commit c8dfae5cbc08177029e0948876891883f45857dc · bretton.dev/coves-mobile

+9 -10

lib/services/coves_api_service.dart

···

       26
       26
        
           Future<bool> Function()? tokenRefresher,

     

       27
       27
        
           Future<void> Function()? signOutHandler,

     

       28
       28
        
           Dio? dio,

     

       29
       29
       -
         })  : _tokenGetter = tokenGetter,

     

       30
       30
       -
               _tokenRefresher = tokenRefresher,

     

       31
       31
       -
               _signOutHandler = signOutHandler {

     

       29
       29
       +
         }) : _tokenGetter = tokenGetter,

     

       30
       30
       +
              _tokenRefresher = tokenRefresher,

     

       31
       31
       +
              _signOutHandler = signOutHandler {

     

       32
       32
        
           _dio =

     

       33
       33
        
               dio ??

     

       34
       34
        
               Dio(

     
···

       78
       78
        
                   }

     

       79
       79
        
       

     

       80
       80
        
                   // Don't retry the refresh endpoint itself (avoid infinite loop)

     

       81
       81
       -
                   final isRefreshEndpoint =

     

       82
       82
       -
                       error.requestOptions.path.contains('/oauth/refresh');

     

       81
       81
       +
                   final isRefreshEndpoint = error.requestOptions.path.contains(

     

       82
       82
       +
                     '/oauth/refresh',

     

       83
       83
       +
                   );

     

       83
       84
        
                   if (isRefreshEndpoint) {

     

       84
       85
        
                     if (kDebugMode) {

     

       85
       86
        
                       debugPrint(

     
···

       160
       161
        
                     }

     

       161
       162
        
                     // Only sign out if we haven't already (avoid double sign-out)

     

       162
       163
        
                     // Check if this is a DioException from a retried request

     

       163
       163
       -
                     final isRetriedRequest = e is DioException &&

     

       164
       164
       +
                     final isRetriedRequest =

     

       165
       165
       +
                         e is DioException &&

     

       164
       166
        
                         e.response?.statusCode == 401 &&

     

       165
       167
        
                         e.requestOptions.extra['retried'] == true;

     

       166
       168
        
       

     
···

       352
       354
        
             if (kDebugMode) {

     

       353
       355
        
               debugPrint('❌ Error parsing comments response: $e');

     

       354
       356
        
             }

     

       355
       355
       -
             throw ApiException(

     

       356
       356
       -
               'Failed to parse server response',

     

       357
       357
       -
               originalError: e,

     

       358
       358
       -
             );

     

       357
       357
       +
             throw ApiException('Failed to parse server response', originalError: e);

     

       359
       358
        
           }

     

       360
       359
        
         }

     

       361
       360

+12 -21

lib/services/coves_auth_service.dart

···

       26
       26
        
       /// 4. Call /oauth/refresh when needed

     

       27
       27
        
       /// 5. Call /oauth/logout to sign out

     

       28
       28
        
       class CovesAuthService {

     

       29
       29
       -
         factory CovesAuthService({

     

       30
       30
       -
           Dio? dio,

     

       31
       31
       -
           FlutterSecureStorage? storage,

     

       32
       32
       -
         }) {

     

       29
       29
       +
         factory CovesAuthService({Dio? dio, FlutterSecureStorage? storage}) {

     

       33
       30
        
           _instance ??= CovesAuthService._internal(dio: dio, storage: storage);

     

       34
       31
        
           return _instance!;

     

       35
       32
        
         }

     

       36
       33
        
       

     

       37
       37
       -
         CovesAuthService._internal({

     

       38
       38
       -
           Dio? dio,

     

       39
       39
       -
           FlutterSecureStorage? storage,

     

       40
       40
       -
         }) : _storage = storage ??

     

       41
       41
       -
                   const FlutterSecureStorage(

     

       42
       42
       -
                     aOptions: AndroidOptions(encryptedSharedPreferences: true),

     

       43
       43
       -
                     iOptions: IOSOptions(

     

       44
       44
       -
                       accessibility: KeychainAccessibility.first_unlock,

     

       45
       45
       -
                     ),

     

       46
       46
       -
                   ) {

     

       34
       34
       +
         CovesAuthService._internal({Dio? dio, FlutterSecureStorage? storage})

     

       35
       35
       +
           : _storage =

     

       36
       36
       +
                 storage ??

     

       37
       37
       +
                 const FlutterSecureStorage(

     

       38
       38
       +
                   aOptions: AndroidOptions(encryptedSharedPreferences: true),

     

       39
       39
       +
                   iOptions: IOSOptions(

     

       40
       40
       +
                     accessibility: KeychainAccessibility.first_unlock,

     

       41
       41
       +
                   ),

     

       42
       42
       +
                 ) {

     

       47
       43
        
           // Initialize Dio if provided, otherwise it will be initialized in initialize()

     

       48
       44
        
           if (dio != null) {

     

       49
       45
        
             _dio = dio;

     
···

       341
       337
        
                 await _dio.post<void>(

     

       342
       338
        
                   '/oauth/logout',

     

       343
       339
        
                   options: Options(

     

       344
       344
       -
                     headers: {

     

       345
       345
       -
                       'Authorization': 'Bearer ${_session!.token}',

     

       346
       346
       -
                     },

     

       340
       340
       +
                     headers: {'Authorization': 'Bearer ${_session!.token}'},

     

       347
       341
        
                   ),

     

       348
       342
        
                 );

     

       349
       343
        
       

     
···

       520
       514
        
       

     

       521
       515
        
         /// Save session to secure storage

     

       522
       516
        
         Future<void> _saveSession(CovesSession session) async {

     

       523
       523
       -
           await _storage.write(

     

       524
       524
       -
             key: _storageKey,

     

       525
       525
       -
             value: session.toJsonString(),

     

       526
       526
       -
           );

     

       517
       517
       +
           await _storage.write(key: _storageKey, value: session.toJsonString());

     

       527
       518
        
         }

     

       528
       519
        
       

     

       529
       520
        
         /// Clear session from secure storage

+16 -16

lib/services/vote_service.dart

···

       35
       35
        
              _didGetter = didGetter,

     

       36
       36
        
              _tokenRefresher = tokenRefresher,

     

       37
       37
        
              _signOutHandler = signOutHandler {

     

       38
       38
       -
           _dio = dio ??

     

       38
       38
       +
           _dio =

     

       39
       39
       +
               dio ??

     

       39
       40
        
               Dio(

     

       40
       41
        
                 BaseOptions(

     

       41
       42
        
                   baseUrl: EnvironmentConfig.current.apiUrl,

     
···

       70
       71
        
                 // Handle 401 errors with automatic token refresh

     

       71
       72
        
                 if (error.response?.statusCode == 401 && _tokenRefresher != null) {

     

       72
       73
        
                   if (kDebugMode) {

     

       73
       73
       -
                     debugPrint('🔄 VoteService: 401 detected, attempting token refresh...');

     

       74
       74
       +
                     debugPrint(

     

       75
       75
       +
                       '🔄 VoteService: 401 detected, attempting token refresh...',

     

       76
       76
       +
                     );

     

       74
       77
        
                   }

     

       75
       78
        
       

     

       76
       79
        
                   // Check if we already retried this request (prevent infinite loop)

     
···

       94
       97
        
       

     

       95
       98
        
                     if (refreshSucceeded) {

     

       96
       99
        
                       if (kDebugMode) {

     

       97
       97
       -
                         debugPrint('✅ VoteService: Token refresh successful, retrying request');

     

       100
       100
       +
                         debugPrint(

     

       101
       101
       +
                           '✅ VoteService: Token refresh successful, retrying request',

     

       102
       102
       +
                         );

     

       98
       103
        
                       }

     

       99
       104
        
       

     

       100
       105
        
                       // Get the new session

     
···

       128
       133
        
       

     

       129
       134
        
                     // Refresh failed, sign out the user

     

       130
       135
        
                     if (kDebugMode) {

     

       131
       131
       -
                       debugPrint('❌ VoteService: Token refresh failed, signing out user');

     

       136
       136
       +
                       debugPrint(

     

       137
       137
       +
                         '❌ VoteService: Token refresh failed, signing out user',

     

       138
       138
       +
                       );

     

       132
       139
        
                     }

     

       133
       140
        
                     if (_signOutHandler != null) {

     

       134
       141
        
                       await _signOutHandler();

     
···

       139
       146
        
                     }

     

       140
       147
        
                     // Only sign out if we haven't already (avoid double sign-out)

     

       141
       148
        
                     // Check if this is a DioException from a retried request

     

       142
       142
       -
                     final isRetriedRequest = e is DioException &&

     

       149
       149
       +
                     final isRetriedRequest =

     

       150
       150
       +
                         e is DioException &&

     

       143
       151
        
                         e.response?.statusCode == 401 &&

     

       144
       152
        
                         e.requestOptions.extra['retried'] == true;

     

       145
       153
        
       

     
···

       258
       266
        
       

     

       259
       267
        
             if (isToggleOff) {

     

       260
       268
        
               // Delete existing vote

     

       261
       261
       -
               return _deleteVote(

     

       262
       262
       -
                 session: session,

     

       263
       263
       -
                 rkey: existingVoteRkey,

     

       264
       264
       -
               );

     

       269
       269
       +
               return _deleteVote(session: session, rkey: existingVoteRkey);

     

       265
       270
        
             }

     

       266
       271
        
       

     

       267
       272
        
             // If switching direction, delete old vote first

     
···

       277
       282
        
             final response = await _dio.post<Map<String, dynamic>>(

     

       278
       283
        
               '/xrpc/social.coves.feed.vote.create',

     

       279
       284
        
               data: {

     

       280
       280
       -
                 'subject': {

     

       281
       281
       -
                   'uri': postUri,

     

       282
       282
       -
                   'cid': postCid,

     

       283
       283
       -
                 },

     

       285
       285
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       284
       286
        
                 'direction': direction,

     

       285
       287
        
               },

     

       286
       288
        
             );

     
···

       338
       340
        
             // Note: Authorization header is added by the interceptor

     

       339
       341
        
             await _dio.post<void>(

     

       340
       342
        
               '/xrpc/social.coves.feed.vote.delete',

     

       341
       341
       -
               data: {

     

       342
       342
       -
                 'rkey': rkey,

     

       343
       343
       -
               },

     

       343
       343
       +
               data: {'rkey': rkey},

     

       344
       344
        
             );

     

       345
       345
        
       

     

       346
       346
        
             if (kDebugMode) {

-1

lib/widgets/comment_card.dart

···

       276
       276
        
       

     

       277
       277
        
       /// Custom painter for drawing comment depth indicator lines

     

       278
       278
        
       class _CommentDepthPainter extends CustomPainter {

     

       279
       279
       -
       

     

       280
       279
        
         _CommentDepthPainter({required this.depth});

     

       281
       280
        
         final int depth;

     

       282
       281

-1

lib/widgets/icons/bluesky_icons.dart

···

       4
       4
        
       /// Bluesky-style navigation icons using SVG assets

     

       5
       5
        
       /// These icons match the design from Bluesky's social-app

     

       6
       6
        
       class BlueSkyIcon extends StatelessWidget {

     

       7
       7
       -
       

     

       8
       7
        
         const BlueSkyIcon({

     

       9
       8
        
           required this.iconName,

     

       10
       9
        
           this.size = 28,

+1 -3

lib/widgets/post_action_bar.dart

···

       49
       49
        
           return Container(

     

       50
       50
        
             decoration: const BoxDecoration(

     

       51
       51
        
               color: AppColors.background,

     

       52
       52
       -
               border: Border(

     

       53
       53
       -
                 top: BorderSide(color: AppColors.backgroundSecondary),

     

       54
       54
       -
               ),

     

       52
       52
       +
               border: Border(top: BorderSide(color: AppColors.backgroundSecondary)),

     

       55
       53
        
             ),

     

       56
       54
        
             padding: const EdgeInsets.symmetric(horizontal: 16, vertical: 8),

     

       57
       55
        
             child: SafeArea(

+15 -18

lib/widgets/post_card.dart

···

       161
       161
        
                           ),

     

       162
       162
        
                         )

     

       163
       163
        
                       else

     

       164
       164
       -
                         // Title when navigation is disabled

     

       165
       165
       -
                         if (post.post.title != null) ...[

     

       166
       166
       -
                           Text(

     

       167
       167
       -
                             post.post.title!,

     

       168
       168
       -
                             style: TextStyle(

     

       169
       169
       -
                               color: AppColors.textPrimary,

     

       170
       170
       -
                               fontSize: titleFontSize,

     

       171
       171
       -
                               fontWeight: titleFontWeight,

     

       172
       172
       -
                               height: 1.3,

     

       173
       173
       -
                             ),

     

       164
       164
       +
                       // Title when navigation is disabled

     

       165
       165
       +
                       if (post.post.title != null) ...[

     

       166
       166
       +
                         Text(

     

       167
       167
       +
                           post.post.title!,

     

       168
       168
       +
                           style: TextStyle(

     

       169
       169
       +
                             color: AppColors.textPrimary,

     

       170
       170
       +
                             fontSize: titleFontSize,

     

       171
       171
       +
                             fontWeight: titleFontWeight,

     

       172
       172
       +
                             height: 1.3,

     

       174
       173
        
                           ),

     

       175
       175
       -
                           if (post.post.embed?.external != null ||

     

       176
       176
       -
                               post.post.text.isNotEmpty)

     

       177
       177
       -
                             const SizedBox(height: 8),

     

       178
       178
       -
                         ],

     

       174
       174
       +
                         ),

     

       175
       175
       +
                         if (post.post.embed?.external != null ||

     

       176
       176
       +
                             post.post.text.isNotEmpty)

     

       177
       177
       +
                           const SizedBox(height: 8),

     

       178
       178
       +
                       ],

     

       179
       179
        
       

     

       180
       180
        
                       // Embed (handles its own taps - not wrapped in InkWell)

     

       181
       181
        
                       if (post.post.embed?.external != null) ...[

     
···

       590
       590
        
           // For non-video embeds (images, link previews), make them tappable

     

       591
       591
        
           // to navigate to post detail

     

       592
       592
        
           if (widget.onImageTap != null) {

     

       593
       593
       -
             return GestureDetector(

     

       594
       594
       -
               onTap: widget.onImageTap,

     

       595
       595
       -
               child: thumbnailWidget,

     

       596
       596
       -
             );

     

       593
       593
       +
             return GestureDetector(onTap: widget.onImageTap, child: thumbnailWidget);

     

       597
       594
        
           }

     

       598
       595
        
       

     

       599
       596
        
           // No tap handler provided, just return the thumbnail

+6 -8

lib/widgets/post_card_actions.dart

···

       120
       120
        
                                   Icon(

     

       121
       121
        
                                     Icons.chat_bubble_outline,

     

       122
       122
        
                                     size: 20,

     

       123
       123
       -
                                     color:

     

       124
       124
       -
                                         AppColors.textPrimary.withValues(

     

       125
       125
       -
                                           alpha: 0.6,

     

       126
       126
       -
                                         ),

     

       123
       123
       +
                                     color: AppColors.textPrimary.withValues(

     

       124
       124
       +
                                       alpha: 0.6,

     

       125
       125
       +
                                     ),

     

       127
       126
        
                                   ),

     

       128
       127
        
                                   const SizedBox(width: 5),

     

       129
       128
        
                                   Text(

     

       130
       129
        
                                     DateTimeUtils.formatCount(count),

     

       131
       130
        
                                     style: TextStyle(

     

       132
       132
       -
                                       color:

     

       133
       133
       -
                                           AppColors.textPrimary.withValues(

     

       134
       134
       -
                                             alpha: 0.6,

     

       135
       135
       -
                                           ),

     

       131
       131
       +
                                       color: AppColors.textPrimary.withValues(

     

       132
       132
       +
                                         alpha: 0.6,

     

       133
       133
       +
                                       ),

     

       136
       134
        
                                       fontSize: 13,

     

       137
       135
        
                                     ),

     

       138
       136
        
                                   ),

+13 -37

test/models/coves_session_test.dart

···

       233
       233
        
               'session_id': 'sess456',

     

       234
       234
        
             };

     

       235
       235
        
       

     

       236
       236
       -
             expect(

     

       237
       237
       -
               () => CovesSession.fromJson(json),

     

       238
       238
       -
               throwsA(isA<TypeError>()),

     

       239
       239
       -
             );

     

       236
       236
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       240
       237
        
           });

     

       241
       238
        
       

     

       242
       239
        
           test('should throw when did has wrong type', () {

     
···

       246
       243
        
               'session_id': 'sess456',

     

       247
       244
        
             };

     

       248
       245
        
       

     

       249
       249
       -
             expect(

     

       250
       250
       -
               () => CovesSession.fromJson(json),

     

       251
       251
       -
               throwsA(isA<TypeError>()),

     

       252
       252
       -
             );

     

       246
       246
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       253
       247
        
           });

     

       254
       248
        
       

     

       255
       249
        
           test('should throw when session_id has wrong type', () {

     
···

       259
       253
        
               'session_id': 123, // Should be String

     

       260
       254
        
             };

     

       261
       255
        
       

     

       262
       262
       -
             expect(

     

       263
       263
       -
               () => CovesSession.fromJson(json),

     

       264
       264
       -
               throwsA(isA<TypeError>()),

     

       265
       265
       -
             );

     

       256
       256
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       266
       257
        
           });

     

       267
       258
        
       

     

       268
       259
        
           test('should throw when token field is missing', () {

     

       269
       269
       -
             final json = {

     

       270
       270
       -
               'did': 'did:plc:test123',

     

       271
       271
       -
               'session_id': 'sess456',

     

       272
       272
       -
             };

     

       260
       260
       +
             final json = {'did': 'did:plc:test123', 'session_id': 'sess456'};

     

       273
       261
        
       

     

       274
       274
       -
             expect(

     

       275
       275
       -
               () => CovesSession.fromJson(json),

     

       276
       276
       -
               throwsA(isA<TypeError>()),

     

       277
       277
       -
             );

     

       262
       262
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       278
       263
        
           });

     

       279
       264
        
       

     

       280
       265
        
           test('should throw when did field is missing', () {

     

       281
       281
       -
             final json = {

     

       282
       282
       -
               'token': 'abc123',

     

       283
       283
       -
               'session_id': 'sess456',

     

       284
       284
       -
             };

     

       266
       266
       +
             final json = {'token': 'abc123', 'session_id': 'sess456'};

     

       285
       267
        
       

     

       286
       286
       -
             expect(

     

       287
       287
       -
               () => CovesSession.fromJson(json),

     

       288
       288
       -
               throwsA(isA<TypeError>()),

     

       289
       289
       -
             );

     

       268
       268
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       290
       269
        
           });

     

       291
       270
        
       

     

       292
       271
        
           test('should throw when session_id field is missing', () {

     

       293
       293
       -
             final json = {

     

       294
       294
       -
               'token': 'abc123',

     

       295
       295
       -
               'did': 'did:plc:test123',

     

       296
       296
       -
             };

     

       272
       272
       +
             final json = {'token': 'abc123', 'did': 'did:plc:test123'};

     

       297
       273
        
       

     

       298
       298
       -
             expect(

     

       299
       299
       -
               () => CovesSession.fromJson(json),

     

       300
       300
       -
               throwsA(isA<TypeError>()),

     

       301
       301
       -
             );

     

       274
       274
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       302
       275
        
           });

     

       303
       276
        
       

     

       304
       277
        
           test('should handle extra fields in JSON', () {

     
···

       793
       766
        
             final stringRep = session.toString();

     

       794
       767
        
       

     

       795
       768
        
             expect(stringRep, isNot(contains('Bearer')));

     

       796
       796
       -
             expect(stringRep, isNot(contains('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9')));

     

       769
       769
       +
             expect(

     

       770
       770
       +
               stringRep,

     

       771
       771
       +
               isNot(contains('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9')),

     

       772
       772
       +
             );

     

       797
       773
        
           });

     

       798
       774
        
         });

     

       799
       775
        
       }

+3 -2

test/providers/auth_provider_test.dart

···

       152
       152
        
               await authProvider.signIn('alice.bsky.social');

     

       153
       153
        
       

     

       154
       154
        
               // Sign out with error

     

       155
       155
       -
               when(mockAuthService.signOut())

     

       156
       156
       -
                   .thenThrow(Exception('Revocation failed'));

     

       155
       155
       +
               when(

     

       156
       156
       +
                 mockAuthService.signOut(),

     

       157
       157
       +
               ).thenThrow(Exception('Revocation failed'));

     

       157
       158
        
       

     

       158
       159
        
               await authProvider.signOut();

     

       159
       160

+4 -15

test/providers/comments_provider_test.dart

···

       89
       89
        
             });

     

       90
       90
        
       

     

       91
       91
        
             test('should handle empty comments response', () async {

     

       92
       92
       -
               final mockResponse = CommentsResponse(

     

       93
       93
       -
                 post: {},

     

       94
       94
       -
                 comments: [],

     

       95
       95
       -
               );

     

       92
       92
       +
               final mockResponse = CommentsResponse(post: {}, comments: []);

     

       96
       93
        
       

     

       97
       94
        
               when(

     

       98
       95
        
                 mockApiService.getComments(

     
···

       211
       208
        
                 ),

     

       212
       209
        
               ).thenAnswer((_) async => secondResponse);

     

       213
       210
        
       

     

       214
       214
       -
               await commentsProvider.loadComments(

     

       215
       215
       -
                 postUri: testPostUri,

     

       216
       216
       -
               );

     

       211
       211
       +
               await commentsProvider.loadComments(postUri: testPostUri);

     

       217
       212
        
       

     

       218
       213
        
               expect(commentsProvider.comments.length, 2);

     

       219
       214
        
               expect(commentsProvider.comments[0].comment.uri, 'comment1');

     
···

       425
       420
        
             test('should load vote state when authenticated', () async {

     

       426
       421
        
               final mockComments = [_createMockThreadComment('comment1')];

     

       427
       422
        
       

     

       428
       428
       -
               final mockResponse = CommentsResponse(

     

       429
       429
       -
                 post: {},

     

       430
       430
       -
                 comments: mockComments,

     

       431
       431
       -
               );

     

       423
       423
       +
               final mockResponse = CommentsResponse(post: {}, comments: mockComments);

     

       432
       424
        
       

     

       433
       425
        
               when(

     

       434
       426
        
                 mockApiService.getComments(

     
···

       494
       486
        
             test('should continue loading comments if vote loading fails', () async {

     

       495
       487
        
               final mockComments = [_createMockThreadComment('comment1')];

     

       496
       488
        
       

     

       497
       497
       -
               final mockResponse = CommentsResponse(

     

       498
       498
       -
                 post: {},

     

       499
       499
       -
                 comments: mockComments,

     

       500
       500
       -
               );

     

       489
       489
       +
               final mockResponse = CommentsResponse(post: {}, comments: mockComments);

     

       501
       490
        
       

     

       502
       491
        
               when(

     

       503
       492
        
                 mockApiService.getComments(

+81 -74

test/services/coves_api_service_token_refresh_test.dart

···

       60
       60
        
             apiService.dispose();

     

       61
       61
        
           });

     

       62
       62
        
       

     

       63
       63
       -
           test('should call token refresher on 401 response but only retry once',

     

       64
       64
       -
               () async {

     

       63
       63
       +
           test('should call token refresher on 401 response but only retry once', () async {

     

       65
       64
        
             // This test verifies the interceptor detects 401, calls the refresher,

     

       66
       65
        
             // and only retries ONCE to prevent infinite loops (even if retry returns 401).

     

       67
       66
        
       

     
···

       138
       137
        
             expect(signOutCallCount, 1);

     

       139
       138
        
           });

     

       140
       139
        
       

     

       141
       141
       -
           test('should NOT retry refresh endpoint on 401 (avoid infinite loop)',

     

       142
       142
       -
               () async {

     

       143
       143
       -
             // This test verifies that the interceptor checks for /oauth/refresh

     

       144
       144
       -
             // in the path to avoid infinite loops. Due to limitations with mocking

     

       145
       145
       -
             // complex request/response cycles, we test this by verifying the

     

       146
       146
       -
             // signOutHandler gets called when refresh fails.

     

       140
       140
       +
           test(

     

       141
       141
       +
             'should NOT retry refresh endpoint on 401 (avoid infinite loop)',

     

       142
       142
       +
             () async {

     

       143
       143
       +
               // This test verifies that the interceptor checks for /oauth/refresh

     

       144
       144
       +
               // in the path to avoid infinite loops. Due to limitations with mocking

     

       145
       145
       +
               // complex request/response cycles, we test this by verifying the

     

       146
       146
       +
               // signOutHandler gets called when refresh fails.

     

       147
       147
        
       

     

       148
       148
       -
             // Set refresh to fail (simulates refresh endpoint returning 401)

     

       149
       149
       -
             shouldRefreshSucceed = false;

     

       148
       148
       +
               // Set refresh to fail (simulates refresh endpoint returning 401)

     

       149
       149
       +
               shouldRefreshSucceed = false;

     

       150
       150
        
       

     

       151
       151
       -
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       151
       151
       +
               const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       152
       152
        
       

     

       153
       153
       -
             dioAdapter.onGet(

     

       154
       154
       -
               '/xrpc/social.coves.community.comment.getComments',

     

       155
       155
       -
               (server) => server.reply(401, {

     

       156
       156
       -
                 'error': 'Unauthorized',

     

       157
       157
       -
                 'message': 'Token expired',

     

       158
       158
       -
               }),

     

       159
       159
       -
               queryParameters: {

     

       160
       160
       -
                 'post': postUri,

     

       161
       161
       -
                 'sort': 'hot',

     

       162
       162
       -
                 'depth': 10,

     

       163
       163
       -
                 'limit': 50,

     

       164
       164
       -
               },

     

       165
       165
       -
             );

     

       153
       153
       +
               dioAdapter.onGet(

     

       154
       154
       +
                 '/xrpc/social.coves.community.comment.getComments',

     

       155
       155
       +
                 (server) => server.reply(401, {

     

       156
       156
       +
                   'error': 'Unauthorized',

     

       157
       157
       +
                   'message': 'Token expired',

     

       158
       158
       +
                 }),

     

       159
       159
       +
                 queryParameters: {

     

       160
       160
       +
                   'post': postUri,

     

       161
       161
       +
                   'sort': 'hot',

     

       162
       162
       +
                   'depth': 10,

     

       163
       163
       +
                   'limit': 50,

     

       164
       164
       +
                 },

     

       165
       165
       +
               );

     

       166
       166
        
       

     

       167
       167
       -
             // Make the request and expect it to fail

     

       168
       168
       -
             expect(

     

       169
       169
       -
               () => apiService.getComments(postUri: postUri),

     

       170
       170
       -
               throwsA(isA<Exception>()),

     

       171
       171
       -
             );

     

       167
       167
       +
               // Make the request and expect it to fail

     

       168
       168
       +
               expect(

     

       169
       169
       +
                 () => apiService.getComments(postUri: postUri),

     

       170
       170
       +
                 throwsA(isA<Exception>()),

     

       171
       171
       +
               );

     

       172
       172
        
       

     

       173
       173
       -
             // Wait for async operations to complete

     

       174
       174
       -
             await Future.delayed(const Duration(milliseconds: 100));

     

       173
       173
       +
               // Wait for async operations to complete

     

       174
       174
       +
               await Future.delayed(const Duration(milliseconds: 100));

     

       175
       175
        
       

     

       176
       176
       -
             // Verify user was signed out (no infinite loop)

     

       177
       177
       -
             expect(signOutCallCount, 1);

     

       178
       178
       -
           });

     

       176
       176
       +
               // Verify user was signed out (no infinite loop)

     

       177
       177
       +
               expect(signOutCallCount, 1);

     

       178
       178
       +
             },

     

       179
       179
       +
           );

     

       179
       180
        
       

     

       180
       180
       -
           test('should sign out user if token refresh throws exception', () async {

     

       181
       181
       -
             // Skipped: causes retry loops with http_mock_adapter after disposal

     

       182
       182
       -
             // The core functionality is tested by the "should sign out user if token

     

       183
       183
       -
             // refresh fails" test above.

     

       184
       184
       -
           }, skip: 'Causes retry issues with http_mock_adapter');

     

       181
       181
       +
           test(

     

       182
       182
       +
             'should sign out user if token refresh throws exception',

     

       183
       183
       +
             () async {

     

       184
       184
       +
               // Skipped: causes retry loops with http_mock_adapter after disposal

     

       185
       185
       +
               // The core functionality is tested by the "should sign out user if token

     

       186
       186
       +
               // refresh fails" test above.

     

       187
       187
       +
             },

     

       188
       188
       +
             skip: 'Causes retry issues with http_mock_adapter',

     

       189
       189
       +
           );

     

       185
       190
        
       

     

       186
       186
       -
           test('should handle 401 gracefully when no refresher is provided',

     

       187
       187
       -
               () async {

     

       188
       188
       -
             // Create API service without refresh capability

     

       189
       189
       -
             final apiServiceNoRefresh = CovesApiService(

     

       190
       190
       -
               dio: dio,

     

       191
       191
       -
               tokenGetter: mockTokenGetter,

     

       192
       192
       -
               // No tokenRefresher provided

     

       193
       193
       -
               // No signOutHandler provided

     

       194
       194
       -
             );

     

       191
       191
       +
           test(

     

       192
       192
       +
             'should handle 401 gracefully when no refresher is provided',

     

       193
       193
       +
             () async {

     

       194
       194
       +
               // Create API service without refresh capability

     

       195
       195
       +
               final apiServiceNoRefresh = CovesApiService(

     

       196
       196
       +
                 dio: dio,

     

       197
       197
       +
                 tokenGetter: mockTokenGetter,

     

       198
       198
       +
                 // No tokenRefresher provided

     

       199
       199
       +
                 // No signOutHandler provided

     

       200
       200
       +
               );

     

       195
       201
        
       

     

       196
       196
       -
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       202
       202
       +
               const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       197
       203
        
       

     

       198
       198
       -
             // Request returns 401

     

       199
       199
       -
             dioAdapter.onGet(

     

       200
       200
       -
               '/xrpc/social.coves.community.comment.getComments',

     

       201
       201
       -
               (server) => server.reply(401, {

     

       202
       202
       -
                 'error': 'Unauthorized',

     

       203
       203
       -
                 'message': 'Token expired',

     

       204
       204
       -
               }),

     

       205
       205
       -
               queryParameters: {

     

       206
       206
       -
                 'post': postUri,

     

       207
       207
       -
                 'sort': 'hot',

     

       208
       208
       -
                 'depth': 10,

     

       209
       209
       -
                 'limit': 50,

     

       210
       210
       -
               },

     

       211
       211
       -
             );

     

       204
       204
       +
               // Request returns 401

     

       205
       205
       +
               dioAdapter.onGet(

     

       206
       206
       +
                 '/xrpc/social.coves.community.comment.getComments',

     

       207
       207
       +
                 (server) => server.reply(401, {

     

       208
       208
       +
                   'error': 'Unauthorized',

     

       209
       209
       +
                   'message': 'Token expired',

     

       210
       210
       +
                 }),

     

       211
       211
       +
                 queryParameters: {

     

       212
       212
       +
                   'post': postUri,

     

       213
       213
       +
                   'sort': 'hot',

     

       214
       214
       +
                   'depth': 10,

     

       215
       215
       +
                   'limit': 50,

     

       216
       216
       +
                 },

     

       217
       217
       +
               );

     

       212
       218
        
       

     

       213
       213
       -
             // Make the request and expect it to fail with AuthenticationException

     

       214
       214
       -
             expect(

     

       215
       215
       -
               () => apiServiceNoRefresh.getComments(postUri: postUri),

     

       216
       216
       -
               throwsA(isA<Exception>()),

     

       217
       217
       -
             );

     

       219
       219
       +
               // Make the request and expect it to fail with AuthenticationException

     

       220
       220
       +
               expect(

     

       221
       221
       +
                 () => apiServiceNoRefresh.getComments(postUri: postUri),

     

       222
       222
       +
                 throwsA(isA<Exception>()),

     

       223
       223
       +
               );

     

       218
       224
        
       

     

       219
       219
       -
             // Verify refresh was NOT called (no refresher provided)

     

       220
       220
       -
             expect(tokenRefreshCallCount, 0);

     

       225
       225
       +
               // Verify refresh was NOT called (no refresher provided)

     

       226
       226
       +
               expect(tokenRefreshCallCount, 0);

     

       221
       227
        
       

     

       222
       222
       -
             // Verify sign-out was NOT called (no handler provided)

     

       223
       223
       -
             expect(signOutCallCount, 0);

     

       228
       228
       +
               // Verify sign-out was NOT called (no handler provided)

     

       229
       229
       +
               expect(signOutCallCount, 0);

     

       224
       230
        
       

     

       225
       225
       -
             apiServiceNoRefresh.dispose();

     

       226
       226
       -
           });

     

       231
       231
       +
               apiServiceNoRefresh.dispose();

     

       232
       232
       +
             },

     

       233
       233
       +
           );

     

       227
       234
        
       

     

       228
       235
        
           // Skipped: http_mock_adapter cannot handle stateful request/response cycles

     

       229
       236

+38 -29

test/services/coves_auth_service_environment_test.dart

···

       70
       70
        
             );

     

       71
       71
        
       

     

       72
       72
        
             // Mock storage read for the environment-specific key

     

       73
       73
       -
             when(mockStorage.read(key: storageKey))

     

       74
       74
       -
                 .thenAnswer((_) async => session.toJsonString());

     

       73
       73
       +
             when(

     

       74
       74
       +
               mockStorage.read(key: storageKey),

     

       75
       75
       +
             ).thenAnswer((_) async => session.toJsonString());

     

       75
       76
        
       

     

       76
       77
        
             // Act - Restore session

     

       77
       78
        
             final result = await authService.restoreSession();

     
···

       100
       101
        
               handle: 'alice.bsky.social',

     

       101
       102
        
             );

     

       102
       103
        
       

     

       103
       103
       -
             when(mockStorage.read(key: storageKey))

     

       104
       104
       -
                 .thenAnswer((_) async => session.toJsonString());

     

       104
       104
       +
             when(

     

       105
       105
       +
               mockStorage.read(key: storageKey),

     

       106
       106
       +
             ).thenAnswer((_) async => session.toJsonString());

     

       105
       107
        
             await authService.restoreSession();

     

       106
       108
        
       

     

       107
       109
        
             // Mock successful refresh

     

       108
       110
        
             const newToken = 'new-refreshed-token';

     

       109
       109
       -
             when(mockDio.post<Map<String, dynamic>>(

     

       110
       110
       -
               '/oauth/refresh',

     

       111
       111
       -
               data: anyNamed('data'),

     

       112
       112
       -
             )).thenAnswer((_) async => Response(

     

       113
       113
       -
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       114
       114
       -
                   statusCode: 200,

     

       115
       115
       -
                   data: {

     

       116
       116
       -
                     'sealed_token': newToken,

     

       117
       117
       -
                     'access_token': 'some-access-token'

     

       118
       118
       -
                   },

     

       119
       119
       -
                 ));

     

       111
       111
       +
             when(

     

       112
       112
       +
               mockDio.post<Map<String, dynamic>>(

     

       113
       113
       +
                 '/oauth/refresh',

     

       114
       114
       +
                 data: anyNamed('data'),

     

       115
       115
       +
               ),

     

       116
       116
       +
             ).thenAnswer(

     

       117
       117
       +
               (_) async => Response(

     

       118
       118
       +
                 requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       119
       119
       +
                 statusCode: 200,

     

       120
       120
       +
                 data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       121
       121
       +
               ),

     

       122
       122
       +
             );

     

       120
       123
        
       

     

       121
       121
       -
             when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       122
       122
       -
                 .thenAnswer((_) async => {});

     

       124
       124
       +
             when(

     

       125
       125
       +
               mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       126
       126
       +
             ).thenAnswer((_) async => {});

     

       123
       127
        
       

     

       124
       128
        
             // Act - Refresh token (which saves the updated session)

     

       125
       129
        
             await authService.refreshToken();

     

       126
       130
        
       

     

       127
       131
        
             // Assert - Verify environment-specific key was used for saving

     

       128
       128
       -
             verify(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       129
       129
       -
                 .called(1);

     

       132
       132
       +
             verify(

     

       133
       133
       +
               mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       134
       134
       +
             ).called(1);

     

       130
       135
        
       

     

       131
       136
        
             // Verify the generic key was never used

     

       132
       132
       -
             verifyNever(mockStorage.write(key: 'coves_session', value: anyNamed('value')));

     

       137
       137
       +
             verifyNever(

     

       138
       138
       +
               mockStorage.write(key: 'coves_session', value: anyNamed('value')),

     

       139
       139
       +
             );

     

       133
       140
        
           });

     

       134
       141
        
       

     

       135
       142
        
           test('should delete sessions using environment-specific keys', () async {

     
···

       144
       151
        
               sessionId: 'session-123',

     

       145
       152
        
             );

     

       146
       153
        
       

     

       147
       147
       -
             when(mockStorage.read(key: storageKey))

     

       148
       148
       -
                 .thenAnswer((_) async => session.toJsonString());

     

       154
       154
       +
             when(

     

       155
       155
       +
               mockStorage.read(key: storageKey),

     

       156
       156
       +
             ).thenAnswer((_) async => session.toJsonString());

     

       149
       157
        
             await authService.restoreSession();

     

       150
       158
        
       

     

       151
       159
        
             // Mock logout

     

       152
       152
       -
             when(mockDio.post<void>(

     

       153
       153
       -
               '/oauth/logout',

     

       154
       154
       -
               options: anyNamed('options'),

     

       155
       155
       -
             )).thenAnswer((_) async => Response(

     

       156
       156
       -
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       157
       157
       -
                   statusCode: 200,

     

       158
       158
       -
                 ));

     

       160
       160
       +
             when(

     

       161
       161
       +
               mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       162
       162
       +
             ).thenAnswer(

     

       163
       163
       +
               (_) async => Response(

     

       164
       164
       +
                 requestOptions: RequestOptions(path: '/oauth/logout'),

     

       165
       165
       +
                 statusCode: 200,

     

       166
       166
       +
               ),

     

       167
       167
       +
             );

     

       159
       168
        
       

     

       160
       169
        
             when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       161
       170

+37 -20

test/services/coves_auth_service_redaction_test.dart

···

       52
       52
        
             );

     

       53
       53
        
           });

     

       54
       54
        
       

     

       55
       55
       -
           test('should preserve non-sensitive parameters (DID, handle, session_id)',

     

       56
       56
       -
               () {

     

       57
       57
       -
             const testUrl =

     

       58
       58
       -
                 'social.coves:/callback?token=sealed_token_abc123&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social';

     

       55
       55
       +
           test(

     

       56
       56
       +
             'should preserve non-sensitive parameters (DID, handle, session_id)',

     

       57
       57
       +
             () {

     

       58
       58
       +
               const testUrl =

     

       59
       59
       +
                   'social.coves:/callback?token=sealed_token_abc123&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social';

     

       59
       60
        
       

     

       60
       60
       -
             final redacted = testUrl.replaceAllMapped(

     

       61
       61
       -
               RegExp(r'token=([^&\s]+)'),

     

       62
       62
       -
               (match) => 'token=[REDACTED]',

     

       63
       63
       -
             );

     

       61
       61
       +
               final redacted = testUrl.replaceAllMapped(

     

       62
       62
       +
                 RegExp(r'token=([^&\s]+)'),

     

       63
       63
       +
                 (match) => 'token=[REDACTED]',

     

       64
       64
       +
               );

     

       64
       65
        
       

     

       65
       65
       -
             expect(redacted, contains('did=did:plc:test123'));

     

       66
       66
       -
             expect(redacted, contains('session_id=sess-456'));

     

       67
       67
       -
             expect(redacted, contains('handle=alice.bsky.social'));

     

       68
       68
       -
             expect(redacted, isNot(contains('sealed_token_abc123')));

     

       69
       69
       -
           });

     

       66
       66
       +
               expect(redacted, contains('did=did:plc:test123'));

     

       67
       67
       +
               expect(redacted, contains('session_id=sess-456'));

     

       68
       68
       +
               expect(redacted, contains('handle=alice.bsky.social'));

     

       69
       69
       +
               expect(redacted, isNot(contains('sealed_token_abc123')));

     

       70
       70
       +
             },

     

       71
       71
       +
           );

     

       70
       72
        
       

     

       71
       73
        
           test('should handle token as first parameter', () {

     

       72
       74
        
             const testUrl =

     
···

       77
       79
        
               (match) => 'token=[REDACTED]',

     

       78
       80
        
             );

     

       79
       81
        
       

     

       80
       80
       -
             expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');

     

       82
       82
       +
             expect(

     

       83
       83
       +
               redacted,

     

       84
       84
       +
               'social.coves:/callback?token=[REDACTED]&did=did:plc:test',

     

       85
       85
       +
             );

     

       81
       86
        
           });

     

       82
       87
        
       

     

       83
       88
        
           test('should handle token as last parameter', () {

     

       84
       84
       -
             const testUrl = 'social.coves:/callback?did=did:plc:test&token=last_token';

     

       89
       89
       +
             const testUrl =

     

       90
       90
       +
                 'social.coves:/callback?did=did:plc:test&token=last_token';

     

       85
       91
        
       

     

       86
       92
        
             final redacted = testUrl.replaceAllMapped(

     

       87
       93
        
               RegExp(r'token=([^&\s]+)'),

     

       88
       94
        
               (match) => 'token=[REDACTED]',

     

       89
       95
        
             );

     

       90
       96
        
       

     

       91
       91
       -
             expect(redacted, 'social.coves:/callback?did=did:plc:test&token=[REDACTED]');

     

       97
       97
       +
             expect(

     

       98
       98
       +
               redacted,

     

       99
       99
       +
               'social.coves:/callback?did=did:plc:test&token=[REDACTED]',

     

       100
       100
       +
             );

     

       92
       101
        
           });

     

       93
       102
        
       

     

       94
       103
        
           test('should handle token as only parameter', () {

     
···

       111
       120
        
               (match) => 'token=[REDACTED]',

     

       112
       121
        
             );

     

       113
       122
        
       

     

       114
       114
       -
             expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');

     

       123
       123
       +
             expect(

     

       124
       124
       +
               redacted,

     

       125
       125
       +
               'social.coves:/callback?token=[REDACTED]&did=did:plc:test',

     

       126
       126
       +
             );

     

       115
       127
        
             expect(redacted, isNot(contains('encoded%2Btoken%3D123')));

     

       116
       128
        
           });

     

       117
       129
        
       

     

       118
       130
        
           test('should handle long token values', () {

     

       119
       131
        
             const longToken =

     

       120
       132
        
                 'very_long_sealed_token_with_many_characters_1234567890abcdef';

     

       121
       121
       -
             final testUrl = 'social.coves:/callback?token=$longToken&did=did:plc:test';

     

       133
       133
       +
             final testUrl =

     

       134
       134
       +
                 'social.coves:/callback?token=$longToken&did=did:plc:test';

     

       122
       135
        
       

     

       123
       136
        
             final redacted = testUrl.replaceAllMapped(

     

       124
       137
        
               RegExp(r'token=([^&\s]+)'),

     

       125
       138
        
               (match) => 'token=[REDACTED]',

     

       126
       139
        
             );

     

       127
       140
        
       

     

       128
       128
       -
             expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');

     

       141
       141
       +
             expect(

     

       142
       142
       +
               redacted,

     

       143
       143
       +
               'social.coves:/callback?token=[REDACTED]&did=did:plc:test',

     

       144
       144
       +
             );

     

       129
       145
        
             expect(redacted, isNot(contains(longToken)));

     

       130
       146
        
           });

     

       131
       147
        
       

     

       132
       148
        
           test('should handle URL without token parameter', () {

     

       133
       133
       -
             const testUrl = 'social.coves:/callback?did=did:plc:test&handle=alice.bsky.social';

     

       149
       149
       +
             const testUrl =

     

       150
       150
       +
                 'social.coves:/callback?did=did:plc:test&handle=alice.bsky.social';

     

       134
       151
        
       

     

       135
       152
        
             final redacted = testUrl.replaceAllMapped(

     

       136
       153
        
               RegExp(r'token=([^&\s]+)'),

+87 -52

test/services/coves_auth_service_singleton_test.dart

···

       34
       34
        
             final instance3 = CovesAuthService();

     

       35
       35
        
       

     

       36
       36
        
             // Assert - All should be the exact same instance

     

       37
       37
       -
             expect(identical(instance1, instance2), isTrue,

     

       38
       38
       -
                 reason: 'instance1 and instance2 should be identical');

     

       39
       39
       -
             expect(identical(instance2, instance3), isTrue,

     

       40
       40
       -
                 reason: 'instance2 and instance3 should be identical');

     

       41
       41
       -
             expect(identical(instance1, instance3), isTrue,

     

       42
       42
       -
                 reason: 'instance1 and instance3 should be identical');

     

       37
       37
       +
             expect(

     

       38
       38
       +
               identical(instance1, instance2),

     

       39
       39
       +
               isTrue,

     

       40
       40
       +
               reason: 'instance1 and instance2 should be identical',

     

       41
       41
       +
             );

     

       42
       42
       +
             expect(

     

       43
       43
       +
               identical(instance2, instance3),

     

       44
       44
       +
               isTrue,

     

       45
       45
       +
               reason: 'instance2 and instance3 should be identical',

     

       46
       46
       +
             );

     

       47
       47
       +
             expect(

     

       48
       48
       +
               identical(instance1, instance3),

     

       49
       49
       +
               isTrue,

     

       50
       50
       +
               reason: 'instance1 and instance3 should be identical',

     

       51
       51
       +
             );

     

       43
       52
        
           });

     

       44
       53
        
       

     

       45
       54
        
           test('should share in-memory session across singleton instances', () async {

     
···

       47
       56
        
             final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       48
       57
        
       

     

       49
       58
        
             // Mock storage to return a valid session

     

       50
       50
       -
             const sessionJson = '{'

     

       59
       59
       +
             const sessionJson =

     

       60
       60
       +
                 '{'

     

       51
       61
        
                 '"token": "test-token", '

     

       52
       62
        
                 '"did": "did:plc:test123", '

     

       53
       63
        
                 '"session_id": "session-123", '

     

       54
       64
        
                 '"handle": "alice.bsky.social"'

     

       55
       65
        
                 '}';

     

       56
       66
        
       

     

       57
       57
       -
             when(mockStorage.read(key: storageKey))

     

       58
       58
       -
                 .thenAnswer((_) async => sessionJson);

     

       67
       67
       +
             when(

     

       68
       68
       +
               mockStorage.read(key: storageKey),

     

       69
       69
       +
             ).thenAnswer((_) async => sessionJson);

     

       59
       70
        
       

     

       60
       71
        
             // Act - Restore session using first instance

     

       61
       72
        
             await instance1.restoreSession();

     
···

       77
       88
        
             final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       78
       89
        
       

     

       79
       90
        
             // Mock storage to return a valid session

     

       80
       80
       -
             const sessionJson = '{'

     

       91
       91
       +
             const sessionJson =

     

       92
       92
       +
                 '{'

     

       81
       93
        
                 '"token": "old-token", '

     

       82
       94
        
                 '"did": "did:plc:test123", '

     

       83
       95
        
                 '"session_id": "session-123", '

     

       84
       96
        
                 '"handle": "alice.bsky.social"'

     

       85
       97
        
                 '}';

     

       86
       98
        
       

     

       87
       87
       -
             when(mockStorage.read(key: storageKey))

     

       88
       88
       -
                 .thenAnswer((_) async => sessionJson);

     

       99
       99
       +
             when(

     

       100
       100
       +
               mockStorage.read(key: storageKey),

     

       101
       101
       +
             ).thenAnswer((_) async => sessionJson);

     

       89
       102
        
       

     

       90
       103
        
             await instance1.restoreSession();

     

       91
       104
        
       

     

       92
       105
        
             // Mock refresh with delay

     

       93
       106
        
             const newToken = 'refreshed-token';

     

       94
       94
       -
             when(mockDio.post<Map<String, dynamic>>(

     

       95
       95
       -
               '/oauth/refresh',

     

       96
       96
       -
               data: anyNamed('data'),

     

       97
       97
       -
             )).thenAnswer((_) async {

     

       107
       107
       +
             when(

     

       108
       108
       +
               mockDio.post<Map<String, dynamic>>(

     

       109
       109
       +
                 '/oauth/refresh',

     

       110
       110
       +
                 data: anyNamed('data'),

     

       111
       111
       +
               ),

     

       112
       112
       +
             ).thenAnswer((_) async {

     

       98
       113
        
               await Future.delayed(const Duration(milliseconds: 100));

     

       99
       114
        
               return Response(

     

       100
       115
        
                 requestOptions: RequestOptions(path: '/oauth/refresh'),

     
···

       103
       118
        
               );

     

       104
       119
        
             });

     

       105
       120
        
       

     

       106
       106
       -
             when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       107
       107
       -
                 .thenAnswer((_) async => {});

     

       121
       121
       +
             when(

     

       122
       122
       +
               mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       123
       123
       +
             ).thenAnswer((_) async => {});

     

       108
       124
        
       

     

       109
       125
        
             // Act - Start refresh from first instance

     

       110
       126
        
             final refreshFuture1 = instance1.refreshToken();

     
···

       121
       137
        
             expect(results[1].token, newToken);

     

       122
       138
        
       

     

       123
       139
        
             // Verify only one API call was made (mutex protected)

     

       124
       124
       -
             verify(mockDio.post<Map<String, dynamic>>(

     

       125
       125
       -
               '/oauth/refresh',

     

       126
       126
       -
               data: anyNamed('data'),

     

       127
       127
       -
             )).called(1);

     

       140
       140
       +
             verify(

     

       141
       141
       +
               mockDio.post<Map<String, dynamic>>(

     

       142
       142
       +
                 '/oauth/refresh',

     

       143
       143
       +
                 data: anyNamed('data'),

     

       144
       144
       +
               ),

     

       145
       145
       +
             ).called(1);

     

       128
       146
        
           });

     

       129
       147
        
       

     

       130
       148
        
           test('resetInstance() should clear the singleton', () {

     
···

       148
       166
        
       

     

       149
       167
        
           test('createTestInstance() should bypass singleton', () {

     

       150
       168
        
             // Arrange

     

       151
       151
       -
             final singletonInstance = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       169
       169
       +
             final singletonInstance = CovesAuthService(

     

       170
       170
       +
               dio: mockDio,

     

       171
       171
       +
               storage: mockStorage,

     

       172
       172
       +
             );

     

       152
       173
        
       

     

       153
       174
        
             // Act - Create a test instance with different dependencies

     

       154
       175
        
             final mockDio2 = MockDio();

     
···

       159
       180
        
             );

     

       160
       181
        
       

     

       161
       182
        
             // Assert - Test instance should be different from singleton

     

       162
       162
       -
             expect(identical(singletonInstance, testInstance), isFalse,

     

       163
       163
       -
                 reason: 'Test instance should not be the singleton');

     

       183
       183
       +
             expect(

     

       184
       184
       +
               identical(singletonInstance, testInstance),

     

       185
       185
       +
               isFalse,

     

       186
       186
       +
               reason: 'Test instance should not be the singleton',

     

       187
       187
       +
             );

     

       164
       188
        
       

     

       165
       189
        
             // Test instance should not affect singleton

     

       166
       190
        
             final singletonCheck = CovesAuthService();

     

       167
       167
       -
             expect(identical(singletonInstance, singletonCheck), isTrue,

     

       168
       168
       -
                 reason: 'Singleton should remain unchanged');

     

       191
       191
       +
             expect(

     

       192
       192
       +
               identical(singletonInstance, singletonCheck),

     

       193
       193
       +
               isTrue,

     

       194
       194
       +
               reason: 'Singleton should remain unchanged',

     

       195
       195
       +
             );

     

       169
       196
        
           });

     

       170
       197
        
       

     

       171
       171
       -
           test('should avoid state loss when service is requested from multiple entry points', () async {

     

       172
       172
       -
             // Arrange

     

       173
       173
       -
             final authProvider = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       198
       198
       +
           test(

     

       199
       199
       +
             'should avoid state loss when service is requested from multiple entry points',

     

       200
       200
       +
             () async {

     

       201
       201
       +
               // Arrange

     

       202
       202
       +
               final authProvider = CovesAuthService(

     

       203
       203
       +
                 dio: mockDio,

     

       204
       204
       +
                 storage: mockStorage,

     

       205
       205
       +
               );

     

       174
       206
        
       

     

       175
       175
       -
             const sessionJson = '{'

     

       176
       176
       -
                 '"token": "test-token", '

     

       177
       177
       -
                 '"did": "did:plc:test123", '

     

       178
       178
       -
                 '"session_id": "session-123"'

     

       179
       179
       -
                 '}';

     

       207
       207
       +
               const sessionJson =

     

       208
       208
       +
                   '{'

     

       209
       209
       +
                   '"token": "test-token", '

     

       210
       210
       +
                   '"did": "did:plc:test123", '

     

       211
       211
       +
                   '"session_id": "session-123"'

     

       212
       212
       +
                   '}';

     

       180
       213
        
       

     

       181
       181
       -
             when(mockStorage.read(key: storageKey))

     

       182
       182
       -
                 .thenAnswer((_) async => sessionJson);

     

       214
       214
       +
               when(

     

       215
       215
       +
                 mockStorage.read(key: storageKey),

     

       216
       216
       +
               ).thenAnswer((_) async => sessionJson);

     

       183
       217
        
       

     

       184
       184
       -
             // Act - Simulate different parts of the app requesting the service

     

       185
       185
       -
             await authProvider.restoreSession();

     

       218
       218
       +
               // Act - Simulate different parts of the app requesting the service

     

       219
       219
       +
               await authProvider.restoreSession();

     

       186
       220
        
       

     

       187
       187
       -
             final apiService = CovesAuthService();

     

       188
       188
       -
             final voteService = CovesAuthService();

     

       189
       189
       -
             final feedService = CovesAuthService();

     

       221
       221
       +
               final apiService = CovesAuthService();

     

       222
       222
       +
               final voteService = CovesAuthService();

     

       223
       223
       +
               final feedService = CovesAuthService();

     

       190
       224
        
       

     

       191
       191
       -
             // Assert - All should have access to the same session state

     

       192
       192
       -
             expect(apiService.isAuthenticated, isTrue);

     

       193
       193
       -
             expect(voteService.isAuthenticated, isTrue);

     

       194
       194
       -
             expect(feedService.isAuthenticated, isTrue);

     

       195
       195
       -
             expect(apiService.getToken(), 'test-token');

     

       196
       196
       -
             expect(voteService.getToken(), 'test-token');

     

       197
       197
       -
             expect(feedService.getToken(), 'test-token');

     

       225
       225
       +
               // Assert - All should have access to the same session state

     

       226
       226
       +
               expect(apiService.isAuthenticated, isTrue);

     

       227
       227
       +
               expect(voteService.isAuthenticated, isTrue);

     

       228
       228
       +
               expect(feedService.isAuthenticated, isTrue);

     

       229
       229
       +
               expect(apiService.getToken(), 'test-token');

     

       230
       230
       +
               expect(voteService.getToken(), 'test-token');

     

       231
       231
       +
               expect(feedService.getToken(), 'test-token');

     

       198
       232
        
       

     

       199
       199
       -
             // Storage should only be read once

     

       200
       200
       -
             verify(mockStorage.read(key: storageKey)).called(1);

     

       201
       201
       -
           });

     

       233
       233
       +
               // Storage should only be read once

     

       234
       234
       +
               verify(mockStorage.read(key: storageKey)).called(1);

     

       235
       235
       +
             },

     

       236
       236
       +
           );

     

       202
       237
        
         });

     

       203
       238
        
       }

+542 -424

test/services/coves_auth_service_test.dart

···

       35
       35
        
         group('CovesAuthService', () {

     

       36
       36
        
           group('signIn()', () {

     

       37
       37
        
             test('should throw ArgumentError when handle is empty', () async {

     

       38
       38
       -
               expect(

     

       39
       39
       -
                 () => authService.signIn(''),

     

       40
       40
       -
                 throwsA(isA<ArgumentError>()),

     

       41
       41
       -
               );

     

       38
       38
       +
               expect(() => authService.signIn(''), throwsA(isA<ArgumentError>()));

     

       42
       39
        
             });

     

       43
       40
        
       

     

       44
       44
       -
             test('should throw ArgumentError when handle is whitespace-only',

     

       45
       45
       -
                 () async {

     

       46
       46
       -
               expect(

     

       47
       47
       -
                 () => authService.signIn('   '),

     

       48
       48
       -
                 throwsA(isA<ArgumentError>()),

     

       49
       49
       -
               );

     

       50
       50
       -
             });

     

       41
       41
       +
             test(

     

       42
       42
       +
               'should throw ArgumentError when handle is whitespace-only',

     

       43
       43
       +
               () async {

     

       44
       44
       +
                 expect(

     

       45
       45
       +
                   () => authService.signIn('   '),

     

       46
       46
       +
                   throwsA(isA<ArgumentError>()),

     

       47
       47
       +
                 );

     

       48
       48
       +
               },

     

       49
       49
       +
             );

     

       51
       50
        
       

     

       52
       52
       -
             test('should throw appropriate error when user cancels sign-in',

     

       53
       53
       -
                 () async {

     

       51
       51
       +
             test('should throw appropriate error when user cancels sign-in', () async {

     

       54
       52
        
               // Note: FlutterWebAuth2.authenticate is not easily mockable as it's a static method

     

       55
       53
        
               // This test documents expected behavior when authentication is cancelled

     

       56
       54
        
               // In practice, this would throw with CANCELED/cancelled in the message

     
···

       60
       58
        
               // Skipping for now as it requires more complex mocking infrastructure

     

       61
       59
        
             });

     

       62
       60
        
       

     

       63
       63
       -
             test('should throw Exception when network error occurs during OAuth',

     

       64
       64
       -
                 () async {

     

       65
       65
       -
               // Note: Similar to above, FlutterWebAuth2 static methods are difficult to mock

     

       66
       66
       -
               // This test documents expected behavior

     

       67
       67
       -
               // The actual implementation catches exceptions and rethrows with context

     

       68
       68
       -
             });

     

       61
       61
       +
             test(

     

       62
       62
       +
               'should throw Exception when network error occurs during OAuth',

     

       63
       63
       +
               () async {

     

       64
       64
       +
                 // Note: Similar to above, FlutterWebAuth2 static methods are difficult to mock

     

       65
       65
       +
                 // This test documents expected behavior

     

       66
       66
       +
                 // The actual implementation catches exceptions and rethrows with context

     

       67
       67
       +
               },

     

       68
       68
       +
             );

     

       69
       69
        
       

     

       70
       70
        
             test('should trim handle before processing', () async {

     

       71
       71
        
               // This test verifies the handle trimming logic

     
···

       86
       86
        
               );

     

       87
       87
        
               final jsonString = session.toJsonString();

     

       88
       88
        
       

     

       89
       89
       -
               when(mockStorage.read(key: storageKey))

     

       90
       90
       -
                   .thenAnswer((_) async => jsonString);

     

       89
       89
       +
               when(

     

       90
       90
       +
                 mockStorage.read(key: storageKey),

     

       91
       91
       +
               ).thenAnswer((_) async => jsonString);

     

       91
       92
        
       

     

       92
       93
        
               // Act

     

       93
       94
        
               final result = await authService.restoreSession();

     
···

       103
       104
        
       

     

       104
       105
        
             test('should return null when no stored session exists', () async {

     

       105
       106
        
               // Arrange

     

       106
       106
       -
               when(mockStorage.read(key: storageKey))

     

       107
       107
       -
                   .thenAnswer((_) async => null);

     

       107
       107
       +
               when(mockStorage.read(key: storageKey)).thenAnswer((_) async => null);

     

       108
       108
        
       

     

       109
       109
        
               // Act

     

       110
       110
        
               final result = await authService.restoreSession();

     
···

       117
       117
        
             test('should handle corrupted storage data gracefully', () async {

     

       118
       118
        
               // Arrange

     

       119
       119
        
               const corruptedJson = 'not-valid-json{]';

     

       120
       120
       -
               when(mockStorage.read(key: storageKey))

     

       121
       121
       -
                   .thenAnswer((_) async => corruptedJson);

     

       122
       122
       -
               when(mockStorage.delete(key: storageKey))

     

       123
       123
       -
                   .thenAnswer((_) async => {});

     

       120
       120
       +
               when(

     

       121
       121
       +
                 mockStorage.read(key: storageKey),

     

       122
       122
       +
               ).thenAnswer((_) async => corruptedJson);

     

       123
       123
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       124
       124
        
       

     

       125
       125
        
               // Act

     

       126
       126
        
               final result = await authService.restoreSession();

     
···

       131
       131
        
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       132
       132
        
             });

     

       133
       133
        
       

     

       134
       134
       -
             test('should handle session JSON with missing required fields gracefully',

     

       135
       135
       -
                 () async {

     

       136
       136
       -
               // Arrange

     

       137
       137
       -
               const invalidJson = '{"token": "test"}'; // Missing required fields (did, session_id)

     

       138
       138
       -
               when(mockStorage.read(key: storageKey))

     

       139
       139
       -
                   .thenAnswer((_) async => invalidJson);

     

       140
       140
       -
               when(mockStorage.delete(key: storageKey))

     

       141
       141
       -
                   .thenAnswer((_) async => {});

     

       134
       134
       +
             test(

     

       135
       135
       +
               'should handle session JSON with missing required fields gracefully',

     

       136
       136
       +
               () async {

     

       137
       137
       +
                 // Arrange

     

       138
       138
       +
                 const invalidJson =

     

       139
       139
       +
                     '{"token": "test"}'; // Missing required fields (did, session_id)

     

       140
       140
       +
                 when(

     

       141
       141
       +
                   mockStorage.read(key: storageKey),

     

       142
       142
       +
                 ).thenAnswer((_) async => invalidJson);

     

       143
       143
       +
                 when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       142
       144
        
       

     

       143
       143
       -
               // Act

     

       144
       144
       -
               final result = await authService.restoreSession();

     

       145
       145
       +
                 // Act

     

       146
       146
       +
                 final result = await authService.restoreSession();

     

       145
       147
        
       

     

       146
       146
       -
               // Assert

     

       147
       147
       -
               // Should return null and clear corrupted storage

     

       148
       148
       -
               expect(result, isNull);

     

       149
       149
       -
               verify(mockStorage.read(key: storageKey)).called(1);

     

       150
       150
       -
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       151
       151
       -
             });

     

       148
       148
       +
                 // Assert

     

       149
       149
       +
                 // Should return null and clear corrupted storage

     

       150
       150
       +
                 expect(result, isNull);

     

       151
       151
       +
                 verify(mockStorage.read(key: storageKey)).called(1);

     

       152
       152
       +
                 verify(mockStorage.delete(key: storageKey)).called(1);

     

       153
       153
       +
               },

     

       154
       154
       +
             );

     

       152
       155
        
       

     

       153
       156
        
             test('should handle storage read errors gracefully', () async {

     

       154
       157
        
               // Arrange

     

       155
       155
       -
               when(mockStorage.read(key: storageKey))

     

       156
       156
       -
                   .thenThrow(Exception('Storage error'));

     

       157
       157
       -
               when(mockStorage.delete(key: storageKey))

     

       158
       158
       -
                   .thenAnswer((_) async => {});

     

       158
       158
       +
               when(

     

       159
       159
       +
                 mockStorage.read(key: storageKey),

     

       160
       160
       +
               ).thenThrow(Exception('Storage error'));

     

       161
       161
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       159
       162
        
       

     

       160
       163
        
               // Act

     

       161
       164
        
               final result = await authService.restoreSession();

     
···

       169
       172
        
           group('refreshToken()', () {

     

       170
       173
        
             test('should throw StateError when no session exists', () async {

     

       171
       174
        
               // Act & Assert

     

       172
       172
       -
               expect(

     

       173
       173
       -
                 () => authService.refreshToken(),

     

       174
       174
       -
                 throwsA(isA<StateError>()),

     

       175
       175
       -
               );

     

       175
       175
       +
               expect(() => authService.refreshToken(), throwsA(isA<StateError>()));

     

       176
       176
        
             });

     

       177
       177
        
       

     

       178
       178
       -
             test('should successfully refresh token and return updated session',

     

       179
       179
       -
                 () async {

     

       180
       180
       -
               // Arrange - First restore a session

     

       181
       181
       -
               const initialSession = CovesSession(

     

       182
       182
       -
                 token: 'old-token',

     

       183
       183
       -
                 did: 'did:plc:test123',

     

       184
       184
       -
                 sessionId: 'session-123',

     

       185
       185
       -
                 handle: 'alice.bsky.social',

     

       186
       186
       -
               );

     

       187
       187
       -
               when(mockStorage.read(key: storageKey))

     

       188
       188
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       189
       189
       -
               await authService.restoreSession();

     

       178
       178
       +
             test(

     

       179
       179
       +
               'should successfully refresh token and return updated session',

     

       180
       180
       +
               () async {

     

       181
       181
       +
                 // Arrange - First restore a session

     

       182
       182
       +
                 const initialSession = CovesSession(

     

       183
       183
       +
                   token: 'old-token',

     

       184
       184
       +
                   did: 'did:plc:test123',

     

       185
       185
       +
                   sessionId: 'session-123',

     

       186
       186
       +
                   handle: 'alice.bsky.social',

     

       187
       187
       +
                 );

     

       188
       188
       +
                 when(

     

       189
       189
       +
                   mockStorage.read(key: storageKey),

     

       190
       190
       +
                 ).thenAnswer((_) async => initialSession.toJsonString());

     

       191
       191
       +
                 await authService.restoreSession();

     

       190
       192
        
       

     

       191
       191
       -
               // Mock successful refresh response

     

       192
       192
       -
               const newToken = 'new-refreshed-token';

     

       193
       193
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       194
       194
       -
                 '/oauth/refresh',

     

       195
       195
       -
                 data: anyNamed('data'),

     

       196
       196
       -
               )).thenAnswer((_) async => Response(

     

       193
       193
       +
                 // Mock successful refresh response

     

       194
       194
       +
                 const newToken = 'new-refreshed-token';

     

       195
       195
       +
                 when(

     

       196
       196
       +
                   mockDio.post<Map<String, dynamic>>(

     

       197
       197
       +
                     '/oauth/refresh',

     

       198
       198
       +
                     data: anyNamed('data'),

     

       199
       199
       +
                   ),

     

       200
       200
       +
                 ).thenAnswer(

     

       201
       201
       +
                   (_) async => Response(

     

       197
       202
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       198
       203
        
                     statusCode: 200,

     

       199
       199
       -
                     data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       200
       200
       -
                   ));

     

       204
       204
       +
                     data: {

     

       205
       205
       +
                       'sealed_token': newToken,

     

       206
       206
       +
                       'access_token': 'some-access-token',

     

       207
       207
       +
                     },

     

       208
       208
       +
                   ),

     

       209
       209
       +
                 );

     

       201
       210
        
       

     

       202
       202
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       203
       203
       -
                   .thenAnswer((_) async => {});

     

       211
       211
       +
                 when(

     

       212
       212
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       213
       213
       +
                 ).thenAnswer((_) async => {});

     

       204
       214
        
       

     

       205
       205
       -
               // Act

     

       206
       206
       -
               final result = await authService.refreshToken();

     

       215
       215
       +
                 // Act

     

       216
       216
       +
                 final result = await authService.refreshToken();

     

       207
       217
        
       

     

       208
       208
       -
               // Assert

     

       209
       209
       -
               expect(result.token, newToken);

     

       210
       210
       -
               expect(result.did, 'did:plc:test123');

     

       211
       211
       -
               expect(result.sessionId, 'session-123');

     

       212
       212
       -
               expect(result.handle, 'alice.bsky.social');

     

       213
       213
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       214
       214
       -
                 '/oauth/refresh',

     

       215
       215
       -
                 data: anyNamed('data'),

     

       216
       216
       -
               )).called(1);

     

       217
       217
       -
               verify(mockStorage.write(

     

       218
       218
       -
                 key: storageKey,

     

       219
       219
       -
                 value: anyNamed('value'),

     

       220
       220
       -
               )).called(1);

     

       221
       221
       -
             });

     

       218
       218
       +
                 // Assert

     

       219
       219
       +
                 expect(result.token, newToken);

     

       220
       220
       +
                 expect(result.did, 'did:plc:test123');

     

       221
       221
       +
                 expect(result.sessionId, 'session-123');

     

       222
       222
       +
                 expect(result.handle, 'alice.bsky.social');

     

       223
       223
       +
                 verify(

     

       224
       224
       +
                   mockDio.post<Map<String, dynamic>>(

     

       225
       225
       +
                     '/oauth/refresh',

     

       226
       226
       +
                     data: anyNamed('data'),

     

       227
       227
       +
                   ),

     

       228
       228
       +
                 ).called(1);

     

       229
       229
       +
                 verify(

     

       230
       230
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       231
       231
       +
                 ).called(1);

     

       232
       232
       +
               },

     

       233
       233
       +
             );

     

       222
       234
        
       

     

       223
       235
        
             test('should throw "Session expired" on 401 response', () async {

     

       224
       236
        
               // Arrange - First restore a session

     
···

       227
       239
        
                 did: 'did:plc:test123',

     

       228
       240
        
                 sessionId: 'session-123',

     

       229
       241
        
               );

     

       230
       230
       -
               when(mockStorage.read(key: storageKey))

     

       231
       231
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       242
       242
       +
               when(

     

       243
       243
       +
                 mockStorage.read(key: storageKey),

     

       244
       244
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       232
       245
        
               await authService.restoreSession();

     

       233
       246
        
       

     

       234
       247
        
               // Mock 401 response

     

       235
       235
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       236
       236
       -
                 '/oauth/refresh',

     

       237
       237
       -
                 data: anyNamed('data'),

     

       238
       238
       -
               )).thenThrow(

     

       248
       248
       +
               when(

     

       249
       249
       +
                 mockDio.post<Map<String, dynamic>>(

     

       250
       250
       +
                   '/oauth/refresh',

     

       251
       251
       +
                   data: anyNamed('data'),

     

       252
       252
       +
                 ),

     

       253
       253
       +
               ).thenThrow(

     

       239
       254
        
                 DioException(

     

       240
       255
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       241
       256
        
                   type: DioExceptionType.badResponse,

     
···

       250
       265
        
               expect(

     

       251
       266
        
                 () => authService.refreshToken(),

     

       252
       267
        
                 throwsA(

     

       253
       253
       -
                   predicate((e) =>

     

       254
       254
       -
                       e is Exception && e.toString().contains('Session expired')),

     

       268
       268
       +
                   predicate(

     

       269
       269
       +
                     (e) => e is Exception && e.toString().contains('Session expired'),

     

       270
       270
       +
                   ),

     

       255
       271
        
                 ),

     

       256
       272
        
               );

     

       257
       273
        
             });

     
···

       263
       279
        
                 did: 'did:plc:test123',

     

       264
       280
        
                 sessionId: 'session-123',

     

       265
       281
        
               );

     

       266
       266
       -
               when(mockStorage.read(key: storageKey))

     

       267
       267
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       282
       282
       +
               when(

     

       283
       283
       +
                 mockStorage.read(key: storageKey),

     

       284
       284
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       268
       285
        
               await authService.restoreSession();

     

       269
       286
        
       

     

       270
       287
        
               // Mock network error

     

       271
       271
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       272
       272
       -
                 '/oauth/refresh',

     

       273
       273
       -
                 data: anyNamed('data'),

     

       274
       274
       -
               )).thenThrow(

     

       288
       288
       +
               when(

     

       289
       289
       +
                 mockDio.post<Map<String, dynamic>>(

     

       290
       290
       +
                   '/oauth/refresh',

     

       291
       291
       +
                   data: anyNamed('data'),

     

       292
       292
       +
                 ),

     

       293
       293
       +
               ).thenThrow(

     

       275
       294
        
                 DioException(

     

       276
       295
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       277
       296
        
                   type: DioExceptionType.connectionError,

     
···

       283
       302
        
               expect(

     

       284
       303
        
                 () => authService.refreshToken(),

     

       285
       304
        
                 throwsA(

     

       286
       286
       -
                   predicate((e) =>

     

       287
       287
       -
                       e is Exception &&

     

       288
       288
       -
                       e.toString().contains('Token refresh failed')),

     

       305
       305
       +
                   predicate(

     

       306
       306
       +
                     (e) =>

     

       307
       307
       +
                         e is Exception &&

     

       308
       308
       +
                         e.toString().contains('Token refresh failed'),

     

       309
       309
       +
                   ),

     

       289
       310
        
                 ),

     

       290
       311
        
               );

     

       291
       312
        
             });

     

       292
       313
        
       

     

       293
       293
       -
             test('should throw Exception when response is missing sealed_token', () async {

     

       294
       294
       -
               // Arrange - First restore a session

     

       295
       295
       -
               const session = CovesSession(

     

       296
       296
       -
                 token: 'old-token',

     

       297
       297
       -
                 did: 'did:plc:test123',

     

       298
       298
       -
                 sessionId: 'session-123',

     

       299
       299
       -
               );

     

       300
       300
       -
               when(mockStorage.read(key: storageKey))

     

       301
       301
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       302
       302
       -
               await authService.restoreSession();

     

       314
       314
       +
             test(

     

       315
       315
       +
               'should throw Exception when response is missing sealed_token',

     

       316
       316
       +
               () async {

     

       317
       317
       +
                 // Arrange - First restore a session

     

       318
       318
       +
                 const session = CovesSession(

     

       319
       319
       +
                   token: 'old-token',

     

       320
       320
       +
                   did: 'did:plc:test123',

     

       321
       321
       +
                   sessionId: 'session-123',

     

       322
       322
       +
                 );

     

       323
       323
       +
                 when(

     

       324
       324
       +
                   mockStorage.read(key: storageKey),

     

       325
       325
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       326
       326
       +
                 await authService.restoreSession();

     

       303
       327
        
       

     

       304
       304
       -
               // Mock response without sealed_token

     

       305
       305
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       306
       306
       -
                 '/oauth/refresh',

     

       307
       307
       -
                 data: anyNamed('data'),

     

       308
       308
       -
               )).thenAnswer((_) async => Response(

     

       328
       328
       +
                 // Mock response without sealed_token

     

       329
       329
       +
                 when(

     

       330
       330
       +
                   mockDio.post<Map<String, dynamic>>(

     

       331
       331
       +
                     '/oauth/refresh',

     

       332
       332
       +
                     data: anyNamed('data'),

     

       333
       333
       +
                   ),

     

       334
       334
       +
                 ).thenAnswer(

     

       335
       335
       +
                   (_) async => Response(

     

       309
       336
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       310
       337
        
                     statusCode: 200,

     

       311
       338
        
                     data: {'access_token': 'some-token'}, // No sealed_token field

     

       312
       312
       -
                   ));

     

       339
       339
       +
                   ),

     

       340
       340
       +
                 );

     

       313
       341
        
       

     

       314
       314
       -
               // Act & Assert

     

       315
       315
       -
               expect(

     

       316
       316
       -
                 () => authService.refreshToken(),

     

       317
       317
       -
                 throwsA(

     

       318
       318
       -
                   predicate((e) =>

     

       319
       319
       -
                       e is Exception &&

     

       320
       320
       -
                       e.toString().contains('Invalid refresh response')),

     

       321
       321
       -
                 ),

     

       322
       322
       -
               );

     

       323
       323
       -
             });

     

       342
       342
       +
                 // Act & Assert

     

       343
       343
       +
                 expect(

     

       344
       344
       +
                   () => authService.refreshToken(),

     

       345
       345
       +
                   throwsA(

     

       346
       346
       +
                     predicate(

     

       347
       347
       +
                       (e) =>

     

       348
       348
       +
                           e is Exception &&

     

       349
       349
       +
                           e.toString().contains('Invalid refresh response'),

     

       350
       350
       +
                     ),

     

       351
       351
       +
                   ),

     

       352
       352
       +
                 );

     

       353
       353
       +
               },

     

       354
       354
       +
             );

     

       324
       355
        
       

     

       325
       325
       -
             test('should throw Exception when response sealed_token is empty', () async {

     

       326
       326
       -
               // Arrange - First restore a session

     

       327
       327
       -
               const session = CovesSession(

     

       328
       328
       -
                 token: 'old-token',

     

       329
       329
       -
                 did: 'did:plc:test123',

     

       330
       330
       -
                 sessionId: 'session-123',

     

       331
       331
       -
               );

     

       332
       332
       -
               when(mockStorage.read(key: storageKey))

     

       333
       333
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       334
       334
       -
               await authService.restoreSession();

     

       356
       356
       +
             test(

     

       357
       357
       +
               'should throw Exception when response sealed_token is empty',

     

       358
       358
       +
               () async {

     

       359
       359
       +
                 // Arrange - First restore a session

     

       360
       360
       +
                 const session = CovesSession(

     

       361
       361
       +
                   token: 'old-token',

     

       362
       362
       +
                   did: 'did:plc:test123',

     

       363
       363
       +
                   sessionId: 'session-123',

     

       364
       364
       +
                 );

     

       365
       365
       +
                 when(

     

       366
       366
       +
                   mockStorage.read(key: storageKey),

     

       367
       367
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       368
       368
       +
                 await authService.restoreSession();

     

       335
       369
        
       

     

       336
       336
       -
               // Mock response with empty sealed_token

     

       337
       337
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       338
       338
       -
                 '/oauth/refresh',

     

       339
       339
       -
                 data: anyNamed('data'),

     

       340
       340
       -
               )).thenAnswer((_) async => Response(

     

       370
       370
       +
                 // Mock response with empty sealed_token

     

       371
       371
       +
                 when(

     

       372
       372
       +
                   mockDio.post<Map<String, dynamic>>(

     

       373
       373
       +
                     '/oauth/refresh',

     

       374
       374
       +
                     data: anyNamed('data'),

     

       375
       375
       +
                   ),

     

       376
       376
       +
                 ).thenAnswer(

     

       377
       377
       +
                   (_) async => Response(

     

       341
       378
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       342
       379
        
                     statusCode: 200,

     

       343
       343
       -
                     data: {'sealed_token': '', 'access_token': 'some-token'}, // Empty sealed_token

     

       344
       344
       -
                   ));

     

       380
       380
       +
                     data: {

     

       381
       381
       +
                       'sealed_token': '',

     

       382
       382
       +
                       'access_token': 'some-token',

     

       383
       383
       +
                     }, // Empty sealed_token

     

       384
       384
       +
                   ),

     

       385
       385
       +
                 );

     

       345
       386
        
       

     

       346
       346
       -
               // Act & Assert

     

       347
       347
       -
               expect(

     

       348
       348
       -
                 () => authService.refreshToken(),

     

       349
       349
       -
                 throwsA(

     

       350
       350
       -
                   predicate((e) =>

     

       351
       351
       -
                       e is Exception &&

     

       352
       352
       -
                       e.toString().contains('Invalid refresh response')),

     

       353
       353
       -
                 ),

     

       354
       354
       -
               );

     

       355
       355
       -
             });

     

       387
       387
       +
                 // Act & Assert

     

       388
       388
       +
                 expect(

     

       389
       389
       +
                   () => authService.refreshToken(),

     

       390
       390
       +
                   throwsA(

     

       391
       391
       +
                     predicate(

     

       392
       392
       +
                       (e) =>

     

       393
       393
       +
                           e is Exception &&

     

       394
       394
       +
                           e.toString().contains('Invalid refresh response'),

     

       395
       395
       +
                     ),

     

       396
       396
       +
                   ),

     

       397
       397
       +
                 );

     

       398
       398
       +
               },

     

       399
       399
       +
             );

     

       356
       400
        
           });

     

       357
       401
        
       

     

       358
       402
        
           group('signOut()', () {

     

       359
       359
       -
             test('should clear session and storage on successful server-side logout',

     

       360
       360
       -
                 () async {

     

       361
       361
       -
               // Arrange - First restore a session

     

       362
       362
       -
               const session = CovesSession(

     

       363
       363
       -
                 token: 'test-token',

     

       364
       364
       -
                 did: 'did:plc:test123',

     

       365
       365
       -
                 sessionId: 'session-123',

     

       366
       366
       -
               );

     

       367
       367
       -
               when(mockStorage.read(key: storageKey))

     

       368
       368
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       369
       369
       -
               await authService.restoreSession();

     

       403
       403
       +
             test(

     

       404
       404
       +
               'should clear session and storage on successful server-side logout',

     

       405
       405
       +
               () async {

     

       406
       406
       +
                 // Arrange - First restore a session

     

       407
       407
       +
                 const session = CovesSession(

     

       408
       408
       +
                   token: 'test-token',

     

       409
       409
       +
                   did: 'did:plc:test123',

     

       410
       410
       +
                   sessionId: 'session-123',

     

       411
       411
       +
                 );

     

       412
       412
       +
                 when(

     

       413
       413
       +
                   mockStorage.read(key: storageKey),

     

       414
       414
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       415
       415
       +
                 await authService.restoreSession();

     

       370
       416
        
       

     

       371
       371
       -
               // Mock successful logout

     

       372
       372
       -
               when(mockDio.post<void>(

     

       373
       373
       -
                 '/oauth/logout',

     

       374
       374
       -
                 options: anyNamed('options'),

     

       375
       375
       -
               )).thenAnswer((_) async => Response(

     

       417
       417
       +
                 // Mock successful logout

     

       418
       418
       +
                 when(

     

       419
       419
       +
                   mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       420
       420
       +
                 ).thenAnswer(

     

       421
       421
       +
                   (_) async => Response(

     

       376
       422
        
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       377
       423
        
                     statusCode: 200,

     

       378
       378
       -
                   ));

     

       424
       424
       +
                   ),

     

       425
       425
       +
                 );

     

       379
       426
        
       

     

       380
       380
       -
               when(mockStorage.delete(key: storageKey))

     

       381
       381
       -
                   .thenAnswer((_) async => {});

     

       427
       427
       +
                 when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       382
       428
        
       

     

       383
       383
       -
               // Act

     

       384
       384
       -
               await authService.signOut();

     

       429
       429
       +
                 // Act

     

       430
       430
       +
                 await authService.signOut();

     

       385
       431
        
       

     

       386
       386
       -
               // Assert

     

       387
       387
       -
               expect(authService.session, isNull);

     

       388
       388
       -
               expect(authService.isAuthenticated, isFalse);

     

       389
       389
       -
               verify(mockDio.post<void>(

     

       390
       390
       -
                 '/oauth/logout',

     

       391
       391
       -
                 options: anyNamed('options'),

     

       392
       392
       -
               )).called(1);

     

       393
       393
       -
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       394
       394
       -
             });

     

       432
       432
       +
                 // Assert

     

       433
       433
       +
                 expect(authService.session, isNull);

     

       434
       434
       +
                 expect(authService.isAuthenticated, isFalse);

     

       435
       435
       +
                 verify(

     

       436
       436
       +
                   mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       437
       437
       +
                 ).called(1);

     

       438
       438
       +
                 verify(mockStorage.delete(key: storageKey)).called(1);

     

       439
       439
       +
               },

     

       440
       440
       +
             );

     

       395
       441
        
       

     

       396
       396
       -
             test('should clear local state even when server revocation fails',

     

       397
       397
       -
                 () async {

     

       398
       398
       -
               // Arrange - First restore a session

     

       399
       399
       -
               const session = CovesSession(

     

       400
       400
       -
                 token: 'test-token',

     

       401
       401
       -
                 did: 'did:plc:test123',

     

       402
       402
       -
                 sessionId: 'session-123',

     

       403
       403
       -
               );

     

       404
       404
       -
               when(mockStorage.read(key: storageKey))

     

       405
       405
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       406
       406
       -
               await authService.restoreSession();

     

       442
       442
       +
             test(

     

       443
       443
       +
               'should clear local state even when server revocation fails',

     

       444
       444
       +
               () async {

     

       445
       445
       +
                 // Arrange - First restore a session

     

       446
       446
       +
                 const session = CovesSession(

     

       447
       447
       +
                   token: 'test-token',

     

       448
       448
       +
                   did: 'did:plc:test123',

     

       449
       449
       +
                   sessionId: 'session-123',

     

       450
       450
       +
                 );

     

       451
       451
       +
                 when(

     

       452
       452
       +
                   mockStorage.read(key: storageKey),

     

       453
       453
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       454
       454
       +
                 await authService.restoreSession();

     

       407
       455
        
       

     

       408
       408
       -
               // Mock server error

     

       409
       409
       -
               when(mockDio.post<void>(

     

       410
       410
       -
                 '/oauth/logout',

     

       411
       411
       -
                 options: anyNamed('options'),

     

       412
       412
       -
               )).thenThrow(

     

       413
       413
       -
                 DioException(

     

       414
       414
       -
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       415
       415
       -
                   type: DioExceptionType.connectionError,

     

       416
       416
       -
                   message: 'Connection failed',

     

       417
       417
       -
                 ),

     

       418
       418
       -
               );

     

       456
       456
       +
                 // Mock server error

     

       457
       457
       +
                 when(

     

       458
       458
       +
                   mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       459
       459
       +
                 ).thenThrow(

     

       460
       460
       +
                   DioException(

     

       461
       461
       +
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       462
       462
       +
                     type: DioExceptionType.connectionError,

     

       463
       463
       +
                     message: 'Connection failed',

     

       464
       464
       +
                   ),

     

       465
       465
       +
                 );

     

       419
       466
        
       

     

       420
       420
       -
               when(mockStorage.delete(key: storageKey))

     

       421
       421
       -
                   .thenAnswer((_) async => {});

     

       467
       467
       +
                 when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       422
       468
        
       

     

       423
       423
       -
               // Act

     

       424
       424
       -
               await authService.signOut();

     

       469
       469
       +
                 // Act

     

       470
       470
       +
                 await authService.signOut();

     

       425
       471
        
       

     

       426
       426
       -
               // Assert

     

       427
       427
       -
               expect(authService.session, isNull);

     

       428
       428
       -
               expect(authService.isAuthenticated, isFalse);

     

       429
       429
       -
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       430
       430
       -
             });

     

       472
       472
       +
                 // Assert

     

       473
       473
       +
                 expect(authService.session, isNull);

     

       474
       474
       +
                 expect(authService.isAuthenticated, isFalse);

     

       475
       475
       +
                 verify(mockStorage.delete(key: storageKey)).called(1);

     

       476
       476
       +
               },

     

       477
       477
       +
             );

     

       431
       478
        
       

     

       432
       479
        
             test('should work even when no session exists', () async {

     

       433
       480
        
               // Arrange

     

       434
       434
       -
               when(mockStorage.delete(key: storageKey))

     

       435
       435
       -
                   .thenAnswer((_) async => {});

     

       481
       481
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       436
       482
        
       

     

       437
       483
        
               // Act

     

       438
       484
        
               await authService.signOut();

     
···

       441
       487
        
               expect(authService.session, isNull);

     

       442
       488
        
               expect(authService.isAuthenticated, isFalse);

     

       443
       489
        
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       444
       444
       -
               verifyNever(mockDio.post<void>(

     

       445
       445
       -
                 '/oauth/logout',

     

       446
       446
       -
                 options: anyNamed('options'),

     

       447
       447
       -
               ));

     

       490
       490
       +
               verifyNever(

     

       491
       491
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       492
       492
       +
               );

     

       448
       493
        
             });

     

       449
       494
        
       

     

       450
       495
        
             test('should clear local state even when storage delete fails', () async {

     
···

       454
       499
        
                 did: 'did:plc:test123',

     

       455
       500
        
                 sessionId: 'session-123',

     

       456
       501
        
               );

     

       457
       457
       -
               when(mockStorage.read(key: storageKey))

     

       458
       458
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       502
       502
       +
               when(

     

       503
       503
       +
                 mockStorage.read(key: storageKey),

     

       504
       504
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       459
       505
        
               await authService.restoreSession();

     

       460
       506
        
       

     

       461
       461
       -
               when(mockDio.post<void>(

     

       462
       462
       -
                 '/oauth/logout',

     

       463
       463
       -
                 options: anyNamed('options'),

     

       464
       464
       -
               )).thenAnswer((_) async => Response(

     

       465
       465
       -
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       466
       466
       -
                     statusCode: 200,

     

       467
       467
       -
                   ));

     

       507
       507
       +
               when(

     

       508
       508
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       509
       509
       +
               ).thenAnswer(

     

       510
       510
       +
                 (_) async => Response(

     

       511
       511
       +
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       512
       512
       +
                   statusCode: 200,

     

       513
       513
       +
                 ),

     

       514
       514
       +
               );

     

       468
       515
        
       

     

       469
       469
       -
               when(mockStorage.delete(key: storageKey))

     

       470
       470
       -
                   .thenThrow(Exception('Storage error'));

     

       516
       516
       +
               when(

     

       517
       517
       +
                 mockStorage.delete(key: storageKey),

     

       518
       518
       +
               ).thenThrow(Exception('Storage error'));

     

       471
       519
        
       

     

       472
       520
        
               // Act & Assert - Should not throw

     

       473
       521
        
               expect(() => authService.signOut(), throwsA(isA<Exception>()));

     
···

       485
       533
        
                 did: 'did:plc:test123',

     

       486
       534
        
                 sessionId: 'session-123',

     

       487
       535
        
               );

     

       488
       488
       -
               when(mockStorage.read(key: storageKey))

     

       489
       489
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       536
       536
       +
               when(

     

       537
       537
       +
                 mockStorage.read(key: storageKey),

     

       538
       538
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       490
       539
        
               await authService.restoreSession();

     

       491
       540
        
       

     

       492
       541
        
               // Act

     
···

       511
       560
        
                 did: 'did:plc:test123',

     

       512
       561
        
                 sessionId: 'session-123',

     

       513
       562
        
               );

     

       514
       514
       -
               when(mockStorage.read(key: storageKey))

     

       515
       515
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       563
       563
       +
               when(

     

       564
       564
       +
                 mockStorage.read(key: storageKey),

     

       565
       565
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       516
       566
        
               await authService.restoreSession();

     

       517
       567
        
       

     

       518
       518
       -
               when(mockDio.post<void>(

     

       519
       519
       -
                 '/oauth/logout',

     

       520
       520
       -
                 options: anyNamed('options'),

     

       521
       521
       -
               )).thenAnswer((_) async => Response(

     

       522
       522
       -
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       523
       523
       -
                     statusCode: 200,

     

       524
       524
       -
                   ));

     

       525
       525
       -
               when(mockStorage.delete(key: storageKey))

     

       526
       526
       -
                   .thenAnswer((_) async => {});

     

       568
       568
       +
               when(

     

       569
       569
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       570
       570
       +
               ).thenAnswer(

     

       571
       571
       +
                 (_) async => Response(

     

       572
       572
       +
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       573
       573
       +
                   statusCode: 200,

     

       574
       574
       +
                 ),

     

       575
       575
       +
               );

     

       576
       576
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       527
       577
        
       

     

       528
       578
        
               // Act

     

       529
       579
        
               await authService.signOut();

     
···

       547
       597
        
                 did: 'did:plc:test123',

     

       548
       598
        
                 sessionId: 'session-123',

     

       549
       599
        
               );

     

       550
       550
       -
               when(mockStorage.read(key: storageKey))

     

       551
       551
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       600
       600
       +
               when(

     

       601
       601
       +
                 mockStorage.read(key: storageKey),

     

       602
       602
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       552
       603
        
               await authService.restoreSession();

     

       553
       604
        
       

     

       554
       605
        
               // Assert

     
···

       562
       613
        
                 did: 'did:plc:test123',

     

       563
       614
        
                 sessionId: 'session-123',

     

       564
       615
        
               );

     

       565
       565
       -
               when(mockStorage.read(key: storageKey))

     

       566
       566
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       616
       616
       +
               when(

     

       617
       617
       +
                 mockStorage.read(key: storageKey),

     

       618
       618
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       567
       619
        
               await authService.restoreSession();

     

       568
       620
        
       

     

       569
       569
       -
               when(mockDio.post<void>(

     

       570
       570
       -
                 '/oauth/logout',

     

       571
       571
       -
                 options: anyNamed('options'),

     

       572
       572
       -
               )).thenAnswer((_) async => Response(

     

       573
       573
       -
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       574
       574
       -
                     statusCode: 200,

     

       575
       575
       -
                   ));

     

       576
       576
       -
               when(mockStorage.delete(key: storageKey))

     

       577
       577
       -
                   .thenAnswer((_) async => {});

     

       621
       621
       +
               when(

     

       622
       622
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       623
       623
       +
               ).thenAnswer(

     

       624
       624
       +
                 (_) async => Response(

     

       625
       625
       +
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       626
       626
       +
                   statusCode: 200,

     

       627
       627
       +
                 ),

     

       628
       628
       +
               );

     

       629
       629
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       578
       630
        
       

     

       579
       631
        
               // Act

     

       580
       632
        
               await authService.signOut();

     
···

       592
       644
        
                 did: 'did:plc:test123',

     

       593
       645
        
                 sessionId: 'session-123',

     

       594
       646
        
               );

     

       595
       595
       -
               when(mockStorage.read(key: storageKey))

     

       596
       596
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       647
       647
       +
               when(

     

       648
       648
       +
                 mockStorage.read(key: storageKey),

     

       649
       649
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       597
       650
        
       

     

       598
       651
        
               // Act

     

       599
       652
        
               await authService.restoreSession();

     
···

       611
       664
        
                 did: 'did:plc:test123',

     

       612
       665
        
                 sessionId: 'session-123',

     

       613
       666
        
               );

     

       614
       614
       -
               when(mockStorage.read(key: storageKey))

     

       615
       615
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       667
       667
       +
               when(

     

       668
       668
       +
                 mockStorage.read(key: storageKey),

     

       669
       669
       +
               ).thenAnswer((_) async => initialSession.toJsonString());

     

       616
       670
        
               await authService.restoreSession();

     

       617
       671
        
       

     

       618
       672
        
               const newToken = 'new-token';

     

       619
       619
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       620
       620
       -
                 '/oauth/refresh',

     

       621
       621
       -
                 data: anyNamed('data'),

     

       622
       622
       -
               )).thenAnswer((_) async => Response(

     

       623
       623
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       624
       624
       -
                     statusCode: 200,

     

       625
       625
       -
                     data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       626
       626
       -
                   ));

     

       627
       627
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       628
       628
       -
                   .thenAnswer((_) async => {});

     

       673
       673
       +
               when(

     

       674
       674
       +
                 mockDio.post<Map<String, dynamic>>(

     

       675
       675
       +
                   '/oauth/refresh',

     

       676
       676
       +
                   data: anyNamed('data'),

     

       677
       677
       +
                 ),

     

       678
       678
       +
               ).thenAnswer(

     

       679
       679
       +
                 (_) async => Response(

     

       680
       680
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       681
       681
       +
                   statusCode: 200,

     

       682
       682
       +
                   data: {

     

       683
       683
       +
                     'sealed_token': newToken,

     

       684
       684
       +
                     'access_token': 'some-access-token',

     

       685
       685
       +
                   },

     

       686
       686
       +
                 ),

     

       687
       687
       +
               );

     

       688
       688
       +
               when(

     

       689
       689
       +
                 mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       690
       690
       +
               ).thenAnswer((_) async => {});

     

       629
       691
        
       

     

       630
       692
        
               // Act

     

       631
       693
        
               await authService.refreshToken();

     
···

       637
       699
        
           });

     

       638
       700
        
       

     

       639
       701
        
           group('refreshToken() - Concurrency Protection', () {

     

       640
       640
       -
             test('should only make one API request for concurrent refresh calls',

     

       641
       641
       -
                 () async {

     

       642
       642
       -
               // Arrange - First restore a session

     

       643
       643
       -
               const initialSession = CovesSession(

     

       644
       644
       -
                 token: 'old-token',

     

       645
       645
       -
                 did: 'did:plc:test123',

     

       646
       646
       -
                 sessionId: 'session-123',

     

       647
       647
       -
                 handle: 'alice.bsky.social',

     

       648
       648
       -
               );

     

       649
       649
       -
               when(mockStorage.read(key: storageKey))

     

       650
       650
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       651
       651
       -
               await authService.restoreSession();

     

       702
       702
       +
             test(

     

       703
       703
       +
               'should only make one API request for concurrent refresh calls',

     

       704
       704
       +
               () async {

     

       705
       705
       +
                 // Arrange - First restore a session

     

       706
       706
       +
                 const initialSession = CovesSession(

     

       707
       707
       +
                   token: 'old-token',

     

       708
       708
       +
                   did: 'did:plc:test123',

     

       709
       709
       +
                   sessionId: 'session-123',

     

       710
       710
       +
                   handle: 'alice.bsky.social',

     

       711
       711
       +
                 );

     

       712
       712
       +
                 when(

     

       713
       713
       +
                   mockStorage.read(key: storageKey),

     

       714
       714
       +
                 ).thenAnswer((_) async => initialSession.toJsonString());

     

       715
       715
       +
                 await authService.restoreSession();

     

       652
       716
        
       

     

       653
       653
       -
               const newToken = 'new-refreshed-token';

     

       717
       717
       +
                 const newToken = 'new-refreshed-token';

     

       654
       718
        
       

     

       655
       655
       -
               // Mock refresh response with a delay to simulate network latency

     

       656
       656
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       657
       657
       -
                 '/oauth/refresh',

     

       658
       658
       -
                 data: anyNamed('data'),

     

       659
       659
       -
               )).thenAnswer((_) async {

     

       660
       660
       -
                 await Future.delayed(const Duration(milliseconds: 100));

     

       661
       661
       -
                 return Response(

     

       662
       662
       -
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       663
       663
       -
                   statusCode: 200,

     

       664
       664
       -
                   data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       665
       665
       -
                 );

     

       666
       666
       -
               });

     

       719
       719
       +
                 // Mock refresh response with a delay to simulate network latency

     

       720
       720
       +
                 when(

     

       721
       721
       +
                   mockDio.post<Map<String, dynamic>>(

     

       722
       722
       +
                     '/oauth/refresh',

     

       723
       723
       +
                     data: anyNamed('data'),

     

       724
       724
       +
                   ),

     

       725
       725
       +
                 ).thenAnswer((_) async {

     

       726
       726
       +
                   await Future.delayed(const Duration(milliseconds: 100));

     

       727
       727
       +
                   return Response(

     

       728
       728
       +
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       729
       729
       +
                     statusCode: 200,

     

       730
       730
       +
                     data: {

     

       731
       731
       +
                       'sealed_token': newToken,

     

       732
       732
       +
                       'access_token': 'some-access-token',

     

       733
       733
       +
                     },

     

       734
       734
       +
                   );

     

       735
       735
       +
                 });

     

       667
       736
        
       

     

       668
       668
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       669
       669
       -
                   .thenAnswer((_) async => {});

     

       737
       737
       +
                 when(

     

       738
       738
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       739
       739
       +
                 ).thenAnswer((_) async => {});

     

       670
       740
        
       

     

       671
       671
       -
               // Act - Launch 3 concurrent refresh calls

     

       672
       672
       -
               final results = await Future.wait([

     

       673
       673
       -
                 authService.refreshToken(),

     

       674
       674
       -
                 authService.refreshToken(),

     

       675
       675
       -
                 authService.refreshToken(),

     

       676
       676
       -
               ]);

     

       741
       741
       +
                 // Act - Launch 3 concurrent refresh calls

     

       742
       742
       +
                 final results = await Future.wait([

     

       743
       743
       +
                   authService.refreshToken(),

     

       744
       744
       +
                   authService.refreshToken(),

     

       745
       745
       +
                   authService.refreshToken(),

     

       746
       746
       +
                 ]);

     

       677
       747
        
       

     

       678
       678
       -
               // Assert - All calls should return the same refreshed session

     

       679
       679
       -
               expect(results.length, 3);

     

       680
       680
       -
               expect(results[0].token, newToken);

     

       681
       681
       -
               expect(results[1].token, newToken);

     

       682
       682
       -
               expect(results[2].token, newToken);

     

       748
       748
       +
                 // Assert - All calls should return the same refreshed session

     

       749
       749
       +
                 expect(results.length, 3);

     

       750
       750
       +
                 expect(results[0].token, newToken);

     

       751
       751
       +
                 expect(results[1].token, newToken);

     

       752
       752
       +
                 expect(results[2].token, newToken);

     

       683
       753
        
       

     

       684
       684
       -
               // Verify only one API call was made

     

       685
       685
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       686
       686
       -
                 '/oauth/refresh',

     

       687
       687
       -
                 data: anyNamed('data'),

     

       688
       688
       -
               )).called(1);

     

       754
       754
       +
                 // Verify only one API call was made

     

       755
       755
       +
                 verify(

     

       756
       756
       +
                   mockDio.post<Map<String, dynamic>>(

     

       757
       757
       +
                     '/oauth/refresh',

     

       758
       758
       +
                     data: anyNamed('data'),

     

       759
       759
       +
                   ),

     

       760
       760
       +
                 ).called(1);

     

       689
       761
        
       

     

       690
       690
       -
               // Verify only one storage write was made

     

       691
       691
       -
               verify(mockStorage.write(

     

       692
       692
       -
                 key: storageKey,

     

       693
       693
       -
                 value: anyNamed('value'),

     

       694
       694
       -
               )).called(1);

     

       695
       695
       -
             });

     

       762
       762
       +
                 // Verify only one storage write was made

     

       763
       763
       +
                 verify(

     

       764
       764
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       765
       765
       +
                 ).called(1);

     

       766
       766
       +
               },

     

       767
       767
       +
             );

     

       696
       768
        
       

     

       697
       769
        
             test('should propagate errors to all concurrent waiters', () async {

     

       698
       770
        
               // Arrange - First restore a session

     
···

       701
       773
        
                 did: 'did:plc:test123',

     

       702
       774
        
                 sessionId: 'session-123',

     

       703
       775
        
               );

     

       704
       704
       -
               when(mockStorage.read(key: storageKey))

     

       705
       705
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       776
       776
       +
               when(

     

       777
       777
       +
                 mockStorage.read(key: storageKey),

     

       778
       778
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       706
       779
        
               await authService.restoreSession();

     

       707
       780
        
       

     

       708
       781
        
               // Mock 401 response with delay

     

       709
       709
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       710
       710
       -
                 '/oauth/refresh',

     

       711
       711
       -
                 data: anyNamed('data'),

     

       712
       712
       -
               )).thenAnswer((_) async {

     

       782
       782
       +
               when(

     

       783
       783
       +
                 mockDio.post<Map<String, dynamic>>(

     

       784
       784
       +
                   '/oauth/refresh',

     

       785
       785
       +
                   data: anyNamed('data'),

     

       786
       786
       +
                 ),

     

       787
       787
       +
               ).thenAnswer((_) async {

     

       713
       788
        
                 await Future.delayed(const Duration(milliseconds: 100));

     

       714
       789
        
                 throw DioException(

     

       715
       790
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     
···

       744
       819
        
               expect(errorCount, 3);

     

       745
       820
        
       

     

       746
       821
        
               // Verify only one API call was made

     

       747
       747
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       748
       748
       -
                 '/oauth/refresh',

     

       749
       749
       -
                 data: anyNamed('data'),

     

       750
       750
       -
               )).called(1);

     

       822
       822
       +
               verify(

     

       823
       823
       +
                 mockDio.post<Map<String, dynamic>>(

     

       824
       824
       +
                   '/oauth/refresh',

     

       825
       825
       +
                   data: anyNamed('data'),

     

       826
       826
       +
                 ),

     

       827
       827
       +
               ).called(1);

     

       751
       828
        
             });

     

       752
       829
        
       

     

       753
       830
        
             test('should allow new refresh after previous one completes', () async {

     
···

       757
       834
        
                 did: 'did:plc:test123',

     

       758
       835
        
                 sessionId: 'session-123',

     

       759
       836
        
               );

     

       760
       760
       -
               when(mockStorage.read(key: storageKey))

     

       761
       761
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       837
       837
       +
               when(

     

       838
       838
       +
                 mockStorage.read(key: storageKey),

     

       839
       839
       +
               ).thenAnswer((_) async => initialSession.toJsonString());

     

       762
       840
        
               await authService.restoreSession();

     

       763
       841
        
       

     

       764
       842
        
               const newToken1 = 'new-token-1';

     

       765
       843
        
               const newToken2 = 'new-token-2';

     

       766
       844
        
       

     

       767
       845
        
               // Mock first refresh

     

       768
       768
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       769
       769
       -
                 '/oauth/refresh',

     

       770
       770
       -
                 data: anyNamed('data'),

     

       771
       771
       -
               )).thenAnswer((_) async => Response(

     

       772
       772
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       773
       773
       -
                     statusCode: 200,

     

       774
       774
       -
                     data: {'sealed_token': newToken1, 'access_token': 'some-access-token'},

     

       775
       775
       -
                   ));

     

       846
       846
       +
               when(

     

       847
       847
       +
                 mockDio.post<Map<String, dynamic>>(

     

       848
       848
       +
                   '/oauth/refresh',

     

       849
       849
       +
                   data: anyNamed('data'),

     

       850
       850
       +
                 ),

     

       851
       851
       +
               ).thenAnswer(

     

       852
       852
       +
                 (_) async => Response(

     

       853
       853
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       854
       854
       +
                   statusCode: 200,

     

       855
       855
       +
                   data: {

     

       856
       856
       +
                     'sealed_token': newToken1,

     

       857
       857
       +
                     'access_token': 'some-access-token',

     

       858
       858
       +
                   },

     

       859
       859
       +
                 ),

     

       860
       860
       +
               );

     

       776
       861
        
       

     

       777
       777
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       778
       778
       -
                   .thenAnswer((_) async => {});

     

       862
       862
       +
               when(

     

       863
       863
       +
                 mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       864
       864
       +
               ).thenAnswer((_) async => {});

     

       779
       865
        
       

     

       780
       866
        
               // Act - First refresh

     

       781
       867
        
               final result1 = await authService.refreshToken();

     
···

       784
       870
        
               expect(result1.token, newToken1);

     

       785
       871
        
       

     

       786
       872
        
               // Now update the mock for the second refresh

     

       787
       787
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       788
       788
       -
                 '/oauth/refresh',

     

       789
       789
       -
                 data: anyNamed('data'),

     

       790
       790
       -
               )).thenAnswer((_) async => Response(

     

       791
       791
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       792
       792
       -
                     statusCode: 200,

     

       793
       793
       -
                     data: {'sealed_token': newToken2, 'access_token': 'some-access-token'},

     

       794
       794
       -
                   ));

     

       873
       873
       +
               when(

     

       874
       874
       +
                 mockDio.post<Map<String, dynamic>>(

     

       875
       875
       +
                   '/oauth/refresh',

     

       876
       876
       +
                   data: anyNamed('data'),

     

       877
       877
       +
                 ),

     

       878
       878
       +
               ).thenAnswer(

     

       879
       879
       +
                 (_) async => Response(

     

       880
       880
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       881
       881
       +
                   statusCode: 200,

     

       882
       882
       +
                   data: {

     

       883
       883
       +
                     'sealed_token': newToken2,

     

       884
       884
       +
                     'access_token': 'some-access-token',

     

       885
       885
       +
                   },

     

       886
       886
       +
                 ),

     

       887
       887
       +
               );

     

       795
       888
        
       

     

       796
       889
        
               // Act - Second refresh (should be allowed since first completed)

     

       797
       890
        
               final result2 = await authService.refreshToken();

     
···

       800
       893
        
               expect(result2.token, newToken2);

     

       801
       894
        
       

     

       802
       895
        
               // Verify two separate API calls were made

     

       803
       803
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       804
       804
       -
                 '/oauth/refresh',

     

       805
       805
       -
                 data: anyNamed('data'),

     

       806
       806
       -
               )).called(2);

     

       896
       896
       +
               verify(

     

       897
       897
       +
                 mockDio.post<Map<String, dynamic>>(

     

       898
       898
       +
                   '/oauth/refresh',

     

       899
       899
       +
                   data: anyNamed('data'),

     

       900
       900
       +
                 ),

     

       901
       901
       +
               ).called(2);

     

       807
       902
        
             });

     

       808
       903
        
       

     

       809
       904
        
             test('should allow new refresh after previous one fails', () async {

     
···

       813
       908
        
                 did: 'did:plc:test123',

     

       814
       909
        
                 sessionId: 'session-123',

     

       815
       910
        
               );

     

       816
       816
       -
               when(mockStorage.read(key: storageKey))

     

       817
       817
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       911
       911
       +
               when(

     

       912
       912
       +
                 mockStorage.read(key: storageKey),

     

       913
       913
       +
               ).thenAnswer((_) async => initialSession.toJsonString());

     

       818
       914
        
               await authService.restoreSession();

     

       819
       915
        
       

     

       820
       916
        
               // Mock first refresh to fail

     

       821
       821
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       822
       822
       -
                 '/oauth/refresh',

     

       823
       823
       -
                 data: anyNamed('data'),

     

       824
       824
       -
               )).thenThrow(

     

       917
       917
       +
               when(

     

       918
       918
       +
                 mockDio.post<Map<String, dynamic>>(

     

       919
       919
       +
                   '/oauth/refresh',

     

       920
       920
       +
                   data: anyNamed('data'),

     

       921
       921
       +
                 ),

     

       922
       922
       +
               ).thenThrow(

     

       825
       923
        
                 DioException(

     

       826
       924
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       827
       925
        
                   type: DioExceptionType.connectionError,

     
···

       845
       943
        
       

     

       846
       944
        
               // Now mock a successful second refresh

     

       847
       945
        
               const newToken = 'new-token-after-retry';

     

       848
       848
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       849
       849
       -
                 '/oauth/refresh',

     

       850
       850
       -
                 data: anyNamed('data'),

     

       851
       851
       -
               )).thenAnswer((_) async => Response(

     

       852
       852
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       853
       853
       -
                     statusCode: 200,

     

       854
       854
       -
                     data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       855
       855
       -
                   ));

     

       946
       946
       +
               when(

     

       947
       947
       +
                 mockDio.post<Map<String, dynamic>>(

     

       948
       948
       +
                   '/oauth/refresh',

     

       949
       949
       +
                   data: anyNamed('data'),

     

       950
       950
       +
                 ),

     

       951
       951
       +
               ).thenAnswer(

     

       952
       952
       +
                 (_) async => Response(

     

       953
       953
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       954
       954
       +
                   statusCode: 200,

     

       955
       955
       +
                   data: {

     

       956
       956
       +
                     'sealed_token': newToken,

     

       957
       957
       +
                     'access_token': 'some-access-token',

     

       958
       958
       +
                   },

     

       959
       959
       +
                 ),

     

       960
       960
       +
               );

     

       856
       961
        
       

     

       857
       857
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       858
       858
       -
                   .thenAnswer((_) async => {});

     

       962
       962
       +
               when(

     

       963
       963
       +
                 mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       964
       964
       +
               ).thenAnswer((_) async => {});

     

       859
       965
        
       

     

       860
       966
        
               // Act - Second refresh (should be allowed and succeed)

     

       861
       967
        
               final result = await authService.refreshToken();

     
···

       864
       970
        
               expect(result.token, newToken);

     

       865
       971
        
       

     

       866
       972
        
               // Verify two separate API calls were made

     

       867
       867
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       868
       868
       -
                 '/oauth/refresh',

     

       869
       869
       -
                 data: anyNamed('data'),

     

       870
       870
       -
               )).called(2);

     

       973
       973
       +
               verify(

     

       974
       974
       +
                 mockDio.post<Map<String, dynamic>>(

     

       975
       975
       +
                   '/oauth/refresh',

     

       976
       976
       +
                   data: anyNamed('data'),

     

       977
       977
       +
                 ),

     

       978
       978
       +
               ).called(2);

     

       871
       979
        
             });

     

       872
       980
        
       

     

       873
       981
        
             test(

     

       874
       874
       -
                 'should handle concurrent calls where one arrives after refresh completes',

     

       875
       875
       -
                 () async {

     

       876
       876
       -
               // Arrange - First restore a session

     

       877
       877
       -
               const initialSession = CovesSession(

     

       878
       878
       -
                 token: 'old-token',

     

       879
       879
       -
                 did: 'did:plc:test123',

     

       880
       880
       -
                 sessionId: 'session-123',

     

       881
       881
       -
               );

     

       882
       882
       -
               when(mockStorage.read(key: storageKey))

     

       883
       883
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       884
       884
       -
               await authService.restoreSession();

     

       982
       982
       +
               'should handle concurrent calls where one arrives after refresh completes',

     

       983
       983
       +
               () async {

     

       984
       984
       +
                 // Arrange - First restore a session

     

       985
       985
       +
                 const initialSession = CovesSession(

     

       986
       986
       +
                   token: 'old-token',

     

       987
       987
       +
                   did: 'did:plc:test123',

     

       988
       988
       +
                   sessionId: 'session-123',

     

       989
       989
       +
                 );

     

       990
       990
       +
                 when(

     

       991
       991
       +
                   mockStorage.read(key: storageKey),

     

       992
       992
       +
                 ).thenAnswer((_) async => initialSession.toJsonString());

     

       993
       993
       +
                 await authService.restoreSession();

     

       885
       994
        
       

     

       886
       886
       -
               const newToken1 = 'new-token-1';

     

       887
       887
       -
               const newToken2 = 'new-token-2';

     

       995
       995
       +
                 const newToken1 = 'new-token-1';

     

       996
       996
       +
                 const newToken2 = 'new-token-2';

     

       888
       997
        
       

     

       889
       889
       -
               var callCount = 0;

     

       998
       998
       +
                 var callCount = 0;

     

       890
       999
        
       

     

       891
       891
       -
               // Mock refresh with different responses

     

       892
       892
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       893
       893
       -
                 '/oauth/refresh',

     

       894
       894
       -
                 data: anyNamed('data'),

     

       895
       895
       -
               )).thenAnswer((_) async {

     

       896
       896
       -
                 callCount++;

     

       897
       897
       -
                 await Future.delayed(const Duration(milliseconds: 50));

     

       898
       898
       -
                 return Response(

     

       899
       899
       -
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       900
       900
       -
                   statusCode: 200,

     

       901
       901
       -
                   data: {'sealed_token': callCount == 1 ? newToken1 : newToken2, 'access_token': 'some-access-token'},

     

       902
       902
       -
                 );

     

       903
       903
       -
               });

     

       1000
       1000
       +
                 // Mock refresh with different responses

     

       1001
       1001
       +
                 when(

     

       1002
       1002
       +
                   mockDio.post<Map<String, dynamic>>(

     

       1003
       1003
       +
                     '/oauth/refresh',

     

       1004
       1004
       +
                     data: anyNamed('data'),

     

       1005
       1005
       +
                   ),

     

       1006
       1006
       +
                 ).thenAnswer((_) async {

     

       1007
       1007
       +
                   callCount++;

     

       1008
       1008
       +
                   await Future.delayed(const Duration(milliseconds: 50));

     

       1009
       1009
       +
                   return Response(

     

       1010
       1010
       +
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       1011
       1011
       +
                     statusCode: 200,

     

       1012
       1012
       +
                     data: {

     

       1013
       1013
       +
                       'sealed_token': callCount == 1 ? newToken1 : newToken2,

     

       1014
       1014
       +
                       'access_token': 'some-access-token',

     

       1015
       1015
       +
                     },

     

       1016
       1016
       +
                   );

     

       1017
       1017
       +
                 });

     

       904
       1018
        
       

     

       905
       905
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       906
       906
       -
                   .thenAnswer((_) async => {});

     

       1019
       1019
       +
                 when(

     

       1020
       1020
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       1021
       1021
       +
                 ).thenAnswer((_) async => {});

     

       907
       1022
        
       

     

       908
       908
       -
               // Act - Start first refresh

     

       909
       909
       -
               final future1 = authService.refreshToken();

     

       1023
       1023
       +
                 // Act - Start first refresh

     

       1024
       1024
       +
                 final future1 = authService.refreshToken();

     

       910
       1025
        
       

     

       911
       911
       -
               // Wait for it to complete

     

       912
       912
       -
               final result1 = await future1;

     

       1026
       1026
       +
                 // Wait for it to complete

     

       1027
       1027
       +
                 final result1 = await future1;

     

       913
       1028
        
       

     

       914
       914
       -
               // Start second refresh after first completes

     

       915
       915
       -
               final result2 = await authService.refreshToken();

     

       1029
       1029
       +
                 // Start second refresh after first completes

     

       1030
       1030
       +
                 final result2 = await authService.refreshToken();

     

       916
       1031
        
       

     

       917
       917
       -
               // Assert

     

       918
       918
       -
               expect(result1.token, newToken1);

     

       919
       919
       -
               expect(result2.token, newToken2);

     

       1032
       1032
       +
                 // Assert

     

       1033
       1033
       +
                 expect(result1.token, newToken1);

     

       1034
       1034
       +
                 expect(result2.token, newToken2);

     

       920
       1035
        
       

     

       921
       921
       -
               // Verify two separate API calls were made

     

       922
       922
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       923
       923
       -
                 '/oauth/refresh',

     

       924
       924
       -
                 data: anyNamed('data'),

     

       925
       925
       -
               )).called(2);

     

       926
       926
       -
             });

     

       1036
       1036
       +
                 // Verify two separate API calls were made

     

       1037
       1037
       +
                 verify(

     

       1038
       1038
       +
                   mockDio.post<Map<String, dynamic>>(

     

       1039
       1039
       +
                     '/oauth/refresh',

     

       1040
       1040
       +
                     data: anyNamed('data'),

     

       1041
       1041
       +
                   ),

     

       1042
       1042
       +
                 ).called(2);

     

       1043
       1043
       +
               },

     

       1044
       1044
       +
             );

     

       927
       1045
        
           });

     

       928
       1046
        
         });

     

       929
       1047
        
       }

+178 -132

test/services/coves_auth_service_validation_test.dart

···

       30
       30
        
         group('Handle Validation', () {

     

       31
       31
        
           group('Valid inputs', () {

     

       32
       32
        
             test('should accept standard handle format', () {

     

       33
       33
       -
               final result =

     

       34
       34
       -
                   authService.validateAndNormalizeHandle('alice.bsky.social');

     

       33
       33
       +
               final result = authService.validateAndNormalizeHandle(

     

       34
       34
       +
                 'alice.bsky.social',

     

       35
       35
       +
               );

     

       35
       36
        
               expect(result, 'alice.bsky.social');

     

       36
       37
        
             });

     

       37
       38
        
       

     

       38
       39
        
             test('should accept handle with @ prefix and strip it', () {

     

       39
       39
       -
               final result =

     

       40
       40
       -
                   authService.validateAndNormalizeHandle('@alice.bsky.social');

     

       40
       40
       +
               final result = authService.validateAndNormalizeHandle(

     

       41
       41
       +
                 '@alice.bsky.social',

     

       42
       42
       +
               );

     

       41
       43
        
               expect(result, 'alice.bsky.social');

     

       42
       44
        
             });

     

       43
       45
        
       

     

       44
       44
       -
             test('should accept handle with leading/trailing whitespace and trim', () {

     

       45
       45
       -
               final result =

     

       46
       46
       -
                   authService.validateAndNormalizeHandle('  alice.bsky.social  ');

     

       47
       47
       -
               expect(result, 'alice.bsky.social');

     

       48
       48
       -
             });

     

       46
       46
       +
             test(

     

       47
       47
       +
               'should accept handle with leading/trailing whitespace and trim',

     

       48
       48
       +
               () {

     

       49
       49
       +
                 final result = authService.validateAndNormalizeHandle(

     

       50
       50
       +
                   '  alice.bsky.social  ',

     

       51
       51
       +
                 );

     

       52
       52
       +
                 expect(result, 'alice.bsky.social');

     

       53
       53
       +
               },

     

       54
       54
       +
             );

     

       49
       55
        
       

     

       50
       56
        
             test('should accept handle with hyphen in segment', () {

     

       51
       51
       -
               final result =

     

       52
       52
       -
                   authService.validateAndNormalizeHandle('alice-bob.bsky.social');

     

       57
       57
       +
               final result = authService.validateAndNormalizeHandle(

     

       58
       58
       +
                 'alice-bob.bsky.social',

     

       59
       59
       +
               );

     

       53
       60
        
               expect(result, 'alice-bob.bsky.social');

     

       54
       61
        
             });

     

       55
       62
        
       

     

       56
       63
        
             test('should accept handle with multiple hyphens', () {

     

       57
       57
       -
               final result = authService

     

       58
       58
       -
                   .validateAndNormalizeHandle('alice-bob-charlie.bsky-app.social');

     

       64
       64
       +
               final result = authService.validateAndNormalizeHandle(

     

       65
       65
       +
                 'alice-bob-charlie.bsky-app.social',

     

       66
       66
       +
               );

     

       59
       67
        
               expect(result, 'alice-bob-charlie.bsky-app.social');

     

       60
       68
        
             });

     

       61
       69
        
       

     

       62
       70
        
             test('should accept handle with multiple subdomains', () {

     

       63
       63
       -
               final result = authService

     

       64
       64
       -
                   .validateAndNormalizeHandle('alice.subdomain.example.com');

     

       71
       71
       +
               final result = authService.validateAndNormalizeHandle(

     

       72
       72
       +
                 'alice.subdomain.example.com',

     

       73
       73
       +
               );

     

       65
       74
        
               expect(result, 'alice.subdomain.example.com');

     

       66
       75
        
             });

     

       67
       76
        
       

     

       68
       77
        
             test('should accept handle with numbers', () {

     

       69
       69
       -
               final result =

     

       70
       70
       -
                   authService.validateAndNormalizeHandle('user123.bsky.social');

     

       78
       78
       +
               final result = authService.validateAndNormalizeHandle(

     

       79
       79
       +
                 'user123.bsky.social',

     

       80
       80
       +
               );

     

       71
       81
        
               expect(result, 'user123.bsky.social');

     

       72
       82
        
             });

     

       73
       83
        
       

     

       74
       84
        
             test('should convert handle to lowercase', () {

     

       75
       75
       -
               final result =

     

       76
       76
       -
                   authService.validateAndNormalizeHandle('Alice.Bsky.Social');

     

       85
       85
       +
               final result = authService.validateAndNormalizeHandle(

     

       86
       86
       +
                 'Alice.Bsky.Social',

     

       87
       87
       +
               );

     

       77
       88
        
               expect(result, 'alice.bsky.social');

     

       78
       89
        
             });

     

       79
       90
        
       

     

       80
       80
       -
             test('should extract and validate handle from Bluesky profile URL (HTTP)', () {

     

       81
       81
       -
               final result = authService.validateAndNormalizeHandle(

     

       82
       82
       -
                   'http://bsky.app/profile/alice.bsky.social');

     

       83
       83
       -
               expect(result, 'alice.bsky.social');

     

       84
       84
       -
             });

     

       91
       91
       +
             test(

     

       92
       92
       +
               'should extract and validate handle from Bluesky profile URL (HTTP)',

     

       93
       93
       +
               () {

     

       94
       94
       +
                 final result = authService.validateAndNormalizeHandle(

     

       95
       95
       +
                   'http://bsky.app/profile/alice.bsky.social',

     

       96
       96
       +
                 );

     

       97
       97
       +
                 expect(result, 'alice.bsky.social');

     

       98
       98
       +
               },

     

       99
       99
       +
             );

     

       85
       100
        
       

     

       86
       86
       -
             test('should extract and validate handle from Bluesky profile URL (HTTPS)', () {

     

       87
       87
       -
               final result = authService.validateAndNormalizeHandle(

     

       88
       88
       -
                   'https://bsky.app/profile/alice.bsky.social');

     

       89
       89
       -
               expect(result, 'alice.bsky.social');

     

       90
       90
       -
             });

     

       101
       101
       +
             test(

     

       102
       102
       +
               'should extract and validate handle from Bluesky profile URL (HTTPS)',

     

       103
       103
       +
               () {

     

       104
       104
       +
                 final result = authService.validateAndNormalizeHandle(

     

       105
       105
       +
                   'https://bsky.app/profile/alice.bsky.social',

     

       106
       106
       +
                 );

     

       107
       107
       +
                 expect(result, 'alice.bsky.social');

     

       108
       108
       +
               },

     

       109
       109
       +
             );

     

       91
       110
        
       

     

       92
       92
       -
             test('should extract and validate handle from Bluesky profile URL with www', () {

     

       93
       93
       -
               final result = authService.validateAndNormalizeHandle(

     

       94
       94
       -
                   'https://www.bsky.app/profile/alice.bsky.social');

     

       95
       95
       -
               expect(result, 'alice.bsky.social');

     

       96
       96
       -
             });

     

       111
       111
       +
             test(

     

       112
       112
       +
               'should extract and validate handle from Bluesky profile URL with www',

     

       113
       113
       +
               () {

     

       114
       114
       +
                 final result = authService.validateAndNormalizeHandle(

     

       115
       115
       +
                   'https://www.bsky.app/profile/alice.bsky.social',

     

       116
       116
       +
                 );

     

       117
       117
       +
                 expect(result, 'alice.bsky.social');

     

       118
       118
       +
               },

     

       119
       119
       +
             );

     

       97
       120
        
       

     

       98
       121
        
             test('should accept DID with plc method', () {

     

       99
       99
       -
               final result =

     

       100
       100
       -
                   authService.validateAndNormalizeHandle('did:plc:abc123def456');

     

       122
       122
       +
               final result = authService.validateAndNormalizeHandle(

     

       123
       123
       +
                 'did:plc:abc123def456',

     

       124
       124
       +
               );

     

       101
       125
        
               expect(result, 'did:plc:abc123def456');

     

       102
       126
        
             });

     

       103
       127
        
       

     

       104
       128
        
             test('should accept DID with web method', () {

     

       105
       105
       -
               final result =

     

       106
       106
       -
                   authService.validateAndNormalizeHandle('did:web:example.com');

     

       129
       129
       +
               final result = authService.validateAndNormalizeHandle(

     

       130
       130
       +
                 'did:web:example.com',

     

       131
       131
       +
               );

     

       107
       132
        
               expect(result, 'did:web:example.com');

     

       108
       133
        
             });

     

       109
       134
        
       

     

       110
       135
        
             test('should accept DID with complex identifier', () {

     

       111
       111
       -
               final result = authService

     

       112
       112
       -
                   .validateAndNormalizeHandle('did:plc:z72i7hdynmk6r22z27h6tvur');

     

       136
       136
       +
               final result = authService.validateAndNormalizeHandle(

     

       137
       137
       +
                 'did:plc:z72i7hdynmk6r22z27h6tvur',

     

       138
       138
       +
               );

     

       113
       139
        
               expect(result, 'did:plc:z72i7hdynmk6r22z27h6tvur');

     

       114
       140
        
             });

     

       115
       141
        
       

     

       116
       142
        
             test('should accept DID with periods and colons in identifier', () {

     

       117
       117
       -
               final result = authService

     

       118
       118
       -
                   .validateAndNormalizeHandle('did:web:example.com:user:alice');

     

       143
       143
       +
               final result = authService.validateAndNormalizeHandle(

     

       144
       144
       +
                 'did:web:example.com:user:alice',

     

       145
       145
       +
               );

     

       119
       146
        
               expect(result, 'did:web:example.com:user:alice');

     

       120
       147
        
             });

     

       121
       148
        
       

     
···

       125
       152
        
             });

     

       126
       153
        
       

     

       127
       154
        
             test('should normalize handle with @ prefix and whitespace', () {

     

       128
       128
       -
               final result =

     

       129
       129
       -
                   authService.validateAndNormalizeHandle('  @Alice.Bsky.Social  ');

     

       155
       155
       +
               final result = authService.validateAndNormalizeHandle(

     

       156
       156
       +
                 '  @Alice.Bsky.Social  ',

     

       157
       157
       +
               );

     

       130
       158
        
               expect(result, 'alice.bsky.social');

     

       131
       159
        
             });

     

       132
       160
        
       

     

       133
       161
        
             test('should accept handle with numeric first segment', () {

     

       134
       134
       -
               final result =

     

       135
       135
       -
                   authService.validateAndNormalizeHandle('123.bsky.social');

     

       162
       162
       +
               final result = authService.validateAndNormalizeHandle(

     

       163
       163
       +
                 '123.bsky.social',

     

       164
       164
       +
               );

     

       136
       165
        
               expect(result, '123.bsky.social');

     

       137
       166
        
             });

     

       138
       167
        
       

     

       139
       168
        
             test('should accept handle with numeric middle segment', () {

     

       140
       140
       -
               final result =

     

       141
       141
       -
                   authService.validateAndNormalizeHandle('alice.456.social');

     

       169
       169
       +
               final result = authService.validateAndNormalizeHandle(

     

       170
       170
       +
                 'alice.456.social',

     

       171
       171
       +
               );

     

       142
       172
        
               expect(result, 'alice.456.social');

     

       143
       173
        
             });

     

       144
       174
        
       

     

       145
       175
        
             test('should accept handle with multiple numeric segments', () {

     

       146
       146
       -
               final result =

     

       147
       147
       -
                   authService.validateAndNormalizeHandle('42.example.com');

     

       176
       176
       +
               final result = authService.validateAndNormalizeHandle('42.example.com');

     

       148
       177
        
               expect(result, '42.example.com');

     

       149
       178
        
             });

     

       150
       179
        
       

     
···

       154
       183
        
             });

     

       155
       184
        
       

     

       156
       185
        
             test('should accept handle with numeric and alpha mixed', () {

     

       157
       157
       -
               final result =

     

       158
       158
       -
                   authService.validateAndNormalizeHandle('8.cn');

     

       186
       186
       +
               final result = authService.validateAndNormalizeHandle('8.cn');

     

       159
       187
        
               expect(result, '8.cn');

     

       160
       188
        
             });

     

       161
       189
        
       

     

       162
       190
        
             test('should accept handle like IP but with valid TLD', () {

     

       163
       163
       -
               final result =

     

       164
       164
       -
                   authService.validateAndNormalizeHandle('120.0.0.1.com');

     

       191
       191
       +
               final result = authService.validateAndNormalizeHandle('120.0.0.1.com');

     

       165
       192
        
               expect(result, '120.0.0.1.com');

     

       166
       193
        
             });

     

       167
       194
        
           });

     
···

       259
       286
        
               );

     

       260
       287
        
             });

     

       261
       288
        
       

     

       262
       262
       -
             test('should throw ArgumentError for handle with consecutive periods', () {

     

       263
       263
       -
               expect(

     

       264
       264
       -
                 () => authService.validateAndNormalizeHandle('alice..bsky.social'),

     

       265
       265
       -
                 throwsA(

     

       266
       266
       -
                   predicate(

     

       267
       267
       -
                     (e) =>

     

       268
       268
       -
                         e is ArgumentError &&

     

       269
       269
       -
                         (e.message.toString().contains('empty segments') ||

     

       270
       270
       -
                             e.message.toString().contains('Invalid handle format')),

     

       289
       289
       +
             test(

     

       290
       290
       +
               'should throw ArgumentError for handle with consecutive periods',

     

       291
       291
       +
               () {

     

       292
       292
       +
                 expect(

     

       293
       293
       +
                   () => authService.validateAndNormalizeHandle('alice..bsky.social'),

     

       294
       294
       +
                   throwsA(

     

       295
       295
       +
                     predicate(

     

       296
       296
       +
                       (e) =>

     

       297
       297
       +
                           e is ArgumentError &&

     

       298
       298
       +
                           (e.message.toString().contains('empty segments') ||

     

       299
       299
       +
                               e.message.toString().contains('Invalid handle format')),

     

       300
       300
       +
                     ),

     

       271
       301
        
                   ),

     

       272
       272
       -
                 ),

     

       273
       273
       -
               );

     

       274
       274
       -
             });

     

       302
       302
       +
                 );

     

       303
       303
       +
               },

     

       304
       304
       +
             );

     

       275
       305
        
       

     

       276
       306
        
             test('should throw ArgumentError for handle with spaces', () {

     

       277
       307
        
               expect(

     
···

       338
       368
        
               );

     

       339
       369
        
             });

     

       340
       370
        
       

     

       341
       341
       -
             test('should throw ArgumentError for handle exceeding 253 characters', () {

     

       342
       342
       -
               // Create a handle that's 254 characters long

     

       343
       343
       -
               final longHandle = '${'a' * 240}.bsky.social';

     

       344
       344
       -
               expect(

     

       345
       345
       -
                 () => authService.validateAndNormalizeHandle(longHandle),

     

       346
       346
       -
                 throwsA(

     

       347
       347
       -
                   predicate(

     

       348
       348
       -
                     (e) =>

     

       349
       349
       -
                         e is ArgumentError &&

     

       350
       350
       -
                         e.message.toString().contains('too long'),

     

       371
       371
       +
             test(

     

       372
       372
       +
               'should throw ArgumentError for handle exceeding 253 characters',

     

       373
       373
       +
               () {

     

       374
       374
       +
                 // Create a handle that's 254 characters long

     

       375
       375
       +
                 final longHandle = '${'a' * 240}.bsky.social';

     

       376
       376
       +
                 expect(

     

       377
       377
       +
                   () => authService.validateAndNormalizeHandle(longHandle),

     

       378
       378
       +
                   throwsA(

     

       379
       379
       +
                     predicate(

     

       380
       380
       +
                       (e) =>

     

       381
       381
       +
                           e is ArgumentError &&

     

       382
       382
       +
                           e.message.toString().contains('too long'),

     

       383
       383
       +
                     ),

     

       351
       384
        
                   ),

     

       352
       352
       -
                 ),

     

       353
       353
       -
               );

     

       354
       354
       -
             });

     

       385
       385
       +
                 );

     

       386
       386
       +
               },

     

       387
       387
       +
             );

     

       355
       388
        
       

     

       356
       356
       -
             test('should throw ArgumentError for segment exceeding 63 characters', () {

     

       357
       357
       -
               // DNS label limit is 63 characters per segment

     

       358
       358
       -
               final longSegment = '${'a' * 64}.bsky.social';

     

       359
       359
       -
               expect(

     

       360
       360
       -
                 () => authService.validateAndNormalizeHandle(longSegment),

     

       361
       361
       -
                 throwsA(

     

       362
       362
       -
                   predicate(

     

       363
       363
       -
                     (e) =>

     

       364
       364
       -
                         e is ArgumentError &&

     

       365
       365
       -
                         e.message.toString().contains('too long'),

     

       389
       389
       +
             test(

     

       390
       390
       +
               'should throw ArgumentError for segment exceeding 63 characters',

     

       391
       391
       +
               () {

     

       392
       392
       +
                 // DNS label limit is 63 characters per segment

     

       393
       393
       +
                 final longSegment = '${'a' * 64}.bsky.social';

     

       394
       394
       +
                 expect(

     

       395
       395
       +
                   () => authService.validateAndNormalizeHandle(longSegment),

     

       396
       396
       +
                   throwsA(

     

       397
       397
       +
                     predicate(

     

       398
       398
       +
                       (e) =>

     

       399
       399
       +
                           e is ArgumentError &&

     

       400
       400
       +
                           e.message.toString().contains('too long'),

     

       401
       401
       +
                     ),

     

       366
       402
        
                   ),

     

       367
       367
       -
                 ),

     

       368
       368
       -
               );

     

       369
       369
       -
             });

     

       403
       403
       +
                 );

     

       404
       404
       +
               },

     

       405
       405
       +
             );

     

       370
       406
        
       

     

       371
       407
        
             test('should throw ArgumentError for TLD starting with digit', () {

     

       372
       408
        
               expect(

     
···

       396
       432
        
               );

     

       397
       433
        
             });

     

       398
       434
        
       

     

       399
       399
       -
             test('should throw ArgumentError for IPv4 address (TLD starts with digit)', () {

     

       400
       400
       -
               expect(

     

       401
       401
       -
                 () => authService.validateAndNormalizeHandle('127.0.0.1'),

     

       402
       402
       -
                 throwsA(

     

       403
       403
       -
                   predicate(

     

       404
       404
       -
                     (e) =>

     

       405
       405
       -
                         e is ArgumentError &&

     

       406
       406
       -
                         e.message.toString().contains('TLD') &&

     

       407
       407
       -
                         e.message.toString().contains('cannot start with a digit'),

     

       435
       435
       +
             test(

     

       436
       436
       +
               'should throw ArgumentError for IPv4 address (TLD starts with digit)',

     

       437
       437
       +
               () {

     

       438
       438
       +
                 expect(

     

       439
       439
       +
                   () => authService.validateAndNormalizeHandle('127.0.0.1'),

     

       440
       440
       +
                   throwsA(

     

       441
       441
       +
                     predicate(

     

       442
       442
       +
                       (e) =>

     

       443
       443
       +
                           e is ArgumentError &&

     

       444
       444
       +
                           e.message.toString().contains('TLD') &&

     

       445
       445
       +
                           e.message.toString().contains('cannot start with a digit'),

     

       446
       446
       +
                     ),

     

       408
       447
        
                   ),

     

       409
       409
       -
                 ),

     

       410
       410
       -
               );

     

       411
       411
       -
             });

     

       448
       448
       +
                 );

     

       449
       449
       +
               },

     

       450
       450
       +
             );

     

       412
       451
        
       

     

       413
       452
        
             test('should throw ArgumentError for IPv4 address variant', () {

     

       414
       453
        
               expect(

     
···

       427
       466
        
       

     

       428
       467
        
           group('DID Validation', () {

     

       429
       468
        
             test('should accept valid plc DID', () {

     

       430
       430
       -
               final result =

     

       431
       431
       -
                   authService.validateAndNormalizeHandle('did:plc:abc123');

     

       469
       469
       +
               final result = authService.validateAndNormalizeHandle('did:plc:abc123');

     

       432
       470
        
               expect(result, 'did:plc:abc123');

     

       433
       471
        
             });

     

       434
       472
        
       

     

       435
       473
        
             test('should accept valid web DID', () {

     

       436
       436
       -
               final result =

     

       437
       437
       -
                   authService.validateAndNormalizeHandle('did:web:example.com');

     

       474
       474
       +
               final result = authService.validateAndNormalizeHandle(

     

       475
       475
       +
                 'did:web:example.com',

     

       476
       476
       +
               );

     

       438
       477
        
               expect(result, 'did:web:example.com');

     

       439
       478
        
             });

     

       440
       479
        
       

     

       441
       480
        
             test('should accept DID with underscores in identifier', () {

     

       442
       481
        
               // Underscores are allowed in the DID pattern (part of [a-zA-Z0-9._:%-]+)

     

       443
       443
       -
               final result =

     

       444
       444
       -
                   authService.validateAndNormalizeHandle('did:plc:abc_123');

     

       482
       482
       +
               final result = authService.validateAndNormalizeHandle(

     

       483
       483
       +
                 'did:plc:abc_123',

     

       484
       484
       +
               );

     

       445
       485
        
               expect(result, 'did:plc:abc_123');

     

       446
       486
        
             });

     

       447
       487
        
       

     

       448
       448
       -
             test('should throw ArgumentError for invalid DID with @ special chars', () {

     

       449
       449
       -
               expect(

     

       450
       450
       -
                 () => authService.validateAndNormalizeHandle('did:plc:abc@123'),

     

       451
       451
       -
                 throwsA(

     

       452
       452
       -
                   predicate(

     

       453
       453
       -
                     (e) =>

     

       454
       454
       -
                         e is ArgumentError &&

     

       455
       455
       -
                         e.message.toString().contains('Invalid DID format'),

     

       488
       488
       +
             test(

     

       489
       489
       +
               'should throw ArgumentError for invalid DID with @ special chars',

     

       490
       490
       +
               () {

     

       491
       491
       +
                 expect(

     

       492
       492
       +
                   () => authService.validateAndNormalizeHandle('did:plc:abc@123'),

     

       493
       493
       +
                   throwsA(

     

       494
       494
       +
                     predicate(

     

       495
       495
       +
                       (e) =>

     

       496
       496
       +
                           e is ArgumentError &&

     

       497
       497
       +
                           e.message.toString().contains('Invalid DID format'),

     

       498
       498
       +
                     ),

     

       456
       499
        
                   ),

     

       457
       457
       -
                 ),

     

       458
       458
       -
               );

     

       459
       459
       -
             });

     

       500
       500
       +
                 );

     

       501
       501
       +
               },

     

       502
       502
       +
             );

     

       460
       503
        
       

     

       461
       504
        
             test('should throw ArgumentError for DID with uppercase method', () {

     

       462
       505
        
               expect(

     
···

       484
       527
        
               );

     

       485
       528
        
             });

     

       486
       529
        
       

     

       487
       487
       -
             test('should throw ArgumentError for malformed DID (missing identifier)', () {

     

       488
       488
       -
               expect(

     

       489
       489
       -
                 () => authService.validateAndNormalizeHandle('did:plc'),

     

       490
       490
       -
                 throwsA(

     

       491
       491
       -
                   predicate(

     

       492
       492
       -
                     (e) =>

     

       493
       493
       -
                         e is ArgumentError &&

     

       494
       494
       -
                         e.message.toString().contains('Invalid DID format'),

     

       530
       530
       +
             test(

     

       531
       531
       +
               'should throw ArgumentError for malformed DID (missing identifier)',

     

       532
       532
       +
               () {

     

       533
       533
       +
                 expect(

     

       534
       534
       +
                   () => authService.validateAndNormalizeHandle('did:plc'),

     

       535
       535
       +
                   throwsA(

     

       536
       536
       +
                     predicate(

     

       537
       537
       +
                       (e) =>

     

       538
       538
       +
                           e is ArgumentError &&

     

       539
       539
       +
                           e.message.toString().contains('Invalid DID format'),

     

       540
       540
       +
                     ),

     

       495
       541
        
                   ),

     

       496
       496
       -
                 ),

     

       497
       497
       -
               );

     

       498
       498
       -
             });

     

       542
       542
       +
                 );

     

       543
       543
       +
               },

     

       544
       544
       +
             );

     

       499
       545
        
       

     

       500
       546
        
             test('should throw ArgumentError for malformed DID (missing method)', () {

     

       501
       547
        
               expect(

+52 -67

test/services/vote_service_token_refresh_test.dart

···

       90
       90
        
                 'message': 'Token expired',

     

       91
       91
        
               }),

     

       92
       92
        
               data: {

     

       93
       93
       -
                 'subject': {

     

       94
       94
       -
                   'uri': postUri,

     

       95
       95
       -
                   'cid': postCid,

     

       96
       96
       -
                 },

     

       93
       93
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       97
       94
        
                 'direction': 'up',

     

       98
       95
        
               },

     

       99
       96
        
             );

     
···

       136
       133
        
                 'message': 'Token expired',

     

       137
       134
        
               }),

     

       138
       135
        
               data: {

     

       139
       139
       -
                 'subject': {

     

       140
       140
       -
                   'uri': postUri,

     

       141
       141
       -
                   'cid': postCid,

     

       142
       142
       -
                 },

     

       136
       136
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       143
       137
        
                 'direction': 'up',

     

       144
       138
        
               },

     

       145
       139
        
             );

     
···

       164
       158
        
             expect(signOutCallCount, 1);

     

       165
       159
        
           });

     

       166
       160
        
       

     

       167
       167
       -
           test('should handle 401 gracefully when no refresher is provided',

     

       168
       168
       -
               () async {

     

       169
       169
       -
             // Create a NEW dio instance to avoid sharing interceptors

     

       170
       170
       -
             final dioNoRefresh = Dio(BaseOptions(baseUrl: 'https://api.test.coves.social'));

     

       171
       171
       -
             final dioAdapterNoRefresh = DioAdapter(dio: dioNoRefresh);

     

       161
       161
       +
           test(

     

       162
       162
       +
             'should handle 401 gracefully when no refresher is provided',

     

       163
       163
       +
             () async {

     

       164
       164
       +
               // Create a NEW dio instance to avoid sharing interceptors

     

       165
       165
       +
               final dioNoRefresh = Dio(

     

       166
       166
       +
                 BaseOptions(baseUrl: 'https://api.test.coves.social'),

     

       167
       167
       +
               );

     

       168
       168
       +
               final dioAdapterNoRefresh = DioAdapter(dio: dioNoRefresh);

     

       172
       169
        
       

     

       173
       173
       -
             // Create vote service without refresh capability

     

       174
       174
       -
             final voteServiceNoRefresh = VoteService(

     

       175
       175
       -
               dio: dioNoRefresh,

     

       176
       176
       -
               sessionGetter: mockSessionGetter,

     

       177
       177
       -
               didGetter: mockDidGetter,

     

       178
       178
       -
               // No tokenRefresher provided

     

       179
       179
       -
               // No signOutHandler provided

     

       180
       180
       -
             );

     

       170
       170
       +
               // Create vote service without refresh capability

     

       171
       171
       +
               final voteServiceNoRefresh = VoteService(

     

       172
       172
       +
                 dio: dioNoRefresh,

     

       173
       173
       +
                 sessionGetter: mockSessionGetter,

     

       174
       174
       +
                 didGetter: mockDidGetter,

     

       175
       175
       +
                 // No tokenRefresher provided

     

       176
       176
       +
                 // No signOutHandler provided

     

       177
       177
       +
               );

     

       181
       178
        
       

     

       182
       182
       -
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       183
       183
       -
             const postCid = 'bafy123';

     

       179
       179
       +
               const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       180
       180
       +
               const postCid = 'bafy123';

     

       184
       181
        
       

     

       185
       185
       -
             // Request returns 401

     

       186
       186
       -
             dioAdapterNoRefresh.onPost(

     

       187
       187
       -
               '/xrpc/social.coves.feed.vote.create',

     

       188
       188
       -
               (server) => server.reply(401, {

     

       189
       189
       -
                 'error': 'Unauthorized',

     

       190
       190
       -
                 'message': 'Token expired',

     

       191
       191
       -
               }),

     

       192
       192
       -
               data: {

     

       193
       193
       -
                 'subject': {

     

       194
       194
       -
                   'uri': postUri,

     

       195
       195
       -
                   'cid': postCid,

     

       182
       182
       +
               // Request returns 401

     

       183
       183
       +
               dioAdapterNoRefresh.onPost(

     

       184
       184
       +
                 '/xrpc/social.coves.feed.vote.create',

     

       185
       185
       +
                 (server) => server.reply(401, {

     

       186
       186
       +
                   'error': 'Unauthorized',

     

       187
       187
       +
                   'message': 'Token expired',

     

       188
       188
       +
                 }),

     

       189
       189
       +
                 data: {

     

       190
       190
       +
                   'subject': {'uri': postUri, 'cid': postCid},

     

       191
       191
       +
                   'direction': 'up',

     

       196
       192
        
                 },

     

       197
       197
       -
                 'direction': 'up',

     

       198
       198
       -
               },

     

       199
       199
       -
             );

     

       193
       193
       +
               );

     

       200
       194
        
       

     

       201
       201
       -
             // Make the request and expect it to fail

     

       202
       202
       -
             expect(

     

       203
       203
       -
               () => voteServiceNoRefresh.createVote(

     

       204
       204
       -
                 postUri: postUri,

     

       205
       205
       -
                 postCid: postCid,

     

       206
       206
       -
                 direction: 'up',

     

       207
       207
       -
               ),

     

       208
       208
       -
               throwsA(isA<Exception>()),

     

       209
       209
       -
             );

     

       195
       195
       +
               // Make the request and expect it to fail

     

       196
       196
       +
               expect(

     

       197
       197
       +
                 () => voteServiceNoRefresh.createVote(

     

       198
       198
       +
                   postUri: postUri,

     

       199
       199
       +
                   postCid: postCid,

     

       200
       200
       +
                   direction: 'up',

     

       201
       201
       +
                 ),

     

       202
       202
       +
                 throwsA(isA<Exception>()),

     

       203
       203
       +
               );

     

       210
       204
        
       

     

       211
       211
       -
             // Wait for async operations

     

       212
       212
       -
             await Future.delayed(const Duration(milliseconds: 100));

     

       205
       205
       +
               // Wait for async operations

     

       206
       206
       +
               await Future.delayed(const Duration(milliseconds: 100));

     

       213
       207
        
       

     

       214
       214
       -
             // Verify refresh was NOT called (no refresher provided)

     

       215
       215
       -
             expect(tokenRefreshCallCount, 0);

     

       208
       208
       +
               // Verify refresh was NOT called (no refresher provided)

     

       209
       209
       +
               expect(tokenRefreshCallCount, 0);

     

       216
       210
        
       

     

       217
       217
       -
             // Verify sign-out was NOT called (no handler provided)

     

       218
       218
       -
             expect(signOutCallCount, 0);

     

       219
       219
       -
           });

     

       211
       211
       +
               // Verify sign-out was NOT called (no handler provided)

     

       212
       212
       +
               expect(signOutCallCount, 0);

     

       213
       213
       +
             },

     

       214
       214
       +
           );

     

       220
       215
        
       

     

       221
       216
        
           test('should handle non-401 errors normally without refresh', () async {

     

       222
       217
        
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     
···

       230
       225
        
                 'message': 'Database connection failed',

     

       231
       226
        
               }),

     

       232
       227
        
               data: {

     

       233
       233
       -
                 'subject': {

     

       234
       234
       -
                   'uri': postUri,

     

       235
       235
       -
                   'cid': postCid,

     

       236
       236
       -
                 },

     

       228
       228
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       237
       229
        
                 'direction': 'up',

     

       238
       230
        
               },

     

       239
       231
        
             );

     
···

       268
       260
        
                 'error': 'Unauthorized',

     

       269
       261
        
                 'message': 'Token expired',

     

       270
       262
        
               }),

     

       271
       271
       -
               data: {

     

       272
       272
       -
                 'rkey': rkey,

     

       273
       273
       -
               },

     

       263
       263
       +
               data: {'rkey': rkey},

     

       274
       264
        
             );

     

       275
       265
        
       

     

       276
       266
        
             // Create vote with existing vote (will trigger delete)

     
···

       338
       328
        
                 'cid': 'bafy456',

     

       339
       329
        
               }),

     

       340
       330
        
               data: {

     

       341
       341
       -
                 'subject': {

     

       342
       342
       -
                   'uri': postUri,

     

       343
       343
       -
                   'cid': postCid,

     

       344
       344
       -
                 },

     

       331
       331
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       345
       332
        
                 'direction': 'up',

     

       346
       333
        
               },

     

       347
       334
        
             );

     
···

       364
       351
        
             dioAdapter.onPost(

     

       365
       352
        
               '/xrpc/social.coves.feed.vote.delete',

     

       366
       353
        
               (server) => server.reply(200, {}),

     

       367
       367
       -
               data: {

     

       368
       368
       -
                 'rkey': 'xyz',

     

       369
       369
       -
               },

     

       354
       354
       +
               data: {'rkey': 'xyz'},

     

       370
       355
        
             );

     

       371
       356
        
       

     

       372
       357
        
             // Make second request (delete vote)