@bigbinary/neeto-playwright-commons 1.26.35 → 1.27.0

package/index.d.ts

@@ -751,8 +751,10 @@ declare class ApiKeysApi {
 declare class CustomDomainApi {
   private neetoPlaywrightUtilities;
   constructor(neetoPlaywrightUtilities: CustomCommands);
+  create: (hostname: string, baseUrl?: string) => Promise<playwright_core.APIResponse | undefined>;
   delete: (customDomain: string) => Promise<playwright_core.APIResponse | undefined>;
-  fetch: () => Promise<playwright_core.APIResponse | undefined>;
+  fetch: (baseUrl?: string) => Promise<playwright_core.APIResponse | undefined>;
+  validate: (baseUrl?: string) => Promise<playwright_core.APIResponse | undefined>;
 }
 interface AllowedIpRange {
   ipStart: string;
@@ -4773,7 +4775,7 @@ declare class CustomDomainPage {
   customDomainApi: CustomDomainApi;
   subdomain: string;
   loginPage: Page;
-  baseURL: string;
+  customDomainURL: string;
   t: TFunction;
   constructor({
     browser,
@@ -4808,6 +4810,7 @@ declare class CustomDomainPage {
    * @endexample
   */
   validateCustomDomain: (domain: string) => Promise<void>;
+  private getDomainStatus;
   private loginToCustomDomain;
   private waitForTrustedSSL;
   private saveCustomDomainState;
@@ -4824,7 +4827,17 @@ declare class CustomDomainPage {
   setupCustomDomain: () => Promise<void>;
   /**
    *
-   * Connects and validates a custom domain for the specified product.
+   * Sets up a custom domain using the API instead of the UI.
+   *
+   * @example 
+   *
+   * await customDomainPage.setupCustomDomainViaAPI();
+   * @endexample
+  */
+  setupCustomDomainViaAPI: () => Promise<void>;
+  /**
+   *
+   * Connects and validates a custom domain for the specified product via the UI.
    *
    * subdomain (optional): The subdomain to use for generating the custom domain.
    *
@@ -4834,6 +4847,20 @@ declare class CustomDomainPage {
    * @endexample
   */
   connectCustomDomain: (subdomain?: string) => Promise<void>;
+  /**
+   *
+   * Connects and validates a custom domain using only API calls.
+   *
+   * subdomain (optional): The subdomain to use for generating the custom domain. If omitted, uses the subdomain from global user state.
+   *
+   * @example 
+   *
+   * await customDomainPage.connectViaAPI("cpt-form-534343434");
+   * @endexample
+  */
+  connectViaAPI: (subdomain?: string) => Promise<void>;
+  private validateDomain;
+  private awaitDomainValidation;
   private getCustomDomainFromAPI;
   /**
    *
@@ -6268,6 +6295,7 @@ declare const COMMON_SELECTORS: {
   columnsDropdownIcon: string;
   columnDragHandle: string;
   reactSelectContainer: string;
+  calloutElement: string;
 };
 /**
  *

package/index.js

@@ -131,15 +131,26 @@ class ApiKeysApi {
     }
 }
 
+const CUSTOM_DOMAIN_BASE_URL = `${BASE_URL}/custom_domains`;
 class CustomDomainApi {
     constructor(neetoPlaywrightUtilities) {
         this.neetoPlaywrightUtilities = neetoPlaywrightUtilities;
+        this.create = (hostname, baseUrl = "") => this.neetoPlaywrightUtilities.apiRequest({
+            url: `${baseUrl}${CUSTOM_DOMAIN_BASE_URL}`,
+            method: "post",
+            body: { hostname },
+        });
         this.delete = (customDomain) => this.neetoPlaywrightUtilities.apiRequest({
-            url: `${BASE_URL}/custom_domains/${customDomain}`,
+            url: `${CUSTOM_DOMAIN_BASE_URL}/${customDomain}`,
             method: "delete",
         });
-        this.fetch = () => this.neetoPlaywrightUtilities.apiRequest({
-            url: `${BASE_URL}/custom_domains`,
+        this.fetch = (baseUrl = "") => this.neetoPlaywrightUtilities.apiRequest({
+            url: `${baseUrl}${CUSTOM_DOMAIN_BASE_URL}`,
+        });
+        this.validate = (baseUrl = "") => this.neetoPlaywrightUtilities.apiRequest({
+            url: `${baseUrl}${CUSTOM_DOMAIN_BASE_URL}/validate_domain`,
+            failOnStatusCode: false,
+            method: "patch",
         });
     }
 }
@@ -4961,6 +4972,7 @@ const COMMON_SELECTORS = {
     columnsDropdownIcon: "columns-dropdown-icon",
     columnDragHandle: "column-drag-handle",
     reactSelectContainer: ".neeto-ui-react-select__container",
+    calloutElement: "callout-element",
 };
 
 const THANK_YOU_SELECTORS = {
@@ -29063,9 +29075,10 @@ function requireAddressparser () {
 	 * Converts tokens for a single address into an address object
 	 *
 	 * @param {Array} tokens Tokens object
+	 * @param {Number} depth Current recursion depth for nested group protection
 	 * @return {Object} Address object
 	 */
-	function _handleAddress(tokens) {
+	function _handleAddress(tokens, depth) {
 	    let isGroup = false;
 	    let state = 'text';
 	    let address;
@@ -29146,7 +29159,7 @@ function requireAddressparser () {
 	        // Parse group members, but flatten any nested groups (RFC 5322 doesn't allow nesting)
 	        let groupMembers = [];
 	        if (data.group.length) {
-	            let parsedGroup = addressparser(data.group.join(','));
+	            let parsedGroup = addressparser(data.group.join(','), { _depth: depth + 1 });
 	            // Flatten: if any member is itself a group, extract its members into the sequence
 	            parsedGroup.forEach(member => {
 	                if (member.group) {
@@ -29356,6 +29369,13 @@ function requireAddressparser () {
 	    }
 	}
 
+	/**
+	 * Maximum recursion depth for parsing nested groups.
+	 * RFC 5322 doesn't allow nested groups, so this is a safeguard against
+	 * malicious input that could cause stack overflow.
+	 */
+	const MAX_NESTED_GROUP_DEPTH = 50;
+
 	/**
 	 * Parses structured e-mail addresses from an address field
 	 *
@@ -29368,10 +29388,18 @@ function requireAddressparser () {
 	 *     [{name: 'Name', address: 'address@domain'}]
 	 *
 	 * @param {String} str Address field
+	 * @param {Object} options Optional options object
+	 * @param {Number} options._depth Internal recursion depth counter (do not set manually)
 	 * @return {Array} An array of address objects
 	 */
 	function addressparser(str, options) {
 	    options = options || {};
+	    let depth = options._depth || 0;
+
+	    // Prevent stack overflow from deeply nested groups (DoS protection)
+	    if (depth > MAX_NESTED_GROUP_DEPTH) {
+	        return [];
+	    }
 
 	    let tokenizer = new Tokenizer(str);
 	    let tokens = tokenizer.tokenize();
@@ -29396,7 +29424,7 @@ function requireAddressparser () {
 	    }
 
 	    addresses.forEach(address => {
-	        address = _handleAddress(address);
+	        address = _handleAddress(address, depth);
 	        if (address.length) {
 	            parsedAddresses = parsedAddresses.concat(address);
 	        }
@@ -40908,6 +40936,8 @@ function requireStreams () {
 	return streams;
 }
 
+lib$a.exports;
+
 var hasRequiredLib$a;
 
 function requireLib$a () {
@@ -40919,22 +40949,21 @@ function requireLib$a () {
 
 		var bomHandling = requireBomHandling();
 		var mergeModules = requireMergeExports();
-		var iconv = module.exports;
 
 		// All codecs and aliases are kept here, keyed by encoding name/alias.
 		// They are lazy loaded in `iconv.getCodec` from `encodings/index.js`.
 		// Cannot initialize with { __proto__: null } because Boolean({ __proto__: null }) === true
-		iconv.encodings = null;
+		module.exports.encodings = null;
 
 		// Characters emitted in case of error.
-		iconv.defaultCharUnicode = "�";
-		iconv.defaultCharSingleByte = "?";
+		module.exports.defaultCharUnicode = "�";
+		module.exports.defaultCharSingleByte = "?";
 
 		// Public API.
-		iconv.encode = function encode (str, encoding, options) {
+		module.exports.encode = function encode (str, encoding, options) {
 		  str = "" + (str || ""); // Ensure string.
 
-		  var encoder = iconv.getEncoder(encoding, options);
+		  var encoder = module.exports.getEncoder(encoding, options);
 
 		  var res = encoder.write(str);
 		  var trail = encoder.end();
@@ -40942,17 +40971,17 @@ function requireLib$a () {
 		  return (trail && trail.length > 0) ? Buffer.concat([res, trail]) : res
 		};
 
-		iconv.decode = function decode (buf, encoding, options) {
+		module.exports.decode = function decode (buf, encoding, options) {
 		  if (typeof buf === "string") {
-		    if (!iconv.skipDecodeWarning) {
+		    if (!module.exports.skipDecodeWarning) {
 		      console.error("Iconv-lite warning: decode()-ing strings is deprecated. Refer to https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding");
-		      iconv.skipDecodeWarning = true;
+		      module.exports.skipDecodeWarning = true;
 		    }
 
 		    buf = Buffer.from("" + (buf || ""), "binary"); // Ensure buffer.
 		  }
 
-		  var decoder = iconv.getDecoder(encoding, options);
+		  var decoder = module.exports.getDecoder(encoding, options);
 
 		  var res = decoder.write(buf);
 		  var trail = decoder.end();
@@ -40960,9 +40989,9 @@ function requireLib$a () {
 		  return trail ? (res + trail) : res
 		};
 
-		iconv.encodingExists = function encodingExists (enc) {
+		module.exports.encodingExists = function encodingExists (enc) {
 		  try {
-		    iconv.getCodec(enc);
+		    module.exports.getCodec(enc);
 		    return true
 		  } catch (e) {
 		    return false
@@ -40970,31 +40999,31 @@ function requireLib$a () {
 		};
 
 		// Legacy aliases to convert functions
-		iconv.toEncoding = iconv.encode;
-		iconv.fromEncoding = iconv.decode;
+		module.exports.toEncoding = module.exports.encode;
+		module.exports.fromEncoding = module.exports.decode;
 
 		// Search for a codec in iconv.encodings. Cache codec data in iconv._codecDataCache.
-		iconv._codecDataCache = { __proto__: null };
+		module.exports._codecDataCache = { __proto__: null };
 
-		iconv.getCodec = function getCodec (encoding) {
-		  if (!iconv.encodings) {
+		module.exports.getCodec = function getCodec (encoding) {
+		  if (!module.exports.encodings) {
 		    var raw = requireEncodings();
 		    // TODO: In future versions when old nodejs support is removed can use object.assign
-		    iconv.encodings = { __proto__: null }; // Initialize as empty object.
-		    mergeModules(iconv.encodings, raw);
+		    module.exports.encodings = { __proto__: null }; // Initialize as empty object.
+		    mergeModules(module.exports.encodings, raw);
 		  }
 
 		  // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
-		  var enc = iconv._canonicalizeEncoding(encoding);
+		  var enc = module.exports._canonicalizeEncoding(encoding);
 
 		  // Traverse iconv.encodings to find actual codec.
 		  var codecOptions = {};
 		  while (true) {
-		    var codec = iconv._codecDataCache[enc];
+		    var codec = module.exports._codecDataCache[enc];
 
 		    if (codec) { return codec }
 
-		    var codecDef = iconv.encodings[enc];
+		    var codecDef = module.exports.encodings[enc];
 
 		    switch (typeof codecDef) {
 		      case "string": // Direct alias to other encoding.
@@ -41015,9 +41044,9 @@ function requireLib$a () {
 		        // The codec function must load all tables and return object with .encoder and .decoder methods.
 		        // It'll be called only once (for each different options object).
 		        //
-		        codec = new codecDef(codecOptions, iconv);
+		        codec = new codecDef(codecOptions, module.exports);
 
-		        iconv._codecDataCache[codecOptions.encodingName] = codec; // Save it to be reused later.
+		        module.exports._codecDataCache[codecOptions.encodingName] = codec; // Save it to be reused later.
 		        return codec
 
 		      default:
@@ -41026,13 +41055,13 @@ function requireLib$a () {
 		  }
 		};
 
-		iconv._canonicalizeEncoding = function (encoding) {
+		module.exports._canonicalizeEncoding = function (encoding) {
 		  // Canonicalize encoding name: strip all non-alphanumeric chars and appended year.
 		  return ("" + encoding).toLowerCase().replace(/:\d{4}$|[^0-9a-z]/g, "")
 		};
 
-		iconv.getEncoder = function getEncoder (encoding, options) {
-		  var codec = iconv.getCodec(encoding);
+		module.exports.getEncoder = function getEncoder (encoding, options) {
+		  var codec = module.exports.getCodec(encoding);
 		  var encoder = new codec.encoder(options, codec);
 
 		  if (codec.bomAware && options && options.addBOM) { encoder = new bomHandling.PrependBOM(encoder, options); }
@@ -41040,8 +41069,8 @@ function requireLib$a () {
 		  return encoder
 		};
 
-		iconv.getDecoder = function getDecoder (encoding, options) {
-		  var codec = iconv.getCodec(encoding);
+		module.exports.getDecoder = function getDecoder (encoding, options) {
+		  var codec = module.exports.getCodec(encoding);
 		  var decoder = new codec.decoder(options, codec);
 
 		  if (codec.bomAware && !(options && options.stripBOM === false)) { decoder = new bomHandling.StripBOM(decoder, options); }
@@ -41054,26 +41083,26 @@ function requireLib$a () {
 		// up to 100Kb to the output bundle. To avoid unnecessary code bloat, we don't enable Streaming API in browser by default.
 		// If you would like to enable it explicitly, please add the following code to your app:
 		// > iconv.enableStreamingAPI(require('stream'));
-		iconv.enableStreamingAPI = function enableStreamingAPI (streamModule) {
-		  if (iconv.supportsStreams) { return }
+		module.exports.enableStreamingAPI = function enableStreamingAPI (streamModule) {
+		  if (module.exports.supportsStreams) { return }
 
 		  // Dependency-inject stream module to create IconvLite stream classes.
 		  var streams = requireStreams()(streamModule);
 
 		  // Not public API yet, but expose the stream classes.
-		  iconv.IconvLiteEncoderStream = streams.IconvLiteEncoderStream;
-		  iconv.IconvLiteDecoderStream = streams.IconvLiteDecoderStream;
+		  module.exports.IconvLiteEncoderStream = streams.IconvLiteEncoderStream;
+		  module.exports.IconvLiteDecoderStream = streams.IconvLiteDecoderStream;
 
 		  // Streaming API.
-		  iconv.encodeStream = function encodeStream (encoding, options) {
-		    return new iconv.IconvLiteEncoderStream(iconv.getEncoder(encoding, options), options)
+		  module.exports.encodeStream = function encodeStream (encoding, options) {
+		    return new module.exports.IconvLiteEncoderStream(module.exports.getEncoder(encoding, options), options)
 		  };
 
-		  iconv.decodeStream = function decodeStream (encoding, options) {
-		    return new iconv.IconvLiteDecoderStream(iconv.getDecoder(encoding, options), options)
+		  module.exports.decodeStream = function decodeStream (encoding, options) {
+		    return new module.exports.IconvLiteDecoderStream(module.exports.getDecoder(encoding, options), options)
 		  };
 
-		  iconv.supportsStreams = true;
+		  module.exports.supportsStreams = true;
 		};
 
 		// Enable Streaming API automatically if 'stream' module is available and non-empty (the majority of environments).
@@ -41083,10 +41112,10 @@ function requireLib$a () {
 		} catch (e) {}
 
 		if (streamModule && streamModule.Transform) {
-		  iconv.enableStreamingAPI(streamModule);
+		  module.exports.enableStreamingAPI(streamModule);
 		} else {
 		  // In rare cases where 'stream' module is not available by default, throw a helpful exception.
-		  iconv.encodeStream = iconv.decodeStream = function () {
+		  module.exports.encodeStream = module.exports.decodeStream = function () {
 		    throw new Error("iconv-lite Streaming API is not enabled. Use iconv.enableStreamingAPI(require('stream')); to enable it.")
 		  };
 		}
@@ -51163,7 +51192,6 @@ var require$$11 = [
 	"drive",
 	"dtv",
 	"dubai",
-	"dunlop",
 	"dupont",
 	"durban",
 	"dvag",
@@ -53395,7 +53423,11 @@ function requireMailParser () {
 	                            result.push(textPart);
 	                        }
 
-	                        result.push(`<a href="${link.url}">${link.text}</a>`);
+	                        // Escape quotes in URL to prevent XSS
+	                        let safeUrl = link.url.replace(/"/g, '&quot;');
+	                        // Escape HTML entities in link text
+	                        let safeText = he.encode(link.text, { useNamedReferences: true });
+	                        result.push(`<a href="${safeUrl}">${safeText}</a>`);
 
 	                        last = link.lastIndex;
 	                    });
@@ -119351,12 +119383,13 @@ class CustomDomainPage {
                     .getByRole("cell", { name: domain.split(".")[0] })).toBeVisible(),
             ]);
             await this.neetoPlaywrightUtilities.waitForPageLoad();
+            await validateButton.click();
+            await expect(this.page.getByTestId(COMMON_SELECTORS.calloutElement)).toBeVisible({ timeout: 15000 });
             let isCertificateLimitExceeded = false;
             await expect(async () => {
                 isCertificateLimitExceeded = await this.isCertificateLimitExceeded();
                 if (isCertificateLimitExceeded)
                     return;
-                await validateButton.click();
                 await this.neetoPlaywrightUtilities.verifyToast({
                     message: this.t("neetoCustomDomains.validation.successMessage"),
                 });
@@ -119366,13 +119399,21 @@ class CustomDomainPage {
                 return;
             }
             await this.neetoPlaywrightUtilities.waitForPageLoad();
-            await expect(this.page.getByTestId(CUSTOM_DOMAIN_SELECTORS.activeTagContainer)).toBeVisible();
+            await expect(validateButton).toBeHidden();
+        };
+        this.getDomainStatus = async (hostname, baseURL) => {
+            var _a;
+            const response = await this.customDomainApi
+                .fetch(baseURL)
+                .then(response => response === null || response === void 0 ? void 0 : response.json());
+            const domain = (_a = response === null || response === void 0 ? void 0 : response.custom_domains) === null || _a === void 0 ? void 0 : _a.find((domain) => { var _a; return ((_a = domain.hostname) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === hostname.toLowerCase(); });
+            return domain === null || domain === void 0 ? void 0 : domain.status;
         };
         this.loginToCustomDomain = async () => {
             await this.page.close();
             const loginPage = this.loginPage;
             const { email } = getGlobalUserState();
-            const loginUrl = `${this.baseURL}${ROUTES.admin}`;
+            const loginUrl = `${this.customDomainURL}${ROUTES.admin}`;
             const playwrightUtils = new CustomCommands(loginPage, loginPage.request);
             const organizationPage = new OrganizationPage(loginPage, playwrightUtils);
             await loginPage.goto(loginUrl);
@@ -119384,7 +119425,7 @@ class CustomDomainPage {
         this.waitForTrustedSSL = () => expect
             .poll(() => new Promise(resolve => {
             https
-                .get(this.baseURL, { rejectUnauthorized: true }, res => {
+                .get(this.customDomainURL, { rejectUnauthorized: true }, res => {
                 res.resume();
                 resolve(true);
             })
@@ -119398,7 +119439,7 @@ class CustomDomainPage {
             await this.loginPage.context().storageState({ path: STORAGE_STATE });
             const mergedCredentials = mergeAll([readFileSyncIfExists(), { user }]);
             writeDataToFile(JSON.stringify(mergedCredentials, null, 2));
-            updateCredentials({ key: "baseUrl", value: this.baseURL });
+            updateCredentials({ key: "baseUrl", value: this.customDomainURL });
             updateCredentials({ key: "domain", value: CUSTOM_DOMAIN_SUFFIX });
         };
         // eslint-disable-next-line playwright/no-wait-for-timeout
@@ -119412,21 +119453,57 @@ class CustomDomainPage {
             await this.loginToCustomDomain();
             await this.saveCustomDomainState();
         };
+        this.setupCustomDomainViaAPI = async () => {
+            if (shouldSkipCustomDomainSetup())
+                return;
+            await this.connectViaAPI();
+            const context = await this.browser.newContext(EMPTY_STORAGE_STATE);
+            this.loginPage = await context.newPage();
+            await this.loginToCustomDomain();
+            await this.saveCustomDomainState();
+        };
         this.connectCustomDomain = async (subdomain) => {
             if (shouldSkipCustomDomainSetup())
                 return;
-            const baseURL = baseURLGenerator(this.product, subdomain);
             const domain = this.getCustomDomain(subdomain);
-            this.baseURL = `https://${domain}`;
+            const baseURL = baseURLGenerator(this.product, this.subdomain);
+            this.customDomainURL = `https://${domain}`;
             await this.neetoPlaywrightUtilities.waitForPageLoad();
             await this.page.goto(`${baseURL}${ROUTES.adminPanel.customDomain}`);
             await this.neetoPlaywrightUtilities.waitForPageLoad();
             await this.addCustomDomain(domain);
             await this.validateCustomDomain(domain);
-            process.env.BASE_URL = this.baseURL;
+            process.env.BASE_URL = this.customDomainURL;
             await this.waitForTrustedSSL();
             await this.waitForDomainPropagation();
         };
+        this.connectViaAPI = async (subdomain) => {
+            if (shouldSkipCustomDomainSetup())
+                return;
+            const domain = this.getCustomDomain(subdomain);
+            this.customDomainURL = `https://${domain}`;
+            const baseURL = baseURLGenerator(this.product, this.subdomain);
+            await this.page.goto(`${baseURL}${ROUTES.adminPanel.customDomain}`);
+            await this.page.waitForLoadState("domcontentloaded");
+            await this.customDomainApi.create(domain, baseURL);
+            await this.validateDomain(baseURL);
+            await this.awaitDomainValidation(domain, baseURL);
+            process.env.BASE_URL = this.customDomainURL;
+            await this.waitForTrustedSSL();
+            await this.waitForDomainPropagation();
+        };
+        this.validateDomain = (baseURL) => expect
+            .poll(async () => { var _a; return (_a = (await this.customDomainApi.validate(baseURL))) === null || _a === void 0 ? void 0 : _a.status(); }, {
+            timeout: 2 * 60000,
+            intervals: [10000],
+        })
+            .toBe(200);
+        this.awaitDomainValidation = (hostname, baseURL) => expect
+            .poll(async () => this.getDomainStatus(hostname, baseURL), {
+            timeout: 2 * 60000,
+            intervals: [5000],
+        })
+            .toBe("active");
         this.getCustomDomainFromAPI = async () => {
             const { custom_domains } = await this.customDomainApi
                 .fetch()