fix(auth): cancel OAuth callback server when flow is aborted

Add AbortSignal support to startCallbackServer and loginAnthropicOAuth so that pressing Ctrl+C during the browser OAuth flow immediately closes the HTTP server and 5-minute timer instead of leaving the process hung. Wire up an AbortController in the TUI browser OAuth path so the cancel callback aborts the signal on Ctrl+C. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-26 11:51:27 -08:00
parent dfc7fbe3b9
commit a00451a690
3 changed files with 37 additions and 7 deletions
@@ -132,6 +132,15 @@ describe('startCallbackServer', () => {
    await expect(waitForCode).rejects.toThrow(/timed out/i);
  });

+  it('startCallbackServer rejects when signal is aborted', async () => {
+    vi.resetModules();
+    const { startCallbackServer } = await import('./anthropic.js');
+    const controller = new AbortController();
+    const { waitForCode } = await startCallbackServer(5000, controller.signal);
+    controller.abort();
+    await expect(waitForCode).rejects.toThrow(/cancelled/);
+  });
+
  it('returns 404 for non-callback paths', async () => {
    vi.resetModules();
    const { startCallbackServer } = await import('./anthropic.js');
@@ -193,7 +202,7 @@ describe('loginAnthropicOAuth and exchangeCodeForToken', () => {
      const parsedUrl = new URL(url);
      const state = parsedUrl.searchParams.get('state')!;
      resolveCb({ code: 'auth-code-123', state });
-    }, mockStartServer);
+    }, undefined, mockStartServer);

    const token = await flowPromise;

@@ -225,7 +234,7 @@ describe('loginAnthropicOAuth and exchangeCodeForToken', () => {
    });

    await expect(
-      loginAnthropicOAuth(() => undefined, mockStartServer),
+      loginAnthropicOAuth(() => undefined, undefined, mockStartServer),
    ).rejects.toThrow('state mismatch');
  });