@tellescope/sdk 1.250.2 → 1.252.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/sdk.d.ts +9 -0
- package/lib/cjs/sdk.d.ts.map +1 -1
- package/lib/cjs/sdk.js +3 -0
- package/lib/cjs/sdk.js.map +1 -1
- package/lib/cjs/tests/api_tests/account_switcher.test.d.ts.map +1 -1
- package/lib/cjs/tests/api_tests/account_switcher.test.js +1700 -306
- package/lib/cjs/tests/api_tests/account_switcher.test.js.map +1 -1
- package/lib/cjs/tests/api_tests/calendar_event_webhook_template.test.d.ts +6 -0
- package/lib/cjs/tests/api_tests/calendar_event_webhook_template.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/calendar_event_webhook_template.test.js +337 -0
- package/lib/cjs/tests/api_tests/calendar_event_webhook_template.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/enduser_login.test.d.ts +6 -0
- package/lib/cjs/tests/api_tests/enduser_login.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/enduser_login.test.js +315 -0
- package/lib/cjs/tests/api_tests/enduser_login.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/enduser_login_rate_limits.test.d.ts +6 -0
- package/lib/cjs/tests/api_tests/enduser_login_rate_limits.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/enduser_login_rate_limits.test.js +287 -0
- package/lib/cjs/tests/api_tests/enduser_login_rate_limits.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/push_forms_to_portal_group_completion.test.d.ts +6 -0
- package/lib/cjs/tests/api_tests/push_forms_to_portal_group_completion.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/push_forms_to_portal_group_completion.test.js +406 -0
- package/lib/cjs/tests/api_tests/push_forms_to_portal_group_completion.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.d.ts +28 -0
- package/lib/cjs/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.js +349 -0
- package/lib/cjs/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0005-ai-conversations-rbac.test.d.ts +28 -0
- package/lib/cjs/tests/api_tests/security/F-0005-ai-conversations-rbac.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0005-ai-conversations-rbac.test.js +247 -0
- package/lib/cjs/tests/api_tests/security/F-0005-ai-conversations-rbac.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0007-invite-user-enumeration.test.d.ts +29 -0
- package/lib/cjs/tests/api_tests/security/F-0007-invite-user-enumeration.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0007-invite-user-enumeration.test.js +278 -0
- package/lib/cjs/tests/api_tests/security/F-0007-invite-user-enumeration.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.d.ts +24 -0
- package/lib/cjs/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.js +201 -0
- package/lib/cjs/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0013-sanitize-user-html.test.d.ts +2 -0
- package/lib/cjs/tests/api_tests/security/F-0013-sanitize-user-html.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0013-sanitize-user-html.test.js +148 -0
- package/lib/cjs/tests/api_tests/security/F-0013-sanitize-user-html.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0016-prototype-pollution.test.d.ts +2 -0
- package/lib/cjs/tests/api_tests/security/F-0016-prototype-pollution.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/security/F-0016-prototype-pollution.test.js +88 -0
- package/lib/cjs/tests/api_tests/security/F-0016-prototype-pollution.test.js.map +1 -0
- package/lib/cjs/tests/api_tests/set_fields_order_templates.test.d.ts +6 -0
- package/lib/cjs/tests/api_tests/set_fields_order_templates.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/set_fields_order_templates.test.js +373 -0
- package/lib/cjs/tests/api_tests/set_fields_order_templates.test.js.map +1 -0
- package/lib/cjs/tests/setup.d.ts.map +1 -1
- package/lib/cjs/tests/setup.js +47 -32
- package/lib/cjs/tests/setup.js.map +1 -1
- package/lib/cjs/tests/tests.d.ts.map +1 -1
- package/lib/cjs/tests/tests.js +215 -159
- package/lib/cjs/tests/tests.js.map +1 -1
- package/lib/esm/sdk.d.ts +9 -0
- package/lib/esm/sdk.d.ts.map +1 -1
- package/lib/esm/sdk.js +3 -0
- package/lib/esm/sdk.js.map +1 -1
- package/lib/esm/tests/api_tests/account_switcher.test.d.ts.map +1 -1
- package/lib/esm/tests/api_tests/account_switcher.test.js +1702 -305
- package/lib/esm/tests/api_tests/account_switcher.test.js.map +1 -1
- package/lib/esm/tests/api_tests/calendar_event_webhook_template.test.d.ts +6 -0
- package/lib/esm/tests/api_tests/calendar_event_webhook_template.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/calendar_event_webhook_template.test.js +333 -0
- package/lib/esm/tests/api_tests/calendar_event_webhook_template.test.js.map +1 -0
- package/lib/esm/tests/api_tests/enduser_login.test.d.ts +6 -0
- package/lib/esm/tests/api_tests/enduser_login.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/enduser_login.test.js +308 -0
- package/lib/esm/tests/api_tests/enduser_login.test.js.map +1 -0
- package/lib/esm/tests/api_tests/enduser_login_phi_disclosure.test.d.ts +6 -0
- package/lib/esm/tests/api_tests/enduser_login_phi_disclosure.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/enduser_login_phi_disclosure.test.js +268 -0
- package/lib/esm/tests/api_tests/enduser_login_phi_disclosure.test.js.map +1 -0
- package/lib/esm/tests/api_tests/enduser_login_rate_limits.test.d.ts +6 -0
- package/lib/esm/tests/api_tests/enduser_login_rate_limits.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/enduser_login_rate_limits.test.js +280 -0
- package/lib/esm/tests/api_tests/enduser_login_rate_limits.test.js.map +1 -0
- package/lib/esm/tests/api_tests/push_forms_to_portal_group_completion.test.d.ts +6 -0
- package/lib/esm/tests/api_tests/push_forms_to_portal_group_completion.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/push_forms_to_portal_group_completion.test.js +402 -0
- package/lib/esm/tests/api_tests/push_forms_to_portal_group_completion.test.js.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.d.ts +28 -0
- package/lib/esm/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.js +345 -0
- package/lib/esm/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.js.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0005-ai-conversations-rbac.test.d.ts +28 -0
- package/lib/esm/tests/api_tests/security/F-0005-ai-conversations-rbac.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0005-ai-conversations-rbac.test.js +243 -0
- package/lib/esm/tests/api_tests/security/F-0005-ai-conversations-rbac.test.js.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0007-invite-user-enumeration.test.d.ts +29 -0
- package/lib/esm/tests/api_tests/security/F-0007-invite-user-enumeration.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0007-invite-user-enumeration.test.js +271 -0
- package/lib/esm/tests/api_tests/security/F-0007-invite-user-enumeration.test.js.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.d.ts +24 -0
- package/lib/esm/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.js +194 -0
- package/lib/esm/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.js.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0013-sanitize-user-html.test.d.ts +2 -0
- package/lib/esm/tests/api_tests/security/F-0013-sanitize-user-html.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0013-sanitize-user-html.test.js +144 -0
- package/lib/esm/tests/api_tests/security/F-0013-sanitize-user-html.test.js.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0016-prototype-pollution.test.d.ts +2 -0
- package/lib/esm/tests/api_tests/security/F-0016-prototype-pollution.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/security/F-0016-prototype-pollution.test.js +84 -0
- package/lib/esm/tests/api_tests/security/F-0016-prototype-pollution.test.js.map +1 -0
- package/lib/esm/tests/api_tests/set_fields_order_templates.test.d.ts +6 -0
- package/lib/esm/tests/api_tests/set_fields_order_templates.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/set_fields_order_templates.test.js +369 -0
- package/lib/esm/tests/api_tests/set_fields_order_templates.test.js.map +1 -0
- package/lib/esm/tests/setup.d.ts.map +1 -1
- package/lib/esm/tests/setup.js +47 -32
- package/lib/esm/tests/setup.js.map +1 -1
- package/lib/esm/tests/tests.d.ts.map +1 -1
- package/lib/esm/tests/tests.js +215 -159
- package/lib/esm/tests/tests.js.map +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/package.json +10 -10
- package/src/sdk.ts +12 -0
- package/src/tests/api_tests/account_switcher.test.ts +1283 -0
- package/src/tests/api_tests/calendar_event_webhook_template.test.ts +204 -0
- package/src/tests/api_tests/enduser_login.test.ts +215 -0
- package/src/tests/api_tests/enduser_login_rate_limits.test.ts +178 -0
- package/src/tests/api_tests/push_forms_to_portal_group_completion.test.ts +223 -0
- package/src/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.ts +236 -0
- package/src/tests/api_tests/security/F-0005-ai-conversations-rbac.test.ts +154 -0
- package/src/tests/api_tests/security/F-0007-invite-user-enumeration.test.ts +198 -0
- package/src/tests/api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test.ts +130 -0
- package/src/tests/api_tests/security/F-0013-sanitize-user-html.test.ts +109 -0
- package/src/tests/api_tests/security/F-0016-prototype-pollution.test.ts +50 -0
- package/src/tests/api_tests/set_fields_order_templates.test.ts +258 -0
- package/src/tests/setup.ts +8 -1
- package/src/tests/tests.ts +35 -5
- package/test_generated.pdf +0 -0
|
@@ -0,0 +1,402 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
11
|
+
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
12
|
+
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
13
|
+
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
14
|
+
function step(op) {
|
|
15
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
16
|
+
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
17
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
18
|
+
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
19
|
+
switch (op[0]) {
|
|
20
|
+
case 0: case 1: t = op; break;
|
|
21
|
+
case 4: _.label++; return { value: op[1], done: false };
|
|
22
|
+
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
23
|
+
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
24
|
+
default:
|
|
25
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
26
|
+
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
27
|
+
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
28
|
+
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
29
|
+
if (t[2]) _.ops.pop();
|
|
30
|
+
_.trys.pop(); continue;
|
|
31
|
+
}
|
|
32
|
+
op = body.call(thisArg, _);
|
|
33
|
+
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
34
|
+
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
35
|
+
}
|
|
36
|
+
};
|
|
37
|
+
require('source-map-support').install();
|
|
38
|
+
import { Session, EnduserSession } from "../../sdk";
|
|
39
|
+
import { log_header, wait, async_test } from "@tellescope/testing";
|
|
40
|
+
import { setup_tests } from "../setup";
|
|
41
|
+
var host = process.env.API_URL || "http://localhost:8080";
|
|
42
|
+
var pollFor = function (fetchFn, evaluateFn, description, intervalMs, maxIterations) {
|
|
43
|
+
if (intervalMs === void 0) { intervalMs = 500; }
|
|
44
|
+
if (maxIterations === void 0) { maxIterations = 30; }
|
|
45
|
+
return __awaiter(void 0, void 0, void 0, function () {
|
|
46
|
+
var lastResult, i;
|
|
47
|
+
return __generator(this, function (_a) {
|
|
48
|
+
switch (_a.label) {
|
|
49
|
+
case 0:
|
|
50
|
+
i = 0;
|
|
51
|
+
_a.label = 1;
|
|
52
|
+
case 1:
|
|
53
|
+
if (!(i < maxIterations)) return [3 /*break*/, 5];
|
|
54
|
+
return [4 /*yield*/, wait(undefined, intervalMs)];
|
|
55
|
+
case 2:
|
|
56
|
+
_a.sent();
|
|
57
|
+
return [4 /*yield*/, fetchFn()];
|
|
58
|
+
case 3:
|
|
59
|
+
lastResult = _a.sent();
|
|
60
|
+
if (evaluateFn(lastResult))
|
|
61
|
+
return [2 /*return*/, lastResult];
|
|
62
|
+
_a.label = 4;
|
|
63
|
+
case 4:
|
|
64
|
+
i++;
|
|
65
|
+
return [3 /*break*/, 1];
|
|
66
|
+
case 5: throw new Error("Polling timeout: ".concat(description, " - waited ").concat(maxIterations * intervalMs, "ms"));
|
|
67
|
+
}
|
|
68
|
+
});
|
|
69
|
+
});
|
|
70
|
+
};
|
|
71
|
+
export var push_forms_to_portal_group_completion_tests = function (_a) {
|
|
72
|
+
var sdk = _a.sdk, sdkNonAdmin = _a.sdkNonAdmin;
|
|
73
|
+
return __awaiter(void 0, void 0, void 0, function () {
|
|
74
|
+
var createdEnduserIds, createdJourneyIds, createdFormIds, createdFormGroupIds, createdTriggerIds, formA_1, fieldA_1, formB, fieldB_1, formGroup_1, runFlow, _i, createdTriggerIds_1, id, e_1, _b, createdEnduserIds_1, id, e_2, _c, createdJourneyIds_1, id, e_3, _d, createdFormGroupIds_1, id, e_4, _e, createdFormIds_1, id, e_5;
|
|
75
|
+
return __generator(this, function (_f) {
|
|
76
|
+
switch (_f.label) {
|
|
77
|
+
case 0:
|
|
78
|
+
log_header("Push Forms To Portal - Form Group Completed Trigger Tests");
|
|
79
|
+
createdEnduserIds = [];
|
|
80
|
+
createdJourneyIds = [];
|
|
81
|
+
createdFormIds = [];
|
|
82
|
+
createdFormGroupIds = [];
|
|
83
|
+
createdTriggerIds = [];
|
|
84
|
+
_f.label = 1;
|
|
85
|
+
case 1:
|
|
86
|
+
_f.trys.push([1, , 9, 40]);
|
|
87
|
+
return [4 /*yield*/, sdk.api.forms.createOne({ title: 'Push To Portal Form A' })];
|
|
88
|
+
case 2:
|
|
89
|
+
formA_1 = _f.sent();
|
|
90
|
+
createdFormIds.push(formA_1.id);
|
|
91
|
+
return [4 /*yield*/, sdk.api.form_fields.createOne({
|
|
92
|
+
formId: formA_1.id,
|
|
93
|
+
type: 'string',
|
|
94
|
+
title: 'FieldA',
|
|
95
|
+
previousFields: [{ type: 'root', info: {} }],
|
|
96
|
+
})];
|
|
97
|
+
case 3:
|
|
98
|
+
fieldA_1 = _f.sent();
|
|
99
|
+
return [4 /*yield*/, sdk.api.forms.createOne({ title: 'Push To Portal Form B' })];
|
|
100
|
+
case 4:
|
|
101
|
+
formB = _f.sent();
|
|
102
|
+
createdFormIds.push(formB.id);
|
|
103
|
+
return [4 /*yield*/, sdk.api.form_fields.createOne({
|
|
104
|
+
formId: formB.id,
|
|
105
|
+
type: 'string',
|
|
106
|
+
title: 'FieldB',
|
|
107
|
+
previousFields: [{ type: 'root', info: {} }],
|
|
108
|
+
})
|
|
109
|
+
// 2. Create a form group containing both forms (shared across both submission flows)
|
|
110
|
+
];
|
|
111
|
+
case 5:
|
|
112
|
+
fieldB_1 = _f.sent();
|
|
113
|
+
return [4 /*yield*/, sdk.api.form_groups.createOne({
|
|
114
|
+
title: 'Push To Portal Test Group',
|
|
115
|
+
formIds: [formA_1.id, formB.id],
|
|
116
|
+
})];
|
|
117
|
+
case 6:
|
|
118
|
+
formGroup_1 = _f.sent();
|
|
119
|
+
createdFormGroupIds.push(formGroup_1.id);
|
|
120
|
+
runFlow = function (_a) {
|
|
121
|
+
var label = _a.label, tag = _a.tag, submitAsEnduser = _a.submitAsEnduser;
|
|
122
|
+
return __awaiter(void 0, void 0, void 0, function () {
|
|
123
|
+
var trigger, journey, pushStep, enduser, pushedResponses, _i, pushedResponses_1, fr, submitterApi, authToken, enduserSDK, _b, pushedResponses_2, fr, isFormA, targetFieldId, targetFieldTitle;
|
|
124
|
+
return __generator(this, function (_c) {
|
|
125
|
+
switch (_c.label) {
|
|
126
|
+
case 0: return [4 /*yield*/, sdk.api.automation_triggers.createOne({
|
|
127
|
+
event: { type: 'Form Group Completed', info: { groupId: formGroup_1.id } },
|
|
128
|
+
action: { type: 'Add Tags', info: { tags: [tag] } },
|
|
129
|
+
status: 'Active',
|
|
130
|
+
title: "Form Group Completed - Push to Portal (".concat(label, ")"),
|
|
131
|
+
})];
|
|
132
|
+
case 1:
|
|
133
|
+
trigger = _c.sent();
|
|
134
|
+
createdTriggerIds.push(trigger.id);
|
|
135
|
+
return [4 /*yield*/, sdk.api.journeys.createOne({
|
|
136
|
+
title: "Push To Portal Trigger Journey (".concat(label, ")"),
|
|
137
|
+
})];
|
|
138
|
+
case 2:
|
|
139
|
+
journey = _c.sent();
|
|
140
|
+
createdJourneyIds.push(journey.id);
|
|
141
|
+
return [4 /*yield*/, sdk.api.automation_steps.createOne({
|
|
142
|
+
journeyId: journey.id,
|
|
143
|
+
action: { type: 'pushFormsToPortal', info: { formGroupIds: [formGroup_1.id] } },
|
|
144
|
+
events: [{ type: 'onJourneyStart', info: {} }],
|
|
145
|
+
})];
|
|
146
|
+
case 3:
|
|
147
|
+
pushStep = _c.sent();
|
|
148
|
+
return [4 /*yield*/, sdk.api.endusers.createOne({ fname: 'PushPortal', lname: label })];
|
|
149
|
+
case 4:
|
|
150
|
+
enduser = _c.sent();
|
|
151
|
+
createdEnduserIds.push(enduser.id);
|
|
152
|
+
return [4 /*yield*/, sdk.api.endusers.add_to_journey({
|
|
153
|
+
enduserIds: [enduser.id],
|
|
154
|
+
journeyId: journey.id,
|
|
155
|
+
})];
|
|
156
|
+
case 5:
|
|
157
|
+
_c.sent();
|
|
158
|
+
return [4 /*yield*/, pollFor(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
159
|
+
var responses, pushed;
|
|
160
|
+
return __generator(this, function (_a) {
|
|
161
|
+
switch (_a.label) {
|
|
162
|
+
case 0: return [4 /*yield*/, sdk.api.form_responses.getSome({
|
|
163
|
+
filter: { enduserId: enduser.id },
|
|
164
|
+
})];
|
|
165
|
+
case 1:
|
|
166
|
+
responses = _a.sent();
|
|
167
|
+
pushed = responses.filter(function (r) { return !!r.pushedToPortalAt; });
|
|
168
|
+
return [2 /*return*/, pushed.length >= 2 ? pushed : undefined];
|
|
169
|
+
}
|
|
170
|
+
});
|
|
171
|
+
}); }, function (result) { return Array.isArray(result) && result.length >= 2; }, "pushed-to-portal form_responses to be created by worker (".concat(label, ")"), 500, 40)];
|
|
172
|
+
case 6:
|
|
173
|
+
pushedResponses = _c.sent();
|
|
174
|
+
for (_i = 0, pushedResponses_1 = pushedResponses; _i < pushedResponses_1.length; _i++) {
|
|
175
|
+
fr = pushedResponses_1[_i];
|
|
176
|
+
if (!fr.pushedToPortalAt) {
|
|
177
|
+
throw new Error("Expected pushedToPortalAt to be set on form_response ".concat(fr.id, " (").concat(label, ")"));
|
|
178
|
+
}
|
|
179
|
+
if (fr.groupId !== pushStep.id) {
|
|
180
|
+
throw new Error("Expected form_response.groupId (".concat(fr.groupId, ") to equal automation step id (").concat(pushStep.id, ") (").concat(label, ")"));
|
|
181
|
+
}
|
|
182
|
+
if (fr.automationStepId !== pushStep.id) {
|
|
183
|
+
throw new Error("Expected form_response.automationStepId (".concat(fr.automationStepId, ") to equal automation step id (").concat(pushStep.id, ") (").concat(label, ")"));
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
return [4 /*yield*/, async_test("Worker writes groupId === automationStepId and pushedToPortalAt set (".concat(label, ")"), function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) {
|
|
187
|
+
return [2 /*return*/, true];
|
|
188
|
+
}); }); }, { onResult: function (r) { return r === true; } })
|
|
189
|
+
// Build the submitter session
|
|
190
|
+
];
|
|
191
|
+
case 7:
|
|
192
|
+
_c.sent();
|
|
193
|
+
if (!submitAsEnduser) return [3 /*break*/, 9];
|
|
194
|
+
return [4 /*yield*/, sdk.api.endusers.generate_auth_token({ id: enduser.id })];
|
|
195
|
+
case 8:
|
|
196
|
+
authToken = (_c.sent()).authToken;
|
|
197
|
+
enduserSDK = new EnduserSession({ host: host, authToken: authToken, businessId: sdk.userInfo.businessId });
|
|
198
|
+
submitterApi = enduserSDK.api;
|
|
199
|
+
return [3 /*break*/, 10];
|
|
200
|
+
case 9:
|
|
201
|
+
submitterApi = sdk.api;
|
|
202
|
+
_c.label = 10;
|
|
203
|
+
case 10:
|
|
204
|
+
_b = 0, pushedResponses_2 = pushedResponses;
|
|
205
|
+
_c.label = 11;
|
|
206
|
+
case 11:
|
|
207
|
+
if (!(_b < pushedResponses_2.length)) return [3 /*break*/, 14];
|
|
208
|
+
fr = pushedResponses_2[_b];
|
|
209
|
+
isFormA = fr.formId === formA_1.id;
|
|
210
|
+
targetFieldId = isFormA ? fieldA_1.id : fieldB_1.id;
|
|
211
|
+
targetFieldTitle = isFormA ? 'FieldA' : 'FieldB';
|
|
212
|
+
return [4 /*yield*/, submitterApi.form_responses.submit_form_response({
|
|
213
|
+
accessCode: fr.accessCode,
|
|
214
|
+
responses: [{
|
|
215
|
+
fieldId: targetFieldId,
|
|
216
|
+
fieldTitle: targetFieldTitle,
|
|
217
|
+
answer: { type: 'string', value: 'pushed-portal-answer' },
|
|
218
|
+
}],
|
|
219
|
+
})];
|
|
220
|
+
case 12:
|
|
221
|
+
_c.sent();
|
|
222
|
+
_c.label = 13;
|
|
223
|
+
case 13:
|
|
224
|
+
_b++;
|
|
225
|
+
return [3 /*break*/, 11];
|
|
226
|
+
case 14: return [4 /*yield*/, pollFor(function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
227
|
+
var e;
|
|
228
|
+
var _a;
|
|
229
|
+
return __generator(this, function (_b) {
|
|
230
|
+
switch (_b.label) {
|
|
231
|
+
case 0: return [4 /*yield*/, sdk.api.endusers.getOne(enduser.id)];
|
|
232
|
+
case 1:
|
|
233
|
+
e = _b.sent();
|
|
234
|
+
return [2 /*return*/, ((_a = e.tags) === null || _a === void 0 ? void 0 : _a.includes(tag)) ? e : undefined];
|
|
235
|
+
}
|
|
236
|
+
});
|
|
237
|
+
}); }, function (result) { return !!result; }, "Form Group Completed trigger to apply tag after push-to-portal submissions (".concat(label, ")"), 500, 30)];
|
|
238
|
+
case 15:
|
|
239
|
+
_c.sent();
|
|
240
|
+
return [4 /*yield*/, async_test("Form Group Completed trigger fires for push-to-portal completion (".concat(label, ")"), function () { return sdk.api.endusers.getOne(enduser.id); }, { onResult: function (e) { var _a; return !!((_a = e.tags) === null || _a === void 0 ? void 0 : _a.includes(tag)); } })];
|
|
241
|
+
case 16:
|
|
242
|
+
_c.sent();
|
|
243
|
+
return [2 /*return*/];
|
|
244
|
+
}
|
|
245
|
+
});
|
|
246
|
+
});
|
|
247
|
+
};
|
|
248
|
+
// Admin submitter: simulates a staff user filling in the form on behalf of the patient
|
|
249
|
+
// (uses a user-scoped DB in submit_form_response).
|
|
250
|
+
return [4 /*yield*/, runFlow({
|
|
251
|
+
label: 'admin-submit',
|
|
252
|
+
tag: 'form-group-completed-push-admin',
|
|
253
|
+
submitAsEnduser: false,
|
|
254
|
+
})
|
|
255
|
+
// Enduser submitter: simulates the patient submitting via the portal
|
|
256
|
+
// (uses an enduser-scoped DB in submit_form_response — exercises the path QA caught).
|
|
257
|
+
];
|
|
258
|
+
case 7:
|
|
259
|
+
// Admin submitter: simulates a staff user filling in the form on behalf of the patient
|
|
260
|
+
// (uses a user-scoped DB in submit_form_response).
|
|
261
|
+
_f.sent();
|
|
262
|
+
// Enduser submitter: simulates the patient submitting via the portal
|
|
263
|
+
// (uses an enduser-scoped DB in submit_form_response — exercises the path QA caught).
|
|
264
|
+
return [4 /*yield*/, runFlow({
|
|
265
|
+
label: 'enduser-submit',
|
|
266
|
+
tag: 'form-group-completed-push-enduser',
|
|
267
|
+
submitAsEnduser: true,
|
|
268
|
+
})];
|
|
269
|
+
case 8:
|
|
270
|
+
// Enduser submitter: simulates the patient submitting via the portal
|
|
271
|
+
// (uses an enduser-scoped DB in submit_form_response — exercises the path QA caught).
|
|
272
|
+
_f.sent();
|
|
273
|
+
return [3 /*break*/, 40];
|
|
274
|
+
case 9:
|
|
275
|
+
_i = 0, createdTriggerIds_1 = createdTriggerIds;
|
|
276
|
+
_f.label = 10;
|
|
277
|
+
case 10:
|
|
278
|
+
if (!(_i < createdTriggerIds_1.length)) return [3 /*break*/, 15];
|
|
279
|
+
id = createdTriggerIds_1[_i];
|
|
280
|
+
_f.label = 11;
|
|
281
|
+
case 11:
|
|
282
|
+
_f.trys.push([11, 13, , 14]);
|
|
283
|
+
return [4 /*yield*/, sdk.api.automation_triggers.deleteOne(id)];
|
|
284
|
+
case 12:
|
|
285
|
+
_f.sent();
|
|
286
|
+
return [3 /*break*/, 14];
|
|
287
|
+
case 13:
|
|
288
|
+
e_1 = _f.sent();
|
|
289
|
+
return [3 /*break*/, 14];
|
|
290
|
+
case 14:
|
|
291
|
+
_i++;
|
|
292
|
+
return [3 /*break*/, 10];
|
|
293
|
+
case 15:
|
|
294
|
+
_b = 0, createdEnduserIds_1 = createdEnduserIds;
|
|
295
|
+
_f.label = 16;
|
|
296
|
+
case 16:
|
|
297
|
+
if (!(_b < createdEnduserIds_1.length)) return [3 /*break*/, 21];
|
|
298
|
+
id = createdEnduserIds_1[_b];
|
|
299
|
+
_f.label = 17;
|
|
300
|
+
case 17:
|
|
301
|
+
_f.trys.push([17, 19, , 20]);
|
|
302
|
+
return [4 /*yield*/, sdk.api.endusers.deleteOne(id)];
|
|
303
|
+
case 18:
|
|
304
|
+
_f.sent();
|
|
305
|
+
return [3 /*break*/, 20];
|
|
306
|
+
case 19:
|
|
307
|
+
e_2 = _f.sent();
|
|
308
|
+
return [3 /*break*/, 20];
|
|
309
|
+
case 20:
|
|
310
|
+
_b++;
|
|
311
|
+
return [3 /*break*/, 16];
|
|
312
|
+
case 21:
|
|
313
|
+
_c = 0, createdJourneyIds_1 = createdJourneyIds;
|
|
314
|
+
_f.label = 22;
|
|
315
|
+
case 22:
|
|
316
|
+
if (!(_c < createdJourneyIds_1.length)) return [3 /*break*/, 27];
|
|
317
|
+
id = createdJourneyIds_1[_c];
|
|
318
|
+
_f.label = 23;
|
|
319
|
+
case 23:
|
|
320
|
+
_f.trys.push([23, 25, , 26]);
|
|
321
|
+
return [4 /*yield*/, sdk.api.journeys.deleteOne(id)];
|
|
322
|
+
case 24:
|
|
323
|
+
_f.sent();
|
|
324
|
+
return [3 /*break*/, 26];
|
|
325
|
+
case 25:
|
|
326
|
+
e_3 = _f.sent();
|
|
327
|
+
return [3 /*break*/, 26];
|
|
328
|
+
case 26:
|
|
329
|
+
_c++;
|
|
330
|
+
return [3 /*break*/, 22];
|
|
331
|
+
case 27:
|
|
332
|
+
_d = 0, createdFormGroupIds_1 = createdFormGroupIds;
|
|
333
|
+
_f.label = 28;
|
|
334
|
+
case 28:
|
|
335
|
+
if (!(_d < createdFormGroupIds_1.length)) return [3 /*break*/, 33];
|
|
336
|
+
id = createdFormGroupIds_1[_d];
|
|
337
|
+
_f.label = 29;
|
|
338
|
+
case 29:
|
|
339
|
+
_f.trys.push([29, 31, , 32]);
|
|
340
|
+
return [4 /*yield*/, sdk.api.form_groups.deleteOne(id)];
|
|
341
|
+
case 30:
|
|
342
|
+
_f.sent();
|
|
343
|
+
return [3 /*break*/, 32];
|
|
344
|
+
case 31:
|
|
345
|
+
e_4 = _f.sent();
|
|
346
|
+
return [3 /*break*/, 32];
|
|
347
|
+
case 32:
|
|
348
|
+
_d++;
|
|
349
|
+
return [3 /*break*/, 28];
|
|
350
|
+
case 33:
|
|
351
|
+
_e = 0, createdFormIds_1 = createdFormIds;
|
|
352
|
+
_f.label = 34;
|
|
353
|
+
case 34:
|
|
354
|
+
if (!(_e < createdFormIds_1.length)) return [3 /*break*/, 39];
|
|
355
|
+
id = createdFormIds_1[_e];
|
|
356
|
+
_f.label = 35;
|
|
357
|
+
case 35:
|
|
358
|
+
_f.trys.push([35, 37, , 38]);
|
|
359
|
+
return [4 /*yield*/, sdk.api.forms.deleteOne(id)];
|
|
360
|
+
case 36:
|
|
361
|
+
_f.sent();
|
|
362
|
+
return [3 /*break*/, 38];
|
|
363
|
+
case 37:
|
|
364
|
+
e_5 = _f.sent();
|
|
365
|
+
return [3 /*break*/, 38];
|
|
366
|
+
case 38:
|
|
367
|
+
_e++;
|
|
368
|
+
return [3 /*break*/, 34];
|
|
369
|
+
case 39: return [7 /*endfinally*/];
|
|
370
|
+
case 40: return [2 /*return*/];
|
|
371
|
+
}
|
|
372
|
+
});
|
|
373
|
+
});
|
|
374
|
+
};
|
|
375
|
+
if (require.main === module) {
|
|
376
|
+
console.log("\uD83C\uDF10 Using API URL: ".concat(host));
|
|
377
|
+
var sdk_1 = new Session({ host: host });
|
|
378
|
+
var sdkNonAdmin_1 = new Session({ host: host });
|
|
379
|
+
var runTests = function () { return __awaiter(void 0, void 0, void 0, function () {
|
|
380
|
+
return __generator(this, function (_a) {
|
|
381
|
+
switch (_a.label) {
|
|
382
|
+
case 0: return [4 /*yield*/, setup_tests(sdk_1, sdkNonAdmin_1)];
|
|
383
|
+
case 1:
|
|
384
|
+
_a.sent();
|
|
385
|
+
return [4 /*yield*/, push_forms_to_portal_group_completion_tests({ sdk: sdk_1, sdkNonAdmin: sdkNonAdmin_1 })];
|
|
386
|
+
case 2:
|
|
387
|
+
_a.sent();
|
|
388
|
+
return [2 /*return*/];
|
|
389
|
+
}
|
|
390
|
+
});
|
|
391
|
+
}); };
|
|
392
|
+
runTests()
|
|
393
|
+
.then(function () {
|
|
394
|
+
console.log("✅ Push forms to portal group completion test suite completed successfully");
|
|
395
|
+
process.exit(0);
|
|
396
|
+
})
|
|
397
|
+
.catch(function (error) {
|
|
398
|
+
console.error("❌ Push forms to portal group completion test suite failed:", error);
|
|
399
|
+
process.exit(1);
|
|
400
|
+
});
|
|
401
|
+
}
|
|
402
|
+
//# sourceMappingURL=push_forms_to_portal_group_completion.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"push_forms_to_portal_group_completion.test.js","sourceRoot":"","sources":["../../../../src/tests/api_tests/push_forms_to_portal_group_completion.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;AAExC,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AACnD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAElE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAEtC,IAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAuB,CAAA;AAE3D,IAAM,OAAO,GAAG,UACd,OAAqC,EACrC,UAAkD,EAClD,WAAmB,EACnB,UAAgB,EAChB,aAAkB;IADlB,2BAAA,EAAA,gBAAgB;IAChB,8BAAA,EAAA,kBAAkB;;;;;;oBAGT,CAAC,GAAG,CAAC;;;yBAAE,CAAA,CAAC,GAAG,aAAa,CAAA;oBAC/B,qBAAM,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,EAAA;;oBAAjC,SAAiC,CAAA;oBACpB,qBAAM,OAAO,EAAE,EAAA;;oBAA5B,UAAU,GAAG,SAAe,CAAA;oBAC5B,IAAI,UAAU,CAAC,UAAU,CAAC;wBAAE,sBAAO,UAAU,EAAA;;;oBAHZ,CAAC,EAAE,CAAA;;wBAKtC,MAAM,IAAI,KAAK,CAAC,2BAAoB,WAAW,uBAAa,aAAa,GAAG,UAAU,OAAI,CAAC,CAAA;;;;CAC5F,CAAA;AAED,MAAM,CAAC,IAAM,2CAA2C,GAAG,UAAO,EAA6D;QAA3D,GAAG,SAAA,EAAE,WAAW,iBAAA;;;;;;oBAClF,UAAU,CAAC,2DAA2D,CAAC,CAAA;oBAEjE,iBAAiB,GAAa,EAAE,CAAA;oBAChC,iBAAiB,GAAa,EAAE,CAAA;oBAChC,cAAc,GAAa,EAAE,CAAA;oBAC7B,mBAAmB,GAAa,EAAE,CAAA;oBAClC,iBAAiB,GAAa,EAAE,CAAA;;;;oBAItB,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,EAAA;;oBAAzE,UAAQ,SAAiE;oBAC/E,cAAc,CAAC,IAAI,CAAC,OAAK,CAAC,EAAE,CAAC,CAAA;oBACd,qBAAM,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC;4BACjD,MAAM,EAAE,OAAK,CAAC,EAAE;4BAChB,IAAI,EAAE,QAAQ;4BACd,KAAK,EAAE,QAAQ;4BACf,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;yBAC7C,CAAC,EAAA;;oBALI,WAAS,SAKb;oBAEY,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,EAAA;;oBAAzE,KAAK,GAAG,SAAiE;oBAC/E,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;oBACd,qBAAM,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC;4BACjD,MAAM,EAAE,KAAK,CAAC,EAAE;4BAChB,IAAI,EAAE,QAAQ;4BACd,KAAK,EAAE,QAAQ;4BACf,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;yBAC7C,CAAC;wBAEF,qFAAqF;sBAFnF;;oBALI,WAAS,SAKb;oBAGgB,qBAAM,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC;4BACpD,KAAK,EAAE,2BAA2B;4BAClC,OAAO,EAAE,CAAC,OAAK,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;yBAC9B,CAAC,EAAA;;oBAHI,cAAY,SAGhB;oBACF,mBAAmB,CAAC,IAAI,CAAC,WAAS,CAAC,EAAE,CAAC,CAAA;oBAOhC,OAAO,GAAG,UAAO,EAA0F;4BAAxF,KAAK,WAAA,EAAE,GAAG,SAAA,EAAE,eAAe,qBAAA;;;;;4CAClC,qBAAM,GAAG,CAAC,GAAG,CAAC,mBAAmB,CAAC,SAAS,CAAC;4CAC1D,KAAK,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,WAAS,CAAC,EAAE,EAAE,EAAE;4CACxE,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE;4CACnD,MAAM,EAAE,QAAQ;4CAChB,KAAK,EAAE,iDAA0C,KAAK,MAAG;yCAC1D,CAAC,EAAA;;wCALI,OAAO,GAAG,SAKd;wCACF,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;wCAElB,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;gDAC/C,KAAK,EAAE,0CAAmC,KAAK,MAAG;6CACnD,CAAC,EAAA;;wCAFI,OAAO,GAAG,SAEd;wCACF,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;wCAEjB,qBAAM,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,SAAS,CAAC;gDACxD,SAAS,EAAE,OAAO,CAAC,EAAE;gDACrB,MAAM,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,CAAC,WAAS,CAAC,EAAE,CAAC,EAAE,EAAE;gDAC7E,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;6CAC/C,CAAC,EAAA;;wCAJI,QAAQ,GAAG,SAIf;wCAEc,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAA;;wCAAjF,OAAO,GAAG,SAAuE;wCACvF,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;wCAElC,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC;gDACpC,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;gDACxB,SAAS,EAAE,OAAO,CAAC,EAAE;6CACtB,CAAC,EAAA;;wCAHF,SAGE,CAAA;wCAEsB,qBAAM,OAAO,CACnC;;;;gEACoB,qBAAM,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC;gEACrD,MAAM,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;6DAClC,CAAC,EAAA;;4DAFI,SAAS,GAAG,SAEhB;4DACI,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,CAAC,gBAAgB,EAApB,CAAoB,CAAC,CAAA;4DAC1D,sBAAO,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,EAAA;;;iDAC/C,EACD,UAAC,MAAM,IAAsB,OAAA,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAA3C,CAA2C,EACxE,mEAA4D,KAAK,MAAG,EACpE,GAAG,EACH,EAAE,CACH,EAAA;;wCAZK,eAAe,GAAG,SAYvB;wCAED,WAAgC,EAAf,mCAAe,EAAf,6BAAe,EAAf,IAAe,EAAE;4CAAvB,EAAE;4CACX,IAAI,CAAC,EAAE,CAAC,gBAAgB,EAAE;gDACxB,MAAM,IAAI,KAAK,CAAC,+DAAwD,EAAE,CAAC,EAAE,eAAK,KAAK,MAAG,CAAC,CAAA;6CAC5F;4CACD,IAAI,EAAE,CAAC,OAAO,KAAK,QAAQ,CAAC,EAAE,EAAE;gDAC9B,MAAM,IAAI,KAAK,CAAC,0CAAmC,EAAE,CAAC,OAAO,4CAAkC,QAAQ,CAAC,EAAE,gBAAM,KAAK,MAAG,CAAC,CAAA;6CAC1H;4CACD,IAAI,EAAE,CAAC,gBAAgB,KAAK,QAAQ,CAAC,EAAE,EAAE;gDACvC,MAAM,IAAI,KAAK,CAAC,mDAA4C,EAAE,CAAC,gBAAgB,4CAAkC,QAAQ,CAAC,EAAE,gBAAM,KAAK,MAAG,CAAC,CAAA;6CAC5I;yCACF;wCAED,qBAAM,UAAU,CACd,+EAAwE,KAAK,MAAG,EAChF;gDAAY,sBAAA,IAAI,EAAA;qDAAA,EAChB,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,KAAK,IAAI,EAAV,CAAU,EAAE,CAC9B;4CAED,8BAA8B;0CAF7B;;wCAJD,SAIC,CAAA;6CAIG,eAAe,EAAf,wBAAe;wCACK,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,EAAA;;wCAA5E,SAAS,GAAK,CAAA,SAA8D,CAAA,UAAnE;wCACX,UAAU,GAAG,IAAI,cAAc,CAAC,EAAE,IAAI,MAAA,EAAE,SAAS,WAAA,EAAE,UAAU,EAAE,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAA;wCAC/F,YAAY,GAAG,UAAU,CAAC,GAAG,CAAA;;;wCAE7B,YAAY,GAAG,GAAG,CAAC,GAAG,CAAA;;;8CAGQ,EAAf,mCAAe;;;6CAAf,CAAA,6BAAe,CAAA;wCAArB,EAAE;wCACL,OAAO,GAAG,EAAE,CAAC,MAAM,KAAK,OAAK,CAAC,EAAE,CAAA;wCAChC,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,QAAM,CAAC,EAAE,CAAC,CAAC,CAAC,QAAM,CAAC,EAAE,CAAA;wCAC/C,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAA;wCACtD,qBAAM,YAAY,CAAC,cAAc,CAAC,oBAAoB,CAAC;gDACrD,UAAU,EAAE,EAAE,CAAC,UAAoB;gDACnC,SAAS,EAAE,CAAC;wDACV,OAAO,EAAE,aAAa;wDACtB,UAAU,EAAE,gBAAgB;wDAC5B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,sBAAsB,EAAE;qDAC1D,CAAC;6CACH,CAAC,EAAA;;wCAPF,SAOE,CAAA;;;wCAXa,IAAe,CAAA;;6CAchC,qBAAM,OAAO,CACX;;;;;4DACY,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAA;;wDAA7C,CAAC,GAAG,SAAyC;wDACnD,sBAAO,CAAA,MAAA,CAAC,CAAC,IAAI,0CAAE,QAAQ,CAAC,GAAG,CAAC,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAA;;;6CAC7C,EACD,UAAC,MAAM,IAAwB,OAAA,CAAC,CAAC,MAAM,EAAR,CAAQ,EACvC,sFAA+E,KAAK,MAAG,EACvF,GAAG,EACH,EAAE,CACH,EAAA;;wCATD,SASC,CAAA;wCAED,qBAAM,UAAU,CACd,4EAAqE,KAAK,MAAG,EAC7E,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAnC,CAAmC,EACzC,EAAE,QAAQ,EAAE,UAAC,CAAU,YAAK,OAAA,CAAC,CAAC,CAAA,MAAA,CAAC,CAAC,IAAI,0CAAE,QAAQ,CAAC,GAAG,CAAC,CAAA,CAAA,EAAA,EAAE,CACtD,EAAA;;wCAJD,SAIC,CAAA;;;;;qBACF,CAAA;oBAED,uFAAuF;oBACvF,mDAAmD;oBACnD,qBAAM,OAAO,CAAC;4BACZ,KAAK,EAAE,cAAc;4BACrB,GAAG,EAAE,iCAAiC;4BACtC,eAAe,EAAE,KAAK;yBACvB,CAAC;wBAEF,qEAAqE;wBACrE,sFAAsF;sBAHpF;;oBANF,uFAAuF;oBACvF,mDAAmD;oBACnD,SAIE,CAAA;oBAEF,qEAAqE;oBACrE,sFAAsF;oBACtF,qBAAM,OAAO,CAAC;4BACZ,KAAK,EAAE,gBAAgB;4BACvB,GAAG,EAAE,mCAAmC;4BACxC,eAAe,EAAE,IAAI;yBACtB,CAAC,EAAA;;oBANF,qEAAqE;oBACrE,sFAAsF;oBACtF,SAIE,CAAA;;;0BAGgC,EAAjB,uCAAiB;;;yBAAjB,CAAA,+BAAiB,CAAA;oBAAvB,EAAE;;;;oBACL,qBAAM,GAAG,CAAC,GAAG,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC,EAAA;;oBAA/C,SAA+C,CAAA;;;;;;oBADtC,IAAiB,CAAA;;;0BAGA,EAAjB,uCAAiB;;;yBAAjB,CAAA,+BAAiB,CAAA;oBAAvB,EAAE;;;;oBACL,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAA;;oBAApC,SAAoC,CAAA;;;;;;oBAD3B,IAAiB,CAAA;;;0BAGA,EAAjB,uCAAiB;;;yBAAjB,CAAA,+BAAiB,CAAA;oBAAvB,EAAE;;;;oBACL,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC,EAAA;;oBAApC,SAAoC,CAAA;;;;;;oBAD3B,IAAiB,CAAA;;;0BAGE,EAAnB,2CAAmB;;;yBAAnB,CAAA,iCAAmB,CAAA;oBAAzB,EAAE;;;;oBACL,qBAAM,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,EAAA;;oBAAvC,SAAuC,CAAA;;;;;;oBAD9B,IAAmB,CAAA;;;0BAGL,EAAd,iCAAc;;;yBAAd,CAAA,4BAAc,CAAA;oBAApB,EAAE;;;;oBACL,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,EAAA;;oBAAjC,SAAiC,CAAA;;;;;;oBADxB,IAAc,CAAA;;;;;;;CAIlC,CAAA;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,OAAO,CAAC,GAAG,CAAC,sCAAqB,IAAI,CAAE,CAAC,CAAA;IACxC,IAAM,KAAG,GAAG,IAAI,OAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IACjC,IAAM,aAAW,GAAG,IAAI,OAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IAEzC,IAAM,QAAQ,GAAG;;;wBACf,qBAAM,WAAW,CAAC,KAAG,EAAE,aAAW,CAAC,EAAA;;oBAAnC,SAAmC,CAAA;oBACnC,qBAAM,2CAA2C,CAAC,EAAE,GAAG,OAAA,EAAE,WAAW,eAAA,EAAE,CAAC,EAAA;;oBAAvE,SAAuE,CAAA;;;;SACxE,CAAA;IAED,QAAQ,EAAE;SACP,IAAI,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,2EAA2E,CAAC,CAAA;QACxF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC;SACD,KAAK,CAAC,UAAC,KAAK;QACX,OAAO,CAAC,KAAK,CAAC,4DAA4D,EAAE,KAAK,CAAC,CAAA;QAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;CACL"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { Session } from "../../../sdk";
|
|
2
|
+
/**
|
|
3
|
+
* Regression test for F-0001 (security-audit/findings/F-0001-data-sync-bypasses-applyRedactions.md).
|
|
4
|
+
*
|
|
5
|
+
* The /v1/data-sync handler must apply the central applyRedactions() pipeline to
|
|
6
|
+
* every non-deleted record. The original bug: redactions were gated behind
|
|
7
|
+
* `if (session.fieldRedactions && session.fieldRedactions[record.modelName])`
|
|
8
|
+
* which meant any session without role-based field redactions (including all
|
|
9
|
+
* admins) received raw records — leaking schema-level `redactions: ['all']`
|
|
10
|
+
* fields (hashedPass, hashedPassword, hashedInviteCode).
|
|
11
|
+
*
|
|
12
|
+
* This test:
|
|
13
|
+
* 1. Configures a non-admin user with broad read access on users + endusers
|
|
14
|
+
* and NO fieldRedactions — the realistic "regular user with read access"
|
|
15
|
+
* condition that triggers the bypass.
|
|
16
|
+
* 2. Creates an enduser with a password to populate the sync stream.
|
|
17
|
+
* 3. Calls /v1/data-sync as the non-admin.
|
|
18
|
+
* 4. Asserts no returned record contains hashedPass / hashedPassword /
|
|
19
|
+
* hashedInviteCode.
|
|
20
|
+
*
|
|
21
|
+
* Pre-fix: assertion fails with leaked records.
|
|
22
|
+
* Post-fix: assertion passes.
|
|
23
|
+
*/
|
|
24
|
+
export declare const data_sync_redaction_bypass_tests: ({ sdk, sdkNonAdmin }: {
|
|
25
|
+
sdk: Session;
|
|
26
|
+
sdkNonAdmin: Session;
|
|
27
|
+
}) => Promise<void>;
|
|
28
|
+
//# sourceMappingURL=F-0001-data-sync-redaction-bypass.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"F-0001-data-sync-redaction-bypass.test.d.ts","sourceRoot":"","sources":["../../../../../src/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAwCtC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,gCAAgC;SAAwC,OAAO;iBAAe,OAAO;mBAqJjH,CAAA"}
|