@app-connect/core 1.7.21 → 1.7.22

package/test/handlers/managedAuth.test.js

@@ -0,0 +1,458 @@
+// Use in-memory SQLite for isolated model tests
+jest.mock('../../models/sequelize', () => {
+  const { Sequelize } = require('sequelize');
+  return {
+    sequelize: new Sequelize({
+      dialect: 'sqlite',
+      storage: ':memory:',
+      logging: false,
+    }),
+  };
+});
+
+jest.mock('../../connector/registry');
+jest.mock('../../connector/developerPortal', () => ({
+  getConnectorManifest: jest.fn()
+}));
+
+const managedAuthHandler = require('../../handlers/managedAuth');
+const connectorRegistry = require('../../connector/registry');
+const developerPortal = require('../../connector/developerPortal');
+const { AccountDataModel } = require('../../models/accountDataModel');
+const { sequelize } = require('../../models/sequelize');
+
+describe('Managed Auth Handler', () => {
+  beforeAll(async () => {
+    process.env.APP_SERVER_SECRET_KEY = 'test-app-server-secret-key-123456';
+    await AccountDataModel.sync({ force: true });
+  });
+
+  afterEach(async () => {
+    await AccountDataModel.destroy({ where: {} });
+    jest.clearAllMocks();
+  });
+
+  afterAll(async () => {
+    await sequelize.close();
+  });
+
+  test('getManagedAuthState reports all required fields satisfied when shared values exist', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'tenantId', required: true, managed: true, managedScope: 'account' },
+                  { const: 'apiKey', required: true, managed: true, managedScope: 'user' }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-1',
+      platform: 'testCRM',
+      values: { tenantId: 'tenant-1' }
+    });
+    await managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-1',
+      platform: 'testCRM',
+      rcExtensionId: '101',
+      rcUserName: 'Agent 101',
+      values: { apiKey: 'user-api-key' }
+    });
+
+    const state = await managedAuthHandler.getManagedAuthState({
+      platform: 'testCRM',
+      rcAccountId: 'acc-1',
+      rcExtensionId: '101'
+    });
+
+    expect(state.hasManagedAuth).toBe(true);
+    expect(state.allRequiredFieldsSatisfied).toBe(true);
+    expect(state.visibleFieldConsts).toEqual([]);
+  });
+
+  test('getManagedAuthAdminSettings returns configured field values and keeps user records separate', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'tenantId', managed: true, managedScope: 'account' },
+                  { const: 'apiKey', managed: true, managedScope: 'user' }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-2',
+      platform: 'testCRM',
+      values: { tenantId: 'tenant-secret' }
+    });
+    await managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-2',
+      platform: 'testCRM',
+      rcExtensionId: '102',
+      rcUserName: 'Agent 102',
+      values: { apiKey: 'user-key' }
+    });
+
+    const settings = await managedAuthHandler.getManagedAuthAdminSettings({
+      platform: 'testCRM',
+      rcAccountId: 'acc-2'
+    });
+
+    expect(settings.orgValues.tenantId.hasValue).toBe(true);
+    expect(settings.orgValues.tenantId.value).toBe('tenant-secret');
+    expect(settings.userValues[0].rcExtensionId).toBe('102');
+    expect(settings.userValues[0].fields.apiKey.value).toBe('user-key');
+  });
+
+  test('upsertUserManagedAuthValues stores one row per extension with scoped dataKey', async () => {
+    await managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-scope',
+      platform: 'testCRM',
+      rcExtensionId: '201',
+      rcUserName: 'Agent 201',
+      values: { apiKey: 'key-201' }
+    });
+    await managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-scope',
+      platform: 'testCRM',
+      rcExtensionId: '202',
+      rcUserName: 'Agent 202',
+      values: { apiKey: 'key-202' }
+    });
+
+    const records = await AccountDataModel.findAll({
+      where: {
+        rcAccountId: 'acc-scope',
+        platformName: 'testCRM'
+      }
+    });
+    const dataKeys = records.map(r => r.dataKey).sort();
+
+    expect(dataKeys).toEqual(['managed-auth-user:201', 'managed-auth-user:202']);
+    expect(records).toHaveLength(2);
+  });
+
+  test('getManagedAuthState loads field definitions from Developer Portal when connectorId is provided', async () => {
+    developerPortal.getConnectorManifest.mockResolvedValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'orgToken', required: true, managed: true, managedScope: 'account' }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-3',
+      platform: 'testCRM',
+      values: { orgToken: 'portal-token' }
+    });
+
+    const state = await managedAuthHandler.getManagedAuthState({
+      platform: 'testCRM',
+      connectorId: 'connector-123',
+      rcAccountId: 'acc-3'
+    });
+
+    expect(developerPortal.getConnectorManifest).toHaveBeenCalledWith({ connectorId: 'connector-123', isPrivate: false });
+    expect(state.hasManagedAuth).toBe(true);
+    expect(state.allRequiredFieldsSatisfied).toBe(true);
+    expect(state.visibleFieldConsts).toEqual([]);
+  });
+
+  test('getManagedAuthState surfaces missing required fields for unshared and missing shared values', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'tenantId', required: true, managed: true, managedScope: 'account' },
+                  { const: 'userToken', required: true, managed: true, managedScope: 'user' },
+                  { const: 'apiSecret', required: true }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-4',
+      platform: 'testCRM',
+      values: { tenantId: 'tenant-4' }
+    });
+
+    const state = await managedAuthHandler.getManagedAuthState({
+      platform: 'testCRM',
+      rcAccountId: 'acc-4',
+      rcExtensionId: '404'
+    });
+
+    expect(state.hasManagedAuth).toBe(true);
+    expect(state.allRequiredFieldsSatisfied).toBe(false);
+    expect(state.visibleFieldConsts).toEqual(['userToken', 'apiSecret']);
+    expect(state.missingRequiredFieldConsts).toEqual(['userToken', 'apiSecret']);
+  });
+
+  test('getManagedAuthState returns full-form behavior when connector has no shared fields', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'apiKey', required: true },
+                  { const: 'tenantId', required: true },
+                  { const: 'region', required: false }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    const state = await managedAuthHandler.getManagedAuthState({
+      platform: 'testCRM',
+      rcAccountId: 'acc-plain',
+      rcExtensionId: '100'
+    });
+
+    expect(state.hasManagedAuth).toBe(false);
+    expect(state.allRequiredFieldsSatisfied).toBe(false);
+    expect(state.visibleFieldConsts).toBeNull();
+    expect(state.missingRequiredFieldConsts).toEqual(['apiKey', 'tenantId']);
+  });
+
+  test('getManagedAuthState falls back to the full auth form after managed auto-login fails', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'tenantId', required: true, managed: true, managedScope: 'account' },
+                  { const: 'apiKey', required: true, managed: true, managedScope: 'user' },
+                  { const: 'region', required: false }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-fallback',
+      platform: 'testCRM',
+      values: { tenantId: 'tenant-1' }
+    });
+    await managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-fallback',
+      platform: 'testCRM',
+      rcExtensionId: '501',
+      rcUserName: 'Agent 501',
+      values: { apiKey: 'bad-key' }
+    });
+    await managedAuthHandler.markManagedAuthLoginFailure({
+      rcAccountId: 'acc-fallback',
+      platform: 'testCRM',
+      rcExtensionId: '501'
+    });
+
+    const state = await managedAuthHandler.getManagedAuthState({
+      platform: 'testCRM',
+      rcAccountId: 'acc-fallback',
+      rcExtensionId: '501'
+    });
+
+    expect(state.hasManagedAuth).toBe(true);
+    expect(state.allRequiredFieldsSatisfied).toBe(false);
+    expect(state.visibleFieldConsts).toBeNull();
+    expect(state.missingRequiredFieldConsts).toEqual(['tenantId', 'apiKey']);
+    expect(state.fallbackToManualAuth).toBe(true);
+  });
+
+  test('resolveApiKeyLoginFields keeps submitted shared values when managed values are missing', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'companyId', required: true, managed: true, managedScope: 'account' },
+                  { const: 'userToken', required: true, managed: true, managedScope: 'user' },
+                  { const: 'region', required: false, managed: true, managedScope: 'account' }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    const result = await managedAuthHandler.resolveApiKeyLoginFields({
+      platform: 'testCRM',
+      rcAccountId: 'acc-shared-fallback',
+      rcExtensionId: '201',
+      additionalInfo: {
+        companyId: 'company-123',
+        userToken: 'user-token-123',
+        region: 'us'
+      }
+    });
+
+    expect(result.resolvedAdditionalInfo).toEqual({
+      companyId: 'company-123',
+      userToken: 'user-token-123',
+      region: 'us'
+    });
+    expect(result.missingRequiredFieldConsts).toEqual([]);
+  });
+
+  test('resolveApiKeyLoginFields prefers submitted managed values during manual fallback', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'companyId', required: true, managed: true, managedScope: 'account' },
+                  { const: 'apiKey', required: true, managed: true, managedScope: 'user' }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-override',
+      platform: 'testCRM',
+      values: { companyId: 'stored-company' }
+    });
+    await managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-override',
+      platform: 'testCRM',
+      rcExtensionId: '777',
+      rcUserName: 'Agent 777',
+      values: { apiKey: 'stored-key' }
+    });
+
+    const result = await managedAuthHandler.resolveApiKeyLoginFields({
+      platform: 'testCRM',
+      rcAccountId: 'acc-override',
+      rcExtensionId: '777',
+      additionalInfo: {
+        companyId: 'manual-company',
+        apiKey: 'manual-key'
+      },
+      preferSubmittedValuesForManagedFields: true
+    });
+
+    expect(result.resolvedAdditionalInfo).toEqual({
+      companyId: 'manual-company',
+      apiKey: 'manual-key'
+    });
+    expect(result.resolvedApiKey).toBe('manual-key');
+    expect(result.missingRequiredFieldConsts).toEqual([]);
+  });
+
+  test('upsertUserManagedAuthValues throws when rcExtensionId is missing', async () => {
+    await expect(managedAuthHandler.upsertUserManagedAuthValues({
+      rcAccountId: 'acc-5',
+      platform: 'testCRM',
+      values: { apiKey: 'x' }
+    })).rejects.toThrow('rcExtensionId is required for user managed auth values');
+  });
+
+  test('upsertOrgManagedAuthValues removes specified fields', async () => {
+    connectorRegistry.getManifest.mockReturnValue({
+      platforms: {
+        testCRM: {
+          auth: {
+            type: 'apiKey',
+            apiKey: {
+              page: {
+                content: [
+                  { const: 'tenantId', managed: true, managedScope: 'account' },
+                  { const: 'region', managed: true, managedScope: 'account' }
+                ]
+              }
+            }
+          }
+        }
+      }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-6',
+      platform: 'testCRM',
+      values: { tenantId: 'tenant-6', region: 'us' }
+    });
+
+    await managedAuthHandler.upsertOrgManagedAuthValues({
+      rcAccountId: 'acc-6',
+      platform: 'testCRM',
+      values: {},
+      fieldsToRemove: ['tenantId']
+    });
+
+    const settings = await managedAuthHandler.getManagedAuthAdminSettings({
+      platform: 'testCRM',
+      rcAccountId: 'acc-6'
+    });
+    expect(settings.orgValues.tenantId.hasValue).toBe(false);
+    expect(settings.orgValues.region.value).toBe('us');
+
+    const record = await AccountDataModel.findOne({
+      where: {
+        rcAccountId: 'acc-6',
+        platformName: 'testCRM',
+        dataKey: 'managed-auth-org'
+      }
+    });
+    expect(record.data.fields.tenantId).toBeUndefined();
+    expect(record.data.fields.region).toBeDefined();
+  });
+});
+

package/test/index.test.js

@@ -0,0 +1,105 @@
+const express = require('express');
+const request = require('supertest');
+
+jest.mock('../lib/jwt', () => ({
+  decodeJwt: jest.fn(),
+  generateJwt: jest.fn(),
+}));
+jest.mock('../handlers/auth', () => ({
+  authValidation: jest.fn(),
+}));
+jest.mock('../lib/analytics', () => ({
+  init: jest.fn(),
+  track: jest.fn(),
+}));
+
+const jwt = require('../lib/jwt');
+const authCore = require('../handlers/auth');
+const { createCoreRouter, createCoreMiddleware } = require('../index');
+
+function buildApp() {
+  const app = express();
+  createCoreMiddleware().forEach((m) => app.use(m));
+  app.use('/', createCoreRouter());
+  return app;
+}
+
+describe('Core Router JWT normalization', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should accept query jwtToken without refreshing it', async () => {
+    jwt.decodeJwt.mockReturnValue({ id: 'user-1', platform: 'testCRM' });
+    authCore.authValidation.mockResolvedValue({
+      successful: true,
+      returnMessage: { message: 'ok' },
+      failReason: null,
+      status: 200,
+    });
+    const app = buildApp();
+
+    const response = await request(app).get('/authValidation?jwtToken=query-token');
+
+    expect(response.status).toBe(200);
+    expect(response.headers['x-refreshed-jwt-token']).toBeUndefined();
+    expect(authCore.authValidation).toHaveBeenCalledWith({
+      platform: 'testCRM',
+      userId: 'user-1',
+    });
+    expect(jwt.generateJwt).not.toHaveBeenCalled();
+  });
+
+  test('should refresh near-expiry bearer token and expose header', async () => {
+    const nowMs = 1700000000000;
+    const nowSeconds = Math.floor(nowMs / 1000);
+    const nowSpy = jest.spyOn(Date, 'now').mockReturnValue(nowMs);
+    jwt.decodeJwt.mockImplementation((token) => {
+      if (token === 'old-token') {
+        return { id: 'user-1', platform: 'testCRM', exp: nowSeconds + 60 };
+      }
+      if (token === 'new-token') {
+        return { id: 'user-1', platform: 'testCRM', exp: nowSeconds + (14 * 24 * 60 * 60) };
+      }
+      return null;
+    });
+    jwt.generateJwt.mockReturnValue('new-token');
+    const app = buildApp();
+
+    const response = await request(app)
+      .get('/isAlive')
+      .set('Authorization', 'Bearer old-token')
+      .set('Origin', 'https://example.com');
+
+    expect(response.status).toBe(200);
+    expect(response.headers['x-refreshed-jwt-token']).toBe('new-token');
+    expect(response.headers['access-control-expose-headers']).toContain('x-refreshed-jwt-token');
+    expect(jwt.generateJwt).toHaveBeenCalledWith({ id: 'user-1', platform: 'testCRM' });
+    nowSpy.mockRestore();
+  });
+
+  test('should treat invalid bearer token as unauthenticated for authValidation route', async () => {
+    jwt.decodeJwt.mockReturnValue(null);
+    const app = buildApp();
+
+    const response = await request(app)
+      .get('/authValidation?jwtToken=query-token')
+      .set('Authorization', 'Bearer invalid-token');
+
+    expect(response.status).toBe(400);
+    expect(response.text).toContain('authorize CRM platform');
+    expect(authCore.authValidation).not.toHaveBeenCalled();
+  });
+
+  test('should bypass normalization for /mcp routes', async () => {
+    const app = buildApp();
+
+    const response = await request(app)
+      .get('/mcp')
+      .set('Authorization', 'Bearer maybe-token');
+
+    expect(response.status).toBe(404);
+    expect(jwt.decodeJwt).not.toHaveBeenCalled();
+  });
+});
+

package/test/lib/jwt.test.js

@@ -35,6 +35,21 @@ describe('JWT Utility', () => {
       // Assert
       expect(token1).not.toBe(token2);
     });
+
+    test('should generate token with about 2 weeks lifetime', () => {
+      // Arrange
+      const payload = { id: 'user-ttl', platform: 'testCRM' };
+
+      // Act
+      const token = jwt.generateJwt(payload);
+      const decoded = jwt.decodeJwt(token);
+      const lifetimeSeconds = decoded.exp - decoded.iat;
+
+      // Assert
+      // Keep a tiny tolerance to avoid timing flakiness.
+      expect(lifetimeSeconds).toBeGreaterThanOrEqual((14 * 24 * 60 * 60) - 2);
+      expect(lifetimeSeconds).toBeLessThanOrEqual((14 * 24 * 60 * 60) + 2);
+    });
   });
 
   describe('decodeJwt', () => {

package/test/mcp/tools/createCallLog.test.js

@@ -292,6 +292,17 @@ describe('MCP Tool: createCallLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+      const result = await createCallLog.execute({
+        jwtToken: 'invalid-token',
+        incomingData: { logInfo: { sessionId: 'session-123' } }
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       const mockIncomingData = {

package/test/mcp/tools/createContact.test.js

@@ -0,0 +1,58 @@
+const createContact = require('../../../mcp/tools/createContact');
+const jwt = require('../../../lib/jwt');
+const connectorRegistry = require('../../../connector/registry');
+const contactCore = require('../../../handlers/contact');
+
+jest.mock('../../../lib/jwt');
+jest.mock('../../../connector/registry');
+jest.mock('../../../handlers/contact');
+
+describe('MCP Tool: createContact', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should have correct tool definition', () => {
+    expect(createContact.definition).toBeDefined();
+    expect(createContact.definition.name).toBe('createContact');
+    expect(createContact.definition.inputSchema.required).toContain('phoneNumber');
+  });
+
+  test('should create contact successfully', async () => {
+    jwt.decodeJwt.mockReturnValue({ id: 'user-123', platform: 'testCRM' });
+    connectorRegistry.getConnector.mockReturnValue({ createContact: jest.fn() });
+    contactCore.createContact.mockResolvedValue({
+      successful: true,
+      returnMessage: { message: 'Created' },
+      contact: { id: 'contact-1' }
+    });
+
+    const result = await createContact.execute({
+      jwtToken: 'mock-jwt-token',
+      phoneNumber: '+14155551234',
+      newContactName: 'John Doe'
+    });
+
+    expect(result).toEqual({
+      success: true,
+      data: {
+        contact: { id: 'contact-1' },
+        message: 'Created'
+      }
+    });
+  });
+
+  test('should return error when decodeJwt returns null', async () => {
+    jwt.decodeJwt.mockReturnValue(null);
+
+    const result = await createContact.execute({
+      jwtToken: 'invalid-jwt',
+      phoneNumber: '+14155551234',
+      newContactName: 'John Doe'
+    });
+
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Invalid JWT token');
+  });
+});
+

package/test/mcp/tools/createMessageLog.test.js

@@ -427,6 +427,21 @@ describe('MCP Tool: createMessageLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await createMessageLog.execute({
+        jwtToken: 'invalid-token',
+        incomingData: {
+          sessionId: 'session-123',
+          messageInfo: { from: { phoneNumber: '+1234567890' }, to: [{ phoneNumber: '+1098765432' }] }
+        }
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       const mockIncomingData = {

package/test/mcp/tools/findContactByName.test.js

@@ -162,6 +162,18 @@ describe('MCP Tool: findContactByName', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await findContactByName.execute({
+        jwtToken: 'invalid-token',
+        name: 'John Doe'
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       jwt.decodeJwt.mockReturnValue({