@salesforce/core 8.25.1 → 8.26.1

package/lib/logger/filters.js

@@ -17,6 +17,7 @@ const buildKeyRegex = (expElement) => RegExp(`(['"]\\s*key\\s*['"]\\s*:)\\s*['"]
 // This will redact values when the keys match certain patterns
 const FILTERED_KEYS = [
     { name: 'sid' },
+    { name: 'jwt' },
     { name: 'Authorization' },
     // Any json attribute that contains the words "refresh" and "token" will have the attribute/value hidden
     { name: 'refresh_token', regex: 'refresh[^\'"]*token' },
@@ -39,6 +40,7 @@ const replacementFunctions = FILTERED_KEYS_FOR_PROCESSING.flatMap((key) => [
     // use these for secrets with known patterns
     (input) => input
         .replace(new RegExp(sfdc_1.accessTokenRegex, 'g'), '<REDACTED ACCESS TOKEN>')
+        .replace(new RegExp(sfdc_1.jwtTokenRegex, 'g'), '<REDACTED JWT TOKEN>')
         .replace(new RegExp(sfdc_1.sfdxAuthUrlRegex, 'g'), '<REDACTED AUTH URL TOKEN>'),
     // conditional replacement for clientId: leave the value if it's the PlatformCLI, otherwise redact it
     (input) => input.replace(/(['"]client.*Id['"])\s*:\s*(['"][^'"]*['"])/gi, (all, key, value) => value.includes('PlatformCLI') ? `${key}:${value}` : `${key}:"<REDACTED CLIENT ID>"`),

package/lib/org/authInfo.d.ts

@@ -33,7 +33,6 @@ export type AuthFields = {
     password?: string;
     privateKey?: string;
     refreshToken?: string;
-    scratchAdminUsername?: string;
     snapshot?: string;
     userId?: string;
     username?: string;

package/lib/org/authInfo.js

@@ -425,7 +425,7 @@ class AuthInfo extends kit_1.AsyncOptionalCreatable {
     async save(authData) {
         this.update(authData);
         const username = (0, ts_types_1.ensure)(this.getUsername());
-        if ((0, sfdc_1.matchesAccessToken)(username)) {
+        if ((0, sfdc_1.matchesOpaqueAccessToken)(username)) {
             this.logger.debug('Username is an accesstoken. Skip saving authinfo to disk.');
             return this;
         }
@@ -662,7 +662,7 @@ class AuthInfo extends kit_1.AsyncOptionalCreatable {
             await this.stateAggregator.orgs.read(oauthUsername, false, false);
         } // Else it will be set in initAuthOptions below.
         // If the username is an access token, use that for auth and don't persist
-        if ((0, ts_types_1.isString)(oauthUsername) && (0, sfdc_1.matchesAccessToken)(oauthUsername)) {
+        if ((0, ts_types_1.isString)(oauthUsername) && (0, sfdc_1.matchesOpaqueAccessToken)(oauthUsername)) {
             // Need to initAuthOptions the logger and authInfoCrypto since we don't call init()
             this.logger = await logger_1.Logger.child('AuthInfo');
             const aggregator = await configAggregator_1.ConfigAggregator.create();

package/lib/org/scratchOrgInfoGenerator.js

@@ -181,12 +181,14 @@ exports.generateScratchOrgInfo = generateScratchOrgInfo;
  */
 const getScratchOrgInfoPayload = async (options) => {
     let warnings = [];
-    // orgConfig input overrides definitionjson (-j option; hidden/deprecated) overrides definitionfile (-f option)
+    // Merge after all validations complete
     // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
     const scratchOrgInfoPayload = {
         ...(options.definitionfile ? await parseDefinitionFile(options.definitionfile) : {}),
-        ...(options.definitionjson ? JSON.parse(options.definitionjson) : {}),
-        ...(options.orgConfig ?? {}),
+        ...(options.definitionjson
+            ? await validateInputDef(JSON.parse(options.definitionjson), 'definitionjson')
+            : {}),
+        ...(options.orgConfig ? await validateInputDef(options.orgConfig, 'orgConfig') : {}),
     };
     // scratchOrgInfoPayload must be heads down camelcase.
     Object.keys(scratchOrgInfoPayload).forEach((key) => {
@@ -223,6 +225,19 @@ const getScratchOrgInfoPayload = async (options) => {
     };
 };
 exports.getScratchOrgInfoPayload = getScratchOrgInfoPayload;
+/**
+ * Validates input definition objects (definitionjson or orgConfig) against schema
+ * Emits warnings if validation issues are found
+ */
+const validateInputDef = async (input, source) => {
+    const result = scratchOrgDef_1.ScratchOrgDefSchema.safeParse(input);
+    if (!result.success) {
+        const errorMessages = result.error.issues.map((err) => `${err.path.join('.')}: ${err.message}`).join('\n');
+        await lifecycleEvents_1.Lifecycle.getInstance().emitWarning(`Scratch org definition validation issues in ${source}:\n${errorMessages}`);
+        return input;
+    }
+    return result.data;
+};
 const parseDefinitionFile = async (definitionFile) => {
     try {
         const fileData = await fs_1.fs.promises.readFile(definitionFile, 'utf8');

package/lib/org/user.js

@@ -437,7 +437,7 @@ class User extends kit_1.AsyncCreatable {
 }
 exports.User = User;
 const resolveUsernameFromAccessToken = (logger) => (conn) => async (usernameOrAccessToken) => {
-    if ((0, sfdc_1.matchesAccessToken)(usernameOrAccessToken)) {
+    if ((0, sfdc_1.matchesOpaqueAccessToken)(usernameOrAccessToken)) {
         logger.debug('received an accessToken for the username.  Converting...');
         const username = (await conn.identity()).username;
         logger.debug(`accessToken converted to ${username}`);

package/lib/schema/project-scratch-def/scratchOrgDef.d.ts

@@ -6,14 +6,14 @@ import { z } from 'zod';
 export declare const ScratchOrgDefSchema: z.ZodObject<{
     orgName: z.ZodOptional<z.ZodString>;
     edition: z.ZodEnum<{
-        Group: "Group";
-        Developer: "Developer";
-        Enterprise: "Enterprise";
-        "Partner Developer": "Partner Developer";
-        "Partner Enterprise": "Partner Enterprise";
-        "Partner Group": "Partner Group";
-        "Partner Professional": "Partner Professional";
-        Professional: "Professional";
+        group: "group";
+        developer: "developer";
+        enterprise: "enterprise";
+        "partner-developer": "partner-developer";
+        "partner-enterprise": "partner-enterprise";
+        "partner-group": "partner-group";
+        "partner-professional": "partner-professional";
+        professional: "professional";
     }>;
     country: z.ZodOptional<z.ZodString>;
     username: z.ZodOptional<z.ZodString>;

package/lib/schema/project-scratch-def/scratchOrgDef.js

@@ -19,14 +19,14 @@ exports.ScratchOrgDefSchema = zod_1.z
     orgName: zod_1.z.string().optional().describe('The name of the scratch org.').meta({ title: 'Organization Name' }),
     edition: zod_1.z
         .enum([
-        'Developer',
-        'Enterprise',
-        'Group',
-        'Partner Developer',
-        'Partner Enterprise',
-        'Partner Group',
-        'Partner Professional',
-        'Professional',
+        'developer',
+        'enterprise',
+        'group',
+        'partner-developer',
+        'partner-enterprise',
+        'partner-group',
+        'partner-professional',
+        'professional',
     ])
         .describe('The Salesforce edition of the scratch org.'),
     country: zod_1.z

package/lib/schema/project-scratch-def/simpleFeaturesList.js

@@ -112,6 +112,7 @@ exports.simpleFeaturesList = [
     'EinsteinGPTForDevelopers',
     'EinsteinRecommendationBuilder',
     'EinsteinRecommendationBuilderMetadata',
+    'EinsteinSalesRepFdbk',
     'EinsteinSearch',
     'EinsteinVisits',
     'EinsteinVisitsED',

package/lib/util/sfdc.d.ts

@@ -31,10 +31,23 @@ export declare const validateSalesforceId: (value: string) => boolean;
  */
 export declare const validatePathDoesNotContainInvalidChars: (value: string) => boolean;
 export declare const accessTokenRegex: RegExp;
+export declare const jwtTokenRegex: RegExp;
 export declare const sfdxAuthUrlRegex: RegExp;
 /**
- * Tests whether a given string is an access token
+ * Tests whether a given string is an opaque access token, a JWT token, or neither.
  *
  * @param value
  */
-export declare const matchesAccessToken: (value: string) => boolean;
+export declare function matchesAccessToken(value: string): boolean;
+/**
+ * Tests whether a given string is an opaque access token.
+ *
+ * @param value
+ */
+export declare const matchesOpaqueAccessToken: (value: string) => boolean;
+/**
+ * Tests whether a given string is a JWT-formatted access token.
+ *
+ * @param value
+ */
+export declare const matchesJwtAccessToken: (value: string) => boolean;

package/lib/util/sfdc.js

@@ -6,8 +6,9 @@
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.matchesAccessToken = exports.sfdxAuthUrlRegex = exports.accessTokenRegex = exports.validatePathDoesNotContainInvalidChars = exports.validateSalesforceId = exports.validateEmail = exports.validateApiVersion = void 0;
+exports.matchesJwtAccessToken = exports.matchesOpaqueAccessToken = exports.sfdxAuthUrlRegex = exports.jwtTokenRegex = exports.accessTokenRegex = exports.validatePathDoesNotContainInvalidChars = exports.validateSalesforceId = exports.validateEmail = exports.validateApiVersion = void 0;
 exports.trimTo15 = trimTo15;
+exports.matchesAccessToken = matchesAccessToken;
 function trimTo15(id) {
     if (!id) {
         return undefined;
@@ -48,12 +49,52 @@ const validatePathDoesNotContainInvalidChars = (value) =>
 !/[\["\?<>\|\]]+/.test(value);
 exports.validatePathDoesNotContainInvalidChars = validatePathDoesNotContainInvalidChars;
 exports.accessTokenRegex = /(00D\w{12,15})![.\w]*/;
+// 'eyJ' strongly suggests that this is a base64 JSON, and so the general shape of the rest of it is enough to presume it's a JWT.
+exports.jwtTokenRegex = /eyJ[A-Za-z0-9+=_-]+\.[A-Za-z0-9+=_-]+\.[A-Za-z0-9+=_-]+/;
 exports.sfdxAuthUrlRegex = /force:\/\/([a-zA-Z0-9._-]+):([a-zA-Z0-9._-]*):([a-zA-Z0-9._-]+={0,2})@([a-zA-Z0-9._-]+)/;
 /**
- * Tests whether a given string is an access token
+ * Tests whether a given string is an opaque access token, a JWT token, or neither.
  *
  * @param value
  */
-const matchesAccessToken = (value) => exports.accessTokenRegex.test(value);
-exports.matchesAccessToken = matchesAccessToken;
+function matchesAccessToken(value) {
+    return (0, exports.matchesOpaqueAccessToken)(value) || (0, exports.matchesJwtAccessToken)(value);
+}
+/**
+ * Tests whether a given string is an opaque access token.
+ *
+ * @param value
+ */
+const matchesOpaqueAccessToken = (value) => exports.accessTokenRegex.test(value);
+exports.matchesOpaqueAccessToken = matchesOpaqueAccessToken;
+/**
+ * Tests whether a given string is a JWT-formatted access token.
+ *
+ * @param value
+ */
+const matchesJwtAccessToken = (value) => {
+    const segments = value.split('.');
+    if (segments.length !== 3) {
+        return false;
+    }
+    if (!isValidJson(segments[0], true)) {
+        return false;
+    }
+    return isValidJson(segments[1], false);
+};
+exports.matchesJwtAccessToken = matchesJwtAccessToken;
+const isValidJson = (str, checkForTyp) => {
+    try {
+        const parsedJson = JSON.parse(Buffer.from(str, 'base64').toString('utf-8'));
+        if (checkForTyp) {
+            return 'typ' in parsedJson && parsedJson.typ === 'JWT';
+        }
+        else {
+            return true;
+        }
+    }
+    catch (e) {
+        return false;
+    }
+};
 //# sourceMappingURL=sfdc.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/core",
-  "version": "8.25.1",
+  "version": "8.26.1",
   "description": "Core libraries to interact with SFDX projects, orgs, and APIs.",
   "main": "lib/index",
   "types": "lib/index.d.ts",

package/schemas/project-scratch-def.schema.json

@@ -11,14 +11,14 @@
       "description": "The Salesforce edition of the scratch org.",
       "type": "string",
       "enum": [
-        "Developer",
-        "Enterprise",
-        "Group",
-        "Partner Developer",
-        "Partner Enterprise",
-        "Partner Group",
-        "Partner Professional",
-        "Professional"
+        "developer",
+        "enterprise",
+        "group",
+        "partner-developer",
+        "partner-enterprise",
+        "partner-group",
+        "partner-professional",
+        "professional"
       ]
     },
     "country": {
@@ -452,6 +452,7 @@
               "EinsteinGPTForDevelopers",
               "EinsteinRecommendationBuilder",
               "EinsteinRecommendationBuilderMetadata",
+              "EinsteinSalesRepFdbk",
               "EinsteinSearch",
               "EinsteinVisits",
               "EinsteinVisitsED",