@app-connect/core 1.7.21 → 1.7.23

package/test/mcp/tools/rcGetCallLogs.test.js

@@ -0,0 +1,56 @@
+const rcGetCallLogs = require('../../../mcp/tools/rcGetCallLogs');
+const jwt = require('../../../lib/jwt');
+const { RingCentral } = require('../../../lib/ringcentral');
+
+jest.mock('../../../lib/jwt');
+jest.mock('../../../lib/ringcentral', () => ({
+  RingCentral: jest.fn()
+}));
+
+describe('MCP Tool: rcGetCallLogs', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    process.env.RINGCENTRAL_SERVER = 'https://platform.ringcentral.com';
+    process.env.RINGCENTRAL_CLIENT_ID = 'client-id';
+    process.env.RINGCENTRAL_CLIENT_SECRET = 'client-secret';
+    process.env.APP_SERVER = 'https://app.example.com';
+  });
+
+  test('should have correct tool definition', () => {
+    expect(rcGetCallLogs.definition).toBeDefined();
+    expect(rcGetCallLogs.definition.name).toBe('rcGetCallLogs');
+  });
+
+  test('should return call logs successfully', async () => {
+    jwt.decodeJwt.mockReturnValue({ id: 'user-123' });
+    const getCallLogData = jest.fn().mockResolvedValue({ records: [{ id: '1' }] });
+    RingCentral.mockImplementation(() => ({ getCallLogData }));
+
+    const result = await rcGetCallLogs.execute({
+      jwtToken: 'mock-jwt',
+      rcAccessToken: 'rc-token',
+      timeFrom: '2026-04-01T00:00:00.000Z',
+      timeTo: '2026-04-02T00:00:00.000Z'
+    });
+
+    expect(result).toEqual({ records: [{ id: '1' }] });
+    expect(getCallLogData).toHaveBeenCalledWith({
+      token: { access_token: 'rc-token', token_type: 'Bearer' },
+      timeFrom: '2026-04-01T00:00:00.000Z',
+      timeTo: '2026-04-02T00:00:00.000Z'
+    });
+  });
+
+  test('should return error when decodeJwt returns null', async () => {
+    jwt.decodeJwt.mockReturnValue(null);
+
+    const result = await rcGetCallLogs.execute({
+      jwtToken: 'bad-jwt',
+      rcAccessToken: 'rc-token'
+    });
+
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('Invalid JWT token');
+  });
+});
+

package/test/mcp/tools/updateCallLog.test.js

@@ -191,6 +191,20 @@ describe('MCP Tool: updateCallLog', () => {
       expect(result.error).toContain('Invalid JWT token');
     });
 
+    test('should return error when decodeJwt returns null', async () => {
+      jwt.decodeJwt.mockReturnValue(null);
+
+      const result = await updateCallLog.execute({
+        jwtToken: 'invalid-token',
+        incomingData: {
+          logData: { sessionId: 'session-123' }
+        }
+      });
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Invalid JWT token');
+    });
+
     test('should return error when platform connector not found', async () => {
       // Arrange
       const mockIncomingData = {

package/test/routes/managedAuthRoutes.test.js

@@ -0,0 +1,129 @@
+const express = require('express');
+const request = require('supertest');
+
+jest.mock('../../handlers/admin', () => ({
+  validateRcUserToken: jest.fn(),
+  validateAdminRole: jest.fn(),
+}));
+jest.mock('../../handlers/managedAuth', () => ({
+  getManagedAuthState: jest.fn(),
+}));
+jest.mock('../../handlers/auth', () => ({
+  onApiKeyLogin: jest.fn(),
+}));
+jest.mock('../../lib/jwt', () => ({
+  generateJwt: jest.fn().mockReturnValue('jwt-token'),
+  decodeJwt: jest.fn(),
+}));
+
+const adminCore = require('../../handlers/admin');
+const managedAuthCore = require('../../handlers/managedAuth');
+const authCore = require('../../handlers/auth');
+const { createCoreRouter } = require('../../index');
+
+describe('Managed Auth Routes', () => {
+  let app;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    app = express();
+    app.use(express.json());
+    app.use('/', createCoreRouter());
+  });
+
+  describe('GET /apiKeyManagedAuthState', () => {
+    test('should require rcAccessToken', async () => {
+      const response = await request(app)
+        .get('/apiKeyManagedAuthState')
+        .query({ platform: 'testCRM' });
+
+      expect(response.status).toBe(400);
+      expect(response.text).toContain('Missing RingCentral access token');
+      expect(adminCore.validateRcUserToken).not.toHaveBeenCalled();
+      expect(managedAuthCore.getManagedAuthState).not.toHaveBeenCalled();
+    });
+
+    test('should validate rcAccessToken and use validated identity', async () => {
+      adminCore.validateRcUserToken.mockResolvedValue({
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+      });
+      managedAuthCore.getManagedAuthState.mockResolvedValue({
+        hasManagedAuth: true,
+        allRequiredFieldsSatisfied: true,
+        visibleFieldConsts: [],
+        missingRequiredFieldConsts: [],
+      });
+
+      const response = await request(app)
+        .get('/apiKeyManagedAuthState')
+        .query({
+          platform: 'testCRM',
+          rcAccessToken: 'valid-rc-token',
+          rcAccountId: 'spoofed-account-id',
+          rcExtensionId: 'spoofed-extension-id',
+        });
+
+      expect(response.status).toBe(200);
+      expect(adminCore.validateRcUserToken).toHaveBeenCalledWith({ rcAccessToken: 'valid-rc-token' });
+      expect(managedAuthCore.getManagedAuthState).toHaveBeenCalledWith(expect.objectContaining({
+        platform: 'testCRM',
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+      }));
+    });
+  });
+
+  describe('POST /apiKeyLogin', () => {
+    test('should require rcAccessToken', async () => {
+      const response = await request(app)
+        .post('/apiKeyLogin')
+        .send({
+          platform: 'testCRM',
+          apiKey: 'api-key',
+          hostname: 'test.example.com',
+        });
+
+      expect(response.status).toBe(400);
+      expect(response.text).toContain('Missing RingCentral access token');
+      expect(adminCore.validateRcUserToken).not.toHaveBeenCalled();
+      expect(authCore.onApiKeyLogin).not.toHaveBeenCalled();
+    });
+
+    test('should validate rcAccessToken and ignore spoofed rc ids in body', async () => {
+      adminCore.validateRcUserToken.mockResolvedValue({
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+      });
+      authCore.onApiKeyLogin.mockResolvedValue({
+        userInfo: {
+          id: 'crm-user-id',
+          name: 'CRM User',
+        },
+        returnMessage: {
+          messageType: 'success',
+          message: 'ok',
+        },
+      });
+
+      const response = await request(app)
+        .post('/apiKeyLogin')
+        .send({
+          platform: 'testCRM',
+          apiKey: 'api-key',
+          hostname: 'test.example.com',
+          rcAccessToken: 'valid-rc-token',
+          rcAccountId: 'spoofed-account-id',
+          rcExtensionId: 'spoofed-extension-id',
+        });
+
+      expect(response.status).toBe(200);
+      expect(adminCore.validateRcUserToken).toHaveBeenCalledWith({ rcAccessToken: 'valid-rc-token' });
+      expect(authCore.onApiKeyLogin).toHaveBeenCalledWith(expect.objectContaining({
+        platform: 'testCRM',
+        rcAccountId: 'validated-account-id',
+        rcExtensionId: 'validated-extension-id',
+      }));
+    });
+  });
+});

package/test/setup.js

@@ -29,6 +29,7 @@ beforeAll(async () => {
     const { UserModel } = require('../models/userModel');
     const { CacheModel } = require('../models/cacheModel');
     const { AdminConfigModel } = require('../models/adminConfigModel');
+    const { AccountDataModel } = require('../models/accountDataModel');
 
     // Sync database models
     await CallLogModel.sync({ force: true });
@@ -36,6 +37,7 @@ beforeAll(async () => {
     await UserModel.sync({ force: true });
     await CacheModel.sync({ force: true });
     await AdminConfigModel.sync({ force: true });
+    await AccountDataModel.sync({ force: true });
 
     console.log('Database models synced for testing');
   } catch (error) {