@salesforce/core 4.0.0-v3.0 → 4.0.1

package/lib/config/sandboxOrgConfig.js

@@ -7,11 +7,22 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SandboxOrgConfig = void 0;
+const global_1 = require("../global");
 const configFile_1 = require("./configFile");
 /**
  * A config file that stores usernames for an org.
  */
 class SandboxOrgConfig extends configFile_1.ConfigFile {
+    /**
+     * Constructor.
+     * **Do not directly construct instances of this class -- use {@link SandboxConfig.create} instead.**
+     *
+     * @param options The options for the class instance
+     * @ignore
+     */
+    constructor(options) {
+        super(options);
+    }
     /**
      * Gets the config options for a given org ID.
      *
@@ -23,6 +34,7 @@ class SandboxOrgConfig extends configFile_1.ConfigFile {
             isState: true,
             filename: `${orgId}.sandbox.json`,
             orgId,
+            stateFolder: global_1.Global.SFDX_STATE_FOLDER,
         };
     }
 }

package/lib/config/sandboxProcessCache.d.ts

@@ -0,0 +1,16 @@
+import { SandboxProcessObject, SandboxRequest } from '../org';
+import { TTLConfig } from './ttlConfig';
+export type SandboxRequestCacheEntry = {
+    alias?: string;
+    setDefault: boolean;
+    prodOrgUsername: string;
+    sandboxProcessObject: Partial<SandboxProcessObject>;
+    sandboxRequest: Partial<SandboxRequest>;
+    tracksSource?: boolean;
+};
+export declare class SandboxRequestCache extends TTLConfig<TTLConfig.Options, SandboxRequestCacheEntry> {
+    static getDefaultOptions(): TTLConfig.Options;
+    static unset(key: string): Promise<void>;
+    static set(key: string, sandboxProcessObject: SandboxRequestCacheEntry): Promise<void>;
+    static getFileName(): string;
+}

package/lib/config/sandboxProcessCache.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SandboxRequestCache = void 0;
+/*
+ * Copyright (c) 2020, salesforce.com, inc.
+ * All rights reserved.
+ * Licensed under the BSD 3-Clause license.
+ * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+const kit_1 = require("@salesforce/kit");
+const global_1 = require("../global");
+const ttlConfig_1 = require("./ttlConfig");
+class SandboxRequestCache extends ttlConfig_1.TTLConfig {
+    static getDefaultOptions() {
+        return {
+            isGlobal: true,
+            isState: true,
+            filename: SandboxRequestCache.getFileName(),
+            stateFolder: global_1.Global.SF_STATE_FOLDER,
+            ttl: kit_1.Duration.days(14),
+        };
+    }
+    static async unset(key) {
+        const cache = await SandboxRequestCache.create();
+        cache.unset(key);
+        await cache.write();
+    }
+    static async set(key, sandboxProcessObject) {
+        const cache = await SandboxRequestCache.create();
+        cache.set(key, sandboxProcessObject);
+        await cache.write();
+    }
+    static getFileName() {
+        return 'sandbox-create-cache.json';
+    }
+}
+exports.SandboxRequestCache = SandboxRequestCache;
+//# sourceMappingURL=sandboxProcessCache.js.map

package/lib/config/tokensConfig.d.ts

@@ -0,0 +1,10 @@
+import { Optional } from '@salesforce/ts-types';
+import { SfTokens } from '../stateAggregator';
+import { ConfigFile } from './configFile';
+import { ConfigContents, ConfigValue } from './configStore';
+export declare class TokensConfig extends ConfigFile<ConfigFile.Options, SfTokens> {
+    protected static encryptedKeys: RegExp[];
+    static getDefaultOptions(): ConfigFile.Options;
+    protected getMethod(contents: ConfigContents, key: string): Optional<ConfigValue>;
+    protected setMethod(contents: ConfigContents, key: string, value?: ConfigValue): void;
+}

package/lib/config/tokensConfig.js

@@ -0,0 +1,29 @@
+"use strict";
+/*
+ * Copyright (c) 2022, salesforce.com, inc.
+ * All rights reserved.
+ * Licensed under the BSD 3-Clause license.
+ * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+/* eslint-disable class-methods-use-this */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokensConfig = void 0;
+const configFile_1 = require("./configFile");
+class TokensConfig extends configFile_1.ConfigFile {
+    static getDefaultOptions() {
+        return {
+            isGlobal: true,
+            isState: true,
+            filename: 'tokens.json',
+        };
+    }
+    getMethod(contents, key) {
+        return contents[key];
+    }
+    setMethod(contents, key, value) {
+        contents[key] = value;
+    }
+}
+exports.TokensConfig = TokensConfig;
+TokensConfig.encryptedKeys = [/token/i, /password/i, /secret/i];
+//# sourceMappingURL=tokensConfig.js.map

package/lib/config/ttlConfig.d.ts

@@ -0,0 +1,34 @@
+import { Duration } from '@salesforce/kit';
+import { JsonMap, Nullable } from '@salesforce/ts-types';
+import { ConfigFile } from './configFile';
+/**
+ * A Time To Live configuration file where each entry is timestamped and removed once the TTL has expired.
+ *
+ * @example
+ * ```
+ * import { Duration } from '@salesforce/kit';
+ * const config = await TTLConfig.create({
+ *   isGlobal: false,
+ *   ttl: Duration.days(1)
+ * });
+ * ```
+ */
+export declare class TTLConfig<T extends TTLConfig.Options, P extends JsonMap> extends ConfigFile<T, TTLConfig.Contents<P>> {
+    set(key: string, value: Partial<TTLConfig.Entry<P>>): void;
+    getLatestEntry(): Nullable<[string, TTLConfig.Entry<P>]>;
+    getLatestKey(): Nullable<string>;
+    isExpired(dateTime: number, value: P & {
+        timestamp: string;
+    }): boolean;
+    protected init(): Promise<void>;
+    private timestamp;
+}
+export declare namespace TTLConfig {
+    type Options = ConfigFile.Options & {
+        ttl: Duration;
+    };
+    type Entry<T extends JsonMap> = T & {
+        timestamp: string;
+    };
+    type Contents<T extends JsonMap> = Record<string, Entry<T>>;
+}

package/lib/config/ttlConfig.js

@@ -0,0 +1,50 @@
+"use strict";
+/*
+ * Copyright (c) 2022, salesforce.com, inc.
+ * All rights reserved.
+ * Licensed under the BSD 3-Clause license.
+ * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TTLConfig = void 0;
+const configFile_1 = require("./configFile");
+/**
+ * A Time To Live configuration file where each entry is timestamped and removed once the TTL has expired.
+ *
+ * @example
+ * ```
+ * import { Duration } from '@salesforce/kit';
+ * const config = await TTLConfig.create({
+ *   isGlobal: false,
+ *   ttl: Duration.days(1)
+ * });
+ * ```
+ */
+class TTLConfig extends configFile_1.ConfigFile {
+    set(key, value) {
+        super.set(key, this.timestamp(value));
+    }
+    getLatestEntry() {
+        const entries = this.entries();
+        const sorted = entries.sort(([, valueA], [, valueB]) => new Date(valueB.timestamp).getTime() - new Date(valueA.timestamp).getTime());
+        return sorted.length > 0 ? sorted[0] : null;
+    }
+    getLatestKey() {
+        const [key] = this.getLatestEntry() ?? [null];
+        return key;
+    }
+    isExpired(dateTime, value) {
+        return dateTime - new Date(value.timestamp).getTime() > this.options.ttl.milliseconds;
+    }
+    async init() {
+        const contents = await this.read(this.options.throwOnNotFound);
+        const date = new Date().getTime();
+        this.setContents(Object.fromEntries(Object.entries(contents).filter(([, value]) => !this.isExpired(date, value))));
+    }
+    // eslint-disable-next-line class-methods-use-this
+    timestamp(value) {
+        return { ...value, timestamp: new Date().toISOString() };
+    }
+}
+exports.TTLConfig = TTLConfig;
+//# sourceMappingURL=ttlConfig.js.map

package/lib/crypto/crypto.js

@@ -5,6 +5,7 @@
  * Licensed under the BSD 3-Clause license.
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
+/* eslint-disable @typescript-eslint/ban-types */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Crypto = void 0;
 const crypto = require("crypto");
@@ -14,6 +15,8 @@ const ts_types_1 = require("@salesforce/ts-types");
 const kit_1 = require("@salesforce/kit");
 const logger_1 = require("../logger");
 const messages_1 = require("../messages");
+const cache_1 = require("../util/cache");
+const global_1 = require("../global");
 const keyChain_1 = require("./keyChain");
 const secureBuffer_1 = require("./secureBuffer");
 const TAG_DELIMITER = ':';
@@ -23,13 +26,12 @@ const AUTH_TAG_LENGTH = 32;
 const ENCRYPTED_CHARS = /[a-f0-9]/;
 const KEY_NAME = 'sfdx';
 const ACCOUNT = 'local';
-messages_1.Messages.importMessagesDirectory(path_1.join(__dirname));
-const messages = messages_1.Messages.load('@salesforce/core', 'encryption', [
-    'keychainPasswordCreationError',
-    'invalidEncryptedFormatError',
-    'authDecryptError',
-    'macKeychainOutOfSync',
-]);
+const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]]));
+const makeSecureBuffer = (password) => {
+    const newSb = new secureBuffer_1.SecureBuffer();
+    newSb.consume(Buffer.from((0, ts_types_1.ensure)(password), 'utf8'));
+    return newSb;
+};
 /**
  * osxKeyChain promise wrapper.
  */
@@ -42,11 +44,21 @@ const keychainPromises = {
      * @param account The keychain account name.
      */
     getPassword(_keychain, service, account) {
-        return new Promise((resolve, reject) => _keychain.getPassword({ service, account }, (err, password) => {
-            if (err)
-                return reject(err);
-            return resolve({ username: account, password: ts_types_1.ensure(password) });
-        }));
+        const cacheKey = `${global_1.Global.DIR}:${service}:${account}`;
+        const sb = cache_1.Cache.get(cacheKey);
+        if (!sb) {
+            return new Promise((resolve, reject) => _keychain.getPassword({ service, account }, (err, password) => {
+                if (err)
+                    return reject(err);
+                cache_1.Cache.set(cacheKey, makeSecureBuffer(password));
+                return resolve({ username: account, password: (0, ts_types_1.ensure)(password) });
+            }));
+        }
+        else {
+            const pw = sb.value((buffer) => buffer.toString('utf8'));
+            cache_1.Cache.set(cacheKey, makeSecureBuffer(pw));
+            return new Promise((resolve) => resolve({ username: account, password: (0, ts_types_1.ensure)(pw) }));
+        }
     },
     /**
      * Sets a generic password item in OSX keychain.
@@ -78,7 +90,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
     constructor(options) {
         super(options);
         this.key = new secureBuffer_1.SecureBuffer();
-        this.options = options || {};
+        this.options = options ?? {};
     }
     encrypt(text) {
         if (text == null) {
@@ -117,7 +129,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
             }
             catch (err) {
                 const error = messages.createError('authDecryptError', [err.message], [], err);
-                const useGenericUnixKeychain = kit_1.env.getBoolean('SFDX_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN');
+                const useGenericUnixKeychain = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN');
                 if (os.platform() === 'darwin' && !useGenericUnixKeychain) {
                     error.actions = [messages.getMessage('macKeychainOutOfSync')];
                 }
@@ -133,6 +145,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
      * @param text The text
      * @returns true if the text is encrypted, false otherwise.
      */
+    // eslint-disable-next-line class-methods-use-this
     isEncrypted(text) {
         if (text == null) {
             return false;
@@ -183,7 +196,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
                 }
                 const key = crypto.randomBytes(Math.ceil(16)).toString('hex');
                 // Create a new password in the KeyChain.
-                await keychainPromises.setPassword(ts_types_1.ensure(this.options.keychain), KEY_NAME, ACCOUNT, key);
+                await keychainPromises.setPassword((0, ts_types_1.ensure)(this.options.keychain), KEY_NAME, ACCOUNT, key);
                 return this.init();
             }
             else {
@@ -193,7 +206,7 @@ class Crypto extends kit_1.AsyncOptionalCreatable {
     }
     async getKeyChain(platform) {
         if (!this.options.keychain) {
-            this.options.keychain = await keyChain_1.retrieveKeychain(platform);
+            this.options.keychain = await (0, keyChain_1.retrieveKeychain)(platform);
         }
         return this.options.keychain;
     }

package/lib/crypto/keyChain.js

@@ -11,18 +11,17 @@ const kit_1 = require("@salesforce/kit");
 const logger_1 = require("../logger");
 const messages_1 = require("../messages");
 const keyChainImpl_1 = require("./keyChainImpl");
-messages_1.Messages.importMessagesDirectory(__dirname);
-const messages = messages_1.Messages.load('@salesforce/core', 'encryption', ['unsupportedOperatingSystemError']);
+const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]]));
 /**
  * Gets the os level keychain impl.
  *
  * @param platform The os platform.
  * @ignore
  */
-exports.retrieveKeychain = async (platform) => {
+const retrieveKeychain = async (platform) => {
     const logger = await logger_1.Logger.child('keyChain');
     logger.debug(`platform: ${platform}`);
-    const useGenericUnixKeychainVar = kit_1.env.getBoolean('SFDX_USE_GENERIC_UNIX_KEYCHAIN');
+    const useGenericUnixKeychainVar = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN');
     const shouldUseGenericUnixKeychain = useGenericUnixKeychainVar && useGenericUnixKeychainVar;
     if (platform.startsWith('win')) {
         return keyChainImpl_1.keyChainImpl.generic_windows;
@@ -58,4 +57,5 @@ exports.retrieveKeychain = async (platform) => {
         throw messages.createError('unsupportedOperatingSystemError', [platform]);
     }
 };
+exports.retrieveKeychain = retrieveKeychain;
 //# sourceMappingURL=keyChain.js.map

package/lib/crypto/keyChainImpl.d.ts

@@ -1,8 +1,10 @@
 /// <reference types="node" />
+/// <reference types="node" />
+/// <reference types="node" />
 import * as childProcess from 'child_process';
 import * as nodeFs from 'fs';
 import { Nullable } from '@salesforce/ts-types';
-export declare type FsIfc = Pick<typeof nodeFs, 'statSync'>;
+export type FsIfc = Pick<typeof nodeFs, 'statSync'>;
 /**
  * Basic keychain interface.
  */
@@ -75,7 +77,7 @@ declare enum SecretField {
     ACCOUNT = "account",
     KEY = "key"
 }
-declare type SecretContents = {
+type SecretContents = {
     [SecretField.ACCOUNT]: string;
     [SecretField.KEY]?: string;
     [SecretField.SERVICE]: string;
@@ -110,5 +112,5 @@ export declare const keyChainImpl: {
     linux: KeychainAccess;
     validateProgram: (programPath: string, fsIfc: FsIfc, isExeIfc: (mode: number, gid: number, uid: number) => boolean) => Promise<void>;
 };
-export declare type KeyChain = GenericUnixKeychainAccess | GenericWindowsKeychainAccess | KeychainAccess;
+export type KeyChain = GenericUnixKeychainAccess | GenericWindowsKeychainAccess | KeychainAccess;
 export {};