@app-connect/core 1.7.20 → 1.7.22

package/test/index.test.js

@@ -0,0 +1,105 @@
+const express = require('express');
+const request = require('supertest');
+
+jest.mock('../lib/jwt', () => ({
+  decodeJwt: jest.fn(),
+  generateJwt: jest.fn(),
+}));
+jest.mock('../handlers/auth', () => ({
+  authValidation: jest.fn(),
+}));
+jest.mock('../lib/analytics', () => ({
+  init: jest.fn(),
+  track: jest.fn(),
+}));
+
+const jwt = require('../lib/jwt');
+const authCore = require('../handlers/auth');
+const { createCoreRouter, createCoreMiddleware } = require('../index');
+
+function buildApp() {
+  const app = express();
+  createCoreMiddleware().forEach((m) => app.use(m));
+  app.use('/', createCoreRouter());
+  return app;
+}
+
+describe('Core Router JWT normalization', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should accept query jwtToken without refreshing it', async () => {
+    jwt.decodeJwt.mockReturnValue({ id: 'user-1', platform: 'testCRM' });
+    authCore.authValidation.mockResolvedValue({
+      successful: true,
+      returnMessage: { message: 'ok' },
+      failReason: null,
+      status: 200,
+    });
+    const app = buildApp();
+
+    const response = await request(app).get('/authValidation?jwtToken=query-token');
+
+    expect(response.status).toBe(200);
+    expect(response.headers['x-refreshed-jwt-token']).toBeUndefined();
+    expect(authCore.authValidation).toHaveBeenCalledWith({
+      platform: 'testCRM',
+      userId: 'user-1',
+    });
+    expect(jwt.generateJwt).not.toHaveBeenCalled();
+  });
+
+  test('should refresh near-expiry bearer token and expose header', async () => {
+    const nowMs = 1700000000000;
+    const nowSeconds = Math.floor(nowMs / 1000);
+    const nowSpy = jest.spyOn(Date, 'now').mockReturnValue(nowMs);
+    jwt.decodeJwt.mockImplementation((token) => {
+      if (token === 'old-token') {
+        return { id: 'user-1', platform: 'testCRM', exp: nowSeconds + 60 };
+      }
+      if (token === 'new-token') {
+        return { id: 'user-1', platform: 'testCRM', exp: nowSeconds + (14 * 24 * 60 * 60) };
+      }
+      return null;
+    });
+    jwt.generateJwt.mockReturnValue('new-token');
+    const app = buildApp();
+
+    const response = await request(app)
+      .get('/isAlive')
+      .set('Authorization', 'Bearer old-token')
+      .set('Origin', 'https://example.com');
+
+    expect(response.status).toBe(200);
+    expect(response.headers['x-refreshed-jwt-token']).toBe('new-token');
+    expect(response.headers['access-control-expose-headers']).toContain('x-refreshed-jwt-token');
+    expect(jwt.generateJwt).toHaveBeenCalledWith({ id: 'user-1', platform: 'testCRM' });
+    nowSpy.mockRestore();
+  });
+
+  test('should treat invalid bearer token as unauthenticated for authValidation route', async () => {
+    jwt.decodeJwt.mockReturnValue(null);
+    const app = buildApp();
+
+    const response = await request(app)
+      .get('/authValidation?jwtToken=query-token')
+      .set('Authorization', 'Bearer invalid-token');
+
+    expect(response.status).toBe(400);
+    expect(response.text).toContain('authorize CRM platform');
+    expect(authCore.authValidation).not.toHaveBeenCalled();
+  });
+
+  test('should bypass normalization for /mcp routes', async () => {
+    const app = buildApp();
+
+    const response = await request(app)
+      .get('/mcp')
+      .set('Authorization', 'Bearer maybe-token');
+
+    expect(response.status).toBe(404);
+    expect(jwt.decodeJwt).not.toHaveBeenCalled();
+  });
+});
+

package/test/lib/jwt.test.js

@@ -35,6 +35,21 @@ describe('JWT Utility', () => {
       // Assert
       expect(token1).not.toBe(token2);
     });
+
+    test('should generate token with about 2 weeks lifetime', () => {
+      // Arrange
+      const payload = { id: 'user-ttl', platform: 'testCRM' };
+
+      // Act
+      const token = jwt.generateJwt(payload);
+      const decoded = jwt.decodeJwt(token);
+      const lifetimeSeconds = decoded.exp - decoded.iat;
+
+      // Assert
+      // Keep a tiny tolerance to avoid timing flakiness.
+      expect(lifetimeSeconds).toBeGreaterThanOrEqual((14 * 24 * 60 * 60) - 2);
+      expect(lifetimeSeconds).toBeLessThanOrEqual((14 * 24 * 60 * 60) + 2);
+    });
   });
 
   describe('decodeJwt', () => {

package/test/mcp/tools/createCallLog.test.js

@@ -292,6 +292,17 @@ describe('MCP Tool: createCallLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+      const result = await createCallLog.execute({
+        jwtToken: 'invalid-token',
+        incomingData: { logInfo: { sessionId: 'session-123' } }
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       const mockIncomingData = {

package/test/mcp/tools/createContact.test.js

@@ -0,0 +1,58 @@
+const createContact = require('../../../mcp/tools/createContact');
+const jwt = require('../../../lib/jwt');
+const connectorRegistry = require('../../../connector/registry');
+const contactCore = require('../../../handlers/contact');
+
+jest.mock('../../../lib/jwt');
+jest.mock('../../../connector/registry');
+jest.mock('../../../handlers/contact');
+
+describe('MCP Tool: createContact', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should have correct tool definition', () => {
+    expect(createContact.definition).toBeDefined();
+    expect(createContact.definition.name).toBe('createContact');
+    expect(createContact.definition.inputSchema.required).toContain('phoneNumber');
+  });
+
+  test('should create contact successfully', async () => {
+    jwt.decodeJwt.mockReturnValue({ id: 'user-123', platform: 'testCRM' });
+    connectorRegistry.getConnector.mockReturnValue({ createContact: jest.fn() });
+    contactCore.createContact.mockResolvedValue({
+      successful: true,
+      returnMessage: { message: 'Created' },
+      contact: { id: 'contact-1' }
+    });
+
+    const result = await createContact.execute({
+      jwtToken: 'mock-jwt-token',
+      phoneNumber: '+14155551234',
+      newContactName: 'John Doe'
+    });
+
+    expect(result).toEqual({
+      success: true,
+      data: {
+        contact: { id: 'contact-1' },
+        message: 'Created'
+      }
+    });
+  });
+
+  test('should return error when decodeJwt returns null', async () => {
+    jwt.decodeJwt.mockReturnValue(null);
+
+    const result = await createContact.execute({
+      jwtToken: 'invalid-jwt',
+      phoneNumber: '+14155551234',
+      newContactName: 'John Doe'
+    });
+
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Invalid JWT token');
+  });
+});
+

package/test/mcp/tools/createMessageLog.test.js

@@ -427,6 +427,21 @@ describe('MCP Tool: createMessageLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await createMessageLog.execute({
+        jwtToken: 'invalid-token',
+        incomingData: {
+          sessionId: 'session-123',
+          messageInfo: { from: { phoneNumber: '+1234567890' }, to: [{ phoneNumber: '+1098765432' }] }
+        }
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       const mockIncomingData = {

package/test/mcp/tools/findContactByName.test.js

@@ -162,6 +162,18 @@ describe('MCP Tool: findContactByName', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await findContactByName.execute({
+        jwtToken: 'invalid-token',
+        name: 'John Doe'
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       jwt.decodeJwt.mockReturnValue({

package/test/mcp/tools/findContactByPhone.test.js

@@ -211,6 +211,18 @@ describe('MCP Tool: findContactByPhone', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await findContactByPhone.execute({
+        jwtToken: 'invalid-token',
+        phoneNumber: '+1234567890'
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       jwt.decodeJwt.mockReturnValue({

package/test/mcp/tools/getCallLog.test.js

@@ -213,6 +213,18 @@ describe('MCP Tool: getCallLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await getCallLog.execute({
+        jwtToken: 'invalid-token',
+        sessionIds: ['session-123']
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       jwt.decodeJwt.mockReturnValue({

package/test/mcp/tools/rcGetCallLogs.test.js

@@ -0,0 +1,56 @@
+const rcGetCallLogs = require('../../../mcp/tools/rcGetCallLogs');
+const jwt = require('../../../lib/jwt');
+const { RingCentral } = require('../../../lib/ringcentral');
+
+jest.mock('../../../lib/jwt');
+jest.mock('../../../lib/ringcentral', () => ({
+  RingCentral: jest.fn()
+}));
+
+describe('MCP Tool: rcGetCallLogs', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    process.env.RINGCENTRAL_SERVER = 'https://platform.ringcentral.com';
+    process.env.RINGCENTRAL_CLIENT_ID = 'client-id';
+    process.env.RINGCENTRAL_CLIENT_SECRET = 'client-secret';
+    process.env.APP_SERVER = 'https://app.example.com';
+  });
+
+  test('should have correct tool definition', () => {
+    expect(rcGetCallLogs.definition).toBeDefined();
+    expect(rcGetCallLogs.definition.name).toBe('rcGetCallLogs');
+  });
+
+  test('should return call logs successfully', async () => {
+    jwt.decodeJwt.mockReturnValue({ id: 'user-123' });
+    const getCallLogData = jest.fn().mockResolvedValue({ records: [{ id: '1' }] });
+    RingCentral.mockImplementation(() => ({ getCallLogData }));
+
+    const result = await rcGetCallLogs.execute({
+      jwtToken: 'mock-jwt',
+      rcAccessToken: 'rc-token',
+      timeFrom: '2026-04-01T00:00:00.000Z',
+      timeTo: '2026-04-02T00:00:00.000Z'
+    });
+
+    expect(result).toEqual({ records: [{ id: '1' }] });
+    expect(getCallLogData).toHaveBeenCalledWith({
+      token: { access_token: 'rc-token', token_type: 'Bearer' },
+      timeFrom: '2026-04-01T00:00:00.000Z',
+      timeTo: '2026-04-02T00:00:00.000Z'
+    });
+  });
+
+  test('should return error when decodeJwt returns null', async () => {
+    jwt.decodeJwt.mockReturnValue(null);
+
+    const result = await rcGetCallLogs.execute({
+      jwtToken: 'bad-jwt',
+      rcAccessToken: 'rc-token'
+    });
+
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Invalid JWT token');
+  });
+});
+

package/test/mcp/tools/updateCallLog.test.js

@@ -191,6 +191,20 @@ describe('MCP Tool: updateCallLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await updateCallLog.execute({
+        jwtToken: 'invalid-token',
+        incomingData: {
+          logData: { sessionId: 'session-123' }
+        }
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       const mockIncomingData = {

package/test/routes/managedAuthRoutes.test.js

@@ -0,0 +1,132 @@
+const express = require('express');
+const request = require('supertest');
+
+jest.mock('../../handlers/admin', () => ({
+  validateRcUserToken: jest.fn(),
+  validateAdminRole: jest.fn(),
+}));
+jest.mock('../../handlers/managedAuth', () => ({
+  getManagedAuthState: jest.fn(),
+}));
+jest.mock('../../handlers/auth', () => ({
+  onApiKeyLogin: jest.fn(),
+}));
+jest.mock('../../lib/jwt', () => ({
+  generateJwt: jest.fn().mockReturnValue('jwt-token'),
+  decodeJwt: jest.fn(),
+}));
+
+const adminCore = require('../../handlers/admin');
+const managedAuthCore = require('../../handlers/managedAuth');
+const authCore = require('../../handlers/auth');
+const { createCoreRouter } = require('../../index');
+
+describe('Managed Auth Routes', () => {
+  let app;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    app = express();
+    app.use(express.json());
+    app.use('/', createCoreRouter());
+  });
+
+  describe('GET /apiKeyManagedAuthState', () => {
+    test('should require rcAccessToken', async () => {
+      const response = await request(app)
+        .get('/apiKeyManagedAuthState')
+        .query({ platform: 'testCRM' });
+
+      expect(response.status).toBe(400);
+      expect(response.text).toContain('Missing RingCentral access token');
+      expect(adminCore.validateRcUserToken).not.toHaveBeenCalled();
+      expect(managedAuthCore.getManagedAuthState).not.toHaveBeenCalled();
+    });
+
+    test('should validate rcAccessToken and use validated identity', async () => {
+      adminCore.validateRcUserToken.mockResolvedValue({
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+        rcUserName: 'Validated User',
+      });
+      managedAuthCore.getManagedAuthState.mockResolvedValue({
+        hasManagedAuth: true,
+        allRequiredFieldsSatisfied: true,
+        visibleFieldConsts: [],
+        missingRequiredFieldConsts: [],
+      });
+
+      const response = await request(app)
+        .get('/apiKeyManagedAuthState')
+        .query({
+          platform: 'testCRM',
+          rcAccessToken: 'valid-rc-token',
+          rcAccountId: 'spoofed-account-id',
+          rcExtensionId: 'spoofed-extension-id',
+        });
+
+      expect(response.status).toBe(200);
+      expect(adminCore.validateRcUserToken).toHaveBeenCalledWith({ rcAccessToken: 'valid-rc-token' });
+      expect(managedAuthCore.getManagedAuthState).toHaveBeenCalledWith(expect.objectContaining({
+        platform: 'testCRM',
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+      }));
+    });
+  });
+
+  describe('POST /apiKeyLogin', () => {
+    test('should require rcAccessToken', async () => {
+      const response = await request(app)
+        .post('/apiKeyLogin')
+        .send({
+          platform: 'testCRM',
+          apiKey: 'api-key',
+          hostname: 'test.example.com',
+        });
+
+      expect(response.status).toBe(400);
+      expect(response.text).toContain('Missing RingCentral access token');
+      expect(adminCore.validateRcUserToken).not.toHaveBeenCalled();
+      expect(authCore.onApiKeyLogin).not.toHaveBeenCalled();
+    });
+
+    test('should validate rcAccessToken and ignore spoofed rc ids in body', async () => {
+      adminCore.validateRcUserToken.mockResolvedValue({
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+        rcUserName: 'Validated User',
+      });
+      authCore.onApiKeyLogin.mockResolvedValue({
+        userInfo: {
+          id: 'crm-user-id',
+          name: 'CRM User',
+        },
+        returnMessage: {
+          messageType: 'success',
+          message: 'ok',
+        },
+      });
+
+      const response = await request(app)
+        .post('/apiKeyLogin')
+        .send({
+          platform: 'testCRM',
+          apiKey: 'api-key',
+          hostname: 'test.example.com',
+          rcAccessToken: 'valid-rc-token',
+          rcAccountId: 'spoofed-account-id',
+          rcExtensionId: 'spoofed-extension-id',
+        });
+
+      expect(response.status).toBe(200);
+      expect(adminCore.validateRcUserToken).toHaveBeenCalledWith({ rcAccessToken: 'valid-rc-token' });
+      expect(authCore.onApiKeyLogin).toHaveBeenCalledWith(expect.objectContaining({
+        platform: 'testCRM',
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+        rcUserName: 'Validated User',
+      }));
+    });
+  });
+});

package/test/setup.js

@@ -29,6 +29,7 @@ beforeAll(async () => {
     const { UserModel } = require('../models/userModel');
     const { CacheModel } = require('../models/cacheModel');
     const { AdminConfigModel } = require('../models/adminConfigModel');
+    const { AccountDataModel } = require('../models/accountDataModel');
 
     // Sync database models
     await CallLogModel.sync({ force: true });
@@ -36,6 +37,7 @@ beforeAll(async () => {
     await UserModel.sync({ force: true });
     await CacheModel.sync({ force: true });
     await AdminConfigModel.sync({ force: true });
+    await AccountDataModel.sync({ force: true });
 
     console.log('Database models synced for testing');
   } catch (error) {