npm - @tellescope/sdk - Versions diffs - 1.250.2 → 1.252.0 - Mend

@tellescope/sdk 1.250.2 → 1.252.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

package/src/tests/api_tests/set_fields_order_templates.test.ts ADDED Viewed

@@ -0,0 +1,258 @@
+require('source-map-support').install();
+import { Session } from "../../sdk"
+import {
+  assert,
+  async_test,
+  log_header,
+  wait,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+const host = process.env.API_URL || 'http://localhost:8080' as const
+const TRIGGER_TITLE_BLOCK_A = "Order Templates: Block A"
+const TRIGGER_TITLE_BLOCK_B = "Order Templates: Block B"
+const buildSetFieldsAction = (prefix: string) => ({
+  type: 'Set Fields' as const,
+  info: {
+    fields: [
+      { name: `${prefix}_status`,     value: '{{order.status}}',     type: 'Custom Value' as const },
+      { name: `${prefix}_tracking`,   value: '{{order.tracking}}',   type: 'Custom Value' as const },
+      { name: `${prefix}_carrier`,    value: '{{order.carrier}}',    type: 'Custom Value' as const },
+      { name: `${prefix}_sku`,        value: '{{order.sku}}',        type: 'Custom Value' as const },
+      { name: `${prefix}_externalId`, value: '{{order.externalId}}', type: 'Custom Value' as const },
+      { name: `${prefix}_id`,         value: '{{order.id}}',         type: 'Custom Value' as const },
+      { name: `${prefix}_protocol`,   value: '{{order.protocol}}',   type: 'Custom Value' as const },
+    ],
+  },
+})
+// Block A: Direct EnduserOrder creation path
+const direct_order_creation_block = async ({ sdk }: { sdk: Session }) => {
+  log_header("Block A: Direct EnduserOrder creation -> {{order.*}} in Set Fields")
+  const enduser = await sdk.api.endusers.createOne({})
+  const trigger = await sdk.api.automation_triggers.createOne({
+    title: TRIGGER_TITLE_BLOCK_A,
+    status: 'Active',
+    event: { type: 'Order Status Equals', info: { source: 'Beluga', status: 'Shipped' } },
+    action: buildSetFieldsAction('pharmacy'),
+  })
+  let createdOrderId: string | undefined
+  let nonMatchingOrderId: string | undefined
+  try {
+    const order = await sdk.api.enduser_orders.createOne({
+      enduserId: enduser.id,
+      source: 'Beluga',
+      status: 'Shipped',
+      title: 'Beluga Pharmacy Order',
+      externalId: 'EXT-A-123',
+      tracking: '1Z-AAA',
+      carrier: 'UPS',
+      sku: 'SKU-A',
+      protocol: 'wl1',
+    })
+    createdOrderId = order.id
+    await wait(undefined, 250) // allow trigger + Set Fields to run
+    await async_test(
+      "Block A: {{order.*}} templates resolve to literal values",
+      () => sdk.api.endusers.getOne(enduser.id),
+      { onResult: e => !!(
+           e.fields?.pharmacy_status === 'Shipped'
+        && e.fields?.pharmacy_tracking === '1Z-AAA'
+        && e.fields?.pharmacy_carrier === 'UPS'
+        && e.fields?.pharmacy_sku === 'SKU-A'
+        && e.fields?.pharmacy_externalId === 'EXT-A-123'
+        && e.fields?.pharmacy_protocol === 'wl1'
+        && typeof e.fields?.pharmacy_id === 'string'
+        && (e.fields?.pharmacy_id as string).length > 0
+        && (e.fields?.pharmacy_id as string) === order.id
+      )}
+    )
+    // Negative case: status that doesn't match the trigger should NOT alter fields
+    const beforeNonMatch = await sdk.api.endusers.getOne(enduser.id)
+    const snapshot = {
+      pharmacy_status: beforeNonMatch.fields?.pharmacy_status,
+      pharmacy_tracking: beforeNonMatch.fields?.pharmacy_tracking,
+      pharmacy_carrier: beforeNonMatch.fields?.pharmacy_carrier,
+      pharmacy_sku: beforeNonMatch.fields?.pharmacy_sku,
+      pharmacy_externalId: beforeNonMatch.fields?.pharmacy_externalId,
+      pharmacy_id: beforeNonMatch.fields?.pharmacy_id,
+      pharmacy_protocol: beforeNonMatch.fields?.pharmacy_protocol,
+    }
+    const nonMatching = await sdk.api.enduser_orders.createOne({
+      enduserId: enduser.id,
+      source: 'Beluga',
+      status: 'In Fulfillment', // does NOT match the trigger
+      title: 'Beluga Pharmacy Order (other status)',
+      externalId: 'EXT-A-NOMATCH',
+      tracking: 'NOPE',
+      carrier: 'NoCarrier',
+      sku: 'SKU-NOPE',
+      protocol: 'nope',
+    })
+    nonMatchingOrderId = nonMatching.id
+    await wait(undefined, 250)
+    await async_test(
+      "Block A: non-matching status leaves fields unchanged",
+      () => sdk.api.endusers.getOne(enduser.id),
+      { onResult: e => !!(
+           e.fields?.pharmacy_status === snapshot.pharmacy_status
+        && e.fields?.pharmacy_tracking === snapshot.pharmacy_tracking
+        && e.fields?.pharmacy_carrier === snapshot.pharmacy_carrier
+        && e.fields?.pharmacy_sku === snapshot.pharmacy_sku
+        && e.fields?.pharmacy_externalId === snapshot.pharmacy_externalId
+        && e.fields?.pharmacy_id === snapshot.pharmacy_id
+        && e.fields?.pharmacy_protocol === snapshot.pharmacy_protocol
+      )}
+    )
+  } finally {
+    if (createdOrderId) await sdk.api.enduser_orders.deleteOne(createdOrderId).catch(console.error)
+    if (nonMatchingOrderId) await sdk.api.enduser_orders.deleteOne(nonMatchingOrderId).catch(console.error)
+    await sdk.api.automation_triggers.deleteOne(trigger.id).catch(console.error)
+    await sdk.api.endusers.deleteOne(enduser.id).catch(console.error)
+  }
+}
+// Block B: Beluga webhook integration path
+const beluga_webhook_block = async ({ sdk }: { sdk: Session }) => {
+  log_header("Block B: Beluga webhook -> {{order.*}} in Set Fields")
+  const webhookUrl = `${host}/v1/webhooks/beluga`
+  const externalOrderId = `EXT-B-${Date.now()}`
+  const enduser = await sdk.api.endusers.createOne({})
+  const form = await sdk.api.forms.createOne({ title: 'Order Templates Beluga Form' })
+  const formResponse = await sdk.api.form_responses.createOne({
+    formId: form.id,
+    enduserId: enduser.id,
+    formTitle: form.title,
+  })
+  const trigger = await sdk.api.automation_triggers.createOne({
+    title: TRIGGER_TITLE_BLOCK_B,
+    status: 'Active',
+    event: { type: 'Order Status Equals', info: { source: 'Beluga', status: 'Shipped' } },
+    action: buildSetFieldsAction('pharmacy'),
+  })
+  const deliveredTrigger = await sdk.api.automation_triggers.createOne({
+    title: `${TRIGGER_TITLE_BLOCK_B} (Delivered)`,
+    status: 'Active',
+    event: { type: 'Order Status Equals', info: { source: 'Beluga', status: 'Delivered' } },
+    action: buildSetFieldsAction('pharmacy'),
+  })
+  try {
+    // Step 1: PHARMACY_ORDER_SHIPPED
+    const shippedRes = await fetch(webhookUrl, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        masterId: `tellescope_${formResponse.id}`,
+        event: 'PHARMACY_ORDER_SHIPPED',
+        orderId: externalOrderId,
+        info: { carrier: 'FedEx', tracking: '7777-BBB' },
+      }),
+    })
+    assert(shippedRes.status === 200, `Beluga webhook (shipped) expected 200, got ${shippedRes.status}`)
+    await wait(undefined, 250) // webhook upsert + trigger + Set Fields
+    await async_test(
+      "Block B: Beluga PHARMACY_ORDER_SHIPPED resolves {{order.*}} into enduser fields",
+      () => sdk.api.endusers.getOne(enduser.id),
+      { onResult: e => !!(
+           e.fields?.pharmacy_status === 'Shipped'
+        && e.fields?.pharmacy_tracking === '7777-BBB'
+        && e.fields?.pharmacy_carrier === 'FedEx'
+        && e.fields?.pharmacy_externalId === externalOrderId
+        && typeof e.fields?.pharmacy_id === 'string'
+        && (e.fields?.pharmacy_id as string).length > 0
+        // Webhook does not set sku/protocol -> default branch in helper -> ''
+        && e.fields?.pharmacy_sku === ''
+        && e.fields?.pharmacy_protocol === ''
+      )}
+    )
+    // Step 2: PHARMACY_ORDER_DELIVERED for the same order
+    const deliveredRes = await fetch(webhookUrl, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        masterId: `tellescope_${formResponse.id}`,
+        event: 'PHARMACY_ORDER_DELIVERED',
+        orderId: externalOrderId,
+      }),
+    })
+    assert(deliveredRes.status === 200, `Beluga webhook (delivered) expected 200, got ${deliveredRes.status}`)
+    await wait(undefined, 250)
+    await async_test(
+      "Block B: PHARMACY_ORDER_DELIVERED flips pharmacy_status to 'Delivered'",
+      () => sdk.api.endusers.getOne(enduser.id),
+      { onResult: e => !!(
+           e.fields?.pharmacy_status === 'Delivered'
+        && e.fields?.pharmacy_externalId === externalOrderId
+      )}
+    )
+  } finally {
+    // Clean up the order created by the webhook
+    try {
+      const orders = await sdk.api.enduser_orders.getSome({
+        filter: { source: 'Beluga', externalId: externalOrderId } as any,
+      })
+      for (const o of orders) {
+        await sdk.api.enduser_orders.deleteOne(o.id).catch(console.error)
+      }
+    } catch (err) {
+      console.error(err)
+    }
+    await sdk.api.automation_triggers.deleteOne(trigger.id).catch(console.error)
+    await sdk.api.automation_triggers.deleteOne(deliveredTrigger.id).catch(console.error)
+    await sdk.api.form_responses.deleteOne(formResponse.id).catch(console.error)
+    await sdk.api.forms.deleteOne(form.id).catch(console.error)
+    await sdk.api.endusers.deleteOne(enduser.id).catch(console.error)
+  }
+}
+export const set_fields_order_templates_tests = async (
+  { sdk, sdkNonAdmin }: { sdk: Session, sdkNonAdmin: Session }
+) => {
+  log_header("Set Fields: {{order.*}} template resolution")
+  await direct_order_creation_block({ sdk })
+  await beluga_webhook_block({ sdk })
+}
+if (require.main === module) {
+  console.log(`Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await set_fields_order_templates_tests({ sdk, sdkNonAdmin })
+  }
+  runTests()
+    .then(() => {
+      console.log("set_fields_order_templates test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("set_fields_order_templates test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/setup.ts CHANGED Viewed

@@ -37,9 +37,16 @@ export const setup_tests = async (sdk: Session, sdkNonAdmin: Session) => {
   // Authenticate the SDKs first
   await sdk.authenticate(email, password)
   await sdkNonAdmin.authenticate(nonAdminEmail, nonAdminPassword)
   await async_test('test_authenticated', sdk.test_authenticated, { expectedResult: 'Authenticated!' })
+  // Defensive: clear residual OTP gating from a previously-aborted run of
+  // enduser_session_invalidation_tests, which would otherwise cause enduser
+  // tokens minted in subsequent tests to be rejected as Unauthenticated.
+  await sdk.api.organizations.updateOne(sdk.userInfo.businessId, {
+    portalSettings: { authentication: { requireOTP: false, requireOTPAfterPassword: false } },
+  }, { replaceObjectFields: true })
   await async_test(
     'test_authenticated (with API Key)',
     (new Session({ host, apiKey: '3n5q0SCBT_iUvZz-b9BJtX7o7HQUVJ9v132PgHJNJsg.' /* local test key */  })).test_authenticated,

package/src/tests/tests.ts CHANGED Viewed

@@ -49,6 +49,7 @@ import { purchase_made_trigger_tests } from "./api_tests/purchase_made_trigger.t
 import { appointment_rescheduled_trigger_tests } from "./api_tests/appointment_rescheduled_trigger.test"
 import { journey_error_branching_tests } from "./api_tests/journey_error_branching.test"
 import { afteraction_day_of_month_delay_tests } from "./api_tests/afteraction_day_of_month_delay.test"
+import { push_forms_to_portal_group_completion_tests } from "./api_tests/push_forms_to_portal_group_completion.test"
 import { setup_tests } from "./setup"
 import { evaluate_conditional_logic_for_enduser_fields, FORM_LOGIC_CALCULATED_FIELDS, get_care_team_primary, get_flattened_fields, get_next_reminder_timestamp, object_is_empty, replace_enduser_template_values, replace_form_field_template_values, responses_satisfy_conditions, truncate_string, weighted_round_robin, YYYY_MM_DD_to_MM_DD_YYYY } from "@tellescope/utilities"
 import { DEFAULT_OPERATIONS, PLACEHOLDER_ID, ZENDESK_INTEGRATIONS_TITLE, ZOOM_TITLE } from "@tellescope/constants"
@@ -74,6 +75,8 @@ import {
 import fs from "fs"
 import { load_inbox_data_tests } from "./api_tests/load_inbox_data.test";
+import { enduser_login_tests } from "./api_tests/enduser_login.test";
+import { enduser_login_rate_limits_tests } from "./api_tests/enduser_login_rate_limits.test";
 import { eom_procedure_codes_tests } from "./api_tests/eom_procedure_codes.test";
 import { cross_org_api_key_tests } from "./api_tests/cross_org_api_key.test";
 import { custom_dashboards_tests } from "./api_tests/custom_dashboards.test";
@@ -86,6 +89,12 @@ import { custom_aggregation_tests } from "./api_tests/custom_aggregation.test";
 import { chats_analytics_tests } from "./api_tests/chats_analytics.test";
 import { no_access_permission_checks_tests } from "./api_tests/no_access_permission_checks.test";
 import { field_redaction_tests } from "./api_tests/field_redaction.test";
+import { data_sync_redaction_bypass_tests } from "./api_tests/security/F-0001-data-sync-redaction-bypass.test";
+import { ai_conversations_rbac_tests } from "./api_tests/security/F-0005-ai-conversations-rbac.test";
+import { invite_user_enumeration_tests } from "./api_tests/security/F-0007-invite-user-enumeration.test";
+import { handle_incoming_communication_cross_tenant_tests } from "./api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test";
+import { sanitize_user_html_xss_tests } from "./api_tests/security/F-0013-sanitize-user-html.test";
+import { prototype_pollution_tests } from "./api_tests/security/F-0016-prototype-pollution.test";
 import { bulk_assignment_tests } from "./api_tests/bulk_assignment.test";
 import { managed_content_enduser_access_tests } from "./api_tests/managed_content_enduser_access.test";
 import { managed_content_file_access_tests } from "./api_tests/managed_content_file_access.test";
@@ -102,9 +111,12 @@ import { organization_settings_duplicates_tests } from "./api_tests/organization
 import { calendar_events_bulk_update_tests } from "./api_tests/calendar_events_bulk_update.test";
 import { openloop_webhooks_tests } from "./api_tests/openloop_webhooks.test";
 import { beluga_pharmacy_mappings_tests } from "./api_tests/beluga_pharmacy_mappings.test";
+import { account_switcher_tests } from "./api_tests/account_switcher.test";
+import { set_fields_order_templates_tests } from "./api_tests/set_fields_order_templates.test";
 import { date_string_validation_tests } from "./api_tests/date_string_validation.test";
 import { enduser_session_invalidation_tests } from "./api_tests/enduser_session_invalidation.test";
 import { enduser_cross_access_isolation_tests } from "./api_tests/enduser_cross_access_isolation.test";
+import { calendar_event_webhook_template_tests } from "./api_tests/calendar_event_webhook_template.test";
 const UniquenessViolationMessage = 'Uniqueness Violation'
@@ -5088,7 +5100,9 @@ const trigger_events_api_tests = async () => {
 const automation_trigger_tests = async () => {
   log_header("Automation Trigger Tests")
+  await push_forms_to_portal_group_completion_tests({ sdk, sdkNonAdmin })
   await order_status_equals_tests()
+  await set_fields_order_templates_tests({ sdk, sdkNonAdmin })
   await medication_added_trigger_tests({ sdk, sdkNonAdmin })
   await appointment_cancelled_tests()
   await set_fields_tests()
@@ -7121,16 +7135,18 @@ const merge_enduser_tests = async () => {
   const stripeCustomerId = 'example_cu_id';
   const stripeKey = 'example_stripe_key';
   const [source, destination, otherEnduser] = (await sdk.api.endusers.createSome([
-    {
-      email: 'source@tellescope.com', fname: 'source', lname: 'enduser',
-      references: [{ type: '2', id: '2.2' }, { type: '3', id: '3.2' }, { type: '4', id: '4.2'}],
+    {
+      email: 'source@tellescope.com', fname: 'source', lname: 'enduser',
+      references: [{ type: '2', id: '2.2' }, { type: '3', id: '3.2' }, { type: '4', id: '4.2'}],
       // @ts-ignore
       stripeCustomerId,
       stripeKey,
       athenaPracticeId: '12345',
       athenaDepartmentId: '54321',
+      insurance: { memberId: 'src-member', payerName: 'Source Payer' },
+      insuranceSecondary: { memberId: 'src-secondary' },
     },
-    { email: 'destination@tellescope.com', source: '4', externalId: "4", references: [{ type: '1', id: '1' }, { type: '2', id: '2' }] },
+    { email: 'destination@tellescope.com', source: '4', externalId: "4", references: [{ type: '1', id: '1' }, { type: '2', id: '2' }], insurance: { memberId: 'dest-member', payerName: 'Dest Payer' } },
     { email: 'other@tellescope.com'},
   ])).created
@@ -7179,7 +7195,10 @@ const merge_enduser_tests = async () => {
       && e.references?.find(r => r.type === '1')?.id === '1'
       && e.references?.find(r => r.type === '2')?.id === '2'
       && e.references?.find(r => r.type === '3')?.id === '3.2'
-      && !e.references?.find(r => r.type === '4')?.id
+      && !e.references?.find(r => r.type === '4')?.id
+      && e.insurance?.memberId === 'dest-member'
+      && e.insurance?.payerName === 'Dest Payer'
+      && e.insuranceSecondary?.memberId === 'src-secondary'
     )}
   )
@@ -14310,8 +14329,19 @@ const ip_address_form_tests = async () => {
     await replace_form_field_template_values_tests()
     await mfa_tests()
     await setup_tests(sdk, sdkNonAdmin)
+    await invite_user_enumeration_tests({ sdk, sdkNonAdmin })
+    await handle_incoming_communication_cross_tenant_tests({ sdk, sdkNonAdmin })
+    await calendar_event_webhook_template_tests({ sdk, sdkNonAdmin })
     await outbound_chat_sent_trigger_tests({ sdk })
+    await enduser_login_rate_limits_tests({ sdk, sdkNonAdmin })
+    await data_sync_redaction_bypass_tests({ sdk, sdkNonAdmin })
+    await ai_conversations_rbac_tests({ sdk, sdkNonAdmin })
+    await sanitize_user_html_xss_tests()
+    await prototype_pollution_tests()
     await automation_trigger_tests()
+    await account_switcher_tests({ sdk, sdkNonAdmin })
+    await enduser_login_tests({ sdk, sdkNonAdmin })
+    await outbound_chat_sent_trigger_tests({ sdk })
     await enduser_cross_access_isolation_tests({ sdk, sdkNonAdmin })
     await eom_procedure_codes_tests({ sdk, sdkNonAdmin })
     await cross_org_api_key_tests({ sdk, sdkNonAdmin })

package/test_generated.pdf CHANGED Viewed

Binary file