@app-connect/core 1.7.8 → 1.7.10

package/test/lib/debugTracer.test.js

@@ -0,0 +1,328 @@
+const { DebugTracer } = require('../../lib/debugTracer');
+
+describe('DebugTracer', () => {
+  let tracer;
+
+  beforeEach(() => {
+    tracer = new DebugTracer();
+  });
+
+  describe('constructor', () => {
+    test('should initialize with empty traces array', () => {
+      expect(tracer.traces).toEqual([]);
+    });
+
+    test('should set start time', () => {
+      expect(tracer.startTime).toBeDefined();
+      expect(typeof tracer.startTime).toBe('number');
+    });
+
+    test('should generate unique request ID', () => {
+      const tracer2 = new DebugTracer();
+      expect(tracer.requestId).toBeDefined();
+      expect(tracer.requestId).toMatch(/^req_\d+_[a-z0-9]+$/);
+      expect(tracer.requestId).not.toBe(tracer2.requestId);
+    });
+
+    test('should accept headers parameter', () => {
+      const headers = { 'x-request-id': 'custom-id' };
+      const tracerWithHeaders = new DebugTracer(headers);
+      expect(tracerWithHeaders.requestId).toBeDefined();
+    });
+  });
+
+  describe('trace', () => {
+    test('should add trace entry with method name and data', () => {
+      tracer.trace('testMethod', { name: 'value', count: 42 });
+
+      expect(tracer.traces).toHaveLength(1);
+      expect(tracer.traces[0].methodName).toBe('testMethod');
+      expect(tracer.traces[0].data).toEqual({ name: 'value', count: 42 });
+    });
+
+    test('should include timestamp and elapsed time', () => {
+      tracer.trace('testMethod', {});
+
+      expect(tracer.traces[0].timestamp).toBeDefined();
+      expect(tracer.traces[0].elapsed).toBeGreaterThanOrEqual(0);
+    });
+
+    test('should default to info level', () => {
+      tracer.trace('testMethod', {});
+
+      expect(tracer.traces[0].level).toBe('info');
+    });
+
+    test('should allow custom log level', () => {
+      tracer.trace('testMethod', {}, { level: 'warn' });
+
+      expect(tracer.traces[0].level).toBe('warn');
+    });
+
+    test('should include stack trace by default', () => {
+      tracer.trace('testMethod', {});
+
+      expect(tracer.traces[0].stackTrace).toBeDefined();
+      expect(Array.isArray(tracer.traces[0].stackTrace)).toBe(true);
+    });
+
+    test('should exclude stack trace when disabled', () => {
+      tracer.trace('testMethod', {}, { includeStack: false });
+
+      expect(tracer.traces[0].stackTrace).toBeUndefined();
+    });
+
+    test('should return this for chaining', () => {
+      const result = tracer.trace('method1', {});
+      expect(result).toBe(tracer);
+
+      tracer.trace('method2', {}).trace('method3', {});
+      expect(tracer.traces).toHaveLength(3);
+    });
+
+    test('should handle empty data object', () => {
+      tracer.trace('testMethod');
+
+      expect(tracer.traces[0].data).toEqual({});
+    });
+  });
+
+  describe('traceError', () => {
+    test('should add error trace with Error object', () => {
+      const error = new Error('Test error message');
+      tracer.traceError('failingMethod', error);
+
+      expect(tracer.traces).toHaveLength(1);
+      expect(tracer.traces[0].methodName).toBe('failingMethod');
+      expect(tracer.traces[0].level).toBe('error');
+      expect(tracer.traces[0].data.message).toBe('Test error message');
+      expect(tracer.traces[0].data.errorStack).toContain('Error: Test error message');
+    });
+
+    test('should handle string error', () => {
+      tracer.traceError('failingMethod', 'Something went wrong');
+
+      expect(tracer.traces[0].data.message).toBe('Something went wrong');
+      expect(tracer.traces[0].data.errorStack).toBeNull();
+    });
+
+    test('should include additional data', () => {
+      const error = new Error('Test error');
+      tracer.traceError('failingMethod', error, { userId: 'user-123', action: 'create' });
+
+      expect(tracer.traces[0].data.userId).toBe('user-123');
+      expect(tracer.traces[0].data.action).toBe('create');
+    });
+
+    test('should return this for chaining', () => {
+      const result = tracer.traceError('method', new Error('test'));
+      expect(result).toBe(tracer);
+    });
+  });
+
+  describe('_sanitizeData', () => {
+    test('should redact sensitive fields', () => {
+      tracer.trace('testMethod', {
+        accessToken: 'secret-token',
+        refreshToken: 'secret-refresh',
+        apiKey: 'api-key-123',
+        password: 'secret-password',
+        username: 'normal-field'
+      });
+
+      const data = tracer.traces[0].data;
+      expect(data.accessToken).toBe('[REDACTED]');
+      expect(data.refreshToken).toBe('[REDACTED]');
+      expect(data.apiKey).toBe('[REDACTED]');
+      expect(data.password).toBe('[REDACTED]');
+      expect(data.username).toBe('normal-field');
+    });
+
+    test('should sanitize nested objects', () => {
+      tracer.trace('testMethod', {
+        user: {
+          name: 'John',
+          userPassword: 'secret123',
+          userAccessToken: 'token123'
+        }
+      });
+
+      const data = tracer.traces[0].data;
+      expect(data.user.name).toBe('John');
+      expect(data.user.userPassword).toBe('[REDACTED]');
+      expect(data.user.userAccessToken).toBe('[REDACTED]');
+    });
+
+    test('should handle arrays', () => {
+      tracer.trace('testMethod', {
+        users: [
+          { name: 'User1', apiKey: 'key1' },
+          { name: 'User2', apiKey: 'key2' }
+        ]
+      });
+
+      const data = tracer.traces[0].data;
+      expect(data.users[0].name).toBe('User1');
+      expect(data.users[0].apiKey).toBe('[REDACTED]');
+      expect(data.users[1].apiKey).toBe('[REDACTED]');
+    });
+
+    test('should handle null and undefined data', () => {
+      tracer.trace('testMethod', null);
+      tracer.trace('testMethod2');
+
+      expect(tracer.traces[0].data).toBeNull();
+      // When undefined is passed, it defaults to {} from the default parameter
+      expect(tracer.traces[1].data).toEqual({});
+    });
+
+    test('should handle primitive data', () => {
+      tracer.trace('testMethod', 'string-value');
+      tracer.trace('testMethod2', 42);
+
+      expect(tracer.traces[0].data).toBe('string-value');
+      expect(tracer.traces[1].data).toBe(42);
+    });
+
+    test('should redact case-insensitive sensitive fields', () => {
+      tracer.trace('testMethod', {
+        AccessToken: 'secret1',
+        APIKEY: 'secret2',
+        clientSecret: 'secret3'
+      });
+
+      const data = tracer.traces[0].data;
+      expect(data.AccessToken).toBe('[REDACTED]');
+      expect(data.APIKEY).toBe('[REDACTED]');
+      expect(data.clientSecret).toBe('[REDACTED]');
+    });
+
+    test('should redact partial matches', () => {
+      tracer.trace('testMethod', {
+        userAuthToken: 'secret',
+        adminCredentials: 'secret',
+        myPrivateKey: 'secret'
+      });
+
+      const data = tracer.traces[0].data;
+      expect(data.userAuthToken).toBe('[REDACTED]');
+      expect(data.adminCredentials).toBe('[REDACTED]');
+      expect(data.myPrivateKey).toBe('[REDACTED]');
+    });
+  });
+
+  describe('getTraceData', () => {
+    test('should return complete trace data', () => {
+      tracer.trace('method1', { step: 1 });
+      tracer.trace('method2', { step: 2 });
+
+      const traceData = tracer.getTraceData();
+
+      expect(traceData.requestId).toBe(tracer.requestId);
+      expect(traceData.totalDuration).toMatch(/\d+ms$/);
+      expect(traceData.traceCount).toBe(2);
+      expect(traceData.traces).toHaveLength(2);
+    });
+
+    test('should return empty traces for new tracer', () => {
+      const traceData = tracer.getTraceData();
+
+      expect(traceData.traceCount).toBe(0);
+      expect(traceData.traces).toEqual([]);
+    });
+  });
+
+  describe('wrapResponse', () => {
+    test('should add debug trace to response', () => {
+      tracer.trace('processRequest', { action: 'test' });
+
+      const response = { success: true, data: { id: 123 } };
+      const wrappedResponse = tracer.wrapResponse(response);
+
+      expect(wrappedResponse.success).toBe(true);
+      expect(wrappedResponse.data).toEqual({ id: 123 });
+      expect(wrappedResponse._debug).toBeDefined();
+      expect(wrappedResponse._debug.requestId).toBe(tracer.requestId);
+    });
+
+    test('should preserve original response properties', () => {
+      const response = {
+        status: 200,
+        message: 'OK',
+        nested: { key: 'value' }
+      };
+
+      const wrapped = tracer.wrapResponse(response);
+
+      expect(wrapped.status).toBe(200);
+      expect(wrapped.message).toBe('OK');
+      expect(wrapped.nested.key).toBe('value');
+    });
+  });
+
+  describe('static fromRequest', () => {
+    test('should create tracer from Express request', () => {
+      const req = {
+        headers: {
+          'x-request-id': 'req-123',
+          'content-type': 'application/json'
+        }
+      };
+
+      const tracer = DebugTracer.fromRequest(req);
+
+      expect(tracer).toBeInstanceOf(DebugTracer);
+      expect(tracer.requestId).toBeDefined();
+    });
+
+    test('should handle request without headers', () => {
+      const req = {};
+
+      const tracer = DebugTracer.fromRequest(req);
+
+      expect(tracer).toBeInstanceOf(DebugTracer);
+    });
+  });
+
+  describe('_captureStackTrace', () => {
+    test('should return array of stack trace lines', () => {
+      tracer.trace('testMethod', {});
+
+      const stackTrace = tracer.traces[0].stackTrace;
+      expect(Array.isArray(stackTrace)).toBe(true);
+      stackTrace.forEach(line => {
+        expect(line).toMatch(/^at /);
+      });
+    });
+  });
+
+  describe('integration', () => {
+    test('should track multiple operations', () => {
+      tracer
+        .trace('startOperation', { userId: 'user-123' })
+        .trace('fetchData', { query: 'SELECT *' })
+        .trace('processData', { count: 100 })
+        .trace('saveResult', { success: true });
+
+      const traceData = tracer.getTraceData();
+      expect(traceData.traceCount).toBe(4);
+
+      // Verify elapsed times are increasing
+      for (let i = 1; i < tracer.traces.length; i++) {
+        expect(tracer.traces[i].elapsed).toBeGreaterThanOrEqual(tracer.traces[i-1].elapsed);
+      }
+    });
+
+    test('should handle error in the middle of operations', () => {
+      tracer
+        .trace('startOperation', { step: 1 })
+        .traceError('failedOperation', new Error('Database error'), { query: 'INSERT' })
+        .trace('cleanupOperation', { step: 3 });
+
+      expect(tracer.traces).toHaveLength(3);
+      expect(tracer.traces[1].level).toBe('error');
+      expect(tracer.traces[2].level).toBe('info');
+    });
+  });
+});
+

package/test/lib/oauth.test.js

@@ -0,0 +1,359 @@
+const moment = require('moment');
+
+// Mock dependencies before requiring the module
+jest.mock('client-oauth2');
+jest.mock('../../models/userModel');
+jest.mock('../../connector/registry');
+jest.mock('../../models/dynamo/lockSchema', () => ({
+  Lock: {
+    create: jest.fn(),
+    get: jest.fn()
+  }
+}));
+
+const ClientOAuth2 = require('client-oauth2');
+const { UserModel } = require('../../models/userModel');
+const connectorRegistry = require('../../connector/registry');
+const { getOAuthApp, checkAndRefreshAccessToken } = require('../../lib/oauth');
+
+describe('oauth', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    jest.spyOn(console, 'log').mockImplementation(() => {});
+    delete process.env.USE_TOKEN_REFRESH_LOCK_PLATFORMS;
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
+  describe('getOAuthApp', () => {
+    test('should create OAuth app with provided configuration', () => {
+      const config = {
+        clientId: 'test-client-id',
+        clientSecret: 'test-client-secret',
+        accessTokenUri: 'https://api.example.com/oauth/token',
+        authorizationUri: 'https://api.example.com/oauth/authorize',
+        redirectUri: 'https://app.example.com/callback',
+        scopes: ['read', 'write']
+      };
+
+      const mockOAuthApp = { code: { getToken: jest.fn() } };
+      ClientOAuth2.mockReturnValue(mockOAuthApp);
+
+      const result = getOAuthApp(config);
+
+      expect(ClientOAuth2).toHaveBeenCalledWith({
+        clientId: config.clientId,
+        clientSecret: config.clientSecret,
+        accessTokenUri: config.accessTokenUri,
+        authorizationUri: config.authorizationUri,
+        redirectUri: config.redirectUri,
+        scopes: config.scopes
+      });
+      expect(result).toBe(mockOAuthApp);
+    });
+
+    test('should handle missing optional parameters', () => {
+      const config = {
+        clientId: 'client-id',
+        clientSecret: 'client-secret'
+      };
+
+      ClientOAuth2.mockReturnValue({});
+
+      getOAuthApp(config);
+
+      expect(ClientOAuth2).toHaveBeenCalledWith({
+        clientId: 'client-id',
+        clientSecret: 'client-secret',
+        accessTokenUri: undefined,
+        authorizationUri: undefined,
+        redirectUri: undefined,
+        scopes: undefined
+      });
+    });
+  });
+
+  describe('checkAndRefreshAccessToken', () => {
+    const mockOAuthApp = {
+      createToken: jest.fn()
+    };
+
+    const createMockUser = (overrides = {}) => ({
+      id: 'user-123',
+      platform: 'testPlatform',
+      accessToken: 'old-access-token',
+      refreshToken: 'old-refresh-token',
+      tokenExpiry: moment().subtract(1, 'minute').toDate(), // Expired
+      save: jest.fn().mockResolvedValue(true),
+      ...overrides
+    });
+
+    test('should return user unchanged if token is not expired', async () => {
+      const user = createMockUser({
+        tokenExpiry: moment().add(10, 'minutes').toDate() // Not expired
+      });
+
+      connectorRegistry.getConnector.mockReturnValue({});
+
+      const result = await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+      expect(result).toBe(user);
+      expect(mockOAuthApp.createToken).not.toHaveBeenCalled();
+    });
+
+    test('should refresh token when expired', async () => {
+      const user = createMockUser();
+      const newExpiry = moment().add(1, 'hour').toDate();
+
+      connectorRegistry.getConnector.mockReturnValue({});
+
+      const mockToken = {
+        refresh: jest.fn().mockResolvedValue({
+          accessToken: 'new-access-token',
+          refreshToken: 'new-refresh-token',
+          expires: newExpiry
+        })
+      };
+      mockOAuthApp.createToken.mockReturnValue(mockToken);
+
+      const result = await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+      expect(mockOAuthApp.createToken).toHaveBeenCalledWith(
+        'old-access-token',
+        'old-refresh-token'
+      );
+      expect(mockToken.refresh).toHaveBeenCalled();
+      expect(user.accessToken).toBe('new-access-token');
+      expect(user.refreshToken).toBe('new-refresh-token');
+      expect(user.save).toHaveBeenCalled();
+    });
+
+    test('should delegate to platform-specific refresh if available', async () => {
+      const user = createMockUser({
+        platform: 'bullhorn'
+      });
+      const platformRefreshedUser = { ...user, accessToken: 'bullhorn-token' };
+
+      connectorRegistry.getConnector.mockReturnValue({
+        checkAndRefreshAccessToken: jest.fn().mockResolvedValue(platformRefreshedUser)
+      });
+
+      const result = await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+      expect(result).toBe(platformRefreshedUser);
+      expect(mockOAuthApp.createToken).not.toHaveBeenCalled();
+    });
+
+    test('should refresh token even if within buffer time (2 minutes)', async () => {
+      const user = createMockUser({
+        tokenExpiry: moment().add(1.5, 'minutes').toDate() // Within buffer
+      });
+
+      connectorRegistry.getConnector.mockReturnValue({});
+
+      const mockToken = {
+        refresh: jest.fn().mockResolvedValue({
+          accessToken: 'new-token',
+          refreshToken: 'new-refresh',
+          expires: moment().add(1, 'hour').toDate()
+        })
+      };
+      mockOAuthApp.createToken.mockReturnValue(mockToken);
+
+      await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+      expect(mockToken.refresh).toHaveBeenCalled();
+    });
+
+    test('should not refresh if missing required tokens', async () => {
+      const user = createMockUser({
+        accessToken: null,
+        refreshToken: null,
+        tokenExpiry: moment().subtract(1, 'minute').toDate()
+      });
+
+      connectorRegistry.getConnector.mockReturnValue({});
+
+      const result = await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+      expect(result).toBe(user);
+      expect(mockOAuthApp.createToken).not.toHaveBeenCalled();
+    });
+
+    describe('with token refresh lock', () => {
+      beforeEach(() => {
+        process.env.USE_TOKEN_REFRESH_LOCK_PLATFORMS = 'testPlatform,otherPlatform';
+      });
+
+      test('should create lock and refresh token successfully', async () => {
+        const { Lock } = require('../../models/dynamo/lockSchema');
+        const user = createMockUser();
+        const newExpiry = moment().add(1, 'hour').toDate();
+
+        const mockLock = { delete: jest.fn().mockResolvedValue(true) };
+        Lock.create.mockResolvedValue(mockLock);
+
+        connectorRegistry.getConnector.mockReturnValue({});
+
+        const mockToken = {
+          refresh: jest.fn().mockResolvedValue({
+            accessToken: 'new-token',
+            refreshToken: 'new-refresh',
+            expires: newExpiry
+          })
+        };
+        mockOAuthApp.createToken.mockReturnValue(mockToken);
+
+        await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+        expect(Lock.create).toHaveBeenCalledWith(
+          expect.objectContaining({
+            userId: 'user-123',
+            ttl: expect.any(Number)
+          }),
+          { overwrite: false }
+        );
+        expect(mockToken.refresh).toHaveBeenCalled();
+        expect(mockLock.delete).toHaveBeenCalled();
+      });
+
+      test('should wait for existing lock and fetch user from DB after lock released', async () => {
+        jest.resetModules();
+        const { Lock } = require('../../models/dynamo/lockSchema');
+        const user = createMockUser();
+
+        // Simulate lock already exists
+        const conditionalError = new Error('Lock exists');
+        conditionalError.name = 'ConditionalCheckFailedException';
+        Lock.create.mockReset();
+        Lock.get.mockReset();
+        Lock.create.mockRejectedValue(conditionalError);
+
+        // Lock exists but not expired (ttl > now), then gets released
+        const existingLock = { 
+          ttl: moment().add(30, 'seconds').unix(),
+          delete: jest.fn().mockResolvedValue(true)
+        };
+        Lock.get.mockResolvedValueOnce(existingLock)
+            .mockResolvedValueOnce(null); // Lock released
+
+        const refreshedUser = { ...user, accessToken: 'refreshed-by-other-process' };
+        UserModel.findByPk.mockResolvedValue(refreshedUser);
+
+        connectorRegistry.getConnector.mockReturnValue({});
+
+        const result = await checkAndRefreshAccessToken(mockOAuthApp, user, 5);
+
+        // Verify the lock polling was performed
+        expect(Lock.get).toHaveBeenCalled();
+        // The result should have the user data (refreshed by another process)
+        expect(result).toBeDefined();
+        expect(result.id).toBe(user.id);
+      });
+
+      test('should handle expired lock by deleting and creating new one', async () => {
+        const { Lock } = require('../../models/dynamo/lockSchema');
+        const user = createMockUser();
+        const newExpiry = moment().add(1, 'hour').toDate();
+
+        // First create fails with conditional exception
+        const conditionalError = new Error('Lock exists');
+        conditionalError.name = 'ConditionalCheckFailedException';
+        
+        // Existing lock is expired (ttl < now)
+        const expiredLock = {
+          ttl: moment().subtract(10, 'seconds').unix(),
+          delete: jest.fn().mockResolvedValue(true)
+        };
+        
+        // Second create succeeds after deleting expired lock
+        const newLock = { delete: jest.fn().mockResolvedValue(true) };
+        
+        Lock.create
+          .mockRejectedValueOnce(conditionalError)
+          .mockResolvedValueOnce(newLock);
+        Lock.get.mockResolvedValue(expiredLock);
+
+        connectorRegistry.getConnector.mockReturnValue({});
+
+        const mockToken = {
+          refresh: jest.fn().mockResolvedValue({
+            accessToken: 'new-token',
+            refreshToken: 'new-refresh',
+            expires: newExpiry
+          })
+        };
+        mockOAuthApp.createToken.mockReturnValue(mockToken);
+
+        await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+        expect(expiredLock.delete).toHaveBeenCalled();
+        expect(newLock.delete).toHaveBeenCalled();
+      });
+
+      test('should delete lock if refresh fails', async () => {
+        jest.resetModules();
+        const { Lock } = require('../../models/dynamo/lockSchema');
+        const user = createMockUser();
+
+        const mockLock = { delete: jest.fn().mockResolvedValue(true) };
+        Lock.create.mockReset();
+        Lock.get.mockReset();
+        Lock.create.mockResolvedValue(mockLock);
+
+        connectorRegistry.getConnector.mockReturnValue({});
+
+        const mockToken = {
+          refresh: jest.fn().mockRejectedValue(new Error('Refresh failed'))
+        };
+        mockOAuthApp.createToken.mockReturnValue(mockToken);
+
+        await checkAndRefreshAccessToken(mockOAuthApp, user);
+
+        expect(mockLock.delete).toHaveBeenCalled();
+      });
+
+      test('should throw on lock timeout', async () => {
+        jest.resetModules();
+        const { Lock } = require('../../models/dynamo/lockSchema');
+        const user = createMockUser();
+
+        const conditionalError = new Error('Lock exists');
+        conditionalError.name = 'ConditionalCheckFailedException';
+        Lock.create.mockReset();
+        Lock.get.mockReset();
+        Lock.create.mockRejectedValue(conditionalError);
+
+        // Lock never gets released (ttl is in the future, not expired)
+        const permanentLock = { 
+          ttl: moment().add(1, 'hour').unix(),
+          delete: jest.fn().mockResolvedValue(true)
+        };
+        Lock.get.mockResolvedValue(permanentLock);
+
+        connectorRegistry.getConnector.mockReturnValue({});
+
+        await expect(
+          checkAndRefreshAccessToken(mockOAuthApp, user, 1) // 1 second timeout
+        ).rejects.toThrow('Token lock timeout');
+      }, 10000);
+
+      test('should rethrow non-conditional errors', async () => {
+        const { Lock } = require('../../models/dynamo/lockSchema');
+        const user = createMockUser();
+
+        const randomError = new Error('Database connection failed');
+        Lock.create.mockRejectedValue(randomError);
+
+        connectorRegistry.getConnector.mockReturnValue({});
+
+        await expect(
+          checkAndRefreshAccessToken(mockOAuthApp, user)
+        ).rejects.toThrow('Database connection failed');
+      });
+    });
+  });
+});
+