@openclaw/zalouser 2026.3.13 → 2026.5.1-beta.2

package/src/zalo-js.credentials.test.ts

@@ -0,0 +1,465 @@
+import { lstat, mkdir, mkdtemp, readFile, rm, stat, symlink, writeFile } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { withEnvAsync } from "openclaw/plugin-sdk/test-env";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { API, Credentials, LoginQRCallbackEvent } from "./zca-client.js";
+import { LoginQRCallbackEventType } from "./zca-constants.js";
+
+const createZaloMock = vi.hoisted(() => vi.fn());
+const TEST_MTIME_TICK_MS = 20;
+
+vi.mock("./zca-client.js", () => ({
+  createZalo: createZaloMock,
+  TextStyle: { Indent: 9 },
+}));
+
+import {
+  checkZaloAuthenticated,
+  listZaloFriends,
+  sendZaloLink,
+  sendZaloReaction,
+  startZaloQrLogin,
+  waitForZaloQrLogin,
+} from "./zalo-js.js";
+
+type StoredCredentialFile = {
+  imei: string;
+  cookie: Credentials["cookie"];
+  userAgent: string;
+  language?: string;
+  createdAt?: string;
+  lastUsedAt?: string;
+};
+
+function credentialPath(stateDir: string, profile: string): string {
+  const trimmed = profile.trim().toLowerCase();
+  const filename =
+    !trimmed || trimmed === "default"
+      ? "credentials.json"
+      : `credentials-${encodeURIComponent(trimmed)}.json`;
+  return path.join(stateDir, "credentials", "zalouser", filename);
+}
+
+async function readStoredCredentials(
+  stateDir: string,
+  profile: string,
+): Promise<StoredCredentialFile> {
+  return JSON.parse(
+    await readFile(credentialPath(stateDir, profile), "utf8"),
+  ) as StoredCredentialFile;
+}
+
+async function waitForMtimeTick(): Promise<void> {
+  await new Promise((resolve) => setTimeout(resolve, TEST_MTIME_TICK_MS));
+}
+
+function createMockApi(params: {
+  imei: string;
+  userAgent: string;
+  language?: string;
+  cookies: unknown[] | (() => unknown[]);
+  getAllFriends?: API["getAllFriends"];
+}): API {
+  return {
+    getContext: () => ({
+      imei: params.imei,
+      userAgent: params.userAgent,
+      language: params.language,
+    }),
+    getCookie: () => ({
+      toJSON: () => ({
+        cookies: typeof params.cookies === "function" ? params.cookies() : params.cookies,
+      }),
+    }),
+    fetchAccountInfo: async () => ({
+      userId: "user-1",
+      username: "user-1",
+      displayName: "Zalo User",
+      zaloName: "Zalo User",
+      avatar: "",
+    }),
+    getAllFriends: params.getAllFriends ?? vi.fn(async () => []),
+    listener: {
+      on: vi.fn(),
+      off: vi.fn(),
+      start: vi.fn(),
+      stop: vi.fn(),
+    },
+  } as unknown as API;
+}
+
+describe("zalouser credential persistence", () => {
+  beforeEach(() => {
+    createZaloMock.mockReset();
+  });
+
+  it("persists the final API cookie jar after QR login", async () => {
+    const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+    const profile = "qr-refresh";
+    const callbackCookie = [{ key: "zpsid", value: "callback", domain: "chat.zalo.me" }];
+    const refreshedCookie = [{ key: "zpsid", value: "refreshed", domain: "chat.zalo.me" }];
+    const api = createMockApi({
+      imei: "api-imei",
+      userAgent: "api-user-agent",
+      language: "vi",
+      cookies: refreshedCookie,
+    });
+
+    createZaloMock.mockResolvedValueOnce({
+      loginQR: async (_options: unknown, callback?: (event: LoginQRCallbackEvent) => unknown) => {
+        callback?.({
+          type: LoginQRCallbackEventType.QRCodeGenerated,
+          data: {
+            code: "qr-code",
+            image: "data:image/png;base64,abc123",
+          },
+          actions: {
+            saveToFile: vi.fn(async () => undefined),
+            retry: vi.fn(),
+            abort: vi.fn(),
+          },
+        });
+        callback?.({
+          type: LoginQRCallbackEventType.GotLoginInfo,
+          data: {
+            cookie: callbackCookie,
+            imei: "callback-imei",
+            userAgent: "callback-user-agent",
+          },
+          actions: null,
+        });
+        return api;
+      },
+    });
+
+    try {
+      await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+        await startZaloQrLogin({ profile, timeoutMs: 1000 });
+
+        await expect(waitForZaloQrLogin({ profile, timeoutMs: 1000 })).resolves.toMatchObject({
+          connected: true,
+        });
+
+        const stored = await readStoredCredentials(stateDir, profile);
+        expect(stored).toMatchObject({
+          imei: "api-imei",
+          userAgent: "api-user-agent",
+          language: "vi",
+        });
+        expect(stored.cookie).toEqual(refreshedCookie);
+      });
+    } finally {
+      await rm(stateDir, { recursive: true, force: true });
+    }
+  });
+
+  it("rewrites restored sessions with cookies refreshed by zca-js login", async () => {
+    const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+    const profile = "restore-refresh";
+    const storedCookie = [{ key: "zpsid", value: "stored", domain: "chat.zalo.me" }];
+    const refreshedCookie = [{ key: "zpsid", value: "refreshed", domain: "chat.zalo.me" }];
+    const filePath = credentialPath(stateDir, profile);
+    await mkdir(path.dirname(filePath), { recursive: true });
+    await writeFile(
+      filePath,
+      JSON.stringify(
+        {
+          imei: "stored-imei",
+          cookie: storedCookie,
+          userAgent: "stored-user-agent",
+          createdAt: "2026-04-01T00:00:00.000Z",
+        },
+        null,
+        2,
+      ),
+    );
+
+    const api = createMockApi({
+      imei: "stored-imei",
+      userAgent: "stored-user-agent",
+      language: "vi",
+      cookies: refreshedCookie,
+    });
+    const login = vi.fn(async () => api);
+    createZaloMock.mockResolvedValueOnce({ login });
+
+    try {
+      await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+        await expect(checkZaloAuthenticated(profile)).resolves.toBe(true);
+
+        expect(login).toHaveBeenCalledWith({
+          imei: "stored-imei",
+          cookie: storedCookie,
+          userAgent: "stored-user-agent",
+          language: undefined,
+        });
+        const stored = await readStoredCredentials(stateDir, profile);
+        expect(stored.cookie).toEqual(refreshedCookie);
+        expect(stored.createdAt).toBe("2026-04-01T00:00:00.000Z");
+        expect(stored.lastUsedAt).toEqual(expect.any(String));
+      });
+    } finally {
+      await rm(stateDir, { recursive: true, force: true });
+    }
+  });
+
+  it("persists cookie changes after a successful API call", async () => {
+    const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+    const profile = "api-refresh";
+    const storedCookie: unknown[] = [{ key: "zpsid", value: "stored", domain: "chat.zalo.me" }];
+    const loginCookie: unknown[] = [{ key: "zpsid", value: "login", domain: "chat.zalo.me" }];
+    const refreshedCookie: unknown[] = [
+      { key: "zpsid", value: "api-refreshed", domain: "chat.zalo.me" },
+    ];
+    const filePath = credentialPath(stateDir, profile);
+    await mkdir(path.dirname(filePath), { recursive: true });
+    await writeFile(
+      filePath,
+      JSON.stringify(
+        {
+          imei: "stored-imei",
+          cookie: storedCookie,
+          userAgent: "stored-user-agent",
+          createdAt: "2026-04-01T00:00:00.000Z",
+        },
+        null,
+        2,
+      ),
+    );
+
+    let currentCookie = loginCookie;
+    const api = createMockApi({
+      imei: "stored-imei",
+      userAgent: "stored-user-agent",
+      language: "vi",
+      cookies: () => currentCookie,
+      getAllFriends: vi.fn(async () => {
+        currentCookie = refreshedCookie;
+        return [
+          {
+            userId: "friend-1",
+            username: "friend-1",
+            displayName: "Friend One",
+            zaloName: "Friend One",
+            avatar: "",
+          },
+        ];
+      }),
+    });
+    createZaloMock.mockResolvedValueOnce({ login: vi.fn(async () => api) });
+
+    try {
+      await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+        await expect(listZaloFriends(profile)).resolves.toEqual([
+          {
+            userId: "friend-1",
+            displayName: "Friend One",
+            avatar: undefined,
+          },
+        ]);
+
+        const stored = await readStoredCredentials(stateDir, profile);
+        expect(stored.cookie).toEqual(refreshedCookie);
+        expect(stored.createdAt).toBe("2026-04-01T00:00:00.000Z");
+        expect(stored.lastUsedAt).toEqual(expect.any(String));
+      });
+    } finally {
+      await rm(stateDir, { recursive: true, force: true });
+    }
+  });
+
+  it("does not rewrite credentials when the live cookie jar only reorders cookies", async () => {
+    const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+    const profile = "api-stable";
+    const cookieA: unknown[] = [
+      { key: "zpsid", value: "same", domain: "chat.zalo.me" },
+      { key: "zpw", value: "same-secondary", domain: "chat.zalo.me" },
+    ];
+    const cookieB = [...cookieA].toReversed();
+    const filePath = credentialPath(stateDir, profile);
+    await mkdir(path.dirname(filePath), { recursive: true });
+    await writeFile(
+      filePath,
+      JSON.stringify(
+        {
+          imei: "stored-imei",
+          cookie: cookieA,
+          userAgent: "stored-user-agent",
+          createdAt: "2026-04-01T00:00:00.000Z",
+        },
+        null,
+        2,
+      ),
+    );
+
+    let currentCookie = cookieA;
+    const api = createMockApi({
+      imei: "stored-imei",
+      userAgent: "stored-user-agent",
+      language: "vi",
+      cookies: () => currentCookie,
+      getAllFriends: vi.fn(async () => []),
+    });
+    createZaloMock.mockResolvedValueOnce({ login: vi.fn(async () => api) });
+
+    try {
+      await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+        await expect(listZaloFriends(profile)).resolves.toEqual([]);
+        const firstRaw = await readFile(filePath, "utf8");
+        const firstMtimeMs = (await stat(filePath)).mtimeMs;
+
+        currentCookie = cookieB;
+        await waitForMtimeTick();
+
+        await expect(listZaloFriends(profile)).resolves.toEqual([]);
+        expect(await readFile(filePath, "utf8")).toBe(firstRaw);
+        expect((await stat(filePath)).mtimeMs).toBe(firstMtimeMs);
+      });
+    } finally {
+      await rm(stateDir, { recursive: true, force: true });
+    }
+  });
+
+  it("keeps reaction sends non-throwing when session restore fails", async () => {
+    const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+
+    try {
+      await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+        await expect(
+          sendZaloReaction({
+            profile: "missing-session",
+            threadId: "thread-1",
+            msgId: "msg-1",
+            cliMsgId: "cli-1",
+            emoji: "like",
+          }),
+        ).resolves.toMatchObject({
+          ok: false,
+          error: expect.stringContaining("No saved Zalo session"),
+        });
+      });
+    } finally {
+      await rm(stateDir, { recursive: true, force: true });
+    }
+  });
+
+  it("keeps link sends non-throwing when session restore fails", async () => {
+    const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+
+    try {
+      await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+        await expect(
+          sendZaloLink("thread-1", "https://example.com", {
+            profile: "missing-session",
+          }),
+        ).resolves.toMatchObject({
+          ok: false,
+          error: expect.stringContaining("No saved Zalo session"),
+        });
+      });
+    } finally {
+      await rm(stateDir, { recursive: true, force: true });
+    }
+  });
+
+  it.skipIf(process.platform === "win32")(
+    "writes credentials with private permissions",
+    async () => {
+      const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+      const profile = "private-mode";
+      const api = createMockApi({
+        imei: "api-imei",
+        userAgent: "api-user-agent",
+        cookies: [{ key: "zpsid", value: "private", domain: "chat.zalo.me" }],
+      });
+
+      createZaloMock.mockResolvedValueOnce({
+        loginQR: async (_options: unknown, callback?: (event: LoginQRCallbackEvent) => unknown) => {
+          callback?.({
+            type: LoginQRCallbackEventType.QRCodeGenerated,
+            data: {
+              code: "qr-code",
+              image: "data:image/png;base64,abc123",
+            },
+            actions: {
+              saveToFile: vi.fn(async () => undefined),
+              retry: vi.fn(),
+              abort: vi.fn(),
+            },
+          });
+          return api;
+        },
+      });
+
+      try {
+        await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+          await startZaloQrLogin({ profile, timeoutMs: 1000 });
+          await expect(waitForZaloQrLogin({ profile, timeoutMs: 1000 })).resolves.toMatchObject({
+            connected: true,
+          });
+
+          const filePath = credentialPath(stateDir, profile);
+          const dirMode = (await stat(path.dirname(filePath))).mode & 0o777;
+          const fileMode = (await stat(filePath)).mode & 0o777;
+          expect(dirMode).toBe(0o700);
+          expect(fileMode).toBe(0o600);
+        });
+      } finally {
+        await rm(stateDir, { recursive: true, force: true });
+      }
+    },
+  );
+
+  it.skipIf(process.platform === "win32")(
+    "refuses to write credentials through a symlinked file",
+    async () => {
+      const stateDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-zalouser-credentials-"));
+      const profile = "symlink-target";
+      const filePath = credentialPath(stateDir, profile);
+      const targetPath = path.join(stateDir, "outside.json");
+      const api = createMockApi({
+        imei: "api-imei",
+        userAgent: "api-user-agent",
+        cookies: [{ key: "zpsid", value: "symlink", domain: "chat.zalo.me" }],
+      });
+
+      await mkdir(path.dirname(filePath), { recursive: true });
+      await writeFile(targetPath, "sentinel", "utf8");
+      await symlink(targetPath, filePath);
+
+      createZaloMock.mockResolvedValueOnce({
+        loginQR: async (_options: unknown, callback?: (event: LoginQRCallbackEvent) => unknown) => {
+          callback?.({
+            type: LoginQRCallbackEventType.QRCodeGenerated,
+            data: {
+              code: "qr-code",
+              image: "data:image/png;base64,abc123",
+            },
+            actions: {
+              saveToFile: vi.fn(async () => undefined),
+              retry: vi.fn(),
+              abort: vi.fn(),
+            },
+          });
+          return api;
+        },
+      });
+
+      try {
+        await withEnvAsync({ OPENCLAW_STATE_DIR: stateDir }, async () => {
+          const started = await startZaloQrLogin({ profile, timeoutMs: 1000 });
+          const waited = await waitForZaloQrLogin({ profile, timeoutMs: 1000 });
+          expect(`${started.message} ${waited.message}`).toContain(
+            "Refusing to write Zalo credentials to symlinked path",
+          );
+        });
+
+        expect(await readFile(targetPath, "utf8")).toBe("sentinel");
+        expect((await lstat(filePath)).isSymbolicLink()).toBe(true);
+      } finally {
+        await rm(stateDir, { recursive: true, force: true });
+      }
+    },
+  );
+});

package/src/zalo-js.test-mocks.ts

@@ -0,0 +1,89 @@
+import { vi, type Mock } from "vitest";
+
+type ZaloJsModule = typeof import("./zalo-js.js");
+type ZaloJsMocks = {
+  checkZaloAuthenticatedMock: Mock<ZaloJsModule["checkZaloAuthenticated"]>;
+  getZaloUserInfoMock: Mock<ZaloJsModule["getZaloUserInfo"]>;
+  listZaloFriendsMock: Mock<ZaloJsModule["listZaloFriends"]>;
+  listZaloFriendsMatchingMock: Mock<ZaloJsModule["listZaloFriendsMatching"]>;
+  listZaloGroupMembersMock: Mock<ZaloJsModule["listZaloGroupMembers"]>;
+  listZaloGroupsMock: Mock<ZaloJsModule["listZaloGroups"]>;
+  listZaloGroupsMatchingMock: Mock<ZaloJsModule["listZaloGroupsMatching"]>;
+  logoutZaloProfileMock: Mock<ZaloJsModule["logoutZaloProfile"]>;
+  resolveZaloAllowFromEntriesMock: Mock<ZaloJsModule["resolveZaloAllowFromEntries"]>;
+  resolveZaloGroupContextMock: Mock<ZaloJsModule["resolveZaloGroupContext"]>;
+  resolveZaloGroupsByEntriesMock: Mock<ZaloJsModule["resolveZaloGroupsByEntries"]>;
+  startZaloListenerMock: Mock<ZaloJsModule["startZaloListener"]>;
+  startZaloQrLoginMock: Mock<ZaloJsModule["startZaloQrLogin"]>;
+  waitForZaloQrLoginMock: Mock<ZaloJsModule["waitForZaloQrLogin"]>;
+};
+
+const zaloJsMocks = vi.hoisted(
+  (): ZaloJsMocks => ({
+    checkZaloAuthenticatedMock: vi.fn(async () => false),
+    getZaloUserInfoMock: vi.fn(async () => null),
+    listZaloFriendsMock: vi.fn(async () => []),
+    listZaloFriendsMatchingMock: vi.fn(async () => []),
+    listZaloGroupMembersMock: vi.fn(async () => []),
+    listZaloGroupsMock: vi.fn(async () => []),
+    listZaloGroupsMatchingMock: vi.fn(async () => []),
+    logoutZaloProfileMock: vi.fn(async () => ({
+      cleared: true,
+      loggedOut: true,
+      message: "Logged out and cleared local session.",
+    })),
+    resolveZaloAllowFromEntriesMock: vi.fn(async ({ entries }: { entries: string[] }) =>
+      entries.map((entry) => ({ input: entry, resolved: true, id: entry, note: undefined })),
+    ),
+    resolveZaloGroupContextMock: vi.fn(async (_profile, groupId) => ({
+      groupId,
+      name: undefined,
+      members: [],
+    })),
+    resolveZaloGroupsByEntriesMock: vi.fn(async ({ entries }: { entries: string[] }) =>
+      entries.map((entry) => ({ input: entry, resolved: true, id: entry, note: undefined })),
+    ),
+    startZaloListenerMock: vi.fn(async () => ({ stop: vi.fn() })),
+    startZaloQrLoginMock: vi.fn(async () => ({
+      message: "qr pending",
+      qrDataUrl: undefined,
+    })),
+    waitForZaloQrLoginMock: vi.fn(async () => ({
+      connected: false,
+      message: "login pending",
+    })),
+  }),
+);
+
+export const checkZaloAuthenticatedMock = zaloJsMocks.checkZaloAuthenticatedMock;
+export const getZaloUserInfoMock = zaloJsMocks.getZaloUserInfoMock;
+export const listZaloFriendsMock = zaloJsMocks.listZaloFriendsMock;
+export const listZaloFriendsMatchingMock = zaloJsMocks.listZaloFriendsMatchingMock;
+export const listZaloGroupMembersMock = zaloJsMocks.listZaloGroupMembersMock;
+export const listZaloGroupsMock = zaloJsMocks.listZaloGroupsMock;
+export const listZaloGroupsMatchingMock = zaloJsMocks.listZaloGroupsMatchingMock;
+export const logoutZaloProfileMock = zaloJsMocks.logoutZaloProfileMock;
+export const resolveZaloAllowFromEntriesMock = zaloJsMocks.resolveZaloAllowFromEntriesMock;
+export const resolveZaloGroupContextMock = zaloJsMocks.resolveZaloGroupContextMock;
+export const resolveZaloGroupsByEntriesMock = zaloJsMocks.resolveZaloGroupsByEntriesMock;
+export const startZaloListenerMock: Mock<ZaloJsModule["startZaloListener"]> =
+  zaloJsMocks.startZaloListenerMock;
+export const startZaloQrLoginMock = zaloJsMocks.startZaloQrLoginMock;
+export const waitForZaloQrLoginMock = zaloJsMocks.waitForZaloQrLoginMock;
+
+vi.mock("./zalo-js.js", () => ({
+  checkZaloAuthenticated: checkZaloAuthenticatedMock,
+  getZaloUserInfo: getZaloUserInfoMock,
+  listZaloFriends: listZaloFriendsMock,
+  listZaloFriendsMatching: listZaloFriendsMatchingMock,
+  listZaloGroupMembers: listZaloGroupMembersMock,
+  listZaloGroups: listZaloGroupsMock,
+  listZaloGroupsMatching: listZaloGroupsMatchingMock,
+  logoutZaloProfile: logoutZaloProfileMock,
+  resolveZaloAllowFromEntries: resolveZaloAllowFromEntriesMock,
+  resolveZaloGroupContext: resolveZaloGroupContextMock,
+  resolveZaloGroupsByEntries: resolveZaloGroupsByEntriesMock,
+  startZaloListener: startZaloListenerMock,
+  startZaloQrLogin: startZaloQrLoginMock,
+  waitForZaloQrLogin: waitForZaloQrLoginMock,
+}));