@tellescope/sdk 1.250.2 → 1.252.0

package/src/tests/api_tests/calendar_event_webhook_template.test.ts

@@ -0,0 +1,204 @@
+require('source-map-support').install();
+
+import { Session } from "../../sdk"
+import {
+  async_test,
+  log_header,
+  wait,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+
+const HEALTHIE_TITLE = 'Healthie' // mirror @tellescope/constants HEALTHIE_TITLE
+
+// Unreachable webhook target — the request will fail quickly but the API still writes
+// the resolved payload to webhook_logs, which is what we're verifying.
+const WEBHOOK_TARGET_URL = 'http://127.0.0.1:9'
+
+const find_log_for_url = async (sdk: Session, url: string, expectedHealthieId: string) => {
+  const start = Date.now()
+  while (Date.now() - start < 10_000) {
+    const logs = await sdk.api.webhook_logs.getSome({ limit: 50, sort: 'newFirst' as any }) as Array<any>
+    const match = logs.find(l => l.url === url && (l.payload as any)?.healthieId === expectedHealthieId)
+    if (match) return match
+    await wait(undefined, 500)
+  }
+  return null
+}
+
+// Main test function that can be called independently
+export const calendar_event_webhook_template_tests = async (
+  { sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }
+) => {
+  log_header("Calendar Event Webhook Template Tests")
+
+  const enduser = await sdk.api.endusers.createOne({})
+
+  // Case 1: Healthie ID resolved via source + externalId
+  const externalIdEvent = await sdk.api.calendar_events.createOne({
+    title: 'External ID Calendar Event',
+    durationInMinutes: 30,
+    startTimeInMS: Date.now(),
+    attendees: [{ type: 'enduser', id: enduser.id }],
+    source: HEALTHIE_TITLE,
+    externalId: 'evt_HEALTHIE_123',
+  } as any)
+
+  // Case 2: Healthie ID resolved via references
+  const referencesEvent = await sdk.api.calendar_events.createOne({
+    title: 'References Calendar Event',
+    durationInMinutes: 30,
+    startTimeInMS: Date.now(),
+    attendees: [{ type: 'enduser', id: enduser.id }],
+    references: [{ type: HEALTHIE_TITLE, id: 'evt_REF_456' }],
+  } as any)
+
+  // create an automation step to satisfy schema validation (automationStepId is required)
+  const journey = await sdk.api.journeys.createOne({
+    title: 'Calendar Event Webhook Template Tests',
+    defaultState: 'State 1',
+  })
+  const step = await sdk.api.automation_steps.createOne({
+    journeyId: journey.id,
+    events: [{ type: 'onJourneyStart', info: {} }],
+    action: {
+      type: 'sendWebhook',
+      info: {
+        message: 'placeholder',
+        url: WEBHOOK_TARGET_URL,
+      },
+    },
+  })
+
+  try {
+    await async_test(
+      'Send Webhook resolves {{calendar_event.Healthie ID}} from source+externalId',
+      async () => {
+        const url = `${WEBHOOK_TARGET_URL}/external/${externalIdEvent.id}`
+        await sdk.api.webhooks.send_automation_webhook({
+          message: 'placeholder',
+          enduserId: enduser.id,
+          automationStepId: step.id,
+          action: {
+            type: 'sendWebhook',
+            info: {
+              message: 'placeholder',
+              url,
+              fields: [
+                { field: 'healthieId', value: '{{calendar_event.Healthie ID}}' },
+                { field: 'title', value: '{{calendar_event.title}}' },
+              ],
+            },
+          },
+          context: { calendarEventId: externalIdEvent.id },
+        }).catch(() => {}) // the unreachable URL is expected to error after logging
+
+        const log = await find_log_for_url(sdk, url, 'evt_HEALTHIE_123')
+        if (!log) return false
+        const payload = log.payload as any
+        return payload?.healthieId === 'evt_HEALTHIE_123'
+          && payload?.title === externalIdEvent.title
+      },
+      { onResult: r => r === true }
+    )
+
+    await async_test(
+      'Send Webhook resolves {{calendar_event.Healthie ID}} from references',
+      async () => {
+        const url = `${WEBHOOK_TARGET_URL}/refs/${referencesEvent.id}`
+        await sdk.api.webhooks.send_automation_webhook({
+          message: 'placeholder',
+          enduserId: enduser.id,
+          automationStepId: step.id,
+          action: {
+            type: 'sendWebhook',
+            info: {
+              message: 'placeholder',
+              url,
+              fields: [
+                { field: 'healthieId', value: '{{calendar_event.Healthie ID}}' },
+                { field: 'title', value: '{{calendar_event.title}}' },
+              ],
+            },
+          },
+          context: { calendarEventId: referencesEvent.id },
+        }).catch(() => {})
+
+        const log = await find_log_for_url(sdk, url, 'evt_REF_456')
+        if (!log) return false
+        const payload = log.payload as any
+        return payload?.healthieId === 'evt_REF_456'
+          && payload?.title === referencesEvent.title
+      },
+      { onResult: r => r === true }
+    )
+
+    await async_test(
+      'Send Webhook leaves {{calendar_event.Healthie ID}} blank when no calendarEventId in context',
+      async () => {
+        const url = `${WEBHOOK_TARGET_URL}/nocontext`
+        await sdk.api.webhooks.send_automation_webhook({
+          message: 'placeholder',
+          enduserId: enduser.id,
+          automationStepId: step.id,
+          action: {
+            type: 'sendWebhook',
+            info: {
+              message: 'placeholder',
+              url,
+              fields: [
+                { field: 'healthieId', value: '{{calendar_event.Healthie ID}}' },
+              ],
+            },
+          },
+          // no calendarEventId
+        }).catch(() => {})
+
+        // Without a calendar event in context, the templating helper returns the input
+        // unchanged, so the literal template string remains in the payload.
+        const start = Date.now()
+        while (Date.now() - start < 10_000) {
+          const logs = await sdk.api.webhook_logs.getSome({ limit: 50, sort: 'newFirst' as any }) as Array<any>
+          const match = logs.find(l => l.url === url)
+          if (match) {
+            const payload = match.payload as any
+            return payload?.healthieId === '{{calendar_event.Healthie ID}}'
+          }
+          await wait(undefined, 500)
+        }
+        return false
+      },
+      { onResult: r => r === true }
+    )
+
+  } finally {
+    try { await sdk.api.calendar_events.deleteOne(externalIdEvent.id) } catch {}
+    try { await sdk.api.calendar_events.deleteOne(referencesEvent.id) } catch {}
+    try { await sdk.api.automation_steps.deleteOne(step.id) } catch {}
+    try { await sdk.api.journeys.deleteOne(journey.id) } catch {}
+    try { await sdk.api.endusers.deleteOne(enduser.id) } catch {}
+  }
+}
+
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await calendar_event_webhook_template_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ Calendar event webhook template test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ Calendar event webhook template test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/api_tests/enduser_login.test.ts

@@ -0,0 +1,215 @@
+require('source-map-support').install();
+
+import axios from "axios"
+import { Session } from "../../sdk"
+import {
+  async_test,
+  log_header,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+
+// Coverage for the /v1/login-enduser response surface:
+// - When an enduser has no password set, the error response must not include
+//   enduser fields (PHI, hashedPassword, etc.).
+// - The "enduser not found" and "wrong password" cases must be indistinguishable
+//   (same status code, same message) to prevent account enumeration.
+// - verify_otp invalid-code error must not include enduser fields.
+
+const post_login = async (body: any) => {
+  try {
+    const res = await axios.post(`${host}/v1/login-enduser`, body, { validateStatus: () => true })
+    return { status: res.status, data: res.data }
+  } catch (err: any) {
+    return { status: err?.response?.status, data: err?.response?.data }
+  }
+}
+
+export const enduser_login_tests = async ({ sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("Enduser Login Tests")
+
+  const ts = Date.now()
+  // Distinctive markers we can grep the response body for.
+  const MARKER_FNAME = `LoginTestFname${ts}`
+  const MARKER_ADDRESS = `${ts} Test Way`
+  const MARKER_DOB = '01-01-1990'
+
+  const noPasswordEnduser = await sdk.api.endusers.createOne({
+    fname: MARKER_FNAME,
+    lname: 'LoginTest',
+    email: `login-test-no-password-${ts}@tellescope.com`,
+    dateOfBirth: MARKER_DOB,
+    addressLineOne: MARKER_ADDRESS,
+    addressLineTwo: 'Apt 4B',
+    city: 'Springfield',
+    state: 'IL',
+    zipCode: '62701',
+    gender: 'Female',
+    assignedTo: [sdk.userInfo.id],
+    fields: { secretField: `should-not-leak-${ts}` },
+    tags: ['vip', 'sensitive'],
+  })
+
+  const withPasswordEnduser = await sdk.api.endusers.createOne({
+    fname: 'PasswordedEnduser',
+    lname: 'LoginTest',
+    email: `login-test-with-password-${ts}@tellescope.com`,
+  })
+  await sdk.api.endusers.set_password({ id: withPasswordEnduser.id, password: 'CorrectPassword123!' })
+
+  try {
+    // Login response for an enduser without a password set must not include
+    // enduser fields.
+    const noPasswordResp = await post_login({
+      email: noPasswordEnduser.email,
+      password: 'arbitrary-password',
+      businessId: sdk.userInfo.businessId,
+    })
+
+    const noPasswordBody = JSON.stringify(noPasswordResp.data ?? {})
+
+    await async_test(
+      'No-password login response does not include fname marker',
+      async () => noPasswordBody.includes(MARKER_FNAME) ? 'leaked' : 'safe',
+      { expectedResult: 'safe' }
+    )
+    await async_test(
+      'No-password login response does not include dateOfBirth',
+      async () => noPasswordBody.includes(MARKER_DOB) ? 'leaked' : 'safe',
+      { expectedResult: 'safe' }
+    )
+    await async_test(
+      'No-password login response does not include addressLineOne marker',
+      async () => noPasswordBody.includes(MARKER_ADDRESS) ? 'leaked' : 'safe',
+      { expectedResult: 'safe' }
+    )
+    for (const sensitiveKey of ['hashedPassword', 'assignedTo', 'fields', 'tags', 'insurance', 'customFields']) {
+      await async_test(
+        `No-password login response does not include "${sensitiveKey}" key`,
+        async () => noPasswordBody.includes(`"${sensitiveKey}"`) ? 'leaked' : 'safe',
+        { expectedResult: 'safe' }
+      )
+    }
+    await async_test(
+      'No-password login response info field is absent or empty',
+      async () => {
+        const info = (noPasswordResp.data ?? {}).info
+        if (info === undefined) return 'safe'
+        if (typeof info === 'object' && info !== null && Object.keys(info).length === 0) return 'safe'
+        return 'leaked'
+      },
+      { expectedResult: 'safe' }
+    )
+
+    // All three failure modes (no-password-set, wrong-password, unknown-email)
+    // must return an identical 401 + identical message — no enumeration of
+    // which case actually applies.
+    const wrongPasswordResp = await post_login({
+      email: withPasswordEnduser.email,
+      password: 'WrongPassword!2025',
+      businessId: sdk.userInfo.businessId,
+    })
+    const unknownEmailResp = await post_login({
+      email: `does-not-exist-${ts}@tellescope.com`,
+      password: 'AnyPassword!2025',
+      businessId: sdk.userInfo.businessId,
+    })
+
+    await async_test(
+      'Login returns 401 for no-password account (indistinguishable from wrong password)',
+      async () => `${noPasswordResp.status}:${noPasswordResp.data?.message ?? ''}`,
+      { expectedResult: '401:Login details are invalid' }
+    )
+    await async_test(
+      'Login returns same status for no-password vs wrong-password vs unknown-email',
+      async () => {
+        const statuses = [noPasswordResp.status, wrongPasswordResp.status, unknownEmailResp.status]
+        const allSame = statuses.every(s => s === statuses[0])
+        return allSame ? `same:${statuses[0]}` : `diff:${statuses.join(',')}`
+      },
+      { expectedResult: 'same:401' }
+    )
+    await async_test(
+      'Login returns same message for no-password vs wrong-password vs unknown-email',
+      async () => {
+        const messages = [noPasswordResp.data?.message, wrongPasswordResp.data?.message, unknownEmailResp.data?.message]
+        const allSame = messages.every(m => m === messages[0])
+        return allSame ? 'same' : `diff:${JSON.stringify(messages)}`
+      },
+      { expectedResult: 'same' }
+    )
+
+    // verify_otp invalid-code response must not include enduser fields.
+    const verifyOtpInvalidResp = await axios.post(
+      `${host}/v1/verify-otp-code`,
+      { token: 'not-a-real-token', code: '000000', businessId: sdk.userInfo.businessId },
+      { validateStatus: () => true }
+    )
+    const verifyOtpBody = JSON.stringify(verifyOtpInvalidResp.data ?? {})
+    await async_test(
+      'verify_otp invalid-code response does not include any enduser fields',
+      async () => (
+        verifyOtpBody.includes('"hashedPassword"')
+        || verifyOtpBody.includes('"assignedTo"')
+        || verifyOtpBody.includes(MARKER_FNAME)
+          ? 'leaked' : 'safe'
+      ),
+      { expectedResult: 'safe' }
+    )
+
+    // Regression: admin creating a duplicate enduser (same email) must still
+    // receive the existing record's id in the error info — this is an
+    // authenticated, intentional API-aid pattern via uniquenessError and must
+    // not be regressed by the public-endpoint sanitizer.
+    let duplicateError: any = null
+    try {
+      await sdk.api.endusers.createOne({ email: noPasswordEnduser.email })
+    } catch (err: any) {
+      duplicateError = err
+    }
+    await async_test(
+      'Admin duplicate enduser create rejects with 409 Uniqueness Violation',
+      async () => duplicateError?.message ?? 'no-error',
+      { expectedResult: 'Uniqueness Violation' }
+    )
+    await async_test(
+      'Admin duplicate enduser create returns the existing record id in info',
+      async () => {
+        const info = duplicateError?.info
+        if (!Array.isArray(info) || info.length === 0) return `no-info:${JSON.stringify(info)}`
+        const existing = info[0]?.existingRecord
+        const existingId = existing?._id ?? existing?.id
+        return existingId === noPasswordEnduser.id ? 'matched' : `mismatched:${existingId}`
+      },
+      { expectedResult: 'matched' }
+    )
+  } finally {
+    await Promise.all([
+      sdk.api.endusers.deleteOne(noPasswordEnduser.id).catch(() => null),
+      sdk.api.endusers.deleteOne(withPasswordEnduser.id).catch(() => null),
+    ])
+  }
+}
+
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await enduser_login_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ Enduser login test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ Enduser login test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/api_tests/enduser_login_rate_limits.test.ts

@@ -0,0 +1,178 @@
+require('source-map-support').install();
+
+import axios from "axios"
+import { Session } from "../../sdk"
+import {
+  async_test,
+  log_header,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+
+// Per-IP rate limits applied to enduser public endpoints:
+//   POST /v1/login-enduser              20 / min, 100 / hour
+//   POST /v1/begin-enduser-login-flow   10 / min,  50 / hour
+//   POST /v1/endusers/send-otp-code      5 / min,  30 / hour
+// Plus a per-identifier limit on begin_login_flow: 5 / 10 min per email|phone.
+
+const post = async (path: string, body: any) => {
+  try {
+    const res = await axios.post(`${host}${path}`, body, { validateStatus: () => true })
+    return { status: res.status, data: res.data }
+  } catch (err: any) {
+    return { status: err?.response?.status, data: err?.response?.data }
+  }
+}
+
+const fire_until_429 = async (cap: number, send: (i: number) => Promise<{ status: number }>) => {
+  let triggeredAt = -1
+  for (let i = 0; i < cap + 5; i++) {
+    const { status } = await send(i)
+    if (status === 429) {
+      triggeredAt = i
+      break
+    }
+  }
+  return triggeredAt
+}
+
+export const enduser_login_rate_limits_tests = async ({ sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("Enduser Login Rate Limit Tests")
+
+  const businessId = sdk.userInfo.businessId
+
+  // Ensure throttled_events from prior tests don't bleed in.
+  await sdk.reset_db()
+
+  // ---- /v1/login-enduser per-IP cap (20/min) ----
+  // Bogus emails ensure we never reach the actual DB lookup / login work.
+  const loginTrip = await fire_until_429(20, i => post('/v1/login-enduser', {
+    email: `rl-login-${Date.now()}-${i}@tellescope.com`,
+    password: 'NotARealPassword!2025',
+    businessId,
+  }))
+  await async_test(
+    'login per-IP throttle trips within first 21 requests',
+    async () => (loginTrip >= 0 && loginTrip <= 20) ? 'tripped' : `not-tripped:${loginTrip}`,
+    { expectedResult: 'tripped' }
+  )
+
+  await sdk.reset_db()
+
+  // ---- /v1/begin-enduser-login-flow per-IP cap (10/min) ----
+  // Use distinct emails so the per-identifier limit (5/10min) does NOT trip first;
+  // we want the IP cap to be the first thing to fire.
+  const beginIpTrip = await fire_until_429(10, i => post('/v1/begin-enduser-login-flow', {
+    email: `rl-begin-ip-${Date.now()}-${i}@tellescope.com`,
+    businessId,
+  }))
+  await async_test(
+    'begin_login_flow per-IP throttle trips within first 11 requests',
+    async () => (beginIpTrip >= 0 && beginIpTrip <= 10) ? 'tripped' : `not-tripped:${beginIpTrip}`,
+    { expectedResult: 'tripped' }
+  )
+
+  await sdk.reset_db()
+
+  // ---- /v1/begin-enduser-login-flow per-identifier cap (5 / 10 min per email) ----
+  // Hit a single email below the per-IP cap.
+  const fixedEmail = `rl-begin-id-${Date.now()}@tellescope.com`
+  const beginIdTrip = await fire_until_429(5, () => post('/v1/begin-enduser-login-flow', {
+    email: fixedEmail,
+    businessId,
+  }))
+  await async_test(
+    'begin_login_flow per-identifier throttle trips within first 6 requests',
+    async () => (beginIdTrip >= 0 && beginIdTrip <= 5) ? 'tripped' : `not-tripped:${beginIdTrip}`,
+    { expectedResult: 'tripped' }
+  )
+
+  await sdk.reset_db()
+
+  // ---- /v1/endusers/send-otp-code per-IP cap (5/min) ----
+  // Use a bogus JWT-shaped token so we trip the IP guard first (it runs before any DB work).
+  const fakeToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCJ9.sig'
+  const sendOtpTrip = await fire_until_429(5, () => post('/v1/endusers/send-otp-code', {
+    token: fakeToken,
+    method: 'email',
+  }))
+  await async_test(
+    'send_otp per-IP throttle trips within first 6 requests',
+    async () => (sendOtpTrip >= 0 && sendOtpTrip <= 5) ? 'tripped' : `not-tripped:${sendOtpTrip}`,
+    { expectedResult: 'tripped' }
+  )
+
+  // Confirm 429 response does not leak the keying strategy (no mention of "ip" or "address").
+  const tripped = await post('/v1/endusers/send-otp-code', { token: fakeToken, method: 'email' })
+  await async_test(
+    '429 response does not mention "ip" or "address"',
+    async () => {
+      const msg = (tripped.data?.message ?? '').toLowerCase()
+      return (msg.includes('ip') || msg.includes('address')) ? 'leaked' : 'safe'
+    },
+    { expectedResult: 'safe' }
+  )
+
+  // ---- Legitimate-login regression: a single successful login should still go through ----
+  // Reset state, then create a real enduser with a password and confirm one login succeeds.
+  await sdk.reset_db()
+
+  const ts = Date.now()
+  const enduser = await sdk.api.endusers.createOne({
+    fname: 'RateLimitOk', lname: 'Enduser',
+    email: `rl-legit-${ts}@tellescope.com`,
+  })
+  try {
+    await sdk.api.endusers.set_password({ id: enduser.id, password: 'CorrectPassword123!' })
+
+    const goodLogin = await post('/v1/login-enduser', {
+      email: enduser.email,
+      password: 'CorrectPassword123!',
+      businessId,
+    })
+    await async_test(
+      'legitimate login still succeeds (returns authToken, not 429)',
+      async () => goodLogin.status === 200 && !!goodLogin.data?.authToken ? 'ok' : `failed:${goodLogin.status}`,
+      { expectedResult: 'ok' }
+    )
+
+    // A subsequent successful login by the same user/IP should also succeed —
+    // a single legitimate user retrying must not trip the per-IP cap.
+    const goodLoginRetry = await post('/v1/login-enduser', {
+      email: enduser.email,
+      password: 'CorrectPassword123!',
+      businessId,
+    })
+    await async_test(
+      'legitimate login retry still succeeds',
+      async () => goodLoginRetry.status === 200 && !!goodLoginRetry.data?.authToken ? 'ok' : `failed:${goodLoginRetry.status}`,
+      { expectedResult: 'ok' }
+    )
+  } finally {
+    await sdk.api.endusers.deleteOne(enduser.id).catch(() => null)
+    await sdk.reset_db().catch(() => null)
+  }
+}
+
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await enduser_login_rate_limits_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ Enduser login rate limit test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ Enduser login rate limit test suite failed:", error)
+      process.exit(1)
+    })
+}