npm - @tellescope/sdk - Versions diffs - 1.251.0 → 1.252.1 - Mend

@tellescope/sdk 1.251.0 → 1.252.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/src/tests/api_tests/user_portal_settings.test.ts ADDED Viewed

@@ -0,0 +1,217 @@
+require('source-map-support').install();
+import { Session, EnduserSession } from "../../sdk"
+import {
+  assert,
+  async_test,
+  handleAnyError,
+  log_header,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+const host = process.env.API_URL || 'http://localhost:8080' as const
+const businessId = '60398b1131a295e64f084ff6'
+// Main test function that can be called independently
+export const user_portal_settings_tests = async ({ sdk, sdkNonAdmin }: { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("User portalSettings Tests")
+  // Operate on a throwaway user so we never mutate existing users' records.
+  const testUser = await sdk.api.users.createOne({
+    email: `portal_settings_test_${Date.now()}@test.tellescope.com`,
+  })
+  // throwaway enduser used to confirm enduser-visibility of portalSettings
+  let testEnduserId: string | undefined
+  let enduserSDK: EnduserSession | undefined
+  try {
+    // ===== Valid: string values =====
+    await async_test(
+      'portalSettings - string values accepted',
+      async () => {
+        await sdk.api.users.updateOne(testUser.id, { portalSettings: { theme: 'dark' } }, { replaceObjectFields: true })
+        const updated = await sdk.api.users.getOne(testUser.id)
+        return updated.portalSettings?.theme
+      },
+      { onResult: (r) => r === 'dark' }
+    )
+    // ===== Valid: boolean values + round-trip as real booleans =====
+    await async_test(
+      'portalSettings - boolean values accepted and round-trip as booleans',
+      async () => {
+        await sdk.api.users.updateOne(
+          testUser.id,
+          { portalSettings: { showNameInSecureMessaging: true, showAvatar: false } },
+          { replaceObjectFields: true }
+        )
+        const updated = await sdk.api.users.getOne(testUser.id)
+        return updated.portalSettings
+      },
+      {
+        onResult: (r) =>
+          r?.showNameInSecureMessaging === true &&
+          r?.showAvatar === false &&
+          // assert real booleans, not coerced strings
+          typeof r?.showNameInSecureMessaging === 'boolean' &&
+          typeof r?.showAvatar === 'boolean',
+      }
+    )
+    // ===== Valid: mixed string + boolean values, strings stay strings =====
+    await async_test(
+      'portalSettings - mixed string and boolean values',
+      async () => {
+        await sdk.api.users.updateOne(
+          testUser.id,
+          { portalSettings: { theme: 'light', showAvatar: true } },
+          { replaceObjectFields: true }
+        )
+        const updated = await sdk.api.users.getOne(testUser.id)
+        return updated.portalSettings
+      },
+      {
+        onResult: (r) =>
+          r?.theme === 'light' &&
+          typeof r?.theme === 'string' &&
+          r?.showAvatar === true &&
+          typeof r?.showAvatar === 'boolean',
+      }
+    )
+    // ===== Valid: empty object (zero-iteration loop passes) =====
+    await async_test(
+      'portalSettings - empty object accepted',
+      async () => {
+        await sdk.api.users.updateOne(testUser.id, { portalSettings: {} }, { replaceObjectFields: true })
+        const updated = await sdk.api.users.getOne(testUser.id)
+        return updated.portalSettings
+      },
+      { onResult: (r) => !!r && typeof r === 'object' && Object.keys(r).length === 0 }
+    )
+    // ===== Invalid: value string > 250 chars =====
+    await async_test(
+      'portalSettings - value string > 250 chars rejected',
+      () => sdk.api.users.updateOne(
+        testUser.id,
+        { portalSettings: { tooLong: 'a'.repeat(251) } },
+        { replaceObjectFields: true }
+      ),
+      handleAnyError
+    )
+    // ===== Invalid: key > 250 chars =====
+    await async_test(
+      'portalSettings - key > 250 chars rejected',
+      () => sdk.api.users.updateOne(
+        testUser.id,
+        { portalSettings: { ['a'.repeat(251)]: 'x' } },
+        { replaceObjectFields: true }
+      ),
+      handleAnyError
+    )
+    // ===== Invalid: nested object value (disallowed type) =====
+    await async_test(
+      'portalSettings - nested object value rejected',
+      () => sdk.api.users.updateOne(
+        testUser.id,
+        { portalSettings: { k: { nested: 1 } as any } },
+        { replaceObjectFields: true }
+      ),
+      handleAnyError
+    )
+    // ===== Invalid: array value (disallowed type) =====
+    await async_test(
+      'portalSettings - array value rejected',
+      () => sdk.api.users.updateOne(
+        testUser.id,
+        { portalSettings: { k: [1, 2] as any } },
+        { replaceObjectFields: true }
+      ),
+      handleAnyError
+    )
+    // ===== Number value (secondary): orValidator tries boolean then string;
+    // stringValidator250's escapeString throws on non-strings, so a number is
+    // rejected by both branches => API validation error. =====
+    await async_test(
+      'portalSettings - number value rejected',
+      () => sdk.api.users.updateOne(
+        testUser.id,
+        { portalSettings: { k: 1 as any } },
+        { replaceObjectFields: true }
+      ),
+      handleAnyError
+    )
+    // ===== Enduser visibility: portalSettings readable by endusers, un-redacted =====
+    await async_test(
+      'portalSettings - readable by enduser (un-redacted)',
+      async () => {
+        // set a known value on the throwaway user
+        await sdk.api.users.updateOne(
+          testUser.id,
+          { portalSettings: { showNameInSecureMessaging: true, theme: 'dark' } },
+          { replaceObjectFields: true }
+        )
+        // create + authenticate a throwaway enduser to read as a patient
+        const testEnduser = await sdk.api.endusers.createOne({
+          email: `portal_settings_enduser_${Date.now()}@test.tellescope.com`,
+        })
+        testEnduserId = testEnduser.id
+        await sdk.api.endusers.set_password({ id: testEnduser.id, password: 'TestPassword123!' })
+        enduserSDK = new EnduserSession({ host, businessId })
+        await enduserSDK.authenticate(testEnduser.email!, 'TestPassword123!')
+        const asEnduser = await enduserSDK.api.users.getOne(testUser.id)
+        return asEnduser.portalSettings
+      },
+      {
+        onResult: (r) =>
+          // field is present and un-redacted for endusers
+          r?.showNameInSecureMessaging === true && r?.theme === 'dark',
+      }
+    )
+    console.log("✅ All User portalSettings tests passed!")
+  } finally {
+    try {
+      if (enduserSDK) {
+        await enduserSDK.api.endusers.logout().catch(() => {})
+      }
+      if (testEnduserId) {
+        await sdk.api.endusers.deleteOne(testEnduserId)
+      }
+    } finally {
+      await sdk.api.users.deleteOne(testUser.id)
+    }
+  }
+}
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await user_portal_settings_tests({ sdk, sdkNonAdmin })
+  }
+  runTests()
+    .then(() => {
+      console.log("✅ User portalSettings test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ User portalSettings test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/tests.ts CHANGED Viewed

@@ -36,6 +36,7 @@ import {
 import { Session, APIQuery, EnduserSession } from "../sdk"
 import { enduser_observations_acknowledge_tests } from "./api_tests/enduser_observations_acknowledge.test"
+import { user_portal_settings_tests } from "./api_tests/user_portal_settings.test"
 import { integrations_redacted_tests } from "./api_tests/integrations_redacted.test"
 import { get_some_projection_tests } from "./api_tests/get_some_projection.test"
 import { mdb_sort_tests } from "./api_tests/mdb_sort.test"
@@ -76,6 +77,7 @@ import {
 import fs from "fs"
 import { load_inbox_data_tests } from "./api_tests/load_inbox_data.test";
 import { enduser_login_tests } from "./api_tests/enduser_login.test";
+import { enduser_login_rate_limits_tests } from "./api_tests/enduser_login_rate_limits.test";
 import { eom_procedure_codes_tests } from "./api_tests/eom_procedure_codes.test";
 import { cross_org_api_key_tests } from "./api_tests/cross_org_api_key.test";
 import { custom_dashboards_tests } from "./api_tests/custom_dashboards.test";
@@ -88,6 +90,14 @@ import { custom_aggregation_tests } from "./api_tests/custom_aggregation.test";
 import { chats_analytics_tests } from "./api_tests/chats_analytics.test";
 import { no_access_permission_checks_tests } from "./api_tests/no_access_permission_checks.test";
 import { field_redaction_tests } from "./api_tests/field_redaction.test";
+import { data_sync_redaction_bypass_tests } from "./api_tests/security/F-0001-data-sync-redaction-bypass.test";
+import { ai_conversations_rbac_tests } from "./api_tests/security/F-0005-ai-conversations-rbac.test";
+import { cascade_role_rename_cross_tenant_tests } from "./api_tests/security/F-0053-cascade-role-rename-cross-tenant.test";
+import { self_admin_role_assignment_tests } from "./api_tests/security/F-0076-self-admin-role-assignment.test";
+import { invite_user_enumeration_tests } from "./api_tests/security/F-0007-invite-user-enumeration.test";
+import { handle_incoming_communication_cross_tenant_tests } from "./api_tests/security/F-0008-handle-incoming-communication-cross-tenant.test";
+import { sanitize_user_html_xss_tests } from "./api_tests/security/F-0013-sanitize-user-html.test";
+import { prototype_pollution_tests } from "./api_tests/security/F-0016-prototype-pollution.test";
 import { bulk_assignment_tests } from "./api_tests/bulk_assignment.test";
 import { managed_content_enduser_access_tests } from "./api_tests/managed_content_enduser_access.test";
 import { managed_content_file_access_tests } from "./api_tests/managed_content_file_access.test";
@@ -109,6 +119,7 @@ import { set_fields_order_templates_tests } from "./api_tests/set_fields_order_t
 import { date_string_validation_tests } from "./api_tests/date_string_validation.test";
 import { enduser_session_invalidation_tests } from "./api_tests/enduser_session_invalidation.test";
 import { enduser_cross_access_isolation_tests } from "./api_tests/enduser_cross_access_isolation.test";
+import { calendar_event_webhook_template_tests } from "./api_tests/calendar_event_webhook_template.test";
 const UniquenessViolationMessage = 'Uniqueness Violation'
@@ -5092,6 +5103,7 @@ const trigger_events_api_tests = async () => {
 const automation_trigger_tests = async () => {
   log_header("Automation Trigger Tests")
+  await push_forms_to_portal_group_completion_tests({ sdk, sdkNonAdmin })
   await order_status_equals_tests()
   await set_fields_order_templates_tests({ sdk, sdkNonAdmin })
   await medication_added_trigger_tests({ sdk, sdkNonAdmin })
@@ -5102,7 +5114,6 @@ const automation_trigger_tests = async () => {
   await form_response_set_fields_trigger_tests()
   await form_response_set_fields_journey_tests()
   await appointment_completed_trigger_tests({ sdk, sdkNonAdmin })
-  await push_forms_to_portal_group_completion_tests({ sdk, sdkNonAdmin })
   await trigger_events_api_tests()
   await fields_changed_tests()
   await field_equals_trigger_tests()
@@ -14321,10 +14332,21 @@ const ip_address_form_tests = async () => {
     await replace_form_field_template_values_tests()
     await mfa_tests()
     await setup_tests(sdk, sdkNonAdmin)
+    await invite_user_enumeration_tests({ sdk, sdkNonAdmin })
+    await handle_incoming_communication_cross_tenant_tests({ sdk, sdkNonAdmin })
+    await calendar_event_webhook_template_tests({ sdk, sdkNonAdmin })
+    await outbound_chat_sent_trigger_tests({ sdk })
+    await enduser_login_rate_limits_tests({ sdk, sdkNonAdmin })
+    await data_sync_redaction_bypass_tests({ sdk, sdkNonAdmin })
+    await ai_conversations_rbac_tests({ sdk, sdkNonAdmin })
+    await cascade_role_rename_cross_tenant_tests({ sdk, sdkNonAdmin })
+    await self_admin_role_assignment_tests({ sdk, sdkNonAdmin })
+    await sanitize_user_html_xss_tests()
+    await prototype_pollution_tests()
+    await automation_trigger_tests()
     await account_switcher_tests({ sdk, sdkNonAdmin })
     await enduser_login_tests({ sdk, sdkNonAdmin })
     await outbound_chat_sent_trigger_tests({ sdk })
-    await automation_trigger_tests()
     await enduser_cross_access_isolation_tests({ sdk, sdkNonAdmin })
     await eom_procedure_codes_tests({ sdk, sdkNonAdmin })
     await cross_org_api_key_tests({ sdk, sdkNonAdmin })
@@ -14376,6 +14398,7 @@ const ip_address_form_tests = async () => {
     await inbox_threads_loading_tests()
     await load_inbox_data_tests({ sdk, sdkNonAdmin })
     await enduser_observations_acknowledge_tests({ sdk, sdkNonAdmin })
+    await user_portal_settings_tests({ sdk, sdkNonAdmin })
     await create_user_notifications_trigger_tests({ sdk })
     await group_mms_active_tests()
     await auto_reply_tests()

package/test_generated.pdf CHANGED Viewed

Binary file