test(auth): add unit tests for rcTokenHint host-matching logic

betegon · claude · betegon · commit 9aee1263f518 · 2026-05-18T22:21:02.000+02:00
Covers the five branches that were implicated in review bugs:
no token, SaaS match, self-hosted rc URL match, rc URL mismatch,
and bare SaaS token against a self-hosted host.

Co-Authored-By: Claude Sonnet 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/commands/auth/login.ts b/src/commands/auth/login.ts
@@ -181,7 +181,8 @@ async function resolveRcContext(
  * no URL is set in the rc file (global SaaS token) or the rc URL matches
  * effectiveHost. A mismatched URL means the token is for a different instance.
  */
-function rcTokenHint(
+/** @internal exported for testing */
+export function rcTokenHint(
   rcConfig: SentryCliRcConfig,
   effectiveHost: string
 ): string | undefined {
diff --git a/test/commands/auth/login.test.ts b/test/commands/auth/login.test.ts
@@ -79,6 +79,7 @@ mock.module("../../../src/lib/logger.js", () => ({
 // Dynamic import: must run AFTER mock.module() so login.ts picks up fakeLog.
 const { loginCommand } = await import("../../../src/commands/auth/login.js");
 
+import { rcTokenHint } from "../../../src/commands/auth/login.js";
 // biome-ignore lint/performance/noNamespaceImport: needed for spyOn mocking
 import * as apiClient from "../../../src/lib/api-client.js";
 // biome-ignore lint/performance/noNamespaceImport: needed for spyOn mocking
@@ -88,6 +89,7 @@ import * as dbUser from "../../../src/lib/db/user.js";
 import { AuthError } from "../../../src/lib/errors.js";
 // biome-ignore lint/performance/noNamespaceImport: needed for spyOn mocking
 import * as interactiveLogin from "../../../src/lib/interactive-login.js";
+import type { SentryCliRcConfig } from "../../../src/lib/sentryclirc.js";
 
 type LoginFlags = {
   readonly token?: string;
@@ -780,3 +782,52 @@ describe("applyLoginUrl (trust anchor registration)", () => {
     ).toBe(false);
   });
 });
+
+function makeRcConfig(
+  token: string | undefined,
+  url?: string
+): SentryCliRcConfig {
+  return {
+    token,
+    url,
+    sources: { token: token ? "~/.sentryclirc" : undefined },
+  };
+}
+
+describe("rcTokenHint", () => {
+  test("no token → no hint", () => {
+    expect(
+      rcTokenHint(makeRcConfig(undefined), "https://sentry.io")
+    ).toBeUndefined();
+  });
+
+  test("SaaS host, no rc URL → hint without --url", () => {
+    const hint = rcTokenHint(makeRcConfig("sntrys_abc"), "https://sentry.io");
+    expect(hint).toContain("sentry auth login --token <token>");
+    expect(hint).not.toContain("--url");
+  });
+
+  test("self-hosted, rc URL matches → hint includes --url", () => {
+    const hint = rcTokenHint(
+      makeRcConfig("sntrys_abc", "https://self.example.com"),
+      "https://self.example.com"
+    );
+    expect(hint).toContain("--url https://self.example.com");
+  });
+
+  test("self-hosted, rc URL mismatches → no hint (token is for a different instance)", () => {
+    const hint = rcTokenHint(
+      makeRcConfig("sntrys_abc", "https://other.example.com"),
+      "https://self.example.com"
+    );
+    expect(hint).toBeUndefined();
+  });
+
+  test("self-hosted, no rc URL → no hint (bare SaaS token shouldn't be suggested for self-hosted)", () => {
+    const hint = rcTokenHint(
+      makeRcConfig("sntrys_abc"),
+      "https://self.example.com"
+    );
+    expect(hint).toBeUndefined();
+  });
+});
