commit c8dfae5cbc08177029e0948876891883f45857dc · bretton.dev/coves-mobile

+9 -10

lib/services/coves_api_service.dart

···

       26
        
           Future<bool> Function()? tokenRefresher,

     

       27
        
           Future<void> Function()? signOutHandler,

     

       28
        
           Dio? dio,

     

       29
       -
         })  : _tokenGetter = tokenGetter,

     

       30
       -
               _tokenRefresher = tokenRefresher,

     

       31
       -
               _signOutHandler = signOutHandler {

     

       32
        
           _dio =

     

       33
        
               dio ??

     

       34
        
               Dio(

     
···

       78
        
                   }

     

       79
        
       

     

       80
        
                   // Don't retry the refresh endpoint itself (avoid infinite loop)

     

       81
       -
                   final isRefreshEndpoint =

     

       82
       -
                       error.requestOptions.path.contains('/oauth/refresh');

     

       0
        
       
     

       83
        
                   if (isRefreshEndpoint) {

     

       84
        
                     if (kDebugMode) {

     

       85
        
                       debugPrint(

     
···

       160
        
                     }

     

       161
        
                     // Only sign out if we haven't already (avoid double sign-out)

     

       162
        
                     // Check if this is a DioException from a retried request

     

       163
       -
                     final isRetriedRequest = e is DioException &&

     

       0
        
       
     

       164
        
                         e.response?.statusCode == 401 &&

     

       165
        
                         e.requestOptions.extra['retried'] == true;

     

       166
        
       

     
···

       352
        
             if (kDebugMode) {

     

       353
        
               debugPrint('❌ Error parsing comments response: $e');

     

       354
        
             }

     

       355
       -
             throw ApiException(

     

       356
       -
               'Failed to parse server response',

     

       357
       -
               originalError: e,

     

       358
       -
             );

     

       359
        
           }

     

       360
        
         }

     

       361

···

       26
        
           Future<bool> Function()? tokenRefresher,

     

       27
        
           Future<void> Function()? signOutHandler,

     

       28
        
           Dio? dio,

     

       29
       +
         }) : _tokenGetter = tokenGetter,

     

       30
       +
              _tokenRefresher = tokenRefresher,

     

       31
       +
              _signOutHandler = signOutHandler {

     

       32
        
           _dio =

     

       33
        
               dio ??

     

       34
        
               Dio(

     
···

       78
        
                   }

     

       79
        
       

     

       80
        
                   // Don't retry the refresh endpoint itself (avoid infinite loop)

     

       81
       +
                   final isRefreshEndpoint = error.requestOptions.path.contains(

     

       82
       +
                     '/oauth/refresh',

     

       83
       +
                   );

     

       84
        
                   if (isRefreshEndpoint) {

     

       85
        
                     if (kDebugMode) {

     

       86
        
                       debugPrint(

     
···

       161
        
                     }

     

       162
        
                     // Only sign out if we haven't already (avoid double sign-out)

     

       163
        
                     // Check if this is a DioException from a retried request

     

       164
       +
                     final isRetriedRequest =

     

       165
       +
                         e is DioException &&

     

       166
        
                         e.response?.statusCode == 401 &&

     

       167
        
                         e.requestOptions.extra['retried'] == true;

     

       168
        
       

     
···

       354
        
             if (kDebugMode) {

     

       355
        
               debugPrint('❌ Error parsing comments response: $e');

     

       356
        
             }

     

       357
       +
             throw ApiException('Failed to parse server response', originalError: e);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       358
        
           }

     

       359
        
         }

     

       360

+12 -21

lib/services/coves_auth_service.dart

···

       26
        
       /// 4. Call /oauth/refresh when needed

     

       27
        
       /// 5. Call /oauth/logout to sign out

     

       28
        
       class CovesAuthService {

     

       29
       -
         factory CovesAuthService({

     

       30
       -
           Dio? dio,

     

       31
       -
           FlutterSecureStorage? storage,

     

       32
       -
         }) {

     

       33
        
           _instance ??= CovesAuthService._internal(dio: dio, storage: storage);

     

       34
        
           return _instance!;

     

       35
        
         }

     

       36
        
       

     

       37
       -
         CovesAuthService._internal({

     

       38
       -
           Dio? dio,

     

       39
       -
           FlutterSecureStorage? storage,

     

       40
       -
         }) : _storage = storage ??

     

       41
       -
                   const FlutterSecureStorage(

     

       42
       -
                     aOptions: AndroidOptions(encryptedSharedPreferences: true),

     

       43
       -
                     iOptions: IOSOptions(

     

       44
       -
                       accessibility: KeychainAccessibility.first_unlock,

     

       45
       -
                     ),

     

       46
       -
                   ) {

     

       47
        
           // Initialize Dio if provided, otherwise it will be initialized in initialize()

     

       48
        
           if (dio != null) {

     

       49
        
             _dio = dio;

     
···

       341
        
                 await _dio.post<void>(

     

       342
        
                   '/oauth/logout',

     

       343
        
                   options: Options(

     

       344
       -
                     headers: {

     

       345
       -
                       'Authorization': 'Bearer ${_session!.token}',

     

       346
       -
                     },

     

       347
        
                   ),

     

       348
        
                 );

     

       349
        
       

     
···

       520
        
       

     

       521
        
         /// Save session to secure storage

     

       522
        
         Future<void> _saveSession(CovesSession session) async {

     

       523
       -
           await _storage.write(

     

       524
       -
             key: _storageKey,

     

       525
       -
             value: session.toJsonString(),

     

       526
       -
           );

     

       527
        
         }

     

       528
        
       

     

       529
        
         /// Clear session from secure storage

···

       26
        
       /// 4. Call /oauth/refresh when needed

     

       27
        
       /// 5. Call /oauth/logout to sign out

     

       28
        
       class CovesAuthService {

     

       29
       +
         factory CovesAuthService({Dio? dio, FlutterSecureStorage? storage}) {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       30
        
           _instance ??= CovesAuthService._internal(dio: dio, storage: storage);

     

       31
        
           return _instance!;

     

       32
        
         }

     

       33
        
       

     

       34
       +
         CovesAuthService._internal({Dio? dio, FlutterSecureStorage? storage})

     

       35
       +
           : _storage =

     

       36
       +
                 storage ??

     

       37
       +
                 const FlutterSecureStorage(

     

       38
       +
                   aOptions: AndroidOptions(encryptedSharedPreferences: true),

     

       39
       +
                   iOptions: IOSOptions(

     

       40
       +
                     accessibility: KeychainAccessibility.first_unlock,

     

       41
       +
                   ),

     

       42
       +
                 ) {

     

       0
        
       
     

       43
        
           // Initialize Dio if provided, otherwise it will be initialized in initialize()

     

       44
        
           if (dio != null) {

     

       45
        
             _dio = dio;

     
···

       337
        
                 await _dio.post<void>(

     

       338
        
                   '/oauth/logout',

     

       339
        
                   options: Options(

     

       340
       +
                     headers: {'Authorization': 'Bearer ${_session!.token}'},

     

       0
        
       
     

       0
        
       
     

       341
        
                   ),

     

       342
        
                 );

     

       343
        
       

     
···

       514
        
       

     

       515
        
         /// Save session to secure storage

     

       516
        
         Future<void> _saveSession(CovesSession session) async {

     

       517
       +
           await _storage.write(key: _storageKey, value: session.toJsonString());

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       518
        
         }

     

       519
        
       

     

       520
        
         /// Clear session from secure storage

+16 -16

lib/services/vote_service.dart

···

       35
        
              _didGetter = didGetter,

     

       36
        
              _tokenRefresher = tokenRefresher,

     

       37
        
              _signOutHandler = signOutHandler {

     

       38
       -
           _dio = dio ??

     

       0
        
       
     

       39
        
               Dio(

     

       40
        
                 BaseOptions(

     

       41
        
                   baseUrl: EnvironmentConfig.current.apiUrl,

     
···

       70
        
                 // Handle 401 errors with automatic token refresh

     

       71
        
                 if (error.response?.statusCode == 401 && _tokenRefresher != null) {

     

       72
        
                   if (kDebugMode) {

     

       73
       -
                     debugPrint('🔄 VoteService: 401 detected, attempting token refresh...');

     

       0
        
       
     

       0
        
       
     

       74
        
                   }

     

       75
        
       

     

       76
        
                   // Check if we already retried this request (prevent infinite loop)

     
···

       94
        
       

     

       95
        
                     if (refreshSucceeded) {

     

       96
        
                       if (kDebugMode) {

     

       97
       -
                         debugPrint('✅ VoteService: Token refresh successful, retrying request');

     

       0
        
       
     

       0
        
       
     

       98
        
                       }

     

       99
        
       

     

       100
        
                       // Get the new session

     
···

       128
        
       

     

       129
        
                     // Refresh failed, sign out the user

     

       130
        
                     if (kDebugMode) {

     

       131
       -
                       debugPrint('❌ VoteService: Token refresh failed, signing out user');

     

       0
        
       
     

       0
        
       
     

       132
        
                     }

     

       133
        
                     if (_signOutHandler != null) {

     

       134
        
                       await _signOutHandler();

     
···

       139
        
                     }

     

       140
        
                     // Only sign out if we haven't already (avoid double sign-out)

     

       141
        
                     // Check if this is a DioException from a retried request

     

       142
       -
                     final isRetriedRequest = e is DioException &&

     

       0
        
       
     

       143
        
                         e.response?.statusCode == 401 &&

     

       144
        
                         e.requestOptions.extra['retried'] == true;

     

       145
        
       

     
···

       258
        
       

     

       259
        
             if (isToggleOff) {

     

       260
        
               // Delete existing vote

     

       261
       -
               return _deleteVote(

     

       262
       -
                 session: session,

     

       263
       -
                 rkey: existingVoteRkey,

     

       264
       -
               );

     

       265
        
             }

     

       266
        
       

     

       267
        
             // If switching direction, delete old vote first

     
···

       277
        
             final response = await _dio.post<Map<String, dynamic>>(

     

       278
        
               '/xrpc/social.coves.feed.vote.create',

     

       279
        
               data: {

     

       280
       -
                 'subject': {

     

       281
       -
                   'uri': postUri,

     

       282
       -
                   'cid': postCid,

     

       283
       -
                 },

     

       284
        
                 'direction': direction,

     

       285
        
               },

     

       286
        
             );

     
···

       338
        
             // Note: Authorization header is added by the interceptor

     

       339
        
             await _dio.post<void>(

     

       340
        
               '/xrpc/social.coves.feed.vote.delete',

     

       341
       -
               data: {

     

       342
       -
                 'rkey': rkey,

     

       343
       -
               },

     

       344
        
             );

     

       345
        
       

     

       346
        
             if (kDebugMode) {

···

       35
        
              _didGetter = didGetter,

     

       36
        
              _tokenRefresher = tokenRefresher,

     

       37
        
              _signOutHandler = signOutHandler {

     

       38
       +
           _dio =

     

       39
       +
               dio ??

     

       40
        
               Dio(

     

       41
        
                 BaseOptions(

     

       42
        
                   baseUrl: EnvironmentConfig.current.apiUrl,

     
···

       71
        
                 // Handle 401 errors with automatic token refresh

     

       72
        
                 if (error.response?.statusCode == 401 && _tokenRefresher != null) {

     

       73
        
                   if (kDebugMode) {

     

       74
       +
                     debugPrint(

     

       75
       +
                       '🔄 VoteService: 401 detected, attempting token refresh...',

     

       76
       +
                     );

     

       77
        
                   }

     

       78
        
       

     

       79
        
                   // Check if we already retried this request (prevent infinite loop)

     
···

       97
        
       

     

       98
        
                     if (refreshSucceeded) {

     

       99
        
                       if (kDebugMode) {

     

       100
       +
                         debugPrint(

     

       101
       +
                           '✅ VoteService: Token refresh successful, retrying request',

     

       102
       +
                         );

     

       103
        
                       }

     

       104
        
       

     

       105
        
                       // Get the new session

     
···

       133
        
       

     

       134
        
                     // Refresh failed, sign out the user

     

       135
        
                     if (kDebugMode) {

     

       136
       +
                       debugPrint(

     

       137
       +
                         '❌ VoteService: Token refresh failed, signing out user',

     

       138
       +
                       );

     

       139
        
                     }

     

       140
        
                     if (_signOutHandler != null) {

     

       141
        
                       await _signOutHandler();

     
···

       146
        
                     }

     

       147
        
                     // Only sign out if we haven't already (avoid double sign-out)

     

       148
        
                     // Check if this is a DioException from a retried request

     

       149
       +
                     final isRetriedRequest =

     

       150
       +
                         e is DioException &&

     

       151
        
                         e.response?.statusCode == 401 &&

     

       152
        
                         e.requestOptions.extra['retried'] == true;

     

       153
        
       

     
···

       266
        
       

     

       267
        
             if (isToggleOff) {

     

       268
        
               // Delete existing vote

     

       269
       +
               return _deleteVote(session: session, rkey: existingVoteRkey);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       270
        
             }

     

       271
        
       

     

       272
        
             // If switching direction, delete old vote first

     
···

       282
        
             final response = await _dio.post<Map<String, dynamic>>(

     

       283
        
               '/xrpc/social.coves.feed.vote.create',

     

       284
        
               data: {

     

       285
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       286
        
                 'direction': direction,

     

       287
        
               },

     

       288
        
             );

     
···

       340
        
             // Note: Authorization header is added by the interceptor

     

       341
        
             await _dio.post<void>(

     

       342
        
               '/xrpc/social.coves.feed.vote.delete',

     

       343
       +
               data: {'rkey': rkey},

     

       0
        
       
     

       0
        
       
     

       344
        
             );

     

       345
        
       

     

       346
        
             if (kDebugMode) {

-1

lib/widgets/comment_card.dart

···

       276
        
       

     

       277
        
       /// Custom painter for drawing comment depth indicator lines

     

       278
        
       class _CommentDepthPainter extends CustomPainter {

     

       279
       -
       

     

       280
        
         _CommentDepthPainter({required this.depth});

     

       281
        
         final int depth;

     

       282

···

       276
        
       

     

       277
        
       /// Custom painter for drawing comment depth indicator lines

     

       278
        
       class _CommentDepthPainter extends CustomPainter {

     

       0
        
       
     

       279
        
         _CommentDepthPainter({required this.depth});

     

       280
        
         final int depth;

     

       281

-1

lib/widgets/icons/bluesky_icons.dart

···

       4
        
       /// Bluesky-style navigation icons using SVG assets

     

       5
        
       /// These icons match the design from Bluesky's social-app

     

       6
        
       class BlueSkyIcon extends StatelessWidget {

     

       7
       -
       

     

       8
        
         const BlueSkyIcon({

     

       9
        
           required this.iconName,

     

       10
        
           this.size = 28,

···

       4
        
       /// Bluesky-style navigation icons using SVG assets

     

       5
        
       /// These icons match the design from Bluesky's social-app

     

       6
        
       class BlueSkyIcon extends StatelessWidget {

     

       0
        
       
     

       7
        
         const BlueSkyIcon({

     

       8
        
           required this.iconName,

     

       9
        
           this.size = 28,

+1 -3

lib/widgets/post_action_bar.dart

···

       49
        
           return Container(

     

       50
        
             decoration: const BoxDecoration(

     

       51
        
               color: AppColors.background,

     

       52
       -
               border: Border(

     

       53
       -
                 top: BorderSide(color: AppColors.backgroundSecondary),

     

       54
       -
               ),

     

       55
        
             ),

     

       56
        
             padding: const EdgeInsets.symmetric(horizontal: 16, vertical: 8),

     

       57
        
             child: SafeArea(

···

       49
        
           return Container(

     

       50
        
             decoration: const BoxDecoration(

     

       51
        
               color: AppColors.background,

     

       52
       +
               border: Border(top: BorderSide(color: AppColors.backgroundSecondary)),

     

       0
        
       
     

       0
        
       
     

       53
        
             ),

     

       54
        
             padding: const EdgeInsets.symmetric(horizontal: 16, vertical: 8),

     

       55
        
             child: SafeArea(

+15 -18

lib/widgets/post_card.dart

···

       161
        
                           ),

     

       162
        
                         )

     

       163
        
                       else

     

       164
       -
                         // Title when navigation is disabled

     

       165
       -
                         if (post.post.title != null) ...[

     

       166
       -
                           Text(

     

       167
       -
                             post.post.title!,

     

       168
       -
                             style: TextStyle(

     

       169
       -
                               color: AppColors.textPrimary,

     

       170
       -
                               fontSize: titleFontSize,

     

       171
       -
                               fontWeight: titleFontWeight,

     

       172
       -
                               height: 1.3,

     

       173
       -
                             ),

     

       174
        
                           ),

     

       175
       -
                           if (post.post.embed?.external != null ||

     

       176
       -
                               post.post.text.isNotEmpty)

     

       177
       -
                             const SizedBox(height: 8),

     

       178
       -
                         ],

     

       0
        
       
     

       179
        
       

     

       180
        
                       // Embed (handles its own taps - not wrapped in InkWell)

     

       181
        
                       if (post.post.embed?.external != null) ...[

     
···

       590
        
           // For non-video embeds (images, link previews), make them tappable

     

       591
        
           // to navigate to post detail

     

       592
        
           if (widget.onImageTap != null) {

     

       593
       -
             return GestureDetector(

     

       594
       -
               onTap: widget.onImageTap,

     

       595
       -
               child: thumbnailWidget,

     

       596
       -
             );

     

       597
        
           }

     

       598
        
       

     

       599
        
           // No tap handler provided, just return the thumbnail

···

       161
        
                           ),

     

       162
        
                         )

     

       163
        
                       else

     

       164
       +
                       // Title when navigation is disabled

     

       165
       +
                       if (post.post.title != null) ...[

     

       166
       +
                         Text(

     

       167
       +
                           post.post.title!,

     

       168
       +
                           style: TextStyle(

     

       169
       +
                             color: AppColors.textPrimary,

     

       170
       +
                             fontSize: titleFontSize,

     

       171
       +
                             fontWeight: titleFontWeight,

     

       172
       +
                             height: 1.3,

     

       0
        
       
     

       173
        
                           ),

     

       174
       +
                         ),

     

       175
       +
                         if (post.post.embed?.external != null ||

     

       176
       +
                             post.post.text.isNotEmpty)

     

       177
       +
                           const SizedBox(height: 8),

     

       178
       +
                       ],

     

       179
        
       

     

       180
        
                       // Embed (handles its own taps - not wrapped in InkWell)

     

       181
        
                       if (post.post.embed?.external != null) ...[

     
···

       590
        
           // For non-video embeds (images, link previews), make them tappable

     

       591
        
           // to navigate to post detail

     

       592
        
           if (widget.onImageTap != null) {

     

       593
       +
             return GestureDetector(onTap: widget.onImageTap, child: thumbnailWidget);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       594
        
           }

     

       595
        
       

     

       596
        
           // No tap handler provided, just return the thumbnail

+6 -8

lib/widgets/post_card_actions.dart

···

       120
        
                                   Icon(

     

       121
        
                                     Icons.chat_bubble_outline,

     

       122
        
                                     size: 20,

     

       123
       -
                                     color:

     

       124
       -
                                         AppColors.textPrimary.withValues(

     

       125
       -
                                           alpha: 0.6,

     

       126
       -
                                         ),

     

       127
        
                                   ),

     

       128
        
                                   const SizedBox(width: 5),

     

       129
        
                                   Text(

     

       130
        
                                     DateTimeUtils.formatCount(count),

     

       131
        
                                     style: TextStyle(

     

       132
       -
                                       color:

     

       133
       -
                                           AppColors.textPrimary.withValues(

     

       134
       -
                                             alpha: 0.6,

     

       135
       -
                                           ),

     

       136
        
                                       fontSize: 13,

     

       137
        
                                     ),

     

       138
        
                                   ),

···

       120
        
                                   Icon(

     

       121
        
                                     Icons.chat_bubble_outline,

     

       122
        
                                     size: 20,

     

       123
       +
                                     color: AppColors.textPrimary.withValues(

     

       124
       +
                                       alpha: 0.6,

     

       125
       +
                                     ),

     

       0
        
       
     

       126
        
                                   ),

     

       127
        
                                   const SizedBox(width: 5),

     

       128
        
                                   Text(

     

       129
        
                                     DateTimeUtils.formatCount(count),

     

       130
        
                                     style: TextStyle(

     

       131
       +
                                       color: AppColors.textPrimary.withValues(

     

       132
       +
                                         alpha: 0.6,

     

       133
       +
                                       ),

     

       0
        
       
     

       134
        
                                       fontSize: 13,

     

       135
        
                                     ),

     

       136
        
                                   ),

+13 -37

test/models/coves_session_test.dart

···

       233
        
               'session_id': 'sess456',

     

       234
        
             };

     

       235
        
       

     

       236
       -
             expect(

     

       237
       -
               () => CovesSession.fromJson(json),

     

       238
       -
               throwsA(isA<TypeError>()),

     

       239
       -
             );

     

       240
        
           });

     

       241
        
       

     

       242
        
           test('should throw when did has wrong type', () {

     
···

       246
        
               'session_id': 'sess456',

     

       247
        
             };

     

       248
        
       

     

       249
       -
             expect(

     

       250
       -
               () => CovesSession.fromJson(json),

     

       251
       -
               throwsA(isA<TypeError>()),

     

       252
       -
             );

     

       253
        
           });

     

       254
        
       

     

       255
        
           test('should throw when session_id has wrong type', () {

     
···

       259
        
               'session_id': 123, // Should be String

     

       260
        
             };

     

       261
        
       

     

       262
       -
             expect(

     

       263
       -
               () => CovesSession.fromJson(json),

     

       264
       -
               throwsA(isA<TypeError>()),

     

       265
       -
             );

     

       266
        
           });

     

       267
        
       

     

       268
        
           test('should throw when token field is missing', () {

     

       269
       -
             final json = {

     

       270
       -
               'did': 'did:plc:test123',

     

       271
       -
               'session_id': 'sess456',

     

       272
       -
             };

     

       273
        
       

     

       274
       -
             expect(

     

       275
       -
               () => CovesSession.fromJson(json),

     

       276
       -
               throwsA(isA<TypeError>()),

     

       277
       -
             );

     

       278
        
           });

     

       279
        
       

     

       280
        
           test('should throw when did field is missing', () {

     

       281
       -
             final json = {

     

       282
       -
               'token': 'abc123',

     

       283
       -
               'session_id': 'sess456',

     

       284
       -
             };

     

       285
        
       

     

       286
       -
             expect(

     

       287
       -
               () => CovesSession.fromJson(json),

     

       288
       -
               throwsA(isA<TypeError>()),

     

       289
       -
             );

     

       290
        
           });

     

       291
        
       

     

       292
        
           test('should throw when session_id field is missing', () {

     

       293
       -
             final json = {

     

       294
       -
               'token': 'abc123',

     

       295
       -
               'did': 'did:plc:test123',

     

       296
       -
             };

     

       297
        
       

     

       298
       -
             expect(

     

       299
       -
               () => CovesSession.fromJson(json),

     

       300
       -
               throwsA(isA<TypeError>()),

     

       301
       -
             );

     

       302
        
           });

     

       303
        
       

     

       304
        
           test('should handle extra fields in JSON', () {

     
···

       793
        
             final stringRep = session.toString();

     

       794
        
       

     

       795
        
             expect(stringRep, isNot(contains('Bearer')));

     

       796
       -
             expect(stringRep, isNot(contains('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9')));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       797
        
           });

     

       798
        
         });

     

       799
        
       }

···

       233
        
               'session_id': 'sess456',

     

       234
        
             };

     

       235
        
       

     

       236
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       237
        
           });

     

       238
        
       

     

       239
        
           test('should throw when did has wrong type', () {

     
···

       243
        
               'session_id': 'sess456',

     

       244
        
             };

     

       245
        
       

     

       246
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       247
        
           });

     

       248
        
       

     

       249
        
           test('should throw when session_id has wrong type', () {

     
···

       253
        
               'session_id': 123, // Should be String

     

       254
        
             };

     

       255
        
       

     

       256
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       257
        
           });

     

       258
        
       

     

       259
        
           test('should throw when token field is missing', () {

     

       260
       +
             final json = {'did': 'did:plc:test123', 'session_id': 'sess456'};

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       261
        
       

     

       262
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       263
        
           });

     

       264
        
       

     

       265
        
           test('should throw when did field is missing', () {

     

       266
       +
             final json = {'token': 'abc123', 'session_id': 'sess456'};

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       267
        
       

     

       268
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       269
        
           });

     

       270
        
       

     

       271
        
           test('should throw when session_id field is missing', () {

     

       272
       +
             final json = {'token': 'abc123', 'did': 'did:plc:test123'};

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       273
        
       

     

       274
       +
             expect(() => CovesSession.fromJson(json), throwsA(isA<TypeError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       275
        
           });

     

       276
        
       

     

       277
        
           test('should handle extra fields in JSON', () {

     
···

       766
        
             final stringRep = session.toString();

     

       767
        
       

     

       768
        
             expect(stringRep, isNot(contains('Bearer')));

     

       769
       +
             expect(

     

       770
       +
               stringRep,

     

       771
       +
               isNot(contains('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9')),

     

       772
       +
             );

     

       773
        
           });

     

       774
        
         });

     

       775
        
       }

+3 -2

test/providers/auth_provider_test.dart

···

       152
        
               await authProvider.signIn('alice.bsky.social');

     

       153
        
       

     

       154
        
               // Sign out with error

     

       155
       -
               when(mockAuthService.signOut())

     

       156
       -
                   .thenThrow(Exception('Revocation failed'));

     

       0
        
       
     

       157
        
       

     

       158
        
               await authProvider.signOut();

     

       159

···

       152
        
               await authProvider.signIn('alice.bsky.social');

     

       153
        
       

     

       154
        
               // Sign out with error

     

       155
       +
               when(

     

       156
       +
                 mockAuthService.signOut(),

     

       157
       +
               ).thenThrow(Exception('Revocation failed'));

     

       158
        
       

     

       159
        
               await authProvider.signOut();

     

       160

+4 -15

test/providers/comments_provider_test.dart

···

       89
        
             });

     

       90
        
       

     

       91
        
             test('should handle empty comments response', () async {

     

       92
       -
               final mockResponse = CommentsResponse(

     

       93
       -
                 post: {},

     

       94
       -
                 comments: [],

     

       95
       -
               );

     

       96
        
       

     

       97
        
               when(

     

       98
        
                 mockApiService.getComments(

     
···

       211
        
                 ),

     

       212
        
               ).thenAnswer((_) async => secondResponse);

     

       213
        
       

     

       214
       -
               await commentsProvider.loadComments(

     

       215
       -
                 postUri: testPostUri,

     

       216
       -
               );

     

       217
        
       

     

       218
        
               expect(commentsProvider.comments.length, 2);

     

       219
        
               expect(commentsProvider.comments[0].comment.uri, 'comment1');

     
···

       425
        
             test('should load vote state when authenticated', () async {

     

       426
        
               final mockComments = [_createMockThreadComment('comment1')];

     

       427
        
       

     

       428
       -
               final mockResponse = CommentsResponse(

     

       429
       -
                 post: {},

     

       430
       -
                 comments: mockComments,

     

       431
       -
               );

     

       432
        
       

     

       433
        
               when(

     

       434
        
                 mockApiService.getComments(

     
···

       494
        
             test('should continue loading comments if vote loading fails', () async {

     

       495
        
               final mockComments = [_createMockThreadComment('comment1')];

     

       496
        
       

     

       497
       -
               final mockResponse = CommentsResponse(

     

       498
       -
                 post: {},

     

       499
       -
                 comments: mockComments,

     

       500
       -
               );

     

       501
        
       

     

       502
        
               when(

     

       503
        
                 mockApiService.getComments(

···

       89
        
             });

     

       90
        
       

     

       91
        
             test('should handle empty comments response', () async {

     

       92
       +
               final mockResponse = CommentsResponse(post: {}, comments: []);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       93
        
       

     

       94
        
               when(

     

       95
        
                 mockApiService.getComments(

     
···

       208
        
                 ),

     

       209
        
               ).thenAnswer((_) async => secondResponse);

     

       210
        
       

     

       211
       +
               await commentsProvider.loadComments(postUri: testPostUri);

     

       0
        
       
     

       0
        
       
     

       212
        
       

     

       213
        
               expect(commentsProvider.comments.length, 2);

     

       214
        
               expect(commentsProvider.comments[0].comment.uri, 'comment1');

     
···

       420
        
             test('should load vote state when authenticated', () async {

     

       421
        
               final mockComments = [_createMockThreadComment('comment1')];

     

       422
        
       

     

       423
       +
               final mockResponse = CommentsResponse(post: {}, comments: mockComments);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       424
        
       

     

       425
        
               when(

     

       426
        
                 mockApiService.getComments(

     
···

       486
        
             test('should continue loading comments if vote loading fails', () async {

     

       487
        
               final mockComments = [_createMockThreadComment('comment1')];

     

       488
        
       

     

       489
       +
               final mockResponse = CommentsResponse(post: {}, comments: mockComments);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       490
        
       

     

       491
        
               when(

     

       492
        
                 mockApiService.getComments(

+81 -74

test/services/coves_api_service_token_refresh_test.dart

···

       60
        
             apiService.dispose();

     

       61
        
           });

     

       62
        
       

     

       63
       -
           test('should call token refresher on 401 response but only retry once',

     

       64
       -
               () async {

     

       65
        
             // This test verifies the interceptor detects 401, calls the refresher,

     

       66
        
             // and only retries ONCE to prevent infinite loops (even if retry returns 401).

     

       67
        
       

     
···

       138
        
             expect(signOutCallCount, 1);

     

       139
        
           });

     

       140
        
       

     

       141
       -
           test('should NOT retry refresh endpoint on 401 (avoid infinite loop)',

     

       142
       -
               () async {

     

       143
       -
             // This test verifies that the interceptor checks for /oauth/refresh

     

       144
       -
             // in the path to avoid infinite loops. Due to limitations with mocking

     

       145
       -
             // complex request/response cycles, we test this by verifying the

     

       146
       -
             // signOutHandler gets called when refresh fails.

     

       0
        
       
     

       147
        
       

     

       148
       -
             // Set refresh to fail (simulates refresh endpoint returning 401)

     

       149
       -
             shouldRefreshSucceed = false;

     

       150
        
       

     

       151
       -
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       152
        
       

     

       153
       -
             dioAdapter.onGet(

     

       154
       -
               '/xrpc/social.coves.community.comment.getComments',

     

       155
       -
               (server) => server.reply(401, {

     

       156
       -
                 'error': 'Unauthorized',

     

       157
       -
                 'message': 'Token expired',

     

       158
       -
               }),

     

       159
       -
               queryParameters: {

     

       160
       -
                 'post': postUri,

     

       161
       -
                 'sort': 'hot',

     

       162
       -
                 'depth': 10,

     

       163
       -
                 'limit': 50,

     

       164
       -
               },

     

       165
       -
             );

     

       166
        
       

     

       167
       -
             // Make the request and expect it to fail

     

       168
       -
             expect(

     

       169
       -
               () => apiService.getComments(postUri: postUri),

     

       170
       -
               throwsA(isA<Exception>()),

     

       171
       -
             );

     

       172
        
       

     

       173
       -
             // Wait for async operations to complete

     

       174
       -
             await Future.delayed(const Duration(milliseconds: 100));

     

       175
        
       

     

       176
       -
             // Verify user was signed out (no infinite loop)

     

       177
       -
             expect(signOutCallCount, 1);

     

       178
       -
           });

     

       0
        
       
     

       179
        
       

     

       180
       -
           test('should sign out user if token refresh throws exception', () async {

     

       181
       -
             // Skipped: causes retry loops with http_mock_adapter after disposal

     

       182
       -
             // The core functionality is tested by the "should sign out user if token

     

       183
       -
             // refresh fails" test above.

     

       184
       -
           }, skip: 'Causes retry issues with http_mock_adapter');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       185
        
       

     

       186
       -
           test('should handle 401 gracefully when no refresher is provided',

     

       187
       -
               () async {

     

       188
       -
             // Create API service without refresh capability

     

       189
       -
             final apiServiceNoRefresh = CovesApiService(

     

       190
       -
               dio: dio,

     

       191
       -
               tokenGetter: mockTokenGetter,

     

       192
       -
               // No tokenRefresher provided

     

       193
       -
               // No signOutHandler provided

     

       194
       -
             );

     

       0
        
       
     

       195
        
       

     

       196
       -
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       197
        
       

     

       198
       -
             // Request returns 401

     

       199
       -
             dioAdapter.onGet(

     

       200
       -
               '/xrpc/social.coves.community.comment.getComments',

     

       201
       -
               (server) => server.reply(401, {

     

       202
       -
                 'error': 'Unauthorized',

     

       203
       -
                 'message': 'Token expired',

     

       204
       -
               }),

     

       205
       -
               queryParameters: {

     

       206
       -
                 'post': postUri,

     

       207
       -
                 'sort': 'hot',

     

       208
       -
                 'depth': 10,

     

       209
       -
                 'limit': 50,

     

       210
       -
               },

     

       211
       -
             );

     

       212
        
       

     

       213
       -
             // Make the request and expect it to fail with AuthenticationException

     

       214
       -
             expect(

     

       215
       -
               () => apiServiceNoRefresh.getComments(postUri: postUri),

     

       216
       -
               throwsA(isA<Exception>()),

     

       217
       -
             );

     

       218
        
       

     

       219
       -
             // Verify refresh was NOT called (no refresher provided)

     

       220
       -
             expect(tokenRefreshCallCount, 0);

     

       221
        
       

     

       222
       -
             // Verify sign-out was NOT called (no handler provided)

     

       223
       -
             expect(signOutCallCount, 0);

     

       224
        
       

     

       225
       -
             apiServiceNoRefresh.dispose();

     

       226
       -
           });

     

       0
        
       
     

       227
        
       

     

       228
        
           // Skipped: http_mock_adapter cannot handle stateful request/response cycles

     

       229

···

       60
        
             apiService.dispose();

     

       61
        
           });

     

       62
        
       

     

       63
       +
           test('should call token refresher on 401 response but only retry once', () async {

     

       0
        
       
     

       64
        
             // This test verifies the interceptor detects 401, calls the refresher,

     

       65
        
             // and only retries ONCE to prevent infinite loops (even if retry returns 401).

     

       66
        
       

     
···

       137
        
             expect(signOutCallCount, 1);

     

       138
        
           });

     

       139
        
       

     

       140
       +
           test(

     

       141
       +
             'should NOT retry refresh endpoint on 401 (avoid infinite loop)',

     

       142
       +
             () async {

     

       143
       +
               // This test verifies that the interceptor checks for /oauth/refresh

     

       144
       +
               // in the path to avoid infinite loops. Due to limitations with mocking

     

       145
       +
               // complex request/response cycles, we test this by verifying the

     

       146
       +
               // signOutHandler gets called when refresh fails.

     

       147
        
       

     

       148
       +
               // Set refresh to fail (simulates refresh endpoint returning 401)

     

       149
       +
               shouldRefreshSucceed = false;

     

       150
        
       

     

       151
       +
               const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       152
        
       

     

       153
       +
               dioAdapter.onGet(

     

       154
       +
                 '/xrpc/social.coves.community.comment.getComments',

     

       155
       +
                 (server) => server.reply(401, {

     

       156
       +
                   'error': 'Unauthorized',

     

       157
       +
                   'message': 'Token expired',

     

       158
       +
                 }),

     

       159
       +
                 queryParameters: {

     

       160
       +
                   'post': postUri,

     

       161
       +
                   'sort': 'hot',

     

       162
       +
                   'depth': 10,

     

       163
       +
                   'limit': 50,

     

       164
       +
                 },

     

       165
       +
               );

     

       166
        
       

     

       167
       +
               // Make the request and expect it to fail

     

       168
       +
               expect(

     

       169
       +
                 () => apiService.getComments(postUri: postUri),

     

       170
       +
                 throwsA(isA<Exception>()),

     

       171
       +
               );

     

       172
        
       

     

       173
       +
               // Wait for async operations to complete

     

       174
       +
               await Future.delayed(const Duration(milliseconds: 100));

     

       175
        
       

     

       176
       +
               // Verify user was signed out (no infinite loop)

     

       177
       +
               expect(signOutCallCount, 1);

     

       178
       +
             },

     

       179
       +
           );

     

       180
        
       

     

       181
       +
           test(

     

       182
       +
             'should sign out user if token refresh throws exception',

     

       183
       +
             () async {

     

       184
       +
               // Skipped: causes retry loops with http_mock_adapter after disposal

     

       185
       +
               // The core functionality is tested by the "should sign out user if token

     

       186
       +
               // refresh fails" test above.

     

       187
       +
             },

     

       188
       +
             skip: 'Causes retry issues with http_mock_adapter',

     

       189
       +
           );

     

       190
        
       

     

       191
       +
           test(

     

       192
       +
             'should handle 401 gracefully when no refresher is provided',

     

       193
       +
             () async {

     

       194
       +
               // Create API service without refresh capability

     

       195
       +
               final apiServiceNoRefresh = CovesApiService(

     

       196
       +
                 dio: dio,

     

       197
       +
                 tokenGetter: mockTokenGetter,

     

       198
       +
                 // No tokenRefresher provided

     

       199
       +
                 // No signOutHandler provided

     

       200
       +
               );

     

       201
        
       

     

       202
       +
               const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       203
        
       

     

       204
       +
               // Request returns 401

     

       205
       +
               dioAdapter.onGet(

     

       206
       +
                 '/xrpc/social.coves.community.comment.getComments',

     

       207
       +
                 (server) => server.reply(401, {

     

       208
       +
                   'error': 'Unauthorized',

     

       209
       +
                   'message': 'Token expired',

     

       210
       +
                 }),

     

       211
       +
                 queryParameters: {

     

       212
       +
                   'post': postUri,

     

       213
       +
                   'sort': 'hot',

     

       214
       +
                   'depth': 10,

     

       215
       +
                   'limit': 50,

     

       216
       +
                 },

     

       217
       +
               );

     

       218
        
       

     

       219
       +
               // Make the request and expect it to fail with AuthenticationException

     

       220
       +
               expect(

     

       221
       +
                 () => apiServiceNoRefresh.getComments(postUri: postUri),

     

       222
       +
                 throwsA(isA<Exception>()),

     

       223
       +
               );

     

       224
        
       

     

       225
       +
               // Verify refresh was NOT called (no refresher provided)

     

       226
       +
               expect(tokenRefreshCallCount, 0);

     

       227
        
       

     

       228
       +
               // Verify sign-out was NOT called (no handler provided)

     

       229
       +
               expect(signOutCallCount, 0);

     

       230
        
       

     

       231
       +
               apiServiceNoRefresh.dispose();

     

       232
       +
             },

     

       233
       +
           );

     

       234
        
       

     

       235
        
           // Skipped: http_mock_adapter cannot handle stateful request/response cycles

     

       236

+38 -29

test/services/coves_auth_service_environment_test.dart

···

       70
        
             );

     

       71
        
       

     

       72
        
             // Mock storage read for the environment-specific key

     

       73
       -
             when(mockStorage.read(key: storageKey))

     

       74
       -
                 .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       75
        
       

     

       76
        
             // Act - Restore session

     

       77
        
             final result = await authService.restoreSession();

     
···

       100
        
               handle: 'alice.bsky.social',

     

       101
        
             );

     

       102
        
       

     

       103
       -
             when(mockStorage.read(key: storageKey))

     

       104
       -
                 .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       105
        
             await authService.restoreSession();

     

       106
        
       

     

       107
        
             // Mock successful refresh

     

       108
        
             const newToken = 'new-refreshed-token';

     

       109
       -
             when(mockDio.post<Map<String, dynamic>>(

     

       110
       -
               '/oauth/refresh',

     

       111
       -
               data: anyNamed('data'),

     

       112
       -
             )).thenAnswer((_) async => Response(

     

       113
       -
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       114
       -
                   statusCode: 200,

     

       115
       -
                   data: {

     

       116
       -
                     'sealed_token': newToken,

     

       117
       -
                     'access_token': 'some-access-token'

     

       118
       -
                   },

     

       119
       -
                 ));

     

       0
        
       
     

       120
        
       

     

       121
       -
             when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       122
       -
                 .thenAnswer((_) async => {});

     

       0
        
       
     

       123
        
       

     

       124
        
             // Act - Refresh token (which saves the updated session)

     

       125
        
             await authService.refreshToken();

     

       126
        
       

     

       127
        
             // Assert - Verify environment-specific key was used for saving

     

       128
       -
             verify(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       129
       -
                 .called(1);

     

       0
        
       
     

       130
        
       

     

       131
        
             // Verify the generic key was never used

     

       132
       -
             verifyNever(mockStorage.write(key: 'coves_session', value: anyNamed('value')));

     

       0
        
       
     

       0
        
       
     

       133
        
           });

     

       134
        
       

     

       135
        
           test('should delete sessions using environment-specific keys', () async {

     
···

       144
        
               sessionId: 'session-123',

     

       145
        
             );

     

       146
        
       

     

       147
       -
             when(mockStorage.read(key: storageKey))

     

       148
       -
                 .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       149
        
             await authService.restoreSession();

     

       150
        
       

     

       151
        
             // Mock logout

     

       152
       -
             when(mockDio.post<void>(

     

       153
       -
               '/oauth/logout',

     

       154
       -
               options: anyNamed('options'),

     

       155
       -
             )).thenAnswer((_) async => Response(

     

       156
       -
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       157
       -
                   statusCode: 200,

     

       158
       -
                 ));

     

       0
        
       
     

       159
        
       

     

       160
        
             when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       161

···

       70
        
             );

     

       71
        
       

     

       72
        
             // Mock storage read for the environment-specific key

     

       73
       +
             when(

     

       74
       +
               mockStorage.read(key: storageKey),

     

       75
       +
             ).thenAnswer((_) async => session.toJsonString());

     

       76
        
       

     

       77
        
             // Act - Restore session

     

       78
        
             final result = await authService.restoreSession();

     
···

       101
        
               handle: 'alice.bsky.social',

     

       102
        
             );

     

       103
        
       

     

       104
       +
             when(

     

       105
       +
               mockStorage.read(key: storageKey),

     

       106
       +
             ).thenAnswer((_) async => session.toJsonString());

     

       107
        
             await authService.restoreSession();

     

       108
        
       

     

       109
        
             // Mock successful refresh

     

       110
        
             const newToken = 'new-refreshed-token';

     

       111
       +
             when(

     

       112
       +
               mockDio.post<Map<String, dynamic>>(

     

       113
       +
                 '/oauth/refresh',

     

       114
       +
                 data: anyNamed('data'),

     

       115
       +
               ),

     

       116
       +
             ).thenAnswer(

     

       117
       +
               (_) async => Response(

     

       118
       +
                 requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       119
       +
                 statusCode: 200,

     

       120
       +
                 data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       121
       +
               ),

     

       122
       +
             );

     

       123
        
       

     

       124
       +
             when(

     

       125
       +
               mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       126
       +
             ).thenAnswer((_) async => {});

     

       127
        
       

     

       128
        
             // Act - Refresh token (which saves the updated session)

     

       129
        
             await authService.refreshToken();

     

       130
        
       

     

       131
        
             // Assert - Verify environment-specific key was used for saving

     

       132
       +
             verify(

     

       133
       +
               mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       134
       +
             ).called(1);

     

       135
        
       

     

       136
        
             // Verify the generic key was never used

     

       137
       +
             verifyNever(

     

       138
       +
               mockStorage.write(key: 'coves_session', value: anyNamed('value')),

     

       139
       +
             );

     

       140
        
           });

     

       141
        
       

     

       142
        
           test('should delete sessions using environment-specific keys', () async {

     
···

       151
        
               sessionId: 'session-123',

     

       152
        
             );

     

       153
        
       

     

       154
       +
             when(

     

       155
       +
               mockStorage.read(key: storageKey),

     

       156
       +
             ).thenAnswer((_) async => session.toJsonString());

     

       157
        
             await authService.restoreSession();

     

       158
        
       

     

       159
        
             // Mock logout

     

       160
       +
             when(

     

       161
       +
               mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       162
       +
             ).thenAnswer(

     

       163
       +
               (_) async => Response(

     

       164
       +
                 requestOptions: RequestOptions(path: '/oauth/logout'),

     

       165
       +
                 statusCode: 200,

     

       166
       +
               ),

     

       167
       +
             );

     

       168
        
       

     

       169
        
             when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       170

+37 -20

test/services/coves_auth_service_redaction_test.dart

···

       52
        
             );

     

       53
        
           });

     

       54
        
       

     

       55
       -
           test('should preserve non-sensitive parameters (DID, handle, session_id)',

     

       56
       -
               () {

     

       57
       -
             const testUrl =

     

       58
       -
                 'social.coves:/callback?token=sealed_token_abc123&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social';

     

       0
        
       
     

       59
        
       

     

       60
       -
             final redacted = testUrl.replaceAllMapped(

     

       61
       -
               RegExp(r'token=([^&\s]+)'),

     

       62
       -
               (match) => 'token=[REDACTED]',

     

       63
       -
             );

     

       64
        
       

     

       65
       -
             expect(redacted, contains('did=did:plc:test123'));

     

       66
       -
             expect(redacted, contains('session_id=sess-456'));

     

       67
       -
             expect(redacted, contains('handle=alice.bsky.social'));

     

       68
       -
             expect(redacted, isNot(contains('sealed_token_abc123')));

     

       69
       -
           });

     

       0
        
       
     

       70
        
       

     

       71
        
           test('should handle token as first parameter', () {

     

       72
        
             const testUrl =

     
···

       77
        
               (match) => 'token=[REDACTED]',

     

       78
        
             );

     

       79
        
       

     

       80
       -
             expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       81
        
           });

     

       82
        
       

     

       83
        
           test('should handle token as last parameter', () {

     

       84
       -
             const testUrl = 'social.coves:/callback?did=did:plc:test&token=last_token';

     

       0
        
       
     

       85
        
       

     

       86
        
             final redacted = testUrl.replaceAllMapped(

     

       87
        
               RegExp(r'token=([^&\s]+)'),

     

       88
        
               (match) => 'token=[REDACTED]',

     

       89
        
             );

     

       90
        
       

     

       91
       -
             expect(redacted, 'social.coves:/callback?did=did:plc:test&token=[REDACTED]');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       92
        
           });

     

       93
        
       

     

       94
        
           test('should handle token as only parameter', () {

     
···

       111
        
               (match) => 'token=[REDACTED]',

     

       112
        
             );

     

       113
        
       

     

       114
       -
             expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       115
        
             expect(redacted, isNot(contains('encoded%2Btoken%3D123')));

     

       116
        
           });

     

       117
        
       

     

       118
        
           test('should handle long token values', () {

     

       119
        
             const longToken =

     

       120
        
                 'very_long_sealed_token_with_many_characters_1234567890abcdef';

     

       121
       -
             final testUrl = 'social.coves:/callback?token=$longToken&did=did:plc:test';

     

       0
        
       
     

       122
        
       

     

       123
        
             final redacted = testUrl.replaceAllMapped(

     

       124
        
               RegExp(r'token=([^&\s]+)'),

     

       125
        
               (match) => 'token=[REDACTED]',

     

       126
        
             );

     

       127
        
       

     

       128
       -
             expect(redacted, 'social.coves:/callback?token=[REDACTED]&did=did:plc:test');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       129
        
             expect(redacted, isNot(contains(longToken)));

     

       130
        
           });

     

       131
        
       

     

       132
        
           test('should handle URL without token parameter', () {

     

       133
       -
             const testUrl = 'social.coves:/callback?did=did:plc:test&handle=alice.bsky.social';

     

       0
        
       
     

       134
        
       

     

       135
        
             final redacted = testUrl.replaceAllMapped(

     

       136
        
               RegExp(r'token=([^&\s]+)'),

···

       52
        
             );

     

       53
        
           });

     

       54
        
       

     

       55
       +
           test(

     

       56
       +
             'should preserve non-sensitive parameters (DID, handle, session_id)',

     

       57
       +
             () {

     

       58
       +
               const testUrl =

     

       59
       +
                   'social.coves:/callback?token=sealed_token_abc123&did=did:plc:test123&session_id=sess-456&handle=alice.bsky.social';

     

       60
        
       

     

       61
       +
               final redacted = testUrl.replaceAllMapped(

     

       62
       +
                 RegExp(r'token=([^&\s]+)'),

     

       63
       +
                 (match) => 'token=[REDACTED]',

     

       64
       +
               );

     

       65
        
       

     

       66
       +
               expect(redacted, contains('did=did:plc:test123'));

     

       67
       +
               expect(redacted, contains('session_id=sess-456'));

     

       68
       +
               expect(redacted, contains('handle=alice.bsky.social'));

     

       69
       +
               expect(redacted, isNot(contains('sealed_token_abc123')));

     

       70
       +
             },

     

       71
       +
           );

     

       72
        
       

     

       73
        
           test('should handle token as first parameter', () {

     

       74
        
             const testUrl =

     
···

       79
        
               (match) => 'token=[REDACTED]',

     

       80
        
             );

     

       81
        
       

     

       82
       +
             expect(

     

       83
       +
               redacted,

     

       84
       +
               'social.coves:/callback?token=[REDACTED]&did=did:plc:test',

     

       85
       +
             );

     

       86
        
           });

     

       87
        
       

     

       88
        
           test('should handle token as last parameter', () {

     

       89
       +
             const testUrl =

     

       90
       +
                 'social.coves:/callback?did=did:plc:test&token=last_token';

     

       91
        
       

     

       92
        
             final redacted = testUrl.replaceAllMapped(

     

       93
        
               RegExp(r'token=([^&\s]+)'),

     

       94
        
               (match) => 'token=[REDACTED]',

     

       95
        
             );

     

       96
        
       

     

       97
       +
             expect(

     

       98
       +
               redacted,

     

       99
       +
               'social.coves:/callback?did=did:plc:test&token=[REDACTED]',

     

       100
       +
             );

     

       101
        
           });

     

       102
        
       

     

       103
        
           test('should handle token as only parameter', () {

     
···

       120
        
               (match) => 'token=[REDACTED]',

     

       121
        
             );

     

       122
        
       

     

       123
       +
             expect(

     

       124
       +
               redacted,

     

       125
       +
               'social.coves:/callback?token=[REDACTED]&did=did:plc:test',

     

       126
       +
             );

     

       127
        
             expect(redacted, isNot(contains('encoded%2Btoken%3D123')));

     

       128
        
           });

     

       129
        
       

     

       130
        
           test('should handle long token values', () {

     

       131
        
             const longToken =

     

       132
        
                 'very_long_sealed_token_with_many_characters_1234567890abcdef';

     

       133
       +
             final testUrl =

     

       134
       +
                 'social.coves:/callback?token=$longToken&did=did:plc:test';

     

       135
        
       

     

       136
        
             final redacted = testUrl.replaceAllMapped(

     

       137
        
               RegExp(r'token=([^&\s]+)'),

     

       138
        
               (match) => 'token=[REDACTED]',

     

       139
        
             );

     

       140
        
       

     

       141
       +
             expect(

     

       142
       +
               redacted,

     

       143
       +
               'social.coves:/callback?token=[REDACTED]&did=did:plc:test',

     

       144
       +
             );

     

       145
        
             expect(redacted, isNot(contains(longToken)));

     

       146
        
           });

     

       147
        
       

     

       148
        
           test('should handle URL without token parameter', () {

     

       149
       +
             const testUrl =

     

       150
       +
                 'social.coves:/callback?did=did:plc:test&handle=alice.bsky.social';

     

       151
        
       

     

       152
        
             final redacted = testUrl.replaceAllMapped(

     

       153
        
               RegExp(r'token=([^&\s]+)'),

+87 -52

test/services/coves_auth_service_singleton_test.dart

···

       34
        
             final instance3 = CovesAuthService();

     

       35
        
       

     

       36
        
             // Assert - All should be the exact same instance

     

       37
       -
             expect(identical(instance1, instance2), isTrue,

     

       38
       -
                 reason: 'instance1 and instance2 should be identical');

     

       39
       -
             expect(identical(instance2, instance3), isTrue,

     

       40
       -
                 reason: 'instance2 and instance3 should be identical');

     

       41
       -
             expect(identical(instance1, instance3), isTrue,

     

       42
       -
                 reason: 'instance1 and instance3 should be identical');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       43
        
           });

     

       44
        
       

     

       45
        
           test('should share in-memory session across singleton instances', () async {

     
···

       47
        
             final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       48
        
       

     

       49
        
             // Mock storage to return a valid session

     

       50
       -
             const sessionJson = '{'

     

       0
        
       
     

       51
        
                 '"token": "test-token", '

     

       52
        
                 '"did": "did:plc:test123", '

     

       53
        
                 '"session_id": "session-123", '

     

       54
        
                 '"handle": "alice.bsky.social"'

     

       55
        
                 '}';

     

       56
        
       

     

       57
       -
             when(mockStorage.read(key: storageKey))

     

       58
       -
                 .thenAnswer((_) async => sessionJson);

     

       0
        
       
     

       59
        
       

     

       60
        
             // Act - Restore session using first instance

     

       61
        
             await instance1.restoreSession();

     
···

       77
        
             final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       78
        
       

     

       79
        
             // Mock storage to return a valid session

     

       80
       -
             const sessionJson = '{'

     

       0
        
       
     

       81
        
                 '"token": "old-token", '

     

       82
        
                 '"did": "did:plc:test123", '

     

       83
        
                 '"session_id": "session-123", '

     

       84
        
                 '"handle": "alice.bsky.social"'

     

       85
        
                 '}';

     

       86
        
       

     

       87
       -
             when(mockStorage.read(key: storageKey))

     

       88
       -
                 .thenAnswer((_) async => sessionJson);

     

       0
        
       
     

       89
        
       

     

       90
        
             await instance1.restoreSession();

     

       91
        
       

     

       92
        
             // Mock refresh with delay

     

       93
        
             const newToken = 'refreshed-token';

     

       94
       -
             when(mockDio.post<Map<String, dynamic>>(

     

       95
       -
               '/oauth/refresh',

     

       96
       -
               data: anyNamed('data'),

     

       97
       -
             )).thenAnswer((_) async {

     

       0
        
       
     

       0
        
       
     

       98
        
               await Future.delayed(const Duration(milliseconds: 100));

     

       99
        
               return Response(

     

       100
        
                 requestOptions: RequestOptions(path: '/oauth/refresh'),

     
···

       103
        
               );

     

       104
        
             });

     

       105
        
       

     

       106
       -
             when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       107
       -
                 .thenAnswer((_) async => {});

     

       0
        
       
     

       108
        
       

     

       109
        
             // Act - Start refresh from first instance

     

       110
        
             final refreshFuture1 = instance1.refreshToken();

     
···

       121
        
             expect(results[1].token, newToken);

     

       122
        
       

     

       123
        
             // Verify only one API call was made (mutex protected)

     

       124
       -
             verify(mockDio.post<Map<String, dynamic>>(

     

       125
       -
               '/oauth/refresh',

     

       126
       -
               data: anyNamed('data'),

     

       127
       -
             )).called(1);

     

       0
        
       
     

       0
        
       
     

       128
        
           });

     

       129
        
       

     

       130
        
           test('resetInstance() should clear the singleton', () {

     
···

       148
        
       

     

       149
        
           test('createTestInstance() should bypass singleton', () {

     

       150
        
             // Arrange

     

       151
       -
             final singletonInstance = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       152
        
       

     

       153
        
             // Act - Create a test instance with different dependencies

     

       154
        
             final mockDio2 = MockDio();

     
···

       159
        
             );

     

       160
        
       

     

       161
        
             // Assert - Test instance should be different from singleton

     

       162
       -
             expect(identical(singletonInstance, testInstance), isFalse,

     

       163
       -
                 reason: 'Test instance should not be the singleton');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       164
        
       

     

       165
        
             // Test instance should not affect singleton

     

       166
        
             final singletonCheck = CovesAuthService();

     

       167
       -
             expect(identical(singletonInstance, singletonCheck), isTrue,

     

       168
       -
                 reason: 'Singleton should remain unchanged');

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       169
        
           });

     

       170
        
       

     

       171
       -
           test('should avoid state loss when service is requested from multiple entry points', () async {

     

       172
       -
             // Arrange

     

       173
       -
             final authProvider = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       174
        
       

     

       175
       -
             const sessionJson = '{'

     

       176
       -
                 '"token": "test-token", '

     

       177
       -
                 '"did": "did:plc:test123", '

     

       178
       -
                 '"session_id": "session-123"'

     

       179
       -
                 '}';

     

       0
        
       
     

       180
        
       

     

       181
       -
             when(mockStorage.read(key: storageKey))

     

       182
       -
                 .thenAnswer((_) async => sessionJson);

     

       0
        
       
     

       183
        
       

     

       184
       -
             // Act - Simulate different parts of the app requesting the service

     

       185
       -
             await authProvider.restoreSession();

     

       186
        
       

     

       187
       -
             final apiService = CovesAuthService();

     

       188
       -
             final voteService = CovesAuthService();

     

       189
       -
             final feedService = CovesAuthService();

     

       190
        
       

     

       191
       -
             // Assert - All should have access to the same session state

     

       192
       -
             expect(apiService.isAuthenticated, isTrue);

     

       193
       -
             expect(voteService.isAuthenticated, isTrue);

     

       194
       -
             expect(feedService.isAuthenticated, isTrue);

     

       195
       -
             expect(apiService.getToken(), 'test-token');

     

       196
       -
             expect(voteService.getToken(), 'test-token');

     

       197
       -
             expect(feedService.getToken(), 'test-token');

     

       198
        
       

     

       199
       -
             // Storage should only be read once

     

       200
       -
             verify(mockStorage.read(key: storageKey)).called(1);

     

       201
       -
           });

     

       0
        
       
     

       202
        
         });

     

       203
        
       }

···

       34
        
             final instance3 = CovesAuthService();

     

       35
        
       

     

       36
        
             // Assert - All should be the exact same instance

     

       37
       +
             expect(

     

       38
       +
               identical(instance1, instance2),

     

       39
       +
               isTrue,

     

       40
       +
               reason: 'instance1 and instance2 should be identical',

     

       41
       +
             );

     

       42
       +
             expect(

     

       43
       +
               identical(instance2, instance3),

     

       44
       +
               isTrue,

     

       45
       +
               reason: 'instance2 and instance3 should be identical',

     

       46
       +
             );

     

       47
       +
             expect(

     

       48
       +
               identical(instance1, instance3),

     

       49
       +
               isTrue,

     

       50
       +
               reason: 'instance1 and instance3 should be identical',

     

       51
       +
             );

     

       52
        
           });

     

       53
        
       

     

       54
        
           test('should share in-memory session across singleton instances', () async {

     
···

       56
        
             final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       57
        
       

     

       58
        
             // Mock storage to return a valid session

     

       59
       +
             const sessionJson =

     

       60
       +
                 '{'

     

       61
        
                 '"token": "test-token", '

     

       62
        
                 '"did": "did:plc:test123", '

     

       63
        
                 '"session_id": "session-123", '

     

       64
        
                 '"handle": "alice.bsky.social"'

     

       65
        
                 '}';

     

       66
        
       

     

       67
       +
             when(

     

       68
       +
               mockStorage.read(key: storageKey),

     

       69
       +
             ).thenAnswer((_) async => sessionJson);

     

       70
        
       

     

       71
        
             // Act - Restore session using first instance

     

       72
        
             await instance1.restoreSession();

     
···

       88
        
             final instance1 = CovesAuthService(dio: mockDio, storage: mockStorage);

     

       89
        
       

     

       90
        
             // Mock storage to return a valid session

     

       91
       +
             const sessionJson =

     

       92
       +
                 '{'

     

       93
        
                 '"token": "old-token", '

     

       94
        
                 '"did": "did:plc:test123", '

     

       95
        
                 '"session_id": "session-123", '

     

       96
        
                 '"handle": "alice.bsky.social"'

     

       97
        
                 '}';

     

       98
        
       

     

       99
       +
             when(

     

       100
       +
               mockStorage.read(key: storageKey),

     

       101
       +
             ).thenAnswer((_) async => sessionJson);

     

       102
        
       

     

       103
        
             await instance1.restoreSession();

     

       104
        
       

     

       105
        
             // Mock refresh with delay

     

       106
        
             const newToken = 'refreshed-token';

     

       107
       +
             when(

     

       108
       +
               mockDio.post<Map<String, dynamic>>(

     

       109
       +
                 '/oauth/refresh',

     

       110
       +
                 data: anyNamed('data'),

     

       111
       +
               ),

     

       112
       +
             ).thenAnswer((_) async {

     

       113
        
               await Future.delayed(const Duration(milliseconds: 100));

     

       114
        
               return Response(

     

       115
        
                 requestOptions: RequestOptions(path: '/oauth/refresh'),

     
···

       118
        
               );

     

       119
        
             });

     

       120
        
       

     

       121
       +
             when(

     

       122
       +
               mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       123
       +
             ).thenAnswer((_) async => {});

     

       124
        
       

     

       125
        
             // Act - Start refresh from first instance

     

       126
        
             final refreshFuture1 = instance1.refreshToken();

     
···

       137
        
             expect(results[1].token, newToken);

     

       138
        
       

     

       139
        
             // Verify only one API call was made (mutex protected)

     

       140
       +
             verify(

     

       141
       +
               mockDio.post<Map<String, dynamic>>(

     

       142
       +
                 '/oauth/refresh',

     

       143
       +
                 data: anyNamed('data'),

     

       144
       +
               ),

     

       145
       +
             ).called(1);

     

       146
        
           });

     

       147
        
       

     

       148
        
           test('resetInstance() should clear the singleton', () {

     
···

       166
        
       

     

       167
        
           test('createTestInstance() should bypass singleton', () {

     

       168
        
             // Arrange

     

       169
       +
             final singletonInstance = CovesAuthService(

     

       170
       +
               dio: mockDio,

     

       171
       +
               storage: mockStorage,

     

       172
       +
             );

     

       173
        
       

     

       174
        
             // Act - Create a test instance with different dependencies

     

       175
        
             final mockDio2 = MockDio();

     
···

       180
        
             );

     

       181
        
       

     

       182
        
             // Assert - Test instance should be different from singleton

     

       183
       +
             expect(

     

       184
       +
               identical(singletonInstance, testInstance),

     

       185
       +
               isFalse,

     

       186
       +
               reason: 'Test instance should not be the singleton',

     

       187
       +
             );

     

       188
        
       

     

       189
        
             // Test instance should not affect singleton

     

       190
        
             final singletonCheck = CovesAuthService();

     

       191
       +
             expect(

     

       192
       +
               identical(singletonInstance, singletonCheck),

     

       193
       +
               isTrue,

     

       194
       +
               reason: 'Singleton should remain unchanged',

     

       195
       +
             );

     

       196
        
           });

     

       197
        
       

     

       198
       +
           test(

     

       199
       +
             'should avoid state loss when service is requested from multiple entry points',

     

       200
       +
             () async {

     

       201
       +
               // Arrange

     

       202
       +
               final authProvider = CovesAuthService(

     

       203
       +
                 dio: mockDio,

     

       204
       +
                 storage: mockStorage,

     

       205
       +
               );

     

       206
        
       

     

       207
       +
               const sessionJson =

     

       208
       +
                   '{'

     

       209
       +
                   '"token": "test-token", '

     

       210
       +
                   '"did": "did:plc:test123", '

     

       211
       +
                   '"session_id": "session-123"'

     

       212
       +
                   '}';

     

       213
        
       

     

       214
       +
               when(

     

       215
       +
                 mockStorage.read(key: storageKey),

     

       216
       +
               ).thenAnswer((_) async => sessionJson);

     

       217
        
       

     

       218
       +
               // Act - Simulate different parts of the app requesting the service

     

       219
       +
               await authProvider.restoreSession();

     

       220
        
       

     

       221
       +
               final apiService = CovesAuthService();

     

       222
       +
               final voteService = CovesAuthService();

     

       223
       +
               final feedService = CovesAuthService();

     

       224
        
       

     

       225
       +
               // Assert - All should have access to the same session state

     

       226
       +
               expect(apiService.isAuthenticated, isTrue);

     

       227
       +
               expect(voteService.isAuthenticated, isTrue);

     

       228
       +
               expect(feedService.isAuthenticated, isTrue);

     

       229
       +
               expect(apiService.getToken(), 'test-token');

     

       230
       +
               expect(voteService.getToken(), 'test-token');

     

       231
       +
               expect(feedService.getToken(), 'test-token');

     

       232
        
       

     

       233
       +
               // Storage should only be read once

     

       234
       +
               verify(mockStorage.read(key: storageKey)).called(1);

     

       235
       +
             },

     

       236
       +
           );

     

       237
        
         });

     

       238
        
       }

+542 -424

test/services/coves_auth_service_test.dart

···

       35
        
         group('CovesAuthService', () {

     

       36
        
           group('signIn()', () {

     

       37
        
             test('should throw ArgumentError when handle is empty', () async {

     

       38
       -
               expect(

     

       39
       -
                 () => authService.signIn(''),

     

       40
       -
                 throwsA(isA<ArgumentError>()),

     

       41
       -
               );

     

       42
        
             });

     

       43
        
       

     

       44
       -
             test('should throw ArgumentError when handle is whitespace-only',

     

       45
       -
                 () async {

     

       46
       -
               expect(

     

       47
       -
                 () => authService.signIn('   '),

     

       48
       -
                 throwsA(isA<ArgumentError>()),

     

       49
       -
               );

     

       50
       -
             });

     

       0
        
       
     

       0
        
       
     

       51
        
       

     

       52
       -
             test('should throw appropriate error when user cancels sign-in',

     

       53
       -
                 () async {

     

       54
        
               // Note: FlutterWebAuth2.authenticate is not easily mockable as it's a static method

     

       55
        
               // This test documents expected behavior when authentication is cancelled

     

       56
        
               // In practice, this would throw with CANCELED/cancelled in the message

     
···

       60
        
               // Skipping for now as it requires more complex mocking infrastructure

     

       61
        
             });

     

       62
        
       

     

       63
       -
             test('should throw Exception when network error occurs during OAuth',

     

       64
       -
                 () async {

     

       65
       -
               // Note: Similar to above, FlutterWebAuth2 static methods are difficult to mock

     

       66
       -
               // This test documents expected behavior

     

       67
       -
               // The actual implementation catches exceptions and rethrows with context

     

       68
       -
             });

     

       0
        
       
     

       0
        
       
     

       69
        
       

     

       70
        
             test('should trim handle before processing', () async {

     

       71
        
               // This test verifies the handle trimming logic

     
···

       86
        
               );

     

       87
        
               final jsonString = session.toJsonString();

     

       88
        
       

     

       89
       -
               when(mockStorage.read(key: storageKey))

     

       90
       -
                   .thenAnswer((_) async => jsonString);

     

       0
        
       
     

       91
        
       

     

       92
        
               // Act

     

       93
        
               final result = await authService.restoreSession();

     
···

       103
        
       

     

       104
        
             test('should return null when no stored session exists', () async {

     

       105
        
               // Arrange

     

       106
       -
               when(mockStorage.read(key: storageKey))

     

       107
       -
                   .thenAnswer((_) async => null);

     

       108
        
       

     

       109
        
               // Act

     

       110
        
               final result = await authService.restoreSession();

     
···

       117
        
             test('should handle corrupted storage data gracefully', () async {

     

       118
        
               // Arrange

     

       119
        
               const corruptedJson = 'not-valid-json{]';

     

       120
       -
               when(mockStorage.read(key: storageKey))

     

       121
       -
                   .thenAnswer((_) async => corruptedJson);

     

       122
       -
               when(mockStorage.delete(key: storageKey))

     

       123
       -
                   .thenAnswer((_) async => {});

     

       124
        
       

     

       125
        
               // Act

     

       126
        
               final result = await authService.restoreSession();

     
···

       131
        
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       132
        
             });

     

       133
        
       

     

       134
       -
             test('should handle session JSON with missing required fields gracefully',

     

       135
       -
                 () async {

     

       136
       -
               // Arrange

     

       137
       -
               const invalidJson = '{"token": "test"}'; // Missing required fields (did, session_id)

     

       138
       -
               when(mockStorage.read(key: storageKey))

     

       139
       -
                   .thenAnswer((_) async => invalidJson);

     

       140
       -
               when(mockStorage.delete(key: storageKey))

     

       141
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       0
        
       
     

       142
        
       

     

       143
       -
               // Act

     

       144
       -
               final result = await authService.restoreSession();

     

       145
        
       

     

       146
       -
               // Assert

     

       147
       -
               // Should return null and clear corrupted storage

     

       148
       -
               expect(result, isNull);

     

       149
       -
               verify(mockStorage.read(key: storageKey)).called(1);

     

       150
       -
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       151
       -
             });

     

       0
        
       
     

       152
        
       

     

       153
        
             test('should handle storage read errors gracefully', () async {

     

       154
        
               // Arrange

     

       155
       -
               when(mockStorage.read(key: storageKey))

     

       156
       -
                   .thenThrow(Exception('Storage error'));

     

       157
       -
               when(mockStorage.delete(key: storageKey))

     

       158
       -
                   .thenAnswer((_) async => {});

     

       159
        
       

     

       160
        
               // Act

     

       161
        
               final result = await authService.restoreSession();

     
···

       169
        
           group('refreshToken()', () {

     

       170
        
             test('should throw StateError when no session exists', () async {

     

       171
        
               // Act & Assert

     

       172
       -
               expect(

     

       173
       -
                 () => authService.refreshToken(),

     

       174
       -
                 throwsA(isA<StateError>()),

     

       175
       -
               );

     

       176
        
             });

     

       177
        
       

     

       178
       -
             test('should successfully refresh token and return updated session',

     

       179
       -
                 () async {

     

       180
       -
               // Arrange - First restore a session

     

       181
       -
               const initialSession = CovesSession(

     

       182
       -
                 token: 'old-token',

     

       183
       -
                 did: 'did:plc:test123',

     

       184
       -
                 sessionId: 'session-123',

     

       185
       -
                 handle: 'alice.bsky.social',

     

       186
       -
               );

     

       187
       -
               when(mockStorage.read(key: storageKey))

     

       188
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       189
       -
               await authService.restoreSession();

     

       0
        
       
     

       0
        
       
     

       190
        
       

     

       191
       -
               // Mock successful refresh response

     

       192
       -
               const newToken = 'new-refreshed-token';

     

       193
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       194
       -
                 '/oauth/refresh',

     

       195
       -
                 data: anyNamed('data'),

     

       196
       -
               )).thenAnswer((_) async => Response(

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       197
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       198
        
                     statusCode: 200,

     

       199
       -
                     data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       200
       -
                   ));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       201
        
       

     

       202
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       203
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       204
        
       

     

       205
       -
               // Act

     

       206
       -
               final result = await authService.refreshToken();

     

       207
        
       

     

       208
       -
               // Assert

     

       209
       -
               expect(result.token, newToken);

     

       210
       -
               expect(result.did, 'did:plc:test123');

     

       211
       -
               expect(result.sessionId, 'session-123');

     

       212
       -
               expect(result.handle, 'alice.bsky.social');

     

       213
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       214
       -
                 '/oauth/refresh',

     

       215
       -
                 data: anyNamed('data'),

     

       216
       -
               )).called(1);

     

       217
       -
               verify(mockStorage.write(

     

       218
       -
                 key: storageKey,

     

       219
       -
                 value: anyNamed('value'),

     

       220
       -
               )).called(1);

     

       221
       -
             });

     

       0
        
       
     

       0
        
       
     

       222
        
       

     

       223
        
             test('should throw "Session expired" on 401 response', () async {

     

       224
        
               // Arrange - First restore a session

     
···

       227
        
                 did: 'did:plc:test123',

     

       228
        
                 sessionId: 'session-123',

     

       229
        
               );

     

       230
       -
               when(mockStorage.read(key: storageKey))

     

       231
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       232
        
               await authService.restoreSession();

     

       233
        
       

     

       234
        
               // Mock 401 response

     

       235
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       236
       -
                 '/oauth/refresh',

     

       237
       -
                 data: anyNamed('data'),

     

       238
       -
               )).thenThrow(

     

       0
        
       
     

       0
        
       
     

       239
        
                 DioException(

     

       240
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       241
        
                   type: DioExceptionType.badResponse,

     
···

       250
        
               expect(

     

       251
        
                 () => authService.refreshToken(),

     

       252
        
                 throwsA(

     

       253
       -
                   predicate((e) =>

     

       254
       -
                       e is Exception && e.toString().contains('Session expired')),

     

       0
        
       
     

       255
        
                 ),

     

       256
        
               );

     

       257
        
             });

     
···

       263
        
                 did: 'did:plc:test123',

     

       264
        
                 sessionId: 'session-123',

     

       265
        
               );

     

       266
       -
               when(mockStorage.read(key: storageKey))

     

       267
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       268
        
               await authService.restoreSession();

     

       269
        
       

     

       270
        
               // Mock network error

     

       271
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       272
       -
                 '/oauth/refresh',

     

       273
       -
                 data: anyNamed('data'),

     

       274
       -
               )).thenThrow(

     

       0
        
       
     

       0
        
       
     

       275
        
                 DioException(

     

       276
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       277
        
                   type: DioExceptionType.connectionError,

     
···

       283
        
               expect(

     

       284
        
                 () => authService.refreshToken(),

     

       285
        
                 throwsA(

     

       286
       -
                   predicate((e) =>

     

       287
       -
                       e is Exception &&

     

       288
       -
                       e.toString().contains('Token refresh failed')),

     

       0
        
       
     

       0
        
       
     

       289
        
                 ),

     

       290
        
               );

     

       291
        
             });

     

       292
        
       

     

       293
       -
             test('should throw Exception when response is missing sealed_token', () async {

     

       294
       -
               // Arrange - First restore a session

     

       295
       -
               const session = CovesSession(

     

       296
       -
                 token: 'old-token',

     

       297
       -
                 did: 'did:plc:test123',

     

       298
       -
                 sessionId: 'session-123',

     

       299
       -
               );

     

       300
       -
               when(mockStorage.read(key: storageKey))

     

       301
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       302
       -
               await authService.restoreSession();

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       303
        
       

     

       304
       -
               // Mock response without sealed_token

     

       305
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       306
       -
                 '/oauth/refresh',

     

       307
       -
                 data: anyNamed('data'),

     

       308
       -
               )).thenAnswer((_) async => Response(

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       309
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       310
        
                     statusCode: 200,

     

       311
        
                     data: {'access_token': 'some-token'}, // No sealed_token field

     

       312
       -
                   ));

     

       0
        
       
     

       313
        
       

     

       314
       -
               // Act & Assert

     

       315
       -
               expect(

     

       316
       -
                 () => authService.refreshToken(),

     

       317
       -
                 throwsA(

     

       318
       -
                   predicate((e) =>

     

       319
       -
                       e is Exception &&

     

       320
       -
                       e.toString().contains('Invalid refresh response')),

     

       321
       -
                 ),

     

       322
       -
               );

     

       323
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       324
        
       

     

       325
       -
             test('should throw Exception when response sealed_token is empty', () async {

     

       326
       -
               // Arrange - First restore a session

     

       327
       -
               const session = CovesSession(

     

       328
       -
                 token: 'old-token',

     

       329
       -
                 did: 'did:plc:test123',

     

       330
       -
                 sessionId: 'session-123',

     

       331
       -
               );

     

       332
       -
               when(mockStorage.read(key: storageKey))

     

       333
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       334
       -
               await authService.restoreSession();

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       335
        
       

     

       336
       -
               // Mock response with empty sealed_token

     

       337
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       338
       -
                 '/oauth/refresh',

     

       339
       -
                 data: anyNamed('data'),

     

       340
       -
               )).thenAnswer((_) async => Response(

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       341
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       342
        
                     statusCode: 200,

     

       343
       -
                     data: {'sealed_token': '', 'access_token': 'some-token'}, // Empty sealed_token

     

       344
       -
                   ));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       345
        
       

     

       346
       -
               // Act & Assert

     

       347
       -
               expect(

     

       348
       -
                 () => authService.refreshToken(),

     

       349
       -
                 throwsA(

     

       350
       -
                   predicate((e) =>

     

       351
       -
                       e is Exception &&

     

       352
       -
                       e.toString().contains('Invalid refresh response')),

     

       353
       -
                 ),

     

       354
       -
               );

     

       355
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       356
        
           });

     

       357
        
       

     

       358
        
           group('signOut()', () {

     

       359
       -
             test('should clear session and storage on successful server-side logout',

     

       360
       -
                 () async {

     

       361
       -
               // Arrange - First restore a session

     

       362
       -
               const session = CovesSession(

     

       363
       -
                 token: 'test-token',

     

       364
       -
                 did: 'did:plc:test123',

     

       365
       -
                 sessionId: 'session-123',

     

       366
       -
               );

     

       367
       -
               when(mockStorage.read(key: storageKey))

     

       368
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       369
       -
               await authService.restoreSession();

     

       0
        
       
     

       0
        
       
     

       370
        
       

     

       371
       -
               // Mock successful logout

     

       372
       -
               when(mockDio.post<void>(

     

       373
       -
                 '/oauth/logout',

     

       374
       -
                 options: anyNamed('options'),

     

       375
       -
               )).thenAnswer((_) async => Response(

     

       376
        
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       377
        
                     statusCode: 200,

     

       378
       -
                   ));

     

       0
        
       
     

       379
        
       

     

       380
       -
               when(mockStorage.delete(key: storageKey))

     

       381
       -
                   .thenAnswer((_) async => {});

     

       382
        
       

     

       383
       -
               // Act

     

       384
       -
               await authService.signOut();

     

       385
        
       

     

       386
       -
               // Assert

     

       387
       -
               expect(authService.session, isNull);

     

       388
       -
               expect(authService.isAuthenticated, isFalse);

     

       389
       -
               verify(mockDio.post<void>(

     

       390
       -
                 '/oauth/logout',

     

       391
       -
                 options: anyNamed('options'),

     

       392
       -
               )).called(1);

     

       393
       -
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       394
       -
             });

     

       395
        
       

     

       396
       -
             test('should clear local state even when server revocation fails',

     

       397
       -
                 () async {

     

       398
       -
               // Arrange - First restore a session

     

       399
       -
               const session = CovesSession(

     

       400
       -
                 token: 'test-token',

     

       401
       -
                 did: 'did:plc:test123',

     

       402
       -
                 sessionId: 'session-123',

     

       403
       -
               );

     

       404
       -
               when(mockStorage.read(key: storageKey))

     

       405
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       406
       -
               await authService.restoreSession();

     

       0
        
       
     

       0
        
       
     

       407
        
       

     

       408
       -
               // Mock server error

     

       409
       -
               when(mockDio.post<void>(

     

       410
       -
                 '/oauth/logout',

     

       411
       -
                 options: anyNamed('options'),

     

       412
       -
               )).thenThrow(

     

       413
       -
                 DioException(

     

       414
       -
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       415
       -
                   type: DioExceptionType.connectionError,

     

       416
       -
                   message: 'Connection failed',

     

       417
       -
                 ),

     

       418
       -
               );

     

       419
        
       

     

       420
       -
               when(mockStorage.delete(key: storageKey))

     

       421
       -
                   .thenAnswer((_) async => {});

     

       422
        
       

     

       423
       -
               // Act

     

       424
       -
               await authService.signOut();

     

       425
        
       

     

       426
       -
               // Assert

     

       427
       -
               expect(authService.session, isNull);

     

       428
       -
               expect(authService.isAuthenticated, isFalse);

     

       429
       -
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       430
       -
             });

     

       0
        
       
     

       431
        
       

     

       432
        
             test('should work even when no session exists', () async {

     

       433
        
               // Arrange

     

       434
       -
               when(mockStorage.delete(key: storageKey))

     

       435
       -
                   .thenAnswer((_) async => {});

     

       436
        
       

     

       437
        
               // Act

     

       438
        
               await authService.signOut();

     
···

       441
        
               expect(authService.session, isNull);

     

       442
        
               expect(authService.isAuthenticated, isFalse);

     

       443
        
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       444
       -
               verifyNever(mockDio.post<void>(

     

       445
       -
                 '/oauth/logout',

     

       446
       -
                 options: anyNamed('options'),

     

       447
       -
               ));

     

       448
        
             });

     

       449
        
       

     

       450
        
             test('should clear local state even when storage delete fails', () async {

     
···

       454
        
                 did: 'did:plc:test123',

     

       455
        
                 sessionId: 'session-123',

     

       456
        
               );

     

       457
       -
               when(mockStorage.read(key: storageKey))

     

       458
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       459
        
               await authService.restoreSession();

     

       460
        
       

     

       461
       -
               when(mockDio.post<void>(

     

       462
       -
                 '/oauth/logout',

     

       463
       -
                 options: anyNamed('options'),

     

       464
       -
               )).thenAnswer((_) async => Response(

     

       465
       -
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       466
       -
                     statusCode: 200,

     

       467
       -
                   ));

     

       0
        
       
     

       468
        
       

     

       469
       -
               when(mockStorage.delete(key: storageKey))

     

       470
       -
                   .thenThrow(Exception('Storage error'));

     

       0
        
       
     

       471
        
       

     

       472
        
               // Act & Assert - Should not throw

     

       473
        
               expect(() => authService.signOut(), throwsA(isA<Exception>()));

     
···

       485
        
                 did: 'did:plc:test123',

     

       486
        
                 sessionId: 'session-123',

     

       487
        
               );

     

       488
       -
               when(mockStorage.read(key: storageKey))

     

       489
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       490
        
               await authService.restoreSession();

     

       491
        
       

     

       492
        
               // Act

     
···

       511
        
                 did: 'did:plc:test123',

     

       512
        
                 sessionId: 'session-123',

     

       513
        
               );

     

       514
       -
               when(mockStorage.read(key: storageKey))

     

       515
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       516
        
               await authService.restoreSession();

     

       517
        
       

     

       518
       -
               when(mockDio.post<void>(

     

       519
       -
                 '/oauth/logout',

     

       520
       -
                 options: anyNamed('options'),

     

       521
       -
               )).thenAnswer((_) async => Response(

     

       522
       -
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       523
       -
                     statusCode: 200,

     

       524
       -
                   ));

     

       525
       -
               when(mockStorage.delete(key: storageKey))

     

       526
       -
                   .thenAnswer((_) async => {});

     

       527
        
       

     

       528
        
               // Act

     

       529
        
               await authService.signOut();

     
···

       547
        
                 did: 'did:plc:test123',

     

       548
        
                 sessionId: 'session-123',

     

       549
        
               );

     

       550
       -
               when(mockStorage.read(key: storageKey))

     

       551
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       552
        
               await authService.restoreSession();

     

       553
        
       

     

       554
        
               // Assert

     
···

       562
        
                 did: 'did:plc:test123',

     

       563
        
                 sessionId: 'session-123',

     

       564
        
               );

     

       565
       -
               when(mockStorage.read(key: storageKey))

     

       566
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       567
        
               await authService.restoreSession();

     

       568
        
       

     

       569
       -
               when(mockDio.post<void>(

     

       570
       -
                 '/oauth/logout',

     

       571
       -
                 options: anyNamed('options'),

     

       572
       -
               )).thenAnswer((_) async => Response(

     

       573
       -
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       574
       -
                     statusCode: 200,

     

       575
       -
                   ));

     

       576
       -
               when(mockStorage.delete(key: storageKey))

     

       577
       -
                   .thenAnswer((_) async => {});

     

       578
        
       

     

       579
        
               // Act

     

       580
        
               await authService.signOut();

     
···

       592
        
                 did: 'did:plc:test123',

     

       593
        
                 sessionId: 'session-123',

     

       594
        
               );

     

       595
       -
               when(mockStorage.read(key: storageKey))

     

       596
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       597
        
       

     

       598
        
               // Act

     

       599
        
               await authService.restoreSession();

     
···

       611
        
                 did: 'did:plc:test123',

     

       612
        
                 sessionId: 'session-123',

     

       613
        
               );

     

       614
       -
               when(mockStorage.read(key: storageKey))

     

       615
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       0
        
       
     

       616
        
               await authService.restoreSession();

     

       617
        
       

     

       618
        
               const newToken = 'new-token';

     

       619
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       620
       -
                 '/oauth/refresh',

     

       621
       -
                 data: anyNamed('data'),

     

       622
       -
               )).thenAnswer((_) async => Response(

     

       623
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       624
       -
                     statusCode: 200,

     

       625
       -
                     data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       626
       -
                   ));

     

       627
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       628
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       629
        
       

     

       630
        
               // Act

     

       631
        
               await authService.refreshToken();

     
···

       637
        
           });

     

       638
        
       

     

       639
        
           group('refreshToken() - Concurrency Protection', () {

     

       640
       -
             test('should only make one API request for concurrent refresh calls',

     

       641
       -
                 () async {

     

       642
       -
               // Arrange - First restore a session

     

       643
       -
               const initialSession = CovesSession(

     

       644
       -
                 token: 'old-token',

     

       645
       -
                 did: 'did:plc:test123',

     

       646
       -
                 sessionId: 'session-123',

     

       647
       -
                 handle: 'alice.bsky.social',

     

       648
       -
               );

     

       649
       -
               when(mockStorage.read(key: storageKey))

     

       650
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       651
       -
               await authService.restoreSession();

     

       0
        
       
     

       0
        
       
     

       652
        
       

     

       653
       -
               const newToken = 'new-refreshed-token';

     

       654
        
       

     

       655
       -
               // Mock refresh response with a delay to simulate network latency

     

       656
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       657
       -
                 '/oauth/refresh',

     

       658
       -
                 data: anyNamed('data'),

     

       659
       -
               )).thenAnswer((_) async {

     

       660
       -
                 await Future.delayed(const Duration(milliseconds: 100));

     

       661
       -
                 return Response(

     

       662
       -
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       663
       -
                   statusCode: 200,

     

       664
       -
                   data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       665
       -
                 );

     

       666
       -
               });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       667
        
       

     

       668
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       669
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       670
        
       

     

       671
       -
               // Act - Launch 3 concurrent refresh calls

     

       672
       -
               final results = await Future.wait([

     

       673
       -
                 authService.refreshToken(),

     

       674
       -
                 authService.refreshToken(),

     

       675
       -
                 authService.refreshToken(),

     

       676
       -
               ]);

     

       677
        
       

     

       678
       -
               // Assert - All calls should return the same refreshed session

     

       679
       -
               expect(results.length, 3);

     

       680
       -
               expect(results[0].token, newToken);

     

       681
       -
               expect(results[1].token, newToken);

     

       682
       -
               expect(results[2].token, newToken);

     

       683
        
       

     

       684
       -
               // Verify only one API call was made

     

       685
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       686
       -
                 '/oauth/refresh',

     

       687
       -
                 data: anyNamed('data'),

     

       688
       -
               )).called(1);

     

       0
        
       
     

       0
        
       
     

       689
        
       

     

       690
       -
               // Verify only one storage write was made

     

       691
       -
               verify(mockStorage.write(

     

       692
       -
                 key: storageKey,

     

       693
       -
                 value: anyNamed('value'),

     

       694
       -
               )).called(1);

     

       695
       -
             });

     

       696
        
       

     

       697
        
             test('should propagate errors to all concurrent waiters', () async {

     

       698
        
               // Arrange - First restore a session

     
···

       701
        
                 did: 'did:plc:test123',

     

       702
        
                 sessionId: 'session-123',

     

       703
        
               );

     

       704
       -
               when(mockStorage.read(key: storageKey))

     

       705
       -
                   .thenAnswer((_) async => session.toJsonString());

     

       0
        
       
     

       706
        
               await authService.restoreSession();

     

       707
        
       

     

       708
        
               // Mock 401 response with delay

     

       709
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       710
       -
                 '/oauth/refresh',

     

       711
       -
                 data: anyNamed('data'),

     

       712
       -
               )).thenAnswer((_) async {

     

       0
        
       
     

       0
        
       
     

       713
        
                 await Future.delayed(const Duration(milliseconds: 100));

     

       714
        
                 throw DioException(

     

       715
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     
···

       744
        
               expect(errorCount, 3);

     

       745
        
       

     

       746
        
               // Verify only one API call was made

     

       747
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       748
       -
                 '/oauth/refresh',

     

       749
       -
                 data: anyNamed('data'),

     

       750
       -
               )).called(1);

     

       0
        
       
     

       0
        
       
     

       751
        
             });

     

       752
        
       

     

       753
        
             test('should allow new refresh after previous one completes', () async {

     
···

       757
        
                 did: 'did:plc:test123',

     

       758
        
                 sessionId: 'session-123',

     

       759
        
               );

     

       760
       -
               when(mockStorage.read(key: storageKey))

     

       761
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       0
        
       
     

       762
        
               await authService.restoreSession();

     

       763
        
       

     

       764
        
               const newToken1 = 'new-token-1';

     

       765
        
               const newToken2 = 'new-token-2';

     

       766
        
       

     

       767
        
               // Mock first refresh

     

       768
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       769
       -
                 '/oauth/refresh',

     

       770
       -
                 data: anyNamed('data'),

     

       771
       -
               )).thenAnswer((_) async => Response(

     

       772
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       773
       -
                     statusCode: 200,

     

       774
       -
                     data: {'sealed_token': newToken1, 'access_token': 'some-access-token'},

     

       775
       -
                   ));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       776
        
       

     

       777
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       778
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       779
        
       

     

       780
        
               // Act - First refresh

     

       781
        
               final result1 = await authService.refreshToken();

     
···

       784
        
               expect(result1.token, newToken1);

     

       785
        
       

     

       786
        
               // Now update the mock for the second refresh

     

       787
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       788
       -
                 '/oauth/refresh',

     

       789
       -
                 data: anyNamed('data'),

     

       790
       -
               )).thenAnswer((_) async => Response(

     

       791
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       792
       -
                     statusCode: 200,

     

       793
       -
                     data: {'sealed_token': newToken2, 'access_token': 'some-access-token'},

     

       794
       -
                   ));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       795
        
       

     

       796
        
               // Act - Second refresh (should be allowed since first completed)

     

       797
        
               final result2 = await authService.refreshToken();

     
···

       800
        
               expect(result2.token, newToken2);

     

       801
        
       

     

       802
        
               // Verify two separate API calls were made

     

       803
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       804
       -
                 '/oauth/refresh',

     

       805
       -
                 data: anyNamed('data'),

     

       806
       -
               )).called(2);

     

       0
        
       
     

       0
        
       
     

       807
        
             });

     

       808
        
       

     

       809
        
             test('should allow new refresh after previous one fails', () async {

     
···

       813
        
                 did: 'did:plc:test123',

     

       814
        
                 sessionId: 'session-123',

     

       815
        
               );

     

       816
       -
               when(mockStorage.read(key: storageKey))

     

       817
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       0
        
       
     

       818
        
               await authService.restoreSession();

     

       819
        
       

     

       820
        
               // Mock first refresh to fail

     

       821
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       822
       -
                 '/oauth/refresh',

     

       823
       -
                 data: anyNamed('data'),

     

       824
       -
               )).thenThrow(

     

       0
        
       
     

       0
        
       
     

       825
        
                 DioException(

     

       826
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       827
        
                   type: DioExceptionType.connectionError,

     
···

       845
        
       

     

       846
        
               // Now mock a successful second refresh

     

       847
        
               const newToken = 'new-token-after-retry';

     

       848
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       849
       -
                 '/oauth/refresh',

     

       850
       -
                 data: anyNamed('data'),

     

       851
       -
               )).thenAnswer((_) async => Response(

     

       852
       -
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       853
       -
                     statusCode: 200,

     

       854
       -
                     data: {'sealed_token': newToken, 'access_token': 'some-access-token'},

     

       855
       -
                   ));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       856
        
       

     

       857
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       858
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       859
        
       

     

       860
        
               // Act - Second refresh (should be allowed and succeed)

     

       861
        
               final result = await authService.refreshToken();

     
···

       864
        
               expect(result.token, newToken);

     

       865
        
       

     

       866
        
               // Verify two separate API calls were made

     

       867
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       868
       -
                 '/oauth/refresh',

     

       869
       -
                 data: anyNamed('data'),

     

       870
       -
               )).called(2);

     

       0
        
       
     

       0
        
       
     

       871
        
             });

     

       872
        
       

     

       873
        
             test(

     

       874
       -
                 'should handle concurrent calls where one arrives after refresh completes',

     

       875
       -
                 () async {

     

       876
       -
               // Arrange - First restore a session

     

       877
       -
               const initialSession = CovesSession(

     

       878
       -
                 token: 'old-token',

     

       879
       -
                 did: 'did:plc:test123',

     

       880
       -
                 sessionId: 'session-123',

     

       881
       -
               );

     

       882
       -
               when(mockStorage.read(key: storageKey))

     

       883
       -
                   .thenAnswer((_) async => initialSession.toJsonString());

     

       884
       -
               await authService.restoreSession();

     

       0
        
       
     

       885
        
       

     

       886
       -
               const newToken1 = 'new-token-1';

     

       887
       -
               const newToken2 = 'new-token-2';

     

       888
        
       

     

       889
       -
               var callCount = 0;

     

       890
        
       

     

       891
       -
               // Mock refresh with different responses

     

       892
       -
               when(mockDio.post<Map<String, dynamic>>(

     

       893
       -
                 '/oauth/refresh',

     

       894
       -
                 data: anyNamed('data'),

     

       895
       -
               )).thenAnswer((_) async {

     

       896
       -
                 callCount++;

     

       897
       -
                 await Future.delayed(const Duration(milliseconds: 50));

     

       898
       -
                 return Response(

     

       899
       -
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       900
       -
                   statusCode: 200,

     

       901
       -
                   data: {'sealed_token': callCount == 1 ? newToken1 : newToken2, 'access_token': 'some-access-token'},

     

       902
       -
                 );

     

       903
       -
               });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       904
        
       

     

       905
       -
               when(mockStorage.write(key: storageKey, value: anyNamed('value')))

     

       906
       -
                   .thenAnswer((_) async => {});

     

       0
        
       
     

       907
        
       

     

       908
       -
               // Act - Start first refresh

     

       909
       -
               final future1 = authService.refreshToken();

     

       910
        
       

     

       911
       -
               // Wait for it to complete

     

       912
       -
               final result1 = await future1;

     

       913
        
       

     

       914
       -
               // Start second refresh after first completes

     

       915
       -
               final result2 = await authService.refreshToken();

     

       916
        
       

     

       917
       -
               // Assert

     

       918
       -
               expect(result1.token, newToken1);

     

       919
       -
               expect(result2.token, newToken2);

     

       920
        
       

     

       921
       -
               // Verify two separate API calls were made

     

       922
       -
               verify(mockDio.post<Map<String, dynamic>>(

     

       923
       -
                 '/oauth/refresh',

     

       924
       -
                 data: anyNamed('data'),

     

       925
       -
               )).called(2);

     

       926
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       927
        
           });

     

       928
        
         });

     

       929
        
       }

···

       35
        
         group('CovesAuthService', () {

     

       36
        
           group('signIn()', () {

     

       37
        
             test('should throw ArgumentError when handle is empty', () async {

     

       38
       +
               expect(() => authService.signIn(''), throwsA(isA<ArgumentError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       39
        
             });

     

       40
        
       

     

       41
       +
             test(

     

       42
       +
               'should throw ArgumentError when handle is whitespace-only',

     

       43
       +
               () async {

     

       44
       +
                 expect(

     

       45
       +
                   () => authService.signIn('   '),

     

       46
       +
                   throwsA(isA<ArgumentError>()),

     

       47
       +
                 );

     

       48
       +
               },

     

       49
       +
             );

     

       50
        
       

     

       51
       +
             test('should throw appropriate error when user cancels sign-in', () async {

     

       0
        
       
     

       52
        
               // Note: FlutterWebAuth2.authenticate is not easily mockable as it's a static method

     

       53
        
               // This test documents expected behavior when authentication is cancelled

     

       54
        
               // In practice, this would throw with CANCELED/cancelled in the message

     
···

       58
        
               // Skipping for now as it requires more complex mocking infrastructure

     

       59
        
             });

     

       60
        
       

     

       61
       +
             test(

     

       62
       +
               'should throw Exception when network error occurs during OAuth',

     

       63
       +
               () async {

     

       64
       +
                 // Note: Similar to above, FlutterWebAuth2 static methods are difficult to mock

     

       65
       +
                 // This test documents expected behavior

     

       66
       +
                 // The actual implementation catches exceptions and rethrows with context

     

       67
       +
               },

     

       68
       +
             );

     

       69
        
       

     

       70
        
             test('should trim handle before processing', () async {

     

       71
        
               // This test verifies the handle trimming logic

     
···

       86
        
               );

     

       87
        
               final jsonString = session.toJsonString();

     

       88
        
       

     

       89
       +
               when(

     

       90
       +
                 mockStorage.read(key: storageKey),

     

       91
       +
               ).thenAnswer((_) async => jsonString);

     

       92
        
       

     

       93
        
               // Act

     

       94
        
               final result = await authService.restoreSession();

     
···

       104
        
       

     

       105
        
             test('should return null when no stored session exists', () async {

     

       106
        
               // Arrange

     

       107
       +
               when(mockStorage.read(key: storageKey)).thenAnswer((_) async => null);

     

       0
        
       
     

       108
        
       

     

       109
        
               // Act

     

       110
        
               final result = await authService.restoreSession();

     
···

       117
        
             test('should handle corrupted storage data gracefully', () async {

     

       118
        
               // Arrange

     

       119
        
               const corruptedJson = 'not-valid-json{]';

     

       120
       +
               when(

     

       121
       +
                 mockStorage.read(key: storageKey),

     

       122
       +
               ).thenAnswer((_) async => corruptedJson);

     

       123
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       124
        
       

     

       125
        
               // Act

     

       126
        
               final result = await authService.restoreSession();

     
···

       131
        
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       132
        
             });

     

       133
        
       

     

       134
       +
             test(

     

       135
       +
               'should handle session JSON with missing required fields gracefully',

     

       136
       +
               () async {

     

       137
       +
                 // Arrange

     

       138
       +
                 const invalidJson =

     

       139
       +
                     '{"token": "test"}'; // Missing required fields (did, session_id)

     

       140
       +
                 when(

     

       141
       +
                   mockStorage.read(key: storageKey),

     

       142
       +
                 ).thenAnswer((_) async => invalidJson);

     

       143
       +
                 when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       144
        
       

     

       145
       +
                 // Act

     

       146
       +
                 final result = await authService.restoreSession();

     

       147
        
       

     

       148
       +
                 // Assert

     

       149
       +
                 // Should return null and clear corrupted storage

     

       150
       +
                 expect(result, isNull);

     

       151
       +
                 verify(mockStorage.read(key: storageKey)).called(1);

     

       152
       +
                 verify(mockStorage.delete(key: storageKey)).called(1);

     

       153
       +
               },

     

       154
       +
             );

     

       155
        
       

     

       156
        
             test('should handle storage read errors gracefully', () async {

     

       157
        
               // Arrange

     

       158
       +
               when(

     

       159
       +
                 mockStorage.read(key: storageKey),

     

       160
       +
               ).thenThrow(Exception('Storage error'));

     

       161
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       162
        
       

     

       163
        
               // Act

     

       164
        
               final result = await authService.restoreSession();

     
···

       172
        
           group('refreshToken()', () {

     

       173
        
             test('should throw StateError when no session exists', () async {

     

       174
        
               // Act & Assert

     

       175
       +
               expect(() => authService.refreshToken(), throwsA(isA<StateError>()));

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       176
        
             });

     

       177
        
       

     

       178
       +
             test(

     

       179
       +
               'should successfully refresh token and return updated session',

     

       180
       +
               () async {

     

       181
       +
                 // Arrange - First restore a session

     

       182
       +
                 const initialSession = CovesSession(

     

       183
       +
                   token: 'old-token',

     

       184
       +
                   did: 'did:plc:test123',

     

       185
       +
                   sessionId: 'session-123',

     

       186
       +
                   handle: 'alice.bsky.social',

     

       187
       +
                 );

     

       188
       +
                 when(

     

       189
       +
                   mockStorage.read(key: storageKey),

     

       190
       +
                 ).thenAnswer((_) async => initialSession.toJsonString());

     

       191
       +
                 await authService.restoreSession();

     

       192
        
       

     

       193
       +
                 // Mock successful refresh response

     

       194
       +
                 const newToken = 'new-refreshed-token';

     

       195
       +
                 when(

     

       196
       +
                   mockDio.post<Map<String, dynamic>>(

     

       197
       +
                     '/oauth/refresh',

     

       198
       +
                     data: anyNamed('data'),

     

       199
       +
                   ),

     

       200
       +
                 ).thenAnswer(

     

       201
       +
                   (_) async => Response(

     

       202
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       203
        
                     statusCode: 200,

     

       204
       +
                     data: {

     

       205
       +
                       'sealed_token': newToken,

     

       206
       +
                       'access_token': 'some-access-token',

     

       207
       +
                     },

     

       208
       +
                   ),

     

       209
       +
                 );

     

       210
        
       

     

       211
       +
                 when(

     

       212
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       213
       +
                 ).thenAnswer((_) async => {});

     

       214
        
       

     

       215
       +
                 // Act

     

       216
       +
                 final result = await authService.refreshToken();

     

       217
        
       

     

       218
       +
                 // Assert

     

       219
       +
                 expect(result.token, newToken);

     

       220
       +
                 expect(result.did, 'did:plc:test123');

     

       221
       +
                 expect(result.sessionId, 'session-123');

     

       222
       +
                 expect(result.handle, 'alice.bsky.social');

     

       223
       +
                 verify(

     

       224
       +
                   mockDio.post<Map<String, dynamic>>(

     

       225
       +
                     '/oauth/refresh',

     

       226
       +
                     data: anyNamed('data'),

     

       227
       +
                   ),

     

       228
       +
                 ).called(1);

     

       229
       +
                 verify(

     

       230
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       231
       +
                 ).called(1);

     

       232
       +
               },

     

       233
       +
             );

     

       234
        
       

     

       235
        
             test('should throw "Session expired" on 401 response', () async {

     

       236
        
               // Arrange - First restore a session

     
···

       239
        
                 did: 'did:plc:test123',

     

       240
        
                 sessionId: 'session-123',

     

       241
        
               );

     

       242
       +
               when(

     

       243
       +
                 mockStorage.read(key: storageKey),

     

       244
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       245
        
               await authService.restoreSession();

     

       246
        
       

     

       247
        
               // Mock 401 response

     

       248
       +
               when(

     

       249
       +
                 mockDio.post<Map<String, dynamic>>(

     

       250
       +
                   '/oauth/refresh',

     

       251
       +
                   data: anyNamed('data'),

     

       252
       +
                 ),

     

       253
       +
               ).thenThrow(

     

       254
        
                 DioException(

     

       255
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       256
        
                   type: DioExceptionType.badResponse,

     
···

       265
        
               expect(

     

       266
        
                 () => authService.refreshToken(),

     

       267
        
                 throwsA(

     

       268
       +
                   predicate(

     

       269
       +
                     (e) => e is Exception && e.toString().contains('Session expired'),

     

       270
       +
                   ),

     

       271
        
                 ),

     

       272
        
               );

     

       273
        
             });

     
···

       279
        
                 did: 'did:plc:test123',

     

       280
        
                 sessionId: 'session-123',

     

       281
        
               );

     

       282
       +
               when(

     

       283
       +
                 mockStorage.read(key: storageKey),

     

       284
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       285
        
               await authService.restoreSession();

     

       286
        
       

     

       287
        
               // Mock network error

     

       288
       +
               when(

     

       289
       +
                 mockDio.post<Map<String, dynamic>>(

     

       290
       +
                   '/oauth/refresh',

     

       291
       +
                   data: anyNamed('data'),

     

       292
       +
                 ),

     

       293
       +
               ).thenThrow(

     

       294
        
                 DioException(

     

       295
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       296
        
                   type: DioExceptionType.connectionError,

     
···

       302
        
               expect(

     

       303
        
                 () => authService.refreshToken(),

     

       304
        
                 throwsA(

     

       305
       +
                   predicate(

     

       306
       +
                     (e) =>

     

       307
       +
                         e is Exception &&

     

       308
       +
                         e.toString().contains('Token refresh failed'),

     

       309
       +
                   ),

     

       310
        
                 ),

     

       311
        
               );

     

       312
        
             });

     

       313
        
       

     

       314
       +
             test(

     

       315
       +
               'should throw Exception when response is missing sealed_token',

     

       316
       +
               () async {

     

       317
       +
                 // Arrange - First restore a session

     

       318
       +
                 const session = CovesSession(

     

       319
       +
                   token: 'old-token',

     

       320
       +
                   did: 'did:plc:test123',

     

       321
       +
                   sessionId: 'session-123',

     

       322
       +
                 );

     

       323
       +
                 when(

     

       324
       +
                   mockStorage.read(key: storageKey),

     

       325
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       326
       +
                 await authService.restoreSession();

     

       327
        
       

     

       328
       +
                 // Mock response without sealed_token

     

       329
       +
                 when(

     

       330
       +
                   mockDio.post<Map<String, dynamic>>(

     

       331
       +
                     '/oauth/refresh',

     

       332
       +
                     data: anyNamed('data'),

     

       333
       +
                   ),

     

       334
       +
                 ).thenAnswer(

     

       335
       +
                   (_) async => Response(

     

       336
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       337
        
                     statusCode: 200,

     

       338
        
                     data: {'access_token': 'some-token'}, // No sealed_token field

     

       339
       +
                   ),

     

       340
       +
                 );

     

       341
        
       

     

       342
       +
                 // Act & Assert

     

       343
       +
                 expect(

     

       344
       +
                   () => authService.refreshToken(),

     

       345
       +
                   throwsA(

     

       346
       +
                     predicate(

     

       347
       +
                       (e) =>

     

       348
       +
                           e is Exception &&

     

       349
       +
                           e.toString().contains('Invalid refresh response'),

     

       350
       +
                     ),

     

       351
       +
                   ),

     

       352
       +
                 );

     

       353
       +
               },

     

       354
       +
             );

     

       355
        
       

     

       356
       +
             test(

     

       357
       +
               'should throw Exception when response sealed_token is empty',

     

       358
       +
               () async {

     

       359
       +
                 // Arrange - First restore a session

     

       360
       +
                 const session = CovesSession(

     

       361
       +
                   token: 'old-token',

     

       362
       +
                   did: 'did:plc:test123',

     

       363
       +
                   sessionId: 'session-123',

     

       364
       +
                 );

     

       365
       +
                 when(

     

       366
       +
                   mockStorage.read(key: storageKey),

     

       367
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       368
       +
                 await authService.restoreSession();

     

       369
        
       

     

       370
       +
                 // Mock response with empty sealed_token

     

       371
       +
                 when(

     

       372
       +
                   mockDio.post<Map<String, dynamic>>(

     

       373
       +
                     '/oauth/refresh',

     

       374
       +
                     data: anyNamed('data'),

     

       375
       +
                   ),

     

       376
       +
                 ).thenAnswer(

     

       377
       +
                   (_) async => Response(

     

       378
        
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       379
        
                     statusCode: 200,

     

       380
       +
                     data: {

     

       381
       +
                       'sealed_token': '',

     

       382
       +
                       'access_token': 'some-token',

     

       383
       +
                     }, // Empty sealed_token

     

       384
       +
                   ),

     

       385
       +
                 );

     

       386
        
       

     

       387
       +
                 // Act & Assert

     

       388
       +
                 expect(

     

       389
       +
                   () => authService.refreshToken(),

     

       390
       +
                   throwsA(

     

       391
       +
                     predicate(

     

       392
       +
                       (e) =>

     

       393
       +
                           e is Exception &&

     

       394
       +
                           e.toString().contains('Invalid refresh response'),

     

       395
       +
                     ),

     

       396
       +
                   ),

     

       397
       +
                 );

     

       398
       +
               },

     

       399
       +
             );

     

       400
        
           });

     

       401
        
       

     

       402
        
           group('signOut()', () {

     

       403
       +
             test(

     

       404
       +
               'should clear session and storage on successful server-side logout',

     

       405
       +
               () async {

     

       406
       +
                 // Arrange - First restore a session

     

       407
       +
                 const session = CovesSession(

     

       408
       +
                   token: 'test-token',

     

       409
       +
                   did: 'did:plc:test123',

     

       410
       +
                   sessionId: 'session-123',

     

       411
       +
                 );

     

       412
       +
                 when(

     

       413
       +
                   mockStorage.read(key: storageKey),

     

       414
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       415
       +
                 await authService.restoreSession();

     

       416
        
       

     

       417
       +
                 // Mock successful logout

     

       418
       +
                 when(

     

       419
       +
                   mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       420
       +
                 ).thenAnswer(

     

       421
       +
                   (_) async => Response(

     

       422
        
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       423
        
                     statusCode: 200,

     

       424
       +
                   ),

     

       425
       +
                 );

     

       426
        
       

     

       427
       +
                 when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       0
        
       
     

       428
        
       

     

       429
       +
                 // Act

     

       430
       +
                 await authService.signOut();

     

       431
        
       

     

       432
       +
                 // Assert

     

       433
       +
                 expect(authService.session, isNull);

     

       434
       +
                 expect(authService.isAuthenticated, isFalse);

     

       435
       +
                 verify(

     

       436
       +
                   mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       437
       +
                 ).called(1);

     

       438
       +
                 verify(mockStorage.delete(key: storageKey)).called(1);

     

       439
       +
               },

     

       440
       +
             );

     

       441
        
       

     

       442
       +
             test(

     

       443
       +
               'should clear local state even when server revocation fails',

     

       444
       +
               () async {

     

       445
       +
                 // Arrange - First restore a session

     

       446
       +
                 const session = CovesSession(

     

       447
       +
                   token: 'test-token',

     

       448
       +
                   did: 'did:plc:test123',

     

       449
       +
                   sessionId: 'session-123',

     

       450
       +
                 );

     

       451
       +
                 when(

     

       452
       +
                   mockStorage.read(key: storageKey),

     

       453
       +
                 ).thenAnswer((_) async => session.toJsonString());

     

       454
       +
                 await authService.restoreSession();

     

       455
        
       

     

       456
       +
                 // Mock server error

     

       457
       +
                 when(

     

       458
       +
                   mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       459
       +
                 ).thenThrow(

     

       460
       +
                   DioException(

     

       461
       +
                     requestOptions: RequestOptions(path: '/oauth/logout'),

     

       462
       +
                     type: DioExceptionType.connectionError,

     

       463
       +
                     message: 'Connection failed',

     

       464
       +
                   ),

     

       465
       +
                 );

     

       0
        
       
     

       466
        
       

     

       467
       +
                 when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       0
        
       
     

       468
        
       

     

       469
       +
                 // Act

     

       470
       +
                 await authService.signOut();

     

       471
        
       

     

       472
       +
                 // Assert

     

       473
       +
                 expect(authService.session, isNull);

     

       474
       +
                 expect(authService.isAuthenticated, isFalse);

     

       475
       +
                 verify(mockStorage.delete(key: storageKey)).called(1);

     

       476
       +
               },

     

       477
       +
             );

     

       478
        
       

     

       479
        
             test('should work even when no session exists', () async {

     

       480
        
               // Arrange

     

       481
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       0
        
       
     

       482
        
       

     

       483
        
               // Act

     

       484
        
               await authService.signOut();

     
···

       487
        
               expect(authService.session, isNull);

     

       488
        
               expect(authService.isAuthenticated, isFalse);

     

       489
        
               verify(mockStorage.delete(key: storageKey)).called(1);

     

       490
       +
               verifyNever(

     

       491
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       492
       +
               );

     

       0
        
       
     

       493
        
             });

     

       494
        
       

     

       495
        
             test('should clear local state even when storage delete fails', () async {

     
···

       499
        
                 did: 'did:plc:test123',

     

       500
        
                 sessionId: 'session-123',

     

       501
        
               );

     

       502
       +
               when(

     

       503
       +
                 mockStorage.read(key: storageKey),

     

       504
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       505
        
               await authService.restoreSession();

     

       506
        
       

     

       507
       +
               when(

     

       508
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       509
       +
               ).thenAnswer(

     

       510
       +
                 (_) async => Response(

     

       511
       +
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       512
       +
                   statusCode: 200,

     

       513
       +
                 ),

     

       514
       +
               );

     

       515
        
       

     

       516
       +
               when(

     

       517
       +
                 mockStorage.delete(key: storageKey),

     

       518
       +
               ).thenThrow(Exception('Storage error'));

     

       519
        
       

     

       520
        
               // Act & Assert - Should not throw

     

       521
        
               expect(() => authService.signOut(), throwsA(isA<Exception>()));

     
···

       533
        
                 did: 'did:plc:test123',

     

       534
        
                 sessionId: 'session-123',

     

       535
        
               );

     

       536
       +
               when(

     

       537
       +
                 mockStorage.read(key: storageKey),

     

       538
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       539
        
               await authService.restoreSession();

     

       540
        
       

     

       541
        
               // Act

     
···

       560
        
                 did: 'did:plc:test123',

     

       561
        
                 sessionId: 'session-123',

     

       562
        
               );

     

       563
       +
               when(

     

       564
       +
                 mockStorage.read(key: storageKey),

     

       565
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       566
        
               await authService.restoreSession();

     

       567
        
       

     

       568
       +
               when(

     

       569
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       570
       +
               ).thenAnswer(

     

       571
       +
                 (_) async => Response(

     

       572
       +
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       573
       +
                   statusCode: 200,

     

       574
       +
                 ),

     

       575
       +
               );

     

       576
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       577
        
       

     

       578
        
               // Act

     

       579
        
               await authService.signOut();

     
···

       597
        
                 did: 'did:plc:test123',

     

       598
        
                 sessionId: 'session-123',

     

       599
        
               );

     

       600
       +
               when(

     

       601
       +
                 mockStorage.read(key: storageKey),

     

       602
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       603
        
               await authService.restoreSession();

     

       604
        
       

     

       605
        
               // Assert

     
···

       613
        
                 did: 'did:plc:test123',

     

       614
        
                 sessionId: 'session-123',

     

       615
        
               );

     

       616
       +
               when(

     

       617
       +
                 mockStorage.read(key: storageKey),

     

       618
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       619
        
               await authService.restoreSession();

     

       620
        
       

     

       621
       +
               when(

     

       622
       +
                 mockDio.post<void>('/oauth/logout', options: anyNamed('options')),

     

       623
       +
               ).thenAnswer(

     

       624
       +
                 (_) async => Response(

     

       625
       +
                   requestOptions: RequestOptions(path: '/oauth/logout'),

     

       626
       +
                   statusCode: 200,

     

       627
       +
                 ),

     

       628
       +
               );

     

       629
       +
               when(mockStorage.delete(key: storageKey)).thenAnswer((_) async => {});

     

       630
        
       

     

       631
        
               // Act

     

       632
        
               await authService.signOut();

     
···

       644
        
                 did: 'did:plc:test123',

     

       645
        
                 sessionId: 'session-123',

     

       646
        
               );

     

       647
       +
               when(

     

       648
       +
                 mockStorage.read(key: storageKey),

     

       649
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       650
        
       

     

       651
        
               // Act

     

       652
        
               await authService.restoreSession();

     
···

       664
        
                 did: 'did:plc:test123',

     

       665
        
                 sessionId: 'session-123',

     

       666
        
               );

     

       667
       +
               when(

     

       668
       +
                 mockStorage.read(key: storageKey),

     

       669
       +
               ).thenAnswer((_) async => initialSession.toJsonString());

     

       670
        
               await authService.restoreSession();

     

       671
        
       

     

       672
        
               const newToken = 'new-token';

     

       673
       +
               when(

     

       674
       +
                 mockDio.post<Map<String, dynamic>>(

     

       675
       +
                   '/oauth/refresh',

     

       676
       +
                   data: anyNamed('data'),

     

       677
       +
                 ),

     

       678
       +
               ).thenAnswer(

     

       679
       +
                 (_) async => Response(

     

       680
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       681
       +
                   statusCode: 200,

     

       682
       +
                   data: {

     

       683
       +
                     'sealed_token': newToken,

     

       684
       +
                     'access_token': 'some-access-token',

     

       685
       +
                   },

     

       686
       +
                 ),

     

       687
       +
               );

     

       688
       +
               when(

     

       689
       +
                 mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       690
       +
               ).thenAnswer((_) async => {});

     

       691
        
       

     

       692
        
               // Act

     

       693
        
               await authService.refreshToken();

     
···

       699
        
           });

     

       700
        
       

     

       701
        
           group('refreshToken() - Concurrency Protection', () {

     

       702
       +
             test(

     

       703
       +
               'should only make one API request for concurrent refresh calls',

     

       704
       +
               () async {

     

       705
       +
                 // Arrange - First restore a session

     

       706
       +
                 const initialSession = CovesSession(

     

       707
       +
                   token: 'old-token',

     

       708
       +
                   did: 'did:plc:test123',

     

       709
       +
                   sessionId: 'session-123',

     

       710
       +
                   handle: 'alice.bsky.social',

     

       711
       +
                 );

     

       712
       +
                 when(

     

       713
       +
                   mockStorage.read(key: storageKey),

     

       714
       +
                 ).thenAnswer((_) async => initialSession.toJsonString());

     

       715
       +
                 await authService.restoreSession();

     

       716
        
       

     

       717
       +
                 const newToken = 'new-refreshed-token';

     

       718
        
       

     

       719
       +
                 // Mock refresh response with a delay to simulate network latency

     

       720
       +
                 when(

     

       721
       +
                   mockDio.post<Map<String, dynamic>>(

     

       722
       +
                     '/oauth/refresh',

     

       723
       +
                     data: anyNamed('data'),

     

       724
       +
                   ),

     

       725
       +
                 ).thenAnswer((_) async {

     

       726
       +
                   await Future.delayed(const Duration(milliseconds: 100));

     

       727
       +
                   return Response(

     

       728
       +
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       729
       +
                     statusCode: 200,

     

       730
       +
                     data: {

     

       731
       +
                       'sealed_token': newToken,

     

       732
       +
                       'access_token': 'some-access-token',

     

       733
       +
                     },

     

       734
       +
                   );

     

       735
       +
                 });

     

       736
        
       

     

       737
       +
                 when(

     

       738
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       739
       +
                 ).thenAnswer((_) async => {});

     

       740
        
       

     

       741
       +
                 // Act - Launch 3 concurrent refresh calls

     

       742
       +
                 final results = await Future.wait([

     

       743
       +
                   authService.refreshToken(),

     

       744
       +
                   authService.refreshToken(),

     

       745
       +
                   authService.refreshToken(),

     

       746
       +
                 ]);

     

       747
        
       

     

       748
       +
                 // Assert - All calls should return the same refreshed session

     

       749
       +
                 expect(results.length, 3);

     

       750
       +
                 expect(results[0].token, newToken);

     

       751
       +
                 expect(results[1].token, newToken);

     

       752
       +
                 expect(results[2].token, newToken);

     

       753
        
       

     

       754
       +
                 // Verify only one API call was made

     

       755
       +
                 verify(

     

       756
       +
                   mockDio.post<Map<String, dynamic>>(

     

       757
       +
                     '/oauth/refresh',

     

       758
       +
                     data: anyNamed('data'),

     

       759
       +
                   ),

     

       760
       +
                 ).called(1);

     

       761
        
       

     

       762
       +
                 // Verify only one storage write was made

     

       763
       +
                 verify(

     

       764
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       765
       +
                 ).called(1);

     

       766
       +
               },

     

       767
       +
             );

     

       768
        
       

     

       769
        
             test('should propagate errors to all concurrent waiters', () async {

     

       770
        
               // Arrange - First restore a session

     
···

       773
        
                 did: 'did:plc:test123',

     

       774
        
                 sessionId: 'session-123',

     

       775
        
               );

     

       776
       +
               when(

     

       777
       +
                 mockStorage.read(key: storageKey),

     

       778
       +
               ).thenAnswer((_) async => session.toJsonString());

     

       779
        
               await authService.restoreSession();

     

       780
        
       

     

       781
        
               // Mock 401 response with delay

     

       782
       +
               when(

     

       783
       +
                 mockDio.post<Map<String, dynamic>>(

     

       784
       +
                   '/oauth/refresh',

     

       785
       +
                   data: anyNamed('data'),

     

       786
       +
                 ),

     

       787
       +
               ).thenAnswer((_) async {

     

       788
        
                 await Future.delayed(const Duration(milliseconds: 100));

     

       789
        
                 throw DioException(

     

       790
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     
···

       819
        
               expect(errorCount, 3);

     

       820
        
       

     

       821
        
               // Verify only one API call was made

     

       822
       +
               verify(

     

       823
       +
                 mockDio.post<Map<String, dynamic>>(

     

       824
       +
                   '/oauth/refresh',

     

       825
       +
                   data: anyNamed('data'),

     

       826
       +
                 ),

     

       827
       +
               ).called(1);

     

       828
        
             });

     

       829
        
       

     

       830
        
             test('should allow new refresh after previous one completes', () async {

     
···

       834
        
                 did: 'did:plc:test123',

     

       835
        
                 sessionId: 'session-123',

     

       836
        
               );

     

       837
       +
               when(

     

       838
       +
                 mockStorage.read(key: storageKey),

     

       839
       +
               ).thenAnswer((_) async => initialSession.toJsonString());

     

       840
        
               await authService.restoreSession();

     

       841
        
       

     

       842
        
               const newToken1 = 'new-token-1';

     

       843
        
               const newToken2 = 'new-token-2';

     

       844
        
       

     

       845
        
               // Mock first refresh

     

       846
       +
               when(

     

       847
       +
                 mockDio.post<Map<String, dynamic>>(

     

       848
       +
                   '/oauth/refresh',

     

       849
       +
                   data: anyNamed('data'),

     

       850
       +
                 ),

     

       851
       +
               ).thenAnswer(

     

       852
       +
                 (_) async => Response(

     

       853
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       854
       +
                   statusCode: 200,

     

       855
       +
                   data: {

     

       856
       +
                     'sealed_token': newToken1,

     

       857
       +
                     'access_token': 'some-access-token',

     

       858
       +
                   },

     

       859
       +
                 ),

     

       860
       +
               );

     

       861
        
       

     

       862
       +
               when(

     

       863
       +
                 mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       864
       +
               ).thenAnswer((_) async => {});

     

       865
        
       

     

       866
        
               // Act - First refresh

     

       867
        
               final result1 = await authService.refreshToken();

     
···

       870
        
               expect(result1.token, newToken1);

     

       871
        
       

     

       872
        
               // Now update the mock for the second refresh

     

       873
       +
               when(

     

       874
       +
                 mockDio.post<Map<String, dynamic>>(

     

       875
       +
                   '/oauth/refresh',

     

       876
       +
                   data: anyNamed('data'),

     

       877
       +
                 ),

     

       878
       +
               ).thenAnswer(

     

       879
       +
                 (_) async => Response(

     

       880
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       881
       +
                   statusCode: 200,

     

       882
       +
                   data: {

     

       883
       +
                     'sealed_token': newToken2,

     

       884
       +
                     'access_token': 'some-access-token',

     

       885
       +
                   },

     

       886
       +
                 ),

     

       887
       +
               );

     

       888
        
       

     

       889
        
               // Act - Second refresh (should be allowed since first completed)

     

       890
        
               final result2 = await authService.refreshToken();

     
···

       893
        
               expect(result2.token, newToken2);

     

       894
        
       

     

       895
        
               // Verify two separate API calls were made

     

       896
       +
               verify(

     

       897
       +
                 mockDio.post<Map<String, dynamic>>(

     

       898
       +
                   '/oauth/refresh',

     

       899
       +
                   data: anyNamed('data'),

     

       900
       +
                 ),

     

       901
       +
               ).called(2);

     

       902
        
             });

     

       903
        
       

     

       904
        
             test('should allow new refresh after previous one fails', () async {

     
···

       908
        
                 did: 'did:plc:test123',

     

       909
        
                 sessionId: 'session-123',

     

       910
        
               );

     

       911
       +
               when(

     

       912
       +
                 mockStorage.read(key: storageKey),

     

       913
       +
               ).thenAnswer((_) async => initialSession.toJsonString());

     

       914
        
               await authService.restoreSession();

     

       915
        
       

     

       916
        
               // Mock first refresh to fail

     

       917
       +
               when(

     

       918
       +
                 mockDio.post<Map<String, dynamic>>(

     

       919
       +
                   '/oauth/refresh',

     

       920
       +
                   data: anyNamed('data'),

     

       921
       +
                 ),

     

       922
       +
               ).thenThrow(

     

       923
        
                 DioException(

     

       924
        
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       925
        
                   type: DioExceptionType.connectionError,

     
···

       943
        
       

     

       944
        
               // Now mock a successful second refresh

     

       945
        
               const newToken = 'new-token-after-retry';

     

       946
       +
               when(

     

       947
       +
                 mockDio.post<Map<String, dynamic>>(

     

       948
       +
                   '/oauth/refresh',

     

       949
       +
                   data: anyNamed('data'),

     

       950
       +
                 ),

     

       951
       +
               ).thenAnswer(

     

       952
       +
                 (_) async => Response(

     

       953
       +
                   requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       954
       +
                   statusCode: 200,

     

       955
       +
                   data: {

     

       956
       +
                     'sealed_token': newToken,

     

       957
       +
                     'access_token': 'some-access-token',

     

       958
       +
                   },

     

       959
       +
                 ),

     

       960
       +
               );

     

       961
        
       

     

       962
       +
               when(

     

       963
       +
                 mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       964
       +
               ).thenAnswer((_) async => {});

     

       965
        
       

     

       966
        
               // Act - Second refresh (should be allowed and succeed)

     

       967
        
               final result = await authService.refreshToken();

     
···

       970
        
               expect(result.token, newToken);

     

       971
        
       

     

       972
        
               // Verify two separate API calls were made

     

       973
       +
               verify(

     

       974
       +
                 mockDio.post<Map<String, dynamic>>(

     

       975
       +
                   '/oauth/refresh',

     

       976
       +
                   data: anyNamed('data'),

     

       977
       +
                 ),

     

       978
       +
               ).called(2);

     

       979
        
             });

     

       980
        
       

     

       981
        
             test(

     

       982
       +
               'should handle concurrent calls where one arrives after refresh completes',

     

       983
       +
               () async {

     

       984
       +
                 // Arrange - First restore a session

     

       985
       +
                 const initialSession = CovesSession(

     

       986
       +
                   token: 'old-token',

     

       987
       +
                   did: 'did:plc:test123',

     

       988
       +
                   sessionId: 'session-123',

     

       989
       +
                 );

     

       990
       +
                 when(

     

       991
       +
                   mockStorage.read(key: storageKey),

     

       992
       +
                 ).thenAnswer((_) async => initialSession.toJsonString());

     

       993
       +
                 await authService.restoreSession();

     

       994
        
       

     

       995
       +
                 const newToken1 = 'new-token-1';

     

       996
       +
                 const newToken2 = 'new-token-2';

     

       997
        
       

     

       998
       +
                 var callCount = 0;

     

       999
        
       

     

       1000
       +
                 // Mock refresh with different responses

     

       1001
       +
                 when(

     

       1002
       +
                   mockDio.post<Map<String, dynamic>>(

     

       1003
       +
                     '/oauth/refresh',

     

       1004
       +
                     data: anyNamed('data'),

     

       1005
       +
                   ),

     

       1006
       +
                 ).thenAnswer((_) async {

     

       1007
       +
                   callCount++;

     

       1008
       +
                   await Future.delayed(const Duration(milliseconds: 50));

     

       1009
       +
                   return Response(

     

       1010
       +
                     requestOptions: RequestOptions(path: '/oauth/refresh'),

     

       1011
       +
                     statusCode: 200,

     

       1012
       +
                     data: {

     

       1013
       +
                       'sealed_token': callCount == 1 ? newToken1 : newToken2,

     

       1014
       +
                       'access_token': 'some-access-token',

     

       1015
       +
                     },

     

       1016
       +
                   );

     

       1017
       +
                 });

     

       1018
        
       

     

       1019
       +
                 when(

     

       1020
       +
                   mockStorage.write(key: storageKey, value: anyNamed('value')),

     

       1021
       +
                 ).thenAnswer((_) async => {});

     

       1022
        
       

     

       1023
       +
                 // Act - Start first refresh

     

       1024
       +
                 final future1 = authService.refreshToken();

     

       1025
        
       

     

       1026
       +
                 // Wait for it to complete

     

       1027
       +
                 final result1 = await future1;

     

       1028
        
       

     

       1029
       +
                 // Start second refresh after first completes

     

       1030
       +
                 final result2 = await authService.refreshToken();

     

       1031
        
       

     

       1032
       +
                 // Assert

     

       1033
       +
                 expect(result1.token, newToken1);

     

       1034
       +
                 expect(result2.token, newToken2);

     

       1035
        
       

     

       1036
       +
                 // Verify two separate API calls were made

     

       1037
       +
                 verify(

     

       1038
       +
                   mockDio.post<Map<String, dynamic>>(

     

       1039
       +
                     '/oauth/refresh',

     

       1040
       +
                     data: anyNamed('data'),

     

       1041
       +
                   ),

     

       1042
       +
                 ).called(2);

     

       1043
       +
               },

     

       1044
       +
             );

     

       1045
        
           });

     

       1046
        
         });

     

       1047
        
       }

+178 -132

test/services/coves_auth_service_validation_test.dart

···

       30
        
         group('Handle Validation', () {

     

       31
        
           group('Valid inputs', () {

     

       32
        
             test('should accept standard handle format', () {

     

       33
       -
               final result =

     

       34
       -
                   authService.validateAndNormalizeHandle('alice.bsky.social');

     

       0
        
       
     

       35
        
               expect(result, 'alice.bsky.social');

     

       36
        
             });

     

       37
        
       

     

       38
        
             test('should accept handle with @ prefix and strip it', () {

     

       39
       -
               final result =

     

       40
       -
                   authService.validateAndNormalizeHandle('@alice.bsky.social');

     

       0
        
       
     

       41
        
               expect(result, 'alice.bsky.social');

     

       42
        
             });

     

       43
        
       

     

       44
       -
             test('should accept handle with leading/trailing whitespace and trim', () {

     

       45
       -
               final result =

     

       46
       -
                   authService.validateAndNormalizeHandle('  alice.bsky.social  ');

     

       47
       -
               expect(result, 'alice.bsky.social');

     

       48
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       49
        
       

     

       50
        
             test('should accept handle with hyphen in segment', () {

     

       51
       -
               final result =

     

       52
       -
                   authService.validateAndNormalizeHandle('alice-bob.bsky.social');

     

       0
        
       
     

       53
        
               expect(result, 'alice-bob.bsky.social');

     

       54
        
             });

     

       55
        
       

     

       56
        
             test('should accept handle with multiple hyphens', () {

     

       57
       -
               final result = authService

     

       58
       -
                   .validateAndNormalizeHandle('alice-bob-charlie.bsky-app.social');

     

       0
        
       
     

       59
        
               expect(result, 'alice-bob-charlie.bsky-app.social');

     

       60
        
             });

     

       61
        
       

     

       62
        
             test('should accept handle with multiple subdomains', () {

     

       63
       -
               final result = authService

     

       64
       -
                   .validateAndNormalizeHandle('alice.subdomain.example.com');

     

       0
        
       
     

       65
        
               expect(result, 'alice.subdomain.example.com');

     

       66
        
             });

     

       67
        
       

     

       68
        
             test('should accept handle with numbers', () {

     

       69
       -
               final result =

     

       70
       -
                   authService.validateAndNormalizeHandle('user123.bsky.social');

     

       0
        
       
     

       71
        
               expect(result, 'user123.bsky.social');

     

       72
        
             });

     

       73
        
       

     

       74
        
             test('should convert handle to lowercase', () {

     

       75
       -
               final result =

     

       76
       -
                   authService.validateAndNormalizeHandle('Alice.Bsky.Social');

     

       0
        
       
     

       77
        
               expect(result, 'alice.bsky.social');

     

       78
        
             });

     

       79
        
       

     

       80
       -
             test('should extract and validate handle from Bluesky profile URL (HTTP)', () {

     

       81
       -
               final result = authService.validateAndNormalizeHandle(

     

       82
       -
                   'http://bsky.app/profile/alice.bsky.social');

     

       83
       -
               expect(result, 'alice.bsky.social');

     

       84
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       85
        
       

     

       86
       -
             test('should extract and validate handle from Bluesky profile URL (HTTPS)', () {

     

       87
       -
               final result = authService.validateAndNormalizeHandle(

     

       88
       -
                   'https://bsky.app/profile/alice.bsky.social');

     

       89
       -
               expect(result, 'alice.bsky.social');

     

       90
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       91
        
       

     

       92
       -
             test('should extract and validate handle from Bluesky profile URL with www', () {

     

       93
       -
               final result = authService.validateAndNormalizeHandle(

     

       94
       -
                   'https://www.bsky.app/profile/alice.bsky.social');

     

       95
       -
               expect(result, 'alice.bsky.social');

     

       96
       -
             });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       97
        
       

     

       98
        
             test('should accept DID with plc method', () {

     

       99
       -
               final result =

     

       100
       -
                   authService.validateAndNormalizeHandle('did:plc:abc123def456');

     

       0
        
       
     

       101
        
               expect(result, 'did:plc:abc123def456');

     

       102
        
             });

     

       103
        
       

     

       104
        
             test('should accept DID with web method', () {

     

       105
       -
               final result =

     

       106
       -
                   authService.validateAndNormalizeHandle('did:web:example.com');

     

       0
        
       
     

       107
        
               expect(result, 'did:web:example.com');

     

       108
        
             });

     

       109
        
       

     

       110
        
             test('should accept DID with complex identifier', () {

     

       111
       -
               final result = authService

     

       112
       -
                   .validateAndNormalizeHandle('did:plc:z72i7hdynmk6r22z27h6tvur');

     

       0
        
       
     

       113
        
               expect(result, 'did:plc:z72i7hdynmk6r22z27h6tvur');

     

       114
        
             });

     

       115
        
       

     

       116
        
             test('should accept DID with periods and colons in identifier', () {

     

       117
       -
               final result = authService

     

       118
       -
                   .validateAndNormalizeHandle('did:web:example.com:user:alice');

     

       0
        
       
     

       119
        
               expect(result, 'did:web:example.com:user:alice');

     

       120
        
             });

     

       121
        
       

     
···

       125
        
             });

     

       126
        
       

     

       127
        
             test('should normalize handle with @ prefix and whitespace', () {

     

       128
       -
               final result =

     

       129
       -
                   authService.validateAndNormalizeHandle('  @Alice.Bsky.Social  ');

     

       0
        
       
     

       130
        
               expect(result, 'alice.bsky.social');

     

       131
        
             });

     

       132
        
       

     

       133
        
             test('should accept handle with numeric first segment', () {

     

       134
       -
               final result =

     

       135
       -
                   authService.validateAndNormalizeHandle('123.bsky.social');

     

       0
        
       
     

       136
        
               expect(result, '123.bsky.social');

     

       137
        
             });

     

       138
        
       

     

       139
        
             test('should accept handle with numeric middle segment', () {

     

       140
       -
               final result =

     

       141
       -
                   authService.validateAndNormalizeHandle('alice.456.social');

     

       0
        
       
     

       142
        
               expect(result, 'alice.456.social');

     

       143
        
             });

     

       144
        
       

     

       145
        
             test('should accept handle with multiple numeric segments', () {

     

       146
       -
               final result =

     

       147
       -
                   authService.validateAndNormalizeHandle('42.example.com');

     

       148
        
               expect(result, '42.example.com');

     

       149
        
             });

     

       150
        
       

     
···

       154
        
             });

     

       155
        
       

     

       156
        
             test('should accept handle with numeric and alpha mixed', () {

     

       157
       -
               final result =

     

       158
       -
                   authService.validateAndNormalizeHandle('8.cn');

     

       159
        
               expect(result, '8.cn');

     

       160
        
             });

     

       161
        
       

     

       162
        
             test('should accept handle like IP but with valid TLD', () {

     

       163
       -
               final result =

     

       164
       -
                   authService.validateAndNormalizeHandle('120.0.0.1.com');

     

       165
        
               expect(result, '120.0.0.1.com');

     

       166
        
             });

     

       167
        
           });

     
···

       259
        
               );

     

       260
        
             });

     

       261
        
       

     

       262
       -
             test('should throw ArgumentError for handle with consecutive periods', () {

     

       263
       -
               expect(

     

       264
       -
                 () => authService.validateAndNormalizeHandle('alice..bsky.social'),

     

       265
       -
                 throwsA(

     

       266
       -
                   predicate(

     

       267
       -
                     (e) =>

     

       268
       -
                         e is ArgumentError &&

     

       269
       -
                         (e.message.toString().contains('empty segments') ||

     

       270
       -
                             e.message.toString().contains('Invalid handle format')),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       271
        
                   ),

     

       272
       -
                 ),

     

       273
       -
               );

     

       274
       -
             });

     

       275
        
       

     

       276
        
             test('should throw ArgumentError for handle with spaces', () {

     

       277
        
               expect(

     
···

       338
        
               );

     

       339
        
             });

     

       340
        
       

     

       341
       -
             test('should throw ArgumentError for handle exceeding 253 characters', () {

     

       342
       -
               // Create a handle that's 254 characters long

     

       343
       -
               final longHandle = '${'a' * 240}.bsky.social';

     

       344
       -
               expect(

     

       345
       -
                 () => authService.validateAndNormalizeHandle(longHandle),

     

       346
       -
                 throwsA(

     

       347
       -
                   predicate(

     

       348
       -
                     (e) =>

     

       349
       -
                         e is ArgumentError &&

     

       350
       -
                         e.message.toString().contains('too long'),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       351
        
                   ),

     

       352
       -
                 ),

     

       353
       -
               );

     

       354
       -
             });

     

       355
        
       

     

       356
       -
             test('should throw ArgumentError for segment exceeding 63 characters', () {

     

       357
       -
               // DNS label limit is 63 characters per segment

     

       358
       -
               final longSegment = '${'a' * 64}.bsky.social';

     

       359
       -
               expect(

     

       360
       -
                 () => authService.validateAndNormalizeHandle(longSegment),

     

       361
       -
                 throwsA(

     

       362
       -
                   predicate(

     

       363
       -
                     (e) =>

     

       364
       -
                         e is ArgumentError &&

     

       365
       -
                         e.message.toString().contains('too long'),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       366
        
                   ),

     

       367
       -
                 ),

     

       368
       -
               );

     

       369
       -
             });

     

       370
        
       

     

       371
        
             test('should throw ArgumentError for TLD starting with digit', () {

     

       372
        
               expect(

     
···

       396
        
               );

     

       397
        
             });

     

       398
        
       

     

       399
       -
             test('should throw ArgumentError for IPv4 address (TLD starts with digit)', () {

     

       400
       -
               expect(

     

       401
       -
                 () => authService.validateAndNormalizeHandle('127.0.0.1'),

     

       402
       -
                 throwsA(

     

       403
       -
                   predicate(

     

       404
       -
                     (e) =>

     

       405
       -
                         e is ArgumentError &&

     

       406
       -
                         e.message.toString().contains('TLD') &&

     

       407
       -
                         e.message.toString().contains('cannot start with a digit'),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       408
        
                   ),

     

       409
       -
                 ),

     

       410
       -
               );

     

       411
       -
             });

     

       412
        
       

     

       413
        
             test('should throw ArgumentError for IPv4 address variant', () {

     

       414
        
               expect(

     
···

       427
        
       

     

       428
        
           group('DID Validation', () {

     

       429
        
             test('should accept valid plc DID', () {

     

       430
       -
               final result =

     

       431
       -
                   authService.validateAndNormalizeHandle('did:plc:abc123');

     

       432
        
               expect(result, 'did:plc:abc123');

     

       433
        
             });

     

       434
        
       

     

       435
        
             test('should accept valid web DID', () {

     

       436
       -
               final result =

     

       437
       -
                   authService.validateAndNormalizeHandle('did:web:example.com');

     

       0
        
       
     

       438
        
               expect(result, 'did:web:example.com');

     

       439
        
             });

     

       440
        
       

     

       441
        
             test('should accept DID with underscores in identifier', () {

     

       442
        
               // Underscores are allowed in the DID pattern (part of [a-zA-Z0-9._:%-]+)

     

       443
       -
               final result =

     

       444
       -
                   authService.validateAndNormalizeHandle('did:plc:abc_123');

     

       0
        
       
     

       445
        
               expect(result, 'did:plc:abc_123');

     

       446
        
             });

     

       447
        
       

     

       448
       -
             test('should throw ArgumentError for invalid DID with @ special chars', () {

     

       449
       -
               expect(

     

       450
       -
                 () => authService.validateAndNormalizeHandle('did:plc:abc@123'),

     

       451
       -
                 throwsA(

     

       452
       -
                   predicate(

     

       453
       -
                     (e) =>

     

       454
       -
                         e is ArgumentError &&

     

       455
       -
                         e.message.toString().contains('Invalid DID format'),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       456
        
                   ),

     

       457
       -
                 ),

     

       458
       -
               );

     

       459
       -
             });

     

       460
        
       

     

       461
        
             test('should throw ArgumentError for DID with uppercase method', () {

     

       462
        
               expect(

     
···

       484
        
               );

     

       485
        
             });

     

       486
        
       

     

       487
       -
             test('should throw ArgumentError for malformed DID (missing identifier)', () {

     

       488
       -
               expect(

     

       489
       -
                 () => authService.validateAndNormalizeHandle('did:plc'),

     

       490
       -
                 throwsA(

     

       491
       -
                   predicate(

     

       492
       -
                     (e) =>

     

       493
       -
                         e is ArgumentError &&

     

       494
       -
                         e.message.toString().contains('Invalid DID format'),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       495
        
                   ),

     

       496
       -
                 ),

     

       497
       -
               );

     

       498
       -
             });

     

       499
        
       

     

       500
        
             test('should throw ArgumentError for malformed DID (missing method)', () {

     

       501
        
               expect(

···

       30
        
         group('Handle Validation', () {

     

       31
        
           group('Valid inputs', () {

     

       32
        
             test('should accept standard handle format', () {

     

       33
       +
               final result = authService.validateAndNormalizeHandle(

     

       34
       +
                 'alice.bsky.social',

     

       35
       +
               );

     

       36
        
               expect(result, 'alice.bsky.social');

     

       37
        
             });

     

       38
        
       

     

       39
        
             test('should accept handle with @ prefix and strip it', () {

     

       40
       +
               final result = authService.validateAndNormalizeHandle(

     

       41
       +
                 '@alice.bsky.social',

     

       42
       +
               );

     

       43
        
               expect(result, 'alice.bsky.social');

     

       44
        
             });

     

       45
        
       

     

       46
       +
             test(

     

       47
       +
               'should accept handle with leading/trailing whitespace and trim',

     

       48
       +
               () {

     

       49
       +
                 final result = authService.validateAndNormalizeHandle(

     

       50
       +
                   '  alice.bsky.social  ',

     

       51
       +
                 );

     

       52
       +
                 expect(result, 'alice.bsky.social');

     

       53
       +
               },

     

       54
       +
             );

     

       55
        
       

     

       56
        
             test('should accept handle with hyphen in segment', () {

     

       57
       +
               final result = authService.validateAndNormalizeHandle(

     

       58
       +
                 'alice-bob.bsky.social',

     

       59
       +
               );

     

       60
        
               expect(result, 'alice-bob.bsky.social');

     

       61
        
             });

     

       62
        
       

     

       63
        
             test('should accept handle with multiple hyphens', () {

     

       64
       +
               final result = authService.validateAndNormalizeHandle(

     

       65
       +
                 'alice-bob-charlie.bsky-app.social',

     

       66
       +
               );

     

       67
        
               expect(result, 'alice-bob-charlie.bsky-app.social');

     

       68
        
             });

     

       69
        
       

     

       70
        
             test('should accept handle with multiple subdomains', () {

     

       71
       +
               final result = authService.validateAndNormalizeHandle(

     

       72
       +
                 'alice.subdomain.example.com',

     

       73
       +
               );

     

       74
        
               expect(result, 'alice.subdomain.example.com');

     

       75
        
             });

     

       76
        
       

     

       77
        
             test('should accept handle with numbers', () {

     

       78
       +
               final result = authService.validateAndNormalizeHandle(

     

       79
       +
                 'user123.bsky.social',

     

       80
       +
               );

     

       81
        
               expect(result, 'user123.bsky.social');

     

       82
        
             });

     

       83
        
       

     

       84
        
             test('should convert handle to lowercase', () {

     

       85
       +
               final result = authService.validateAndNormalizeHandle(

     

       86
       +
                 'Alice.Bsky.Social',

     

       87
       +
               );

     

       88
        
               expect(result, 'alice.bsky.social');

     

       89
        
             });

     

       90
        
       

     

       91
       +
             test(

     

       92
       +
               'should extract and validate handle from Bluesky profile URL (HTTP)',

     

       93
       +
               () {

     

       94
       +
                 final result = authService.validateAndNormalizeHandle(

     

       95
       +
                   'http://bsky.app/profile/alice.bsky.social',

     

       96
       +
                 );

     

       97
       +
                 expect(result, 'alice.bsky.social');

     

       98
       +
               },

     

       99
       +
             );

     

       100
        
       

     

       101
       +
             test(

     

       102
       +
               'should extract and validate handle from Bluesky profile URL (HTTPS)',

     

       103
       +
               () {

     

       104
       +
                 final result = authService.validateAndNormalizeHandle(

     

       105
       +
                   'https://bsky.app/profile/alice.bsky.social',

     

       106
       +
                 );

     

       107
       +
                 expect(result, 'alice.bsky.social');

     

       108
       +
               },

     

       109
       +
             );

     

       110
        
       

     

       111
       +
             test(

     

       112
       +
               'should extract and validate handle from Bluesky profile URL with www',

     

       113
       +
               () {

     

       114
       +
                 final result = authService.validateAndNormalizeHandle(

     

       115
       +
                   'https://www.bsky.app/profile/alice.bsky.social',

     

       116
       +
                 );

     

       117
       +
                 expect(result, 'alice.bsky.social');

     

       118
       +
               },

     

       119
       +
             );

     

       120
        
       

     

       121
        
             test('should accept DID with plc method', () {

     

       122
       +
               final result = authService.validateAndNormalizeHandle(

     

       123
       +
                 'did:plc:abc123def456',

     

       124
       +
               );

     

       125
        
               expect(result, 'did:plc:abc123def456');

     

       126
        
             });

     

       127
        
       

     

       128
        
             test('should accept DID with web method', () {

     

       129
       +
               final result = authService.validateAndNormalizeHandle(

     

       130
       +
                 'did:web:example.com',

     

       131
       +
               );

     

       132
        
               expect(result, 'did:web:example.com');

     

       133
        
             });

     

       134
        
       

     

       135
        
             test('should accept DID with complex identifier', () {

     

       136
       +
               final result = authService.validateAndNormalizeHandle(

     

       137
       +
                 'did:plc:z72i7hdynmk6r22z27h6tvur',

     

       138
       +
               );

     

       139
        
               expect(result, 'did:plc:z72i7hdynmk6r22z27h6tvur');

     

       140
        
             });

     

       141
        
       

     

       142
        
             test('should accept DID with periods and colons in identifier', () {

     

       143
       +
               final result = authService.validateAndNormalizeHandle(

     

       144
       +
                 'did:web:example.com:user:alice',

     

       145
       +
               );

     

       146
        
               expect(result, 'did:web:example.com:user:alice');

     

       147
        
             });

     

       148
        
       

     
···

       152
        
             });

     

       153
        
       

     

       154
        
             test('should normalize handle with @ prefix and whitespace', () {

     

       155
       +
               final result = authService.validateAndNormalizeHandle(

     

       156
       +
                 '  @Alice.Bsky.Social  ',

     

       157
       +
               );

     

       158
        
               expect(result, 'alice.bsky.social');

     

       159
        
             });

     

       160
        
       

     

       161
        
             test('should accept handle with numeric first segment', () {

     

       162
       +
               final result = authService.validateAndNormalizeHandle(

     

       163
       +
                 '123.bsky.social',

     

       164
       +
               );

     

       165
        
               expect(result, '123.bsky.social');

     

       166
        
             });

     

       167
        
       

     

       168
        
             test('should accept handle with numeric middle segment', () {

     

       169
       +
               final result = authService.validateAndNormalizeHandle(

     

       170
       +
                 'alice.456.social',

     

       171
       +
               );

     

       172
        
               expect(result, 'alice.456.social');

     

       173
        
             });

     

       174
        
       

     

       175
        
             test('should accept handle with multiple numeric segments', () {

     

       176
       +
               final result = authService.validateAndNormalizeHandle('42.example.com');

     

       0
        
       
     

       177
        
               expect(result, '42.example.com');

     

       178
        
             });

     

       179
        
       

     
···

       183
        
             });

     

       184
        
       

     

       185
        
             test('should accept handle with numeric and alpha mixed', () {

     

       186
       +
               final result = authService.validateAndNormalizeHandle('8.cn');

     

       0
        
       
     

       187
        
               expect(result, '8.cn');

     

       188
        
             });

     

       189
        
       

     

       190
        
             test('should accept handle like IP but with valid TLD', () {

     

       191
       +
               final result = authService.validateAndNormalizeHandle('120.0.0.1.com');

     

       0
        
       
     

       192
        
               expect(result, '120.0.0.1.com');

     

       193
        
             });

     

       194
        
           });

     
···

       286
        
               );

     

       287
        
             });

     

       288
        
       

     

       289
       +
             test(

     

       290
       +
               'should throw ArgumentError for handle with consecutive periods',

     

       291
       +
               () {

     

       292
       +
                 expect(

     

       293
       +
                   () => authService.validateAndNormalizeHandle('alice..bsky.social'),

     

       294
       +
                   throwsA(

     

       295
       +
                     predicate(

     

       296
       +
                       (e) =>

     

       297
       +
                           e is ArgumentError &&

     

       298
       +
                           (e.message.toString().contains('empty segments') ||

     

       299
       +
                               e.message.toString().contains('Invalid handle format')),

     

       300
       +
                     ),

     

       301
        
                   ),

     

       302
       +
                 );

     

       303
       +
               },

     

       304
       +
             );

     

       305
        
       

     

       306
        
             test('should throw ArgumentError for handle with spaces', () {

     

       307
        
               expect(

     
···

       368
        
               );

     

       369
        
             });

     

       370
        
       

     

       371
       +
             test(

     

       372
       +
               'should throw ArgumentError for handle exceeding 253 characters',

     

       373
       +
               () {

     

       374
       +
                 // Create a handle that's 254 characters long

     

       375
       +
                 final longHandle = '${'a' * 240}.bsky.social';

     

       376
       +
                 expect(

     

       377
       +
                   () => authService.validateAndNormalizeHandle(longHandle),

     

       378
       +
                   throwsA(

     

       379
       +
                     predicate(

     

       380
       +
                       (e) =>

     

       381
       +
                           e is ArgumentError &&

     

       382
       +
                           e.message.toString().contains('too long'),

     

       383
       +
                     ),

     

       384
        
                   ),

     

       385
       +
                 );

     

       386
       +
               },

     

       387
       +
             );

     

       388
        
       

     

       389
       +
             test(

     

       390
       +
               'should throw ArgumentError for segment exceeding 63 characters',

     

       391
       +
               () {

     

       392
       +
                 // DNS label limit is 63 characters per segment

     

       393
       +
                 final longSegment = '${'a' * 64}.bsky.social';

     

       394
       +
                 expect(

     

       395
       +
                   () => authService.validateAndNormalizeHandle(longSegment),

     

       396
       +
                   throwsA(

     

       397
       +
                     predicate(

     

       398
       +
                       (e) =>

     

       399
       +
                           e is ArgumentError &&

     

       400
       +
                           e.message.toString().contains('too long'),

     

       401
       +
                     ),

     

       402
        
                   ),

     

       403
       +
                 );

     

       404
       +
               },

     

       405
       +
             );

     

       406
        
       

     

       407
        
             test('should throw ArgumentError for TLD starting with digit', () {

     

       408
        
               expect(

     
···

       432
        
               );

     

       433
        
             });

     

       434
        
       

     

       435
       +
             test(

     

       436
       +
               'should throw ArgumentError for IPv4 address (TLD starts with digit)',

     

       437
       +
               () {

     

       438
       +
                 expect(

     

       439
       +
                   () => authService.validateAndNormalizeHandle('127.0.0.1'),

     

       440
       +
                   throwsA(

     

       441
       +
                     predicate(

     

       442
       +
                       (e) =>

     

       443
       +
                           e is ArgumentError &&

     

       444
       +
                           e.message.toString().contains('TLD') &&

     

       445
       +
                           e.message.toString().contains('cannot start with a digit'),

     

       446
       +
                     ),

     

       447
        
                   ),

     

       448
       +
                 );

     

       449
       +
               },

     

       450
       +
             );

     

       451
        
       

     

       452
        
             test('should throw ArgumentError for IPv4 address variant', () {

     

       453
        
               expect(

     
···

       466
        
       

     

       467
        
           group('DID Validation', () {

     

       468
        
             test('should accept valid plc DID', () {

     

       469
       +
               final result = authService.validateAndNormalizeHandle('did:plc:abc123');

     

       0
        
       
     

       470
        
               expect(result, 'did:plc:abc123');

     

       471
        
             });

     

       472
        
       

     

       473
        
             test('should accept valid web DID', () {

     

       474
       +
               final result = authService.validateAndNormalizeHandle(

     

       475
       +
                 'did:web:example.com',

     

       476
       +
               );

     

       477
        
               expect(result, 'did:web:example.com');

     

       478
        
             });

     

       479
        
       

     

       480
        
             test('should accept DID with underscores in identifier', () {

     

       481
        
               // Underscores are allowed in the DID pattern (part of [a-zA-Z0-9._:%-]+)

     

       482
       +
               final result = authService.validateAndNormalizeHandle(

     

       483
       +
                 'did:plc:abc_123',

     

       484
       +
               );

     

       485
        
               expect(result, 'did:plc:abc_123');

     

       486
        
             });

     

       487
        
       

     

       488
       +
             test(

     

       489
       +
               'should throw ArgumentError for invalid DID with @ special chars',

     

       490
       +
               () {

     

       491
       +
                 expect(

     

       492
       +
                   () => authService.validateAndNormalizeHandle('did:plc:abc@123'),

     

       493
       +
                   throwsA(

     

       494
       +
                     predicate(

     

       495
       +
                       (e) =>

     

       496
       +
                           e is ArgumentError &&

     

       497
       +
                           e.message.toString().contains('Invalid DID format'),

     

       498
       +
                     ),

     

       499
        
                   ),

     

       500
       +
                 );

     

       501
       +
               },

     

       502
       +
             );

     

       503
        
       

     

       504
        
             test('should throw ArgumentError for DID with uppercase method', () {

     

       505
        
               expect(

     
···

       527
        
               );

     

       528
        
             });

     

       529
        
       

     

       530
       +
             test(

     

       531
       +
               'should throw ArgumentError for malformed DID (missing identifier)',

     

       532
       +
               () {

     

       533
       +
                 expect(

     

       534
       +
                   () => authService.validateAndNormalizeHandle('did:plc'),

     

       535
       +
                   throwsA(

     

       536
       +
                     predicate(

     

       537
       +
                       (e) =>

     

       538
       +
                           e is ArgumentError &&

     

       539
       +
                           e.message.toString().contains('Invalid DID format'),

     

       540
       +
                     ),

     

       541
        
                   ),

     

       542
       +
                 );

     

       543
       +
               },

     

       544
       +
             );

     

       545
        
       

     

       546
        
             test('should throw ArgumentError for malformed DID (missing method)', () {

     

       547
        
               expect(

+52 -67

test/services/vote_service_token_refresh_test.dart

···

       90
        
                 'message': 'Token expired',

     

       91
        
               }),

     

       92
        
               data: {

     

       93
       -
                 'subject': {

     

       94
       -
                   'uri': postUri,

     

       95
       -
                   'cid': postCid,

     

       96
       -
                 },

     

       97
        
                 'direction': 'up',

     

       98
        
               },

     

       99
        
             );

     
···

       136
        
                 'message': 'Token expired',

     

       137
        
               }),

     

       138
        
               data: {

     

       139
       -
                 'subject': {

     

       140
       -
                   'uri': postUri,

     

       141
       -
                   'cid': postCid,

     

       142
       -
                 },

     

       143
        
                 'direction': 'up',

     

       144
        
               },

     

       145
        
             );

     
···

       164
        
             expect(signOutCallCount, 1);

     

       165
        
           });

     

       166
        
       

     

       167
       -
           test('should handle 401 gracefully when no refresher is provided',

     

       168
       -
               () async {

     

       169
       -
             // Create a NEW dio instance to avoid sharing interceptors

     

       170
       -
             final dioNoRefresh = Dio(BaseOptions(baseUrl: 'https://api.test.coves.social'));

     

       171
       -
             final dioAdapterNoRefresh = DioAdapter(dio: dioNoRefresh);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       172
        
       

     

       173
       -
             // Create vote service without refresh capability

     

       174
       -
             final voteServiceNoRefresh = VoteService(

     

       175
       -
               dio: dioNoRefresh,

     

       176
       -
               sessionGetter: mockSessionGetter,

     

       177
       -
               didGetter: mockDidGetter,

     

       178
       -
               // No tokenRefresher provided

     

       179
       -
               // No signOutHandler provided

     

       180
       -
             );

     

       181
        
       

     

       182
       -
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       183
       -
             const postCid = 'bafy123';

     

       184
        
       

     

       185
       -
             // Request returns 401

     

       186
       -
             dioAdapterNoRefresh.onPost(

     

       187
       -
               '/xrpc/social.coves.feed.vote.create',

     

       188
       -
               (server) => server.reply(401, {

     

       189
       -
                 'error': 'Unauthorized',

     

       190
       -
                 'message': 'Token expired',

     

       191
       -
               }),

     

       192
       -
               data: {

     

       193
       -
                 'subject': {

     

       194
       -
                   'uri': postUri,

     

       195
       -
                   'cid': postCid,

     

       196
        
                 },

     

       197
       -
                 'direction': 'up',

     

       198
       -
               },

     

       199
       -
             );

     

       200
        
       

     

       201
       -
             // Make the request and expect it to fail

     

       202
       -
             expect(

     

       203
       -
               () => voteServiceNoRefresh.createVote(

     

       204
       -
                 postUri: postUri,

     

       205
       -
                 postCid: postCid,

     

       206
       -
                 direction: 'up',

     

       207
       -
               ),

     

       208
       -
               throwsA(isA<Exception>()),

     

       209
       -
             );

     

       210
        
       

     

       211
       -
             // Wait for async operations

     

       212
       -
             await Future.delayed(const Duration(milliseconds: 100));

     

       213
        
       

     

       214
       -
             // Verify refresh was NOT called (no refresher provided)

     

       215
       -
             expect(tokenRefreshCallCount, 0);

     

       216
        
       

     

       217
       -
             // Verify sign-out was NOT called (no handler provided)

     

       218
       -
             expect(signOutCallCount, 0);

     

       219
       -
           });

     

       0
        
       
     

       220
        
       

     

       221
        
           test('should handle non-401 errors normally without refresh', () async {

     

       222
        
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     
···

       230
        
                 'message': 'Database connection failed',

     

       231
        
               }),

     

       232
        
               data: {

     

       233
       -
                 'subject': {

     

       234
       -
                   'uri': postUri,

     

       235
       -
                   'cid': postCid,

     

       236
       -
                 },

     

       237
        
                 'direction': 'up',

     

       238
        
               },

     

       239
        
             );

     
···

       268
        
                 'error': 'Unauthorized',

     

       269
        
                 'message': 'Token expired',

     

       270
        
               }),

     

       271
       -
               data: {

     

       272
       -
                 'rkey': rkey,

     

       273
       -
               },

     

       274
        
             );

     

       275
        
       

     

       276
        
             // Create vote with existing vote (will trigger delete)

     
···

       338
        
                 'cid': 'bafy456',

     

       339
        
               }),

     

       340
        
               data: {

     

       341
       -
                 'subject': {

     

       342
       -
                   'uri': postUri,

     

       343
       -
                   'cid': postCid,

     

       344
       -
                 },

     

       345
        
                 'direction': 'up',

     

       346
        
               },

     

       347
        
             );

     
···

       364
        
             dioAdapter.onPost(

     

       365
        
               '/xrpc/social.coves.feed.vote.delete',

     

       366
        
               (server) => server.reply(200, {}),

     

       367
       -
               data: {

     

       368
       -
                 'rkey': 'xyz',

     

       369
       -
               },

     

       370
        
             );

     

       371
        
       

     

       372
        
             // Make second request (delete vote)

···

       90
        
                 'message': 'Token expired',

     

       91
        
               }),

     

       92
        
               data: {

     

       93
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       94
        
                 'direction': 'up',

     

       95
        
               },

     

       96
        
             );

     
···

       133
        
                 'message': 'Token expired',

     

       134
        
               }),

     

       135
        
               data: {

     

       136
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       137
        
                 'direction': 'up',

     

       138
        
               },

     

       139
        
             );

     
···

       158
        
             expect(signOutCallCount, 1);

     

       159
        
           });

     

       160
        
       

     

       161
       +
           test(

     

       162
       +
             'should handle 401 gracefully when no refresher is provided',

     

       163
       +
             () async {

     

       164
       +
               // Create a NEW dio instance to avoid sharing interceptors

     

       165
       +
               final dioNoRefresh = Dio(

     

       166
       +
                 BaseOptions(baseUrl: 'https://api.test.coves.social'),

     

       167
       +
               );

     

       168
       +
               final dioAdapterNoRefresh = DioAdapter(dio: dioNoRefresh);

     

       169
        
       

     

       170
       +
               // Create vote service without refresh capability

     

       171
       +
               final voteServiceNoRefresh = VoteService(

     

       172
       +
                 dio: dioNoRefresh,

     

       173
       +
                 sessionGetter: mockSessionGetter,

     

       174
       +
                 didGetter: mockDidGetter,

     

       175
       +
                 // No tokenRefresher provided

     

       176
       +
                 // No signOutHandler provided

     

       177
       +
               );

     

       178
        
       

     

       179
       +
               const postUri = 'at://did:plc:test/social.coves.post.record/123';

     

       180
       +
               const postCid = 'bafy123';

     

       181
        
       

     

       182
       +
               // Request returns 401

     

       183
       +
               dioAdapterNoRefresh.onPost(

     

       184
       +
                 '/xrpc/social.coves.feed.vote.create',

     

       185
       +
                 (server) => server.reply(401, {

     

       186
       +
                   'error': 'Unauthorized',

     

       187
       +
                   'message': 'Token expired',

     

       188
       +
                 }),

     

       189
       +
                 data: {

     

       190
       +
                   'subject': {'uri': postUri, 'cid': postCid},

     

       191
       +
                   'direction': 'up',

     

       0
        
       
     

       192
        
                 },

     

       193
       +
               );

     

       0
        
       
     

       0
        
       
     

       194
        
       

     

       195
       +
               // Make the request and expect it to fail

     

       196
       +
               expect(

     

       197
       +
                 () => voteServiceNoRefresh.createVote(

     

       198
       +
                   postUri: postUri,

     

       199
       +
                   postCid: postCid,

     

       200
       +
                   direction: 'up',

     

       201
       +
                 ),

     

       202
       +
                 throwsA(isA<Exception>()),

     

       203
       +
               );

     

       204
        
       

     

       205
       +
               // Wait for async operations

     

       206
       +
               await Future.delayed(const Duration(milliseconds: 100));

     

       207
        
       

     

       208
       +
               // Verify refresh was NOT called (no refresher provided)

     

       209
       +
               expect(tokenRefreshCallCount, 0);

     

       210
        
       

     

       211
       +
               // Verify sign-out was NOT called (no handler provided)

     

       212
       +
               expect(signOutCallCount, 0);

     

       213
       +
             },

     

       214
       +
           );

     

       215
        
       

     

       216
        
           test('should handle non-401 errors normally without refresh', () async {

     

       217
        
             const postUri = 'at://did:plc:test/social.coves.post.record/123';

     
···

       225
        
                 'message': 'Database connection failed',

     

       226
        
               }),

     

       227
        
               data: {

     

       228
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       229
        
                 'direction': 'up',

     

       230
        
               },

     

       231
        
             );

     
···

       260
        
                 'error': 'Unauthorized',

     

       261
        
                 'message': 'Token expired',

     

       262
        
               }),

     

       263
       +
               data: {'rkey': rkey},

     

       0
        
       
     

       0
        
       
     

       264
        
             );

     

       265
        
       

     

       266
        
             // Create vote with existing vote (will trigger delete)

     
···

       328
        
                 'cid': 'bafy456',

     

       329
        
               }),

     

       330
        
               data: {

     

       331
       +
                 'subject': {'uri': postUri, 'cid': postCid},

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       332
        
                 'direction': 'up',

     

       333
        
               },

     

       334
        
             );

     
···

       351
        
             dioAdapter.onPost(

     

       352
        
               '/xrpc/social.coves.feed.vote.delete',

     

       353
        
               (server) => server.reply(200, {}),

     

       354
       +
               data: {'rkey': 'xyz'},

     

       0
        
       
     

       0
        
       
     

       355
        
             );

     

       356
        
       

     

       357
        
             // Make second request (delete vote)