


     

       

       
333

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
334

       
+

       
              _FakeResponse_4<T>(


     

       

       
335

       
+

       
                this,


     

       

       
336

       
+

       
                Invocation.method(


     

       

       
337

       
+

       
                  #post,


     

       

       
338

       
+

       
                  [path],


     

       

       
339

       
+

       
                  {


     

       

       
340

       
+

       
                    #data: data,


     

       

       
341

       
+

       
                    #queryParameters: queryParameters,


     

       

       
342

       
+

       
                    #options: options,


     

       

       
343

       
+

       
                    #cancelToken: cancelToken,


     

       

       
344

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
345

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
346

       
+

       
                  },


     

       

       
347

       
+

       
                ),


     

       

       
348

       
+

       
              ),


     

       

       
349

       
+

       
            ),


     

       

       
350

       
+

       
          )


     

       

       
351

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
352

       
+

       



     

       

       
353

       
+

       
  @override


     

       

       
354

       
+

       
  _i9.Future<_i6.Response<T>> postUri<T>(


     

       

       
355

       
+

       
    Uri? uri, {


     

       

       
356

       
+

       
    Object? data,


     

       

       
357

       
+

       
    _i2.Options? options,


     

       

       
358

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
359

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
360

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
361

       
+

       
  }) =>


     

       

       
362

       
+

       
      (super.noSuchMethod(


     

       

       
363

       
+

       
            Invocation.method(


     

       

       
364

       
+

       
              #postUri,


     

       

       
365

       
+

       
              [uri],


     

       

       
366

       
+

       
              {


     

       

       
367

       
+

       
                #data: data,


     

       

       
368

       
+

       
                #options: options,


     

       

       
369

       
+

       
                #cancelToken: cancelToken,


     

       

       
370

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
371

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
372

       
+

       
              },


     

       

       
373

       
+

       
            ),


     

       

       
374

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
375

       
+

       
              _FakeResponse_4<T>(


     

       

       
376

       
+

       
                this,


     

       

       
377

       
+

       
                Invocation.method(


     

       

       
378

       
+

       
                  #postUri,


     

       

       
379

       
+

       
                  [uri],


     

       

       
380

       
+

       
                  {


     

       

       
381

       
+

       
                    #data: data,


     

       

       
382

       
+

       
                    #options: options,


     

       

       
383

       
+

       
                    #cancelToken: cancelToken,


     

       

       
384

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
385

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
386

       
+

       
                  },


     

       

       
387

       
+

       
                ),


     

       

       
388

       
+

       
              ),


     

       

       
389

       
+

       
            ),


     

       

       
390

       
+

       
          )


     

       

       
391

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
392

       
+

       



     

       

       
393

       
+

       
  @override


     

       

       
394

       
+

       
  _i9.Future<_i6.Response<T>> put<T>(


     

       

       
395

       
+

       
    String? path, {


     

       

       
396

       
+

       
    Object? data,


     

       

       
397

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
398

       
+

       
    _i2.Options? options,


     

       

       
399

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
400

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
401

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
402

       
+

       
  }) =>


     

       

       
403

       
+

       
      (super.noSuchMethod(


     

       

       
404

       
+

       
            Invocation.method(


     

       

       
405

       
+

       
              #put,


     

       

       
406

       
+

       
              [path],


     

       

       
407

       
+

       
              {


     

       

       
408

       
+

       
                #data: data,


     

       

       
409

       
+

       
                #queryParameters: queryParameters,


     

       

       
410

       
+

       
                #options: options,


     

       

       
411

       
+

       
                #cancelToken: cancelToken,


     

       

       
412

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
413

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
414

       
+

       
              },


     

       

       
415

       
+

       
            ),


     

       

       
416

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
417

       
+

       
              _FakeResponse_4<T>(


     

       

       
418

       
+

       
                this,


     

       

       
419

       
+

       
                Invocation.method(


     

       

       
420

       
+

       
                  #put,


     

       

       
421

       
+

       
                  [path],


     

       

       
422

       
+

       
                  {


     

       

       
423

       
+

       
                    #data: data,


     

       

       
424

       
+

       
                    #queryParameters: queryParameters,


     

       

       
425

       
+

       
                    #options: options,


     

       

       
426

       
+

       
                    #cancelToken: cancelToken,


     

       

       
427

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
428

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
429

       
+

       
                  },


     

       

       
430

       
+

       
                ),


     

       

       
431

       
+

       
              ),


     

       

       
432

       
+

       
            ),


     

       

       
433

       
+

       
          )


     

       

       
434

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
435

       
+

       



     

       

       
436

       
+

       
  @override


     

       

       
437

       
+

       
  _i9.Future<_i6.Response<T>> putUri<T>(


     

       

       
438

       
+

       
    Uri? uri, {


     

       

       
439

       
+

       
    Object? data,


     

       

       
440

       
+

       
    _i2.Options? options,


     

       

       
441

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
442

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
443

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
444

       
+

       
  }) =>


     

       

       
445

       
+

       
      (super.noSuchMethod(


     

       

       
446

       
+

       
            Invocation.method(


     

       

       
447

       
+

       
              #putUri,


     

       

       
448

       
+

       
              [uri],


     

       

       
449

       
+

       
              {


     

       

       
450

       
+

       
                #data: data,


     

       

       
451

       
+

       
                #options: options,


     

       

       
452

       
+

       
                #cancelToken: cancelToken,


     

       

       
453

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
454

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
455

       
+

       
              },


     

       

       
456

       
+

       
            ),


     

       

       
457

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
458

       
+

       
              _FakeResponse_4<T>(


     

       

       
459

       
+

       
                this,


     

       

       
460

       
+

       
                Invocation.method(


     

       

       
461

       
+

       
                  #putUri,


     

       

       
462

       
+

       
                  [uri],


     

       

       
463

       
+

       
                  {


     

       

       
464

       
+

       
                    #data: data,


     

       

       
465

       
+

       
                    #options: options,


     

       

       
466

       
+

       
                    #cancelToken: cancelToken,


     

       

       
467

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
468

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
469

       
+

       
                  },


     

       

       
470

       
+

       
                ),


     

       

       
471

       
+

       
              ),


     

       

       
472

       
+

       
            ),


     

       

       
473

       
+

       
          )


     

       

       
474

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
475

       
+

       



     

       

       
476

       
+

       
  @override


     

       

       
477

       
+

       
  _i9.Future<_i6.Response<T>> patch<T>(


     

       

       
478

       
+

       
    String? path, {


     

       

       
479

       
+

       
    Object? data,


     

       

       
480

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
481

       
+

       
    _i2.Options? options,


     

       

       
482

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
483

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
484

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
485

       
+

       
  }) =>


     

       

       
486

       
+

       
      (super.noSuchMethod(


     

       

       
487

       
+

       
            Invocation.method(


     

       

       
488

       
+

       
              #patch,


     

       

       
489

       
+

       
              [path],


     

       

       
490

       
+

       
              {


     

       

       
491

       
+

       
                #data: data,


     

       

       
492

       
+

       
                #queryParameters: queryParameters,


     

       

       
493

       
+

       
                #options: options,


     

       

       
494

       
+

       
                #cancelToken: cancelToken,


     

       

       
495

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
496

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
497

       
+

       
              },


     

       

       
498

       
+

       
            ),


     

       

       
499

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
500

       
+

       
              _FakeResponse_4<T>(


     

       

       
501

       
+

       
                this,


     

       

       
502

       
+

       
                Invocation.method(


     

       

       
503

       
+

       
                  #patch,


     

       

       
504

       
+

       
                  [path],


     

       

       
505

       
+

       
                  {


     

       

       
506

       
+

       
                    #data: data,


     

       

       
507

       
+

       
                    #queryParameters: queryParameters,


     

       

       
508

       
+

       
                    #options: options,


     

       

       
509

       
+

       
                    #cancelToken: cancelToken,


     

       

       
510

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
511

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
512

       
+

       
                  },


     

       

       
513

       
+

       
                ),


     

       

       
514

       
+

       
              ),


     

       

       
515

       
+

       
            ),


     

       

       
516

       
+

       
          )


     

       

       
517

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
518

       
+

       



     

       

       
519

       
+

       
  @override


     

       

       
520

       
+

       
  _i9.Future<_i6.Response<T>> patchUri<T>(


     

       

       
521

       
+

       
    Uri? uri, {


     

       

       
522

       
+

       
    Object? data,


     

       

       
523

       
+

       
    _i2.Options? options,


     

       

       
524

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
525

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
526

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
527

       
+

       
  }) =>


     

       

       
528

       
+

       
      (super.noSuchMethod(


     

       

       
529

       
+

       
            Invocation.method(


     

       

       
530

       
+

       
              #patchUri,


     

       

       
531

       
+

       
              [uri],


     

       

       
532

       
+

       
              {


     

       

       
533

       
+

       
                #data: data,


     

       

       
534

       
+

       
                #options: options,


     

       

       
535

       
+

       
                #cancelToken: cancelToken,


     

       

       
536

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
537

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
538

       
+

       
              },


     

       

       
539

       
+

       
            ),


     

       

       
540

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
541

       
+

       
              _FakeResponse_4<T>(


     

       

       
542

       
+

       
                this,


     

       

       
543

       
+

       
                Invocation.method(


     

       

       
544

       
+

       
                  #patchUri,


     

       

       
545

       
+

       
                  [uri],


     

       

       
546

       
+

       
                  {


     

       

       
547

       
+

       
                    #data: data,


     

       

       
548

       
+

       
                    #options: options,


     

       

       
549

       
+

       
                    #cancelToken: cancelToken,


     

       

       
550

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
551

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
552

       
+

       
                  },


     

       

       
553

       
+

       
                ),


     

       

       
554

       
+

       
              ),


     

       

       
555

       
+

       
            ),


     

       

       
556

       
+

       
          )


     

       

       
557

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
558

       
+

       



     

       

       
559

       
+

       
  @override


     

       

       
560

       
+

       
  _i9.Future<_i6.Response<T>> delete<T>(


     

       

       
561

       
+

       
    String? path, {


     

       

       
562

       
+

       
    Object? data,


     

       

       
563

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
564

       
+

       
    _i2.Options? options,


     

       

       
565

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
566

       
+

       
  }) =>


     

       

       
567

       
+

       
      (super.noSuchMethod(


     

       

       
568

       
+

       
            Invocation.method(


     

       

       
569

       
+

       
              #delete,


     

       

       
570

       
+

       
              [path],


     

       

       
571

       
+

       
              {


     

       

       
572

       
+

       
                #data: data,


     

       

       
573

       
+

       
                #queryParameters: queryParameters,


     

       

       
574

       
+

       
                #options: options,


     

       

       
575

       
+

       
                #cancelToken: cancelToken,


     

       

       
576

       
+

       
              },


     

       

       
577

       
+

       
            ),


     

       

       
578

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
579

       
+

       
              _FakeResponse_4<T>(


     

       

       
580

       
+

       
                this,


     

       

       
581

       
+

       
                Invocation.method(


     

       

       
582

       
+

       
                  #delete,


     

       

       
583

       
+

       
                  [path],


     

       

       
584

       
+

       
                  {


     

       

       
585

       
+

       
                    #data: data,


     

       

       
586

       
+

       
                    #queryParameters: queryParameters,


     

       

       
587

       
+

       
                    #options: options,


     

       

       
588

       
+

       
                    #cancelToken: cancelToken,


     

       

       
589

       
+

       
                  },


     

       

       
590

       
+

       
                ),


     

       

       
591

       
+

       
              ),


     

       

       
592

       
+

       
            ),


     

       

       
593

       
+

       
          )


     

       

       
594

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
595

       
+

       



     

       

       
596

       
+

       
  @override


     

       

       
597

       
+

       
  _i9.Future<_i6.Response<T>> deleteUri<T>(


     

       

       
598

       
+

       
    Uri? uri, {


     

       

       
599

       
+

       
    Object? data,


     

       

       
600

       
+

       
    _i2.Options? options,


     

       

       
601

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
602

       
+

       
  }) =>


     

       

       
603

       
+

       
      (super.noSuchMethod(


     

       

       
604

       
+

       
            Invocation.method(


     

       

       
605

       
+

       
              #deleteUri,


     

       

       
606

       
+

       
              [uri],


     

       

       
607

       
+

       
              {#data: data, #options: options, #cancelToken: cancelToken},


     

       

       
608

       
+

       
            ),


     

       

       
609

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
610

       
+

       
              _FakeResponse_4<T>(


     

       

       
611

       
+

       
                this,


     

       

       
612

       
+

       
                Invocation.method(


     

       

       
613

       
+

       
                  #deleteUri,


     

       

       
614

       
+

       
                  [uri],


     

       

       
615

       
+

       
                  {#data: data, #options: options, #cancelToken: cancelToken},


     

       

       
616

       
+

       
                ),


     

       

       
617

       
+

       
              ),


     

       

       
618

       
+

       
            ),


     

       

       
619

       
+

       
          )


     

       

       
620

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
621

       
+

       



     

       

       
622

       
+

       
  @override


     

       

       
623

       
+

       
  _i9.Future<_i6.Response<dynamic>> download(


     

       

       
624

       
+

       
    String? urlPath,


     

       

       
625

       
+

       
    dynamic savePath, {


     

       

       
626

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
627

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
628

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
629

       
+

       
    bool? deleteOnError = true,


     

       

       
630

       
+

       
    _i2.FileAccessMode? fileAccessMode = _i2.FileAccessMode.write,


     

       

       
631

       
+

       
    String? lengthHeader = 'content-length',


     

       

       
632

       
+

       
    Object? data,


     

       

       
633

       
+

       
    _i2.Options? options,


     

       

       
634

       
+

       
  }) =>


     

       

       
635

       
+

       
      (super.noSuchMethod(


     

       

       
636

       
+

       
            Invocation.method(


     

       

       
637

       
+

       
              #download,


     

       

       
638

       
+

       
              [urlPath, savePath],


     

       

       
639

       
+

       
              {


     

       

       
640

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
641

       
+

       
                #queryParameters: queryParameters,


     

       

       
642

       
+

       
                #cancelToken: cancelToken,


     

       

       
643

       
+

       
                #deleteOnError: deleteOnError,


     

       

       
644

       
+

       
                #fileAccessMode: fileAccessMode,


     

       

       
645

       
+

       
                #lengthHeader: lengthHeader,


     

       

       
646

       
+

       
                #data: data,


     

       

       
647

       
+

       
                #options: options,


     

       

       
648

       
+

       
              },


     

       

       
649

       
+

       
            ),


     

       

       
650

       
+

       
            returnValue: _i9.Future<_i6.Response<dynamic>>.value(


     

       

       
651

       
+

       
              _FakeResponse_4<dynamic>(


     

       

       
652

       
+

       
                this,


     

       

       
653

       
+

       
                Invocation.method(


     

       

       
654

       
+

       
                  #download,


     

       

       
655

       
+

       
                  [urlPath, savePath],


     

       

       
656

       
+

       
                  {


     

       

       
657

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
658

       
+

       
                    #queryParameters: queryParameters,


     

       

       
659

       
+

       
                    #cancelToken: cancelToken,


     

       

       
660

       
+

       
                    #deleteOnError: deleteOnError,


     

       

       
661

       
+

       
                    #fileAccessMode: fileAccessMode,


     

       

       
662

       
+

       
                    #lengthHeader: lengthHeader,


     

       

       
663

       
+

       
                    #data: data,


     

       

       
664

       
+

       
                    #options: options,


     

       

       
665

       
+

       
                  },


     

       

       
666

       
+

       
                ),


     

       

       
667

       
+

       
              ),


     

       

       
668

       
+

       
            ),


     

       

       
669

       
+

       
          )


     

       

       
670

       
+

       
          as _i9.Future<_i6.Response<dynamic>>);


     

       

       
671

       
+

       



     

       

       
672

       
+

       
  @override


     

       

       
673

       
+

       
  _i9.Future<_i6.Response<dynamic>> downloadUri(


     

       

       
674

       
+

       
    Uri? uri,


     

       

       
675

       
+

       
    dynamic savePath, {


     

       

       
676

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
677

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
678

       
+

       
    bool? deleteOnError = true,


     

       

       
679

       
+

       
    _i2.FileAccessMode? fileAccessMode = _i2.FileAccessMode.write,


     

       

       
680

       
+

       
    String? lengthHeader = 'content-length',


     

       

       
681

       
+

       
    Object? data,


     

       

       
682

       
+

       
    _i2.Options? options,


     

       

       
683

       
+

       
  }) =>


     

       

       
684

       
+

       
      (super.noSuchMethod(


     

       

       
685

       
+

       
            Invocation.method(


     

       

       
686

       
+

       
              #downloadUri,


     

       

       
687

       
+

       
              [uri, savePath],


     

       

       
688

       
+

       
              {


     

       

       
689

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
690

       
+

       
                #cancelToken: cancelToken,


     

       

       
691

       
+

       
                #deleteOnError: deleteOnError,


     

       

       
692

       
+

       
                #fileAccessMode: fileAccessMode,


     

       

       
693

       
+

       
                #lengthHeader: lengthHeader,


     

       

       
694

       
+

       
                #data: data,


     

       

       
695

       
+

       
                #options: options,


     

       

       
696

       
+

       
              },


     

       

       
697

       
+

       
            ),


     

       

       
698

       
+

       
            returnValue: _i9.Future<_i6.Response<dynamic>>.value(


     

       

       
699

       
+

       
              _FakeResponse_4<dynamic>(


     

       

       
700

       
+

       
                this,


     

       

       
701

       
+

       
                Invocation.method(


     

       

       
702

       
+

       
                  #downloadUri,


     

       

       
703

       
+

       
                  [uri, savePath],


     

       

       
704

       
+

       
                  {


     

       

       
705

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
706

       
+

       
                    #cancelToken: cancelToken,


     

       

       
707

       
+

       
                    #deleteOnError: deleteOnError,


     

       

       
708

       
+

       
                    #fileAccessMode: fileAccessMode,


     

       

       
709

       
+

       
                    #lengthHeader: lengthHeader,


     

       

       
710

       
+

       
                    #data: data,


     

       

       
711

       
+

       
                    #options: options,


     

       

       
712

       
+

       
                  },


     

       

       
713

       
+

       
                ),


     

       

       
714

       
+

       
              ),


     

       

       
715

       
+

       
            ),


     

       

       
716

       
+

       
          )


     

       

       
717

       
+

       
          as _i9.Future<_i6.Response<dynamic>>);


     

       

       
718

       
+

       



     

       

       
719

       
+

       
  @override


     

       

       
720

       
+

       
  _i9.Future<_i6.Response<T>> request<T>(


     

       

       
721

       
+

       
    String? url, {


     

       

       
722

       
+

       
    Object? data,


     

       

       
723

       
+

       
    Map<String, dynamic>? queryParameters,


     

       

       
724

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
725

       
+

       
    _i2.Options? options,


     

       

       
726

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
727

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
728

       
+

       
  }) =>


     

       

       
729

       
+

       
      (super.noSuchMethod(


     

       

       
730

       
+

       
            Invocation.method(


     

       

       
731

       
+

       
              #request,


     

       

       
732

       
+

       
              [url],


     

       

       
733

       
+

       
              {


     

       

       
734

       
+

       
                #data: data,


     

       

       
735

       
+

       
                #queryParameters: queryParameters,


     

       

       
736

       
+

       
                #cancelToken: cancelToken,


     

       

       
737

       
+

       
                #options: options,


     

       

       
738

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
739

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
740

       
+

       
              },


     

       

       
741

       
+

       
            ),


     

       

       
742

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
743

       
+

       
              _FakeResponse_4<T>(


     

       

       
744

       
+

       
                this,


     

       

       
745

       
+

       
                Invocation.method(


     

       

       
746

       
+

       
                  #request,


     

       

       
747

       
+

       
                  [url],


     

       

       
748

       
+

       
                  {


     

       

       
749

       
+

       
                    #data: data,


     

       

       
750

       
+

       
                    #queryParameters: queryParameters,


     

       

       
751

       
+

       
                    #cancelToken: cancelToken,


     

       

       
752

       
+

       
                    #options: options,


     

       

       
753

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
754

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
755

       
+

       
                  },


     

       

       
756

       
+

       
                ),


     

       

       
757

       
+

       
              ),


     

       

       
758

       
+

       
            ),


     

       

       
759

       
+

       
          )


     

       

       
760

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
761

       
+

       



     

       

       
762

       
+

       
  @override


     

       

       
763

       
+

       
  _i9.Future<_i6.Response<T>> requestUri<T>(


     

       

       
764

       
+

       
    Uri? uri, {


     

       

       
765

       
+

       
    Object? data,


     

       

       
766

       
+

       
    _i10.CancelToken? cancelToken,


     

       

       
767

       
+

       
    _i2.Options? options,


     

       

       
768

       
+

       
    _i2.ProgressCallback? onSendProgress,


     

       

       
769

       
+

       
    _i2.ProgressCallback? onReceiveProgress,


     

       

       
770

       
+

       
  }) =>


     

       

       
771

       
+

       
      (super.noSuchMethod(


     

       

       
772

       
+

       
            Invocation.method(


     

       

       
773

       
+

       
              #requestUri,


     

       

       
774

       
+

       
              [uri],


     

       

       
775

       
+

       
              {


     

       

       
776

       
+

       
                #data: data,


     

       

       
777

       
+

       
                #cancelToken: cancelToken,


     

       

       
778

       
+

       
                #options: options,


     

       

       
779

       
+

       
                #onSendProgress: onSendProgress,


     

       

       
780

       
+

       
                #onReceiveProgress: onReceiveProgress,


     

       

       
781

       
+

       
              },


     

       

       
782

       
+

       
            ),


     

       

       
783

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
784

       
+

       
              _FakeResponse_4<T>(


     

       

       
785

       
+

       
                this,


     

       

       
786

       
+

       
                Invocation.method(


     

       

       
787

       
+

       
                  #requestUri,


     

       

       
788

       
+

       
                  [uri],


     

       

       
789

       
+

       
                  {


     

       

       
790

       
+

       
                    #data: data,


     

       

       
791

       
+

       
                    #cancelToken: cancelToken,


     

       

       
792

       
+

       
                    #options: options,


     

       

       
793

       
+

       
                    #onSendProgress: onSendProgress,


     

       

       
794

       
+

       
                    #onReceiveProgress: onReceiveProgress,


     

       

       
795

       
+

       
                  },


     

       

       
796

       
+

       
                ),


     

       

       
797

       
+

       
              ),


     

       

       
798

       
+

       
            ),


     

       

       
799

       
+

       
          )


     

       

       
800

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
801

       
+

       



     

       

       
802

       
+

       
  @override


     

       

       
803

       
+

       
  _i9.Future<_i6.Response<T>> fetch<T>(_i2.RequestOptions? requestOptions) =>


     

       

       
804

       
+

       
      (super.noSuchMethod(


     

       

       
805

       
+

       
            Invocation.method(#fetch, [requestOptions]),


     

       

       
806

       
+

       
            returnValue: _i9.Future<_i6.Response<T>>.value(


     

       

       
807

       
+

       
              _FakeResponse_4<T>(


     

       

       
808

       
+

       
                this,


     

       

       
809

       
+

       
                Invocation.method(#fetch, [requestOptions]),


     

       

       
810

       
+

       
              ),


     

       

       
811

       
+

       
            ),


     

       

       
812

       
+

       
          )


     

       

       
813

       
+

       
          as _i9.Future<_i6.Response<T>>);


     

       

       
814

       
+

       



     

       

       
815

       
+

       
  @override


     

       

       
816

       
+

       
  _i7.Dio clone({


     

       

       
817

       
+

       
    _i2.BaseOptions? options,


     

       

       
818

       
+

       
    _i3.Interceptors? interceptors,


     

       

       
819

       
+

       
    _i4.HttpClientAdapter? httpClientAdapter,


     

       

       
820

       
+

       
    _i5.Transformer? transformer,


     

       

       
821

       
+

       
  }) =>


     

       

       
822

       
+

       
      (super.noSuchMethod(


     

       

       
823

       
+

       
            Invocation.method(#clone, [], {


     

       

       
824

       
+

       
              #options: options,


     

       

       
825

       
+

       
              #interceptors: interceptors,


     

       

       
826

       
+

       
              #httpClientAdapter: httpClientAdapter,


     

       

       
827

       
+

       
              #transformer: transformer,


     

       

       
828

       
+

       
            }),


     

       

       
829

       
+

       
            returnValue: _FakeDio_5(


     

       

       
830

       
+

       
              this,


     

       

       
831

       
+

       
              Invocation.method(#clone, [], {


     

       

       
832

       
+

       
                #options: options,


     

       

       
833

       
+

       
                #interceptors: interceptors,


     

       

       
834

       
+

       
                #httpClientAdapter: httpClientAdapter,


     

       

       
835

       
+

       
                #transformer: transformer,


     

       

       
836

       
+

       
              }),


     

       

       
837

       
+

       
            ),


     

       

       
838

       
+

       
          )


     

       

       
839

       
+

       
          as _i7.Dio);


     

       

       
840

       
+

       
}


     

       

       
841

       
+

       



     

       

       
842

       
+

       
/// A class which mocks [FlutterSecureStorage].


     

       

       
843

       
+

       
///


     

       

       
844

       
+

       
/// See the documentation for Mockito's code generation for more information.


     

       

       
845

       
+

       
class MockFlutterSecureStorage extends _i1.Mock


     

       

       
846

       
+

       
    implements _i8.FlutterSecureStorage {


     

       

       
847

       
+

       
  MockFlutterSecureStorage() {


     

       

       
848

       
+

       
    _i1.throwOnMissingStub(this);


     

       

       
849

       
+

       
  }


     

       

       
850

       
+

       



     

       

       
851

       
+

       
  @override


     

       

       
852

       
+

       
  _i8.IOSOptions get iOptions =>


     

       

       
853

       
+

       
      (super.noSuchMethod(


     

       

       
854

       
+

       
            Invocation.getter(#iOptions),


     

       

       
855

       
+

       
            returnValue: _FakeIOSOptions_6(this, Invocation.getter(#iOptions)),


     

       

       
856

       
+

       
          )


     

       

       
857

       
+

       
          as _i8.IOSOptions);


     

       

       
858

       
+

       



     

       

       
859

       
+

       
  @override


     

       

       
860

       
+

       
  _i8.AndroidOptions get aOptions =>


     

       

       
861

       
+

       
      (super.noSuchMethod(


     

       

       
862

       
+

       
            Invocation.getter(#aOptions),


     

       

       
863

       
+

       
            returnValue: _FakeAndroidOptions_7(


     

       

       
864

       
+

       
              this,


     

       

       
865

       
+

       
              Invocation.getter(#aOptions),


     

       

       
866

       
+

       
            ),


     

       

       
867

       
+

       
          )


     

       

       
868

       
+

       
          as _i8.AndroidOptions);


     

       

       
869

       
+

       



     

       

       
870

       
+

       
  @override


     

       

       
871

       
+

       
  _i8.LinuxOptions get lOptions =>


     

       

       
872

       
+

       
      (super.noSuchMethod(


     

       

       
873

       
+

       
            Invocation.getter(#lOptions),


     

       

       
874

       
+

       
            returnValue: _FakeLinuxOptions_8(


     

       

       
875

       
+

       
              this,


     

       

       
876

       
+

       
              Invocation.getter(#lOptions),


     

       

       
877

       
+

       
            ),


     

       

       
878

       
+

       
          )


     

       

       
879

       
+

       
          as _i8.LinuxOptions);


     

       

       
880

       
+

       



     

       

       
881

       
+

       
  @override


     

       

       
882

       
+

       
  _i8.WindowsOptions get wOptions =>


     

       

       
883

       
+

       
      (super.noSuchMethod(


     

       

       
884

       
+

       
            Invocation.getter(#wOptions),


     

       

       
885

       
+

       
            returnValue: _FakeWindowsOptions_9(


     

       

       
886

       
+

       
              this,


     

       

       
887

       
+

       
              Invocation.getter(#wOptions),


     

       

       
888

       
+

       
            ),


     

       

       
889

       
+

       
          )


     

       

       
890

       
+

       
          as _i8.WindowsOptions);


     

       

       
891

       
+

       



     

       

       
892

       
+

       
  @override


     

       

       
893

       
+

       
  _i8.WebOptions get webOptions =>


     

       

       
894

       
+

       
      (super.noSuchMethod(


     

       

       
895

       
+

       
            Invocation.getter(#webOptions),


     

       

       
896

       
+

       
            returnValue: _FakeWebOptions_10(


     

       

       
897

       
+

       
              this,


     

       

       
898

       
+

       
              Invocation.getter(#webOptions),


     

       

       
899

       
+

       
            ),


     

       

       
900

       
+

       
          )


     

       

       
901

       
+

       
          as _i8.WebOptions);


     

       

       
902

       
+

       



     

       

       
903

       
+

       
  @override


     

       

       
904

       
+

       
  _i8.MacOsOptions get mOptions =>


     

       

       
905

       
+

       
      (super.noSuchMethod(


     

       

       
906

       
+

       
            Invocation.getter(#mOptions),


     

       

       
907

       
+

       
            returnValue: _FakeMacOsOptions_11(


     

       

       
908

       
+

       
              this,


     

       

       
909

       
+

       
              Invocation.getter(#mOptions),


     

       

       
910

       
+

       
            ),


     

       

       
911

       
+

       
          )


     

       

       
912

       
+

       
          as _i8.MacOsOptions);


     

       

       
913

       
+

       



     

       

       
914

       
+

       
  @override


     

       

       
915

       
+

       
  void registerListener({


     

       

       
916

       
+

       
    required String? key,


     

       

       
917

       
+

       
    required _i11.ValueChanged<String?>? listener,


     

       

       
918

       
+

       
  }) => super.noSuchMethod(


     

       

       
919

       
+

       
    Invocation.method(#registerListener, [], {#key: key, #listener: listener}),


     

       

       
920

       
+

       
    returnValueForMissingStub: null,


     

       

       
921

       
+

       
  );


     

       

       
922

       
+

       



     

       

       
923

       
+

       
  @override


     

       

       
924

       
+

       
  void unregisterListener({


     

       

       
925

       
+

       
    required String? key,


     

       

       
926

       
+

       
    required _i11.ValueChanged<String?>? listener,


     

       

       
927

       
+

       
  }) => super.noSuchMethod(


     

       

       
928

       
+

       
    Invocation.method(#unregisterListener, [], {


     

       

       
929

       
+

       
      #key: key,


     

       

       
930

       
+

       
      #listener: listener,


     

       

       
931

       
+

       
    }),


     

       

       
932

       
+

       
    returnValueForMissingStub: null,


     

       

       
933

       
+

       
  );


     

       

       
934

       
+

       



     

       

       
935

       
+

       
  @override


     

       

       
936

       
+

       
  void unregisterAllListenersForKey({required String? key}) =>


     

       

       
937

       
+

       
      super.noSuchMethod(


     

       

       
938

       
+

       
        Invocation.method(#unregisterAllListenersForKey, [], {#key: key}),


     

       

       
939

       
+

       
        returnValueForMissingStub: null,


     

       

       
940

       
+

       
      );


     

       

       
941

       
+

       



     

       

       
942

       
+

       
  @override


     

       

       
943

       
+

       
  void unregisterAllListeners() => super.noSuchMethod(


     

       

       
944

       
+

       
    Invocation.method(#unregisterAllListeners, []),


     

       

       
945

       
+

       
    returnValueForMissingStub: null,


     

       

       
946

       
+

       
  );


     

       

       
947

       
+

       



     

       

       
948

       
+

       
  @override


     

       

       
949

       
+

       
  _i9.Future<void> write({


     

       

       
950

       
+

       
    required String? key,


     

       

       
951

       
+

       
    required String? value,


     

       

       
952

       
+

       
    _i8.IOSOptions? iOptions,


     

       

       
953

       
+

       
    _i8.AndroidOptions? aOptions,


     

       

       
954

       
+

       
    _i8.LinuxOptions? lOptions,


     

       

       
955

       
+

       
    _i8.WebOptions? webOptions,


     

       

       
956

       
+

       
    _i8.MacOsOptions? mOptions,


     

       

       
957

       
+

       
    _i8.WindowsOptions? wOptions,


     

       

       
958

       
+

       
  }) =>


     

       

       
959

       
+

       
      (super.noSuchMethod(


     

       

       
960

       
+

       
            Invocation.method(#write, [], {


     

       

       
961

       
+

       
              #key: key,


     

       

       
962

       
+

       
              #value: value,


     

       

       
963

       
+

       
              #iOptions: iOptions,


     

       

       
964

       
+

       
              #aOptions: aOptions,


     

       

       
965

       
+

       
              #lOptions: lOptions,


     

       

       
966

       
+

       
              #webOptions: webOptions,


     

       

       
967

       
+

       
              #mOptions: mOptions,


     

       

       
968

       
+

       
              #wOptions: wOptions,


     

       

       
969

       
+

       
            }),


     

       

       
970

       
+

       
            returnValue: _i9.Future<void>.value(),


     

       

       
971

       
+

       
            returnValueForMissingStub: _i9.Future<void>.value(),


     

       

       
972

       
+

       
          )


     

       

       
973

       
+

       
          as _i9.Future<void>);


     

       

       
974

       
+

       



     

       

       
975

       
+

       
  @override


     

       

       
976

       
+

       
  _i9.Future<String?> read({


     

       

       
977

       
+

       
    required String? key,


     

       

       
978

       
+

       
    _i8.IOSOptions? iOptions,


     

       

       
979

       
+

       
    _i8.AndroidOptions? aOptions,


     

       

       
980

       
+

       
    _i8.LinuxOptions? lOptions,


     

       

       
981

       
+

       
    _i8.WebOptions? webOptions,


     

       

       
982

       
+

       
    _i8.MacOsOptions? mOptions,


     

       

       
983

       
+

       
    _i8.WindowsOptions? wOptions,


     

       

       
984

       
+

       
  }) =>


     

       

       
985

       
+

       
      (super.noSuchMethod(


     

       

       
986

       
+

       
            Invocation.method(#read, [], {


     

       

       
987

       
+

       
              #key: key,


     

       

       
988

       
+

       
              #iOptions: iOptions,


     

       

       
989

       
+

       
              #aOptions: aOptions,


     

       

       
990

       
+

       
              #lOptions: lOptions,


     

       

       
991

       
+

       
              #webOptions: webOptions,


     

       

       
992

       
+

       
              #mOptions: mOptions,


     

       

       
993

       
+

       
              #wOptions: wOptions,


     

       

       
994

       
+

       
            }),


     

       

       
995

       
+

       
            returnValue: _i9.Future<String?>.value(),


     

       

       
996

       
+

       
          )


     

       

       
997

       
+

       
          as _i9.Future<String?>);


     

       

       
998

       
+

       



     

       

       
999

       
+

       
  @override


     

       

       
1000

       
+

       
  _i9.Future<bool> containsKey({


     

       

       
1001

       
+

       
    required String? key,


     

       

       
1002

       
+

       
    _i8.IOSOptions? iOptions,


     

       

       
1003

       
+

       
    _i8.AndroidOptions? aOptions,


     

       

       
1004

       
+

       
    _i8.LinuxOptions? lOptions,


     

       

       
1005

       
+

       
    _i8.WebOptions? webOptions,


     

       

       
1006

       
+

       
    _i8.MacOsOptions? mOptions,


     

       

       
1007

       
+

       
    _i8.WindowsOptions? wOptions,


     

       

       
1008

       
+

       
  }) =>


     

       

       
1009

       
+

       
      (super.noSuchMethod(


     

       

       
1010

       
+

       
            Invocation.method(#containsKey, [], {


     

       

       
1011

       
+

       
              #key: key,


     

       

       
1012

       
+

       
              #iOptions: iOptions,


     

       

       
1013

       
+

       
              #aOptions: aOptions,


     

       

       
1014

       
+

       
              #lOptions: lOptions,


     

       

       
1015

       
+

       
              #webOptions: webOptions,


     

       

       
1016

       
+

       
              #mOptions: mOptions,


     

       

       
1017

       
+

       
              #wOptions: wOptions,


     

       

       
1018

       
+

       
            }),


     

       

       
1019

       
+

       
            returnValue: _i9.Future<bool>.value(false),


     

       

       
1020

       
+

       
          )


     

       

       
1021

       
+

       
          as _i9.Future<bool>);


     

       

       
1022

       
+

       



     

       

       
1023

       
+

       
  @override


     

       

       
1024

       
+

       
  _i9.Future<void> delete({


     

       

       
1025

       
+

       
    required String? key,


     

       

       
1026

       
+

       
    _i8.IOSOptions? iOptions,


     

       

       
1027

       
+

       
    _i8.AndroidOptions? aOptions,


     

       

       
1028

       
+

       
    _i8.LinuxOptions? lOptions,


     

       

       
1029

       
+

       
    _i8.WebOptions? webOptions,


     

       

       
1030

       
+

       
    _i8.MacOsOptions? mOptions,


     

       

       
1031

       
+

       
    _i8.WindowsOptions? wOptions,


     

       

       
1032

       
+

       
  }) =>


     

       

       
1033

       
+

       
      (super.noSuchMethod(


     

       

       
1034

       
+

       
            Invocation.method(#delete, [], {


     

       

       
1035

       
+

       
              #key: key,


     

       

       
1036

       
+

       
              #iOptions: iOptions,


     

       

       
1037

       
+

       
              #aOptions: aOptions,


     

       

       
1038

       
+

       
              #lOptions: lOptions,


     

       

       
1039

       
+

       
              #webOptions: webOptions,


     

       

       
1040

       
+

       
              #mOptions: mOptions,


     

       

       
1041

       
+

       
              #wOptions: wOptions,


     

       

       
1042

       
+

       
            }),


     

       

       
1043

       
+

       
            returnValue: _i9.Future<void>.value(),


     

       

       
1044

       
+

       
            returnValueForMissingStub: _i9.Future<void>.value(),


     

       

       
1045

       
+

       
          )


     

       

       
1046

       
+

       
          as _i9.Future<void>);


     

       

       
1047

       
+

       



     

       

       
1048

       
+

       
  @override


     

       

       
1049

       
+

       
  _i9.Future<Map<String, String>> readAll({


     

       

       
1050

       
+

       
    _i8.IOSOptions? iOptions,


     

       

       
1051

       
+

       
    _i8.AndroidOptions? aOptions,


     

       

       
1052

       
+

       
    _i8.LinuxOptions? lOptions,


     

       

       
1053

       
+

       
    _i8.WebOptions? webOptions,


     

       

       
1054

       
+

       
    _i8.MacOsOptions? mOptions,


     

       

       
1055

       
+

       
    _i8.WindowsOptions? wOptions,


     

       

       
1056

       
+

       
  }) =>


     

       

       
1057

       
+

       
      (super.noSuchMethod(


     

       

       
1058

       
+

       
            Invocation.method(#readAll, [], {


     

       

       
1059

       
+

       
              #iOptions: iOptions,


     

       

       
1060

       
+

       
              #aOptions: aOptions,


     

       

       
1061

       
+

       
              #lOptions: lOptions,


     

       

       
1062

       
+

       
              #webOptions: webOptions,


     

       

       
1063

       
+

       
              #mOptions: mOptions,


     

       

       
1064

       
+

       
              #wOptions: wOptions,


     

       

       
1065

       
+

       
            }),


     

       

       
1066

       
+

       
            returnValue: _i9.Future<Map<String, String>>.value(


     

       

       
1067

       
+

       
              <String, String>{},


     

       

       
1068

       
+

       
            ),


     

       

       
1069

       
+

       
          )


     

       

       
1070

       
+

       
          as _i9.Future<Map<String, String>>);


     

       

       
1071

       
+

       



     

       

       
1072

       
+

       
  @override


     

       

       
1073

       
+

       
  _i9.Future<void> deleteAll({


     

       

       
1074

       
+

       
    _i8.IOSOptions? iOptions,


     

       

       
1075

       
+

       
    _i8.AndroidOptions? aOptions,


     

       

       
1076

       
+

       
    _i8.LinuxOptions? lOptions,


     

       

       
1077

       
+

       
    _i8.WebOptions? webOptions,


     

       

       
1078

       
+

       
    _i8.MacOsOptions? mOptions,


     

       

       
1079

       
+

       
    _i8.WindowsOptions? wOptions,


     

       

       
1080

       
+

       
  }) =>


     

       

       
1081

       
+

       
      (super.noSuchMethod(


     

       

       
1082

       
+

       
            Invocation.method(#deleteAll, [], {


     

       

       
1083

       
+

       
              #iOptions: iOptions,


     

       

       
1084

       
+

       
              #aOptions: aOptions,


     

       

       
1085

       
+

       
              #lOptions: lOptions,


     

       

       
1086

       
+

       
              #webOptions: webOptions,


     

       

       
1087

       
+

       
              #mOptions: mOptions,


     

       

       
1088

       
+

       
              #wOptions: wOptions,


     

       

       
1089

       
+

       
            }),


     

       

       
1090

       
+

       
            returnValue: _i9.Future<void>.value(),


     

       

       
1091

       
+

       
            returnValueForMissingStub: _i9.Future<void>.value(),


     

       

       
1092

       
+

       
          )


     

       

       
1093

       
+

       
          as _i9.Future<void>);


     

       

       
1094

       
+

       



     

       

       
1095

       
+

       
  @override


     

       

       
1096

       
+

       
  _i9.Future<bool?> isCupertinoProtectedDataAvailable() =>


     

       

       
1097

       
+

       
      (super.noSuchMethod(


     

       

       
1098

       
+

       
            Invocation.method(#isCupertinoProtectedDataAvailable, []),


     

       

       
1099

       
+

       
            returnValue: _i9.Future<bool?>.value(),


     

       

       
1100

       
+

       
          )


     

       

       
1101

       
+

       
          as _i9.Future<bool?>);


     

       

       
1102

       
+

       
}
+540
test/services/coves_auth_service_validation_test.dart 
···

       

       
1

       
+

       
import 'package:coves_flutter/services/coves_auth_service.dart';


     

       

       
2

       
+

       
import 'package:dio/dio.dart';


     

       

       
3

       
+

       
import 'package:flutter_secure_storage/flutter_secure_storage.dart';


     

       

       
4

       
+

       
import 'package:flutter_test/flutter_test.dart';


     

       

       
5

       
+

       
import 'package:mockito/annotations.dart';


     

       

       
6

       
+

       
import 'package:mockito/mockito.dart';


     

       

       
7

       
+

       



     

       

       
8

       
+

       
import 'coves_auth_service_test.mocks.dart';


     

       

       
9

       
+

       



     

       

       
10

       
+

       
@GenerateMocks([Dio, FlutterSecureStorage])


     

       

       
11

       
+

       
void main() {


     

       

       
12

       
+

       
  late MockDio mockDio;


     

       

       
13

       
+

       
  late MockFlutterSecureStorage mockStorage;


     

       

       
14

       
+

       
  late CovesAuthService authService;


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  setUp(() {


     

       

       
17

       
+

       
    CovesAuthService.resetInstance();


     

       

       
18

       
+

       
    mockDio = MockDio();


     

       

       
19

       
+

       
    mockStorage = MockFlutterSecureStorage();


     

       

       
20

       
+

       
    authService = CovesAuthService.createTestInstance(


     

       

       
21

       
+

       
      dio: mockDio,


     

       

       
22

       
+

       
      storage: mockStorage,


     

       

       
23

       
+

       
    );


     

       

       
24

       
+

       
  });


     

       

       
25

       
+

       



     

       

       
26

       
+

       
  tearDown(() {


     

       

       
27

       
+

       
    CovesAuthService.resetInstance();


     

       

       
28

       
+

       
  });


     

       

       
29

       
+

       



     

       

       
30

       
+

       
  group('Handle Validation', () {


     

       

       
31

       
+

       
    group('Valid inputs', () {


     

       

       
32

       
+

       
      test('should accept standard handle format', () {


     

       

       
33

       
+

       
        final result =


     

       

       
34

       
+

       
            authService.validateAndNormalizeHandle('alice.bsky.social');


     

       

       
35

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
36

       
+

       
      });


     

       

       
37

       
+

       



     

       

       
38

       
+

       
      test('should accept handle with @ prefix and strip it', () {


     

       

       
39

       
+

       
        final result =


     

       

       
40

       
+

       
            authService.validateAndNormalizeHandle('@alice.bsky.social');


     

       

       
41

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
42

       
+

       
      });


     

       

       
43

       
+

       



     

       

       
44

       
+

       
      test('should accept handle with leading/trailing whitespace and trim', () {


     

       

       
45

       
+

       
        final result =


     

       

       
46

       
+

       
            authService.validateAndNormalizeHandle('  alice.bsky.social  ');


     

       

       
47

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
48

       
+

       
      });


     

       

       
49

       
+

       



     

       

       
50

       
+

       
      test('should accept handle with hyphen in segment', () {


     

       

       
51

       
+

       
        final result =


     

       

       
52

       
+

       
            authService.validateAndNormalizeHandle('alice-bob.bsky.social');


     

       

       
53

       
+

       
        expect(result, 'alice-bob.bsky.social');


     

       

       
54

       
+

       
      });


     

       

       
55

       
+

       



     

       

       
56

       
+

       
      test('should accept handle with multiple hyphens', () {


     

       

       
57

       
+

       
        final result = authService


     

       

       
58

       
+

       
            .validateAndNormalizeHandle('alice-bob-charlie.bsky-app.social');


     

       

       
59

       
+

       
        expect(result, 'alice-bob-charlie.bsky-app.social');


     

       

       
60

       
+

       
      });


     

       

       
61

       
+

       



     

       

       
62

       
+

       
      test('should accept handle with multiple subdomains', () {


     

       

       
63

       
+

       
        final result = authService


     

       

       
64

       
+

       
            .validateAndNormalizeHandle('alice.subdomain.example.com');


     

       

       
65

       
+

       
        expect(result, 'alice.subdomain.example.com');


     

       

       
66

       
+

       
      });


     

       

       
67

       
+

       



     

       

       
68

       
+

       
      test('should accept handle with numbers', () {


     

       

       
69

       
+

       
        final result =


     

       

       
70

       
+

       
            authService.validateAndNormalizeHandle('user123.bsky.social');


     

       

       
71

       
+

       
        expect(result, 'user123.bsky.social');


     

       

       
72

       
+

       
      });


     

       

       
73

       
+

       



     

       

       
74

       
+

       
      test('should convert handle to lowercase', () {


     

       

       
75

       
+

       
        final result =


     

       

       
76

       
+

       
            authService.validateAndNormalizeHandle('Alice.Bsky.Social');


     

       

       
77

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
78

       
+

       
      });


     

       

       
79

       
+

       



     

       

       
80

       
+

       
      test('should extract and validate handle from Bluesky profile URL (HTTP)', () {


     

       

       
81

       
+

       
        final result = authService.validateAndNormalizeHandle(


     

       

       
82

       
+

       
            'http://bsky.app/profile/alice.bsky.social');


     

       

       
83

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
84

       
+

       
      });


     

       

       
85

       
+

       



     

       

       
86

       
+

       
      test('should extract and validate handle from Bluesky profile URL (HTTPS)', () {


     

       

       
87

       
+

       
        final result = authService.validateAndNormalizeHandle(


     

       

       
88

       
+

       
            'https://bsky.app/profile/alice.bsky.social');


     

       

       
89

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
90

       
+

       
      });


     

       

       
91

       
+

       



     

       

       
92

       
+

       
      test('should extract and validate handle from Bluesky profile URL with www', () {


     

       

       
93

       
+

       
        final result = authService.validateAndNormalizeHandle(


     

       

       
94

       
+

       
            'https://www.bsky.app/profile/alice.bsky.social');


     

       

       
95

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
96

       
+

       
      });


     

       

       
97

       
+

       



     

       

       
98

       
+

       
      test('should accept DID with plc method', () {


     

       

       
99

       
+

       
        final result =


     

       

       
100

       
+

       
            authService.validateAndNormalizeHandle('did:plc:abc123def456');


     

       

       
101

       
+

       
        expect(result, 'did:plc:abc123def456');


     

       

       
102

       
+

       
      });


     

       

       
103

       
+

       



     

       

       
104

       
+

       
      test('should accept DID with web method', () {


     

       

       
105

       
+

       
        final result =


     

       

       
106

       
+

       
            authService.validateAndNormalizeHandle('did:web:example.com');


     

       

       
107

       
+

       
        expect(result, 'did:web:example.com');


     

       

       
108

       
+

       
      });


     

       

       
109

       
+

       



     

       

       
110

       
+

       
      test('should accept DID with complex identifier', () {


     

       

       
111

       
+

       
        final result = authService


     

       

       
112

       
+

       
            .validateAndNormalizeHandle('did:plc:z72i7hdynmk6r22z27h6tvur');


     

       

       
113

       
+

       
        expect(result, 'did:plc:z72i7hdynmk6r22z27h6tvur');


     

       

       
114

       
+

       
      });


     

       

       
115

       
+

       



     

       

       
116

       
+

       
      test('should accept DID with periods and colons in identifier', () {


     

       

       
117

       
+

       
        final result = authService


     

       

       
118

       
+

       
            .validateAndNormalizeHandle('did:web:example.com:user:alice');


     

       

       
119

       
+

       
        expect(result, 'did:web:example.com:user:alice');


     

       

       
120

       
+

       
      });


     

       

       
121

       
+

       



     

       

       
122

       
+

       
      test('should accept short handle', () {


     

       

       
123

       
+

       
        final result = authService.validateAndNormalizeHandle('a.b');


     

       

       
124

       
+

       
        expect(result, 'a.b');


     

       

       
125

       
+

       
      });


     

       

       
126

       
+

       



     

       

       
127

       
+

       
      test('should normalize handle with @ prefix and whitespace', () {


     

       

       
128

       
+

       
        final result =


     

       

       
129

       
+

       
            authService.validateAndNormalizeHandle('  @Alice.Bsky.Social  ');


     

       

       
130

       
+

       
        expect(result, 'alice.bsky.social');


     

       

       
131

       
+

       
      });


     

       

       
132

       
+

       



     

       

       
133

       
+

       
      test('should accept handle with numeric first segment', () {


     

       

       
134

       
+

       
        final result =


     

       

       
135

       
+

       
            authService.validateAndNormalizeHandle('123.bsky.social');


     

       

       
136

       
+

       
        expect(result, '123.bsky.social');


     

       

       
137

       
+

       
      });


     

       

       
138

       
+

       



     

       

       
139

       
+

       
      test('should accept handle with numeric middle segment', () {


     

       

       
140

       
+

       
        final result =


     

       

       
141

       
+

       
            authService.validateAndNormalizeHandle('alice.456.social');


     

       

       
142

       
+

       
        expect(result, 'alice.456.social');


     

       

       
143

       
+

       
      });


     

       

       
144

       
+

       



     

       

       
145

       
+

       
      test('should accept handle with multiple numeric segments', () {


     

       

       
146

       
+

       
        final result =


     

       

       
147

       
+

       
            authService.validateAndNormalizeHandle('42.example.com');


     

       

       
148

       
+

       
        expect(result, '42.example.com');


     

       

       
149

       
+

       
      });


     

       

       
150

       
+

       



     

       

       
151

       
+

       
      test('should accept handle similar to 4chan.org', () {


     

       

       
152

       
+

       
        final result = authService.validateAndNormalizeHandle('4chan.org');


     

       

       
153

       
+

       
        expect(result, '4chan.org');


     

       

       
154

       
+

       
      });


     

       

       
155

       
+

       



     

       

       
156

       
+

       
      test('should accept handle with numeric and alpha mixed', () {


     

       

       
157

       
+

       
        final result =


     

       

       
158

       
+

       
            authService.validateAndNormalizeHandle('8.cn');


     

       

       
159

       
+

       
        expect(result, '8.cn');


     

       

       
160

       
+

       
      });


     

       

       
161

       
+

       



     

       

       
162

       
+

       
      test('should accept handle like IP but with valid TLD', () {


     

       

       
163

       
+

       
        final result =


     

       

       
164

       
+

       
            authService.validateAndNormalizeHandle('120.0.0.1.com');


     

       

       
165

       
+

       
        expect(result, '120.0.0.1.com');


     

       

       
166

       
+

       
      });


     

       

       
167

       
+

       
    });


     

       

       
168

       
+

       



     

       

       
169

       
+

       
    group('Invalid inputs', () {


     

       

       
170

       
+

       
      test('should throw ArgumentError when handle is empty', () {


     

       

       
171

       
+

       
        expect(


     

       

       
172

       
+

       
          () => authService.validateAndNormalizeHandle(''),


     

       

       
173

       
+

       
          throwsA(isA<ArgumentError>()),


     

       

       
174

       
+

       
        );


     

       

       
175

       
+

       
      });


     

       

       
176

       
+

       



     

       

       
177

       
+

       
      test('should throw ArgumentError when handle is whitespace-only', () {


     

       

       
178

       
+

       
        expect(


     

       

       
179

       
+

       
          () => authService.validateAndNormalizeHandle('   '),


     

       

       
180

       
+

       
          throwsA(isA<ArgumentError>()),


     

       

       
181

       
+

       
        );


     

       

       
182

       
+

       
      });


     

       

       
183

       
+

       



     

       

       
184

       
+

       
      test('should throw ArgumentError for handle without period', () {


     

       

       
185

       
+

       
        expect(


     

       

       
186

       
+

       
          () => authService.validateAndNormalizeHandle('alice'),


     

       

       
187

       
+

       
          throwsA(


     

       

       
188

       
+

       
            predicate(


     

       

       
189

       
+

       
              (e) =>


     

       

       
190

       
+

       
                  e is ArgumentError &&


     

       

       
191

       
+

       
                  e.message.toString().contains('domain format'),


     

       

       
192

       
+

       
            ),


     

       

       
193

       
+

       
          ),


     

       

       
194

       
+

       
        );


     

       

       
195

       
+

       
      });


     

       

       
196

       
+

       



     

       

       
197

       
+

       
      test('should throw ArgumentError for handle starting with hyphen', () {


     

       

       
198

       
+

       
        expect(


     

       

       
199

       
+

       
          () => authService.validateAndNormalizeHandle('-alice.bsky.social'),


     

       

       
200

       
+

       
          throwsA(


     

       

       
201

       
+

       
            predicate(


     

       

       
202

       
+

       
              (e) =>


     

       

       
203

       
+

       
                  e is ArgumentError &&


     

       

       
204

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
205

       
+

       
            ),


     

       

       
206

       
+

       
          ),


     

       

       
207

       
+

       
        );


     

       

       
208

       
+

       
      });


     

       

       
209

       
+

       



     

       

       
210

       
+

       
      test('should throw ArgumentError for handle ending with hyphen', () {


     

       

       
211

       
+

       
        expect(


     

       

       
212

       
+

       
          () => authService.validateAndNormalizeHandle('alice-.bsky.social'),


     

       

       
213

       
+

       
          throwsA(


     

       

       
214

       
+

       
            predicate(


     

       

       
215

       
+

       
              (e) =>


     

       

       
216

       
+

       
                  e is ArgumentError &&


     

       

       
217

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
218

       
+

       
            ),


     

       

       
219

       
+

       
          ),


     

       

       
220

       
+

       
        );


     

       

       
221

       
+

       
      });


     

       

       
222

       
+

       



     

       

       
223

       
+

       
      test('should throw ArgumentError for segment with hyphen at end', () {


     

       

       
224

       
+

       
        expect(


     

       

       
225

       
+

       
          () => authService.validateAndNormalizeHandle('alice.bsky-.social'),


     

       

       
226

       
+

       
          throwsA(


     

       

       
227

       
+

       
            predicate(


     

       

       
228

       
+

       
              (e) =>


     

       

       
229

       
+

       
                  e is ArgumentError &&


     

       

       
230

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
231

       
+

       
            ),


     

       

       
232

       
+

       
          ),


     

       

       
233

       
+

       
        );


     

       

       
234

       
+

       
      });


     

       

       
235

       
+

       



     

       

       
236

       
+

       
      test('should throw ArgumentError for handle starting with period', () {


     

       

       
237

       
+

       
        expect(


     

       

       
238

       
+

       
          () => authService.validateAndNormalizeHandle('.alice.bsky.social'),


     

       

       
239

       
+

       
          throwsA(


     

       

       
240

       
+

       
            predicate(


     

       

       
241

       
+

       
              (e) =>


     

       

       
242

       
+

       
                  e is ArgumentError &&


     

       

       
243

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
244

       
+

       
            ),


     

       

       
245

       
+

       
          ),


     

       

       
246

       
+

       
        );


     

       

       
247

       
+

       
      });


     

       

       
248

       
+

       



     

       

       
249

       
+

       
      test('should throw ArgumentError for handle ending with period', () {


     

       

       
250

       
+

       
        expect(


     

       

       
251

       
+

       
          () => authService.validateAndNormalizeHandle('alice.bsky.social.'),


     

       

       
252

       
+

       
          throwsA(


     

       

       
253

       
+

       
            predicate(


     

       

       
254

       
+

       
              (e) =>


     

       

       
255

       
+

       
                  e is ArgumentError &&


     

       

       
256

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
257

       
+

       
            ),


     

       

       
258

       
+

       
          ),


     

       

       
259

       
+

       
        );


     

       

       
260

       
+

       
      });


     

       

       
261

       
+

       



     

       

       
262

       
+

       
      test('should throw ArgumentError for handle with consecutive periods', () {


     

       

       
263

       
+

       
        expect(


     

       

       
264

       
+

       
          () => authService.validateAndNormalizeHandle('alice..bsky.social'),


     

       

       
265

       
+

       
          throwsA(


     

       

       
266

       
+

       
            predicate(


     

       

       
267

       
+

       
              (e) =>


     

       

       
268

       
+

       
                  e is ArgumentError &&


     

       

       
269

       
+

       
                  (e.message.toString().contains('empty segments') ||


     

       

       
270

       
+

       
                      e.message.toString().contains('Invalid handle format')),


     

       

       
271

       
+

       
            ),


     

       

       
272

       
+

       
          ),


     

       

       
273

       
+

       
        );


     

       

       
274

       
+

       
      });


     

       

       
275

       
+

       



     

       

       
276

       
+

       
      test('should throw ArgumentError for handle with spaces', () {


     

       

       
277

       
+

       
        expect(


     

       

       
278

       
+

       
          () => authService.validateAndNormalizeHandle('alice bsky.social'),


     

       

       
279

       
+

       
          throwsA(


     

       

       
280

       
+

       
            predicate(


     

       

       
281

       
+

       
              (e) =>


     

       

       
282

       
+

       
                  e is ArgumentError &&


     

       

       
283

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
284

       
+

       
            ),


     

       

       
285

       
+

       
          ),


     

       

       
286

       
+

       
        );


     

       

       
287

       
+

       
      });


     

       

       
288

       
+

       



     

       

       
289

       
+

       
      test('should throw ArgumentError for handle with @ in middle', () {


     

       

       
290

       
+

       
        expect(


     

       

       
291

       
+

       
          () => authService.validateAndNormalizeHandle('alice@bsky.social'),


     

       

       
292

       
+

       
          throwsA(


     

       

       
293

       
+

       
            predicate(


     

       

       
294

       
+

       
              (e) =>


     

       

       
295

       
+

       
                  e is ArgumentError &&


     

       

       
296

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
297

       
+

       
            ),


     

       

       
298

       
+

       
          ),


     

       

       
299

       
+

       
        );


     

       

       
300

       
+

       
      });


     

       

       
301

       
+

       



     

       

       
302

       
+

       
      test('should throw ArgumentError for handle with underscore', () {


     

       

       
303

       
+

       
        expect(


     

       

       
304

       
+

       
          () => authService.validateAndNormalizeHandle('alice_bob.bsky.social'),


     

       

       
305

       
+

       
          throwsA(


     

       

       
306

       
+

       
            predicate(


     

       

       
307

       
+

       
              (e) =>


     

       

       
308

       
+

       
                  e is ArgumentError &&


     

       

       
309

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
310

       
+

       
            ),


     

       

       
311

       
+

       
          ),


     

       

       
312

       
+

       
        );


     

       

       
313

       
+

       
      });


     

       

       
314

       
+

       



     

       

       
315

       
+

       
      test('should throw ArgumentError for handle with exclamation mark', () {


     

       

       
316

       
+

       
        expect(


     

       

       
317

       
+

       
          () => authService.validateAndNormalizeHandle('alice!.bsky.social'),


     

       

       
318

       
+

       
          throwsA(


     

       

       
319

       
+

       
            predicate(


     

       

       
320

       
+

       
              (e) =>


     

       

       
321

       
+

       
                  e is ArgumentError &&


     

       

       
322

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
323

       
+

       
            ),


     

       

       
324

       
+

       
          ),


     

       

       
325

       
+

       
        );


     

       

       
326

       
+

       
      });


     

       

       
327

       
+

       



     

       

       
328

       
+

       
      test('should throw ArgumentError for handle with slash', () {


     

       

       
329

       
+

       
        expect(


     

       

       
330

       
+

       
          () => authService.validateAndNormalizeHandle('alice/bob.bsky.social'),


     

       

       
331

       
+

       
          throwsA(


     

       

       
332

       
+

       
            predicate(


     

       

       
333

       
+

       
              (e) =>


     

       

       
334

       
+

       
                  e is ArgumentError &&


     

       

       
335

       
+

       
                  e.message.toString().contains('Invalid handle format'),


     

       

       
336

       
+

       
            ),


     

       

       
337

       
+

       
          ),


     

       

       
338

       
+

       
        );


     

       

       
339

       
+

       
      });


     

       

       
340

       
+

       



     

       

       
341

       
+

       
      test('should throw ArgumentError for handle exceeding 253 characters', () {


     

       

       
342

       
+

       
        // Create a handle that's 254 characters long


     

       

       
343

       
+

       
        final longHandle = '${'a' * 240}.bsky.social';


     

       

       
344

       
+

       
        expect(


     

       

       
345

       
+

       
          () => authService.validateAndNormalizeHandle(longHandle),


     

       

       
346

       
+

       
          throwsA(


     

       

       
347

       
+

       
            predicate(


     

       

       
348

       
+

       
              (e) =>


     

       

       
349

       
+

       
                  e is ArgumentError &&


     

       

       
350

       
+

       
                  e.message.toString().contains('too long'),


     

       

       
351

       
+

       
            ),


     

       

       
352

       
+

       
          ),


     

       

       
353

       
+

       
        );


     

       

       
354

       
+

       
      });


     

       

       
355

       
+

       



     

       

       
356

       
+

       
      test('should throw ArgumentError for segment exceeding 63 characters', () {


     

       

       
357

       
+

       
        // DNS label limit is 63 characters per segment


     

       

       
358

       
+

       
        final longSegment = '${'a' * 64}.bsky.social';


     

       

       
359

       
+

       
        expect(


     

       

       
360

       
+

       
          () => authService.validateAndNormalizeHandle(longSegment),


     

       

       
361

       
+

       
          throwsA(


     

       

       
362

       
+

       
            predicate(


     

       

       
363

       
+

       
              (e) =>


     

       

       
364

       
+

       
                  e is ArgumentError &&


     

       

       
365

       
+

       
                  e.message.toString().contains('too long'),


     

       

       
366

       
+

       
            ),


     

       

       
367

       
+

       
          ),


     

       

       
368

       
+

       
        );


     

       

       
369

       
+

       
      });


     

       

       
370

       
+

       



     

       

       
371

       
+

       
      test('should throw ArgumentError for TLD starting with digit', () {


     

       

       
372

       
+

       
        expect(


     

       

       
373

       
+

       
          () => authService.validateAndNormalizeHandle('alice.bsky.123'),


     

       

       
374

       
+

       
          throwsA(


     

       

       
375

       
+

       
            predicate(


     

       

       
376

       
+

       
              (e) =>


     

       

       
377

       
+

       
                  e is ArgumentError &&


     

       

       
378

       
+

       
                  e.message.toString().contains('TLD') &&


     

       

       
379

       
+

       
                  e.message.toString().contains('cannot start with a digit'),


     

       

       
380

       
+

       
            ),


     

       

       
381

       
+

       
          ),


     

       

       
382

       
+

       
        );


     

       

       
383

       
+

       
      });


     

       

       
384

       
+

       



     

       

       
385

       
+

       
      test('should throw ArgumentError for all-numeric TLD', () {


     

       

       
386

       
+

       
        expect(


     

       

       
387

       
+

       
          () => authService.validateAndNormalizeHandle('123.456.789'),


     

       

       
388

       
+

       
          throwsA(


     

       

       
389

       
+

       
            predicate(


     

       

       
390

       
+

       
              (e) =>


     

       

       
391

       
+

       
                  e is ArgumentError &&


     

       

       
392

       
+

       
                  e.message.toString().contains('TLD') &&


     

       

       
393

       
+

       
                  e.message.toString().contains('cannot start with a digit'),


     

       

       
394

       
+

       
            ),


     

       

       
395

       
+

       
          ),


     

       

       
396

       
+

       
        );


     

       

       
397

       
+

       
      });


     

       

       
398

       
+

       



     

       

       
399

       
+

       
      test('should throw ArgumentError for IPv4 address (TLD starts with digit)', () {


     

       

       
400

       
+

       
        expect(


     

       

       
401

       
+

       
          () => authService.validateAndNormalizeHandle('127.0.0.1'),


     

       

       
402

       
+

       
          throwsA(


     

       

       
403

       
+

       
            predicate(


     

       

       
404

       
+

       
              (e) =>


     

       

       
405

       
+

       
                  e is ArgumentError &&


     

       

       
406

       
+

       
                  e.message.toString().contains('TLD') &&


     

       

       
407

       
+

       
                  e.message.toString().contains('cannot start with a digit'),


     

       

       
408

       
+

       
            ),


     

       

       
409

       
+

       
          ),


     

       

       
410

       
+

       
        );


     

       

       
411

       
+

       
      });


     

       

       
412

       
+

       



     

       

       
413

       
+

       
      test('should throw ArgumentError for IPv4 address variant', () {


     

       

       
414

       
+

       
        expect(


     

       

       
415

       
+

       
          () => authService.validateAndNormalizeHandle('192.168.0.142'),


     

       

       
416

       
+

       
          throwsA(


     

       

       
417

       
+

       
            predicate(


     

       

       
418

       
+

       
              (e) =>


     

       

       
419

       
+

       
                  e is ArgumentError &&


     

       

       
420

       
+

       
                  e.message.toString().contains('TLD') &&


     

       

       
421

       
+

       
                  e.message.toString().contains('cannot start with a digit'),


     

       

       
422

       
+

       
            ),


     

       

       
423

       
+

       
          ),


     

       

       
424

       
+

       
        );


     

       

       
425

       
+

       
      });


     

       

       
426

       
+

       
    });


     

       

       
427

       
+

       



     

       

       
428

       
+

       
    group('DID Validation', () {


     

       

       
429

       
+

       
      test('should accept valid plc DID', () {


     

       

       
430

       
+

       
        final result =


     

       

       
431

       
+

       
            authService.validateAndNormalizeHandle('did:plc:abc123');


     

       

       
432

       
+

       
        expect(result, 'did:plc:abc123');


     

       

       
433

       
+

       
      });


     

       

       
434

       
+

       



     

       

       
435

       
+

       
      test('should accept valid web DID', () {


     

       

       
436

       
+

       
        final result =


     

       

       
437

       
+

       
            authService.validateAndNormalizeHandle('did:web:example.com');


     

       

       
438

       
+

       
        expect(result, 'did:web:example.com');


     

       

       
439

       
+

       
      });


     

       

       
440

       
+

       



     

       

       
441

       
+

       
      test('should accept DID with underscores in identifier', () {


     

       

       
442

       
+

       
        // Underscores are allowed in the DID pattern (part of [a-zA-Z0-9._:%-]+)


     

       

       
443

       
+

       
        final result =


     

       

       
444

       
+

       
            authService.validateAndNormalizeHandle('did:plc:abc_123');


     

       

       
445

       
+

       
        expect(result, 'did:plc:abc_123');


     

       

       
446

       
+

       
      });


     

       

       
447

       
+

       



     

       

       
448

       
+

       
      test('should throw ArgumentError for invalid DID with @ special chars', () {


     

       

       
449

       
+

       
        expect(


     

       

       
450

       
+

       
          () => authService.validateAndNormalizeHandle('did:plc:abc@123'),


     

       

       
451

       
+

       
          throwsA(


     

       

       
452

       
+

       
            predicate(


     

       

       
453

       
+

       
              (e) =>


     

       

       
454

       
+

       
                  e is ArgumentError &&


     

       

       
455

       
+

       
                  e.message.toString().contains('Invalid DID format'),


     

       

       
456

       
+

       
            ),


     

       

       
457

       
+

       
          ),


     

       

       
458

       
+

       
        );


     

       

       
459

       
+

       
      });


     

       

       
460

       
+

       



     

       

       
461

       
+

       
      test('should throw ArgumentError for DID with uppercase method', () {


     

       

       
462

       
+

       
        expect(


     

       

       
463

       
+

       
          () => authService.validateAndNormalizeHandle('did:PLC:abc123'),


     

       

       
464

       
+

       
          throwsA(


     

       

       
465

       
+

       
            predicate(


     

       

       
466

       
+

       
              (e) =>


     

       

       
467

       
+

       
                  e is ArgumentError &&


     

       

       
468

       
+

       
                  e.message.toString().contains('Invalid DID format'),


     

       

       
469

       
+

       
            ),


     

       

       
470

       
+

       
          ),


     

       

       
471

       
+

       
        );


     

       

       
472

       
+

       
      });


     

       

       
473

       
+

       



     

       

       
474

       
+

       
      test('should throw ArgumentError for DID with spaces', () {


     

       

       
475

       
+

       
        expect(


     

       

       
476

       
+

       
          () => authService.validateAndNormalizeHandle('did:plc:abc 123'),


     

       

       
477

       
+

       
          throwsA(


     

       

       
478

       
+

       
            predicate(


     

       

       
479

       
+

       
              (e) =>


     

       

       
480

       
+

       
                  e is ArgumentError &&


     

       

       
481

       
+

       
                  e.message.toString().contains('Invalid DID format'),


     

       

       
482

       
+

       
            ),


     

       

       
483

       
+

       
          ),


     

       

       
484

       
+

       
        );


     

       

       
485

       
+

       
      });


     

       

       
486

       
+

       



     

       

       
487

       
+

       
      test('should throw ArgumentError for malformed DID (missing identifier)', () {


     

       

       
488

       
+

       
        expect(


     

       

       
489

       
+

       
          () => authService.validateAndNormalizeHandle('did:plc'),


     

       

       
490

       
+

       
          throwsA(


     

       

       
491

       
+

       
            predicate(


     

       

       
492

       
+

       
              (e) =>


     

       

       
493

       
+

       
                  e is ArgumentError &&


     

       

       
494

       
+

       
                  e.message.toString().contains('Invalid DID format'),


     

       

       
495

       
+

       
            ),


     

       

       
496

       
+

       
          ),


     

       

       
497

       
+

       
        );


     

       

       
498

       
+

       
      });


     

       

       
499

       
+

       



     

       

       
500

       
+

       
      test('should throw ArgumentError for malformed DID (missing method)', () {


     

       

       
501

       
+

       
        expect(


     

       

       
502

       
+

       
          () => authService.validateAndNormalizeHandle('did::abc123'),


     

       

       
503

       
+

       
          throwsA(


     

       

       
504

       
+

       
            predicate(


     

       

       
505

       
+

       
              (e) =>


     

       

       
506

       
+

       
                  e is ArgumentError &&


     

       

       
507

       
+

       
                  e.message.toString().contains('Invalid DID format'),


     

       

       
508

       
+

       
            ),


     

       

       
509

       
+

       
          ),


     

       

       
510

       
+

       
        );


     

       

       
511

       
+

       
      });


     

       

       
512

       
+

       



     

       

       
513

       
+

       
      test('should throw ArgumentError for DID without prefix', () {


     

       

       
514

       
+

       
        expect(


     

       

       
515

       
+

       
          () => authService.validateAndNormalizeHandle('plc:abc123'),


     

       

       
516

       
+

       
          throwsA(


     

       

       
517

       
+

       
            predicate(


     

       

       
518

       
+

       
              (e) =>


     

       

       
519

       
+

       
                  e is ArgumentError &&


     

       

       
520

       
+

       
                  e.message.toString().contains('domain format'),


     

       

       
521

       
+

       
            ),


     

       

       
522

       
+

       
          ),


     

       

       
523

       
+

       
        );


     

       

       
524

       
+

       
      });


     

       

       
525

       
+

       



     

       

       
526

       
+

       
      test('should throw ArgumentError for DID with invalid method chars', () {


     

       

       
527

       
+

       
        expect(


     

       

       
528

       
+

       
          () => authService.validateAndNormalizeHandle('did:pl-c:abc123'),


     

       

       
529

       
+

       
          throwsA(


     

       

       
530

       
+

       
            predicate(


     

       

       
531

       
+

       
              (e) =>


     

       

       
532

       
+

       
                  e is ArgumentError &&


     

       

       
533

       
+

       
                  e.message.toString().contains('Invalid DID format'),


     

       

       
534

       
+

       
            ),


     

       

       
535

       
+

       
          ),


     

       

       
536

       
+

       
        );


     

       

       
537

       
+

       
      });


     

       

       
538

       
+

       
    });


     

       

       
539

       
+

       
  });


     

       

       
540

       
+

       
}