abmp-npm 10.3.7 → 10.3.9

package/backend/__tests__/login-email-sync.test.js

@@ -0,0 +1,49 @@
+const { LOGIN_EMAIL_SYNC_STATUS } = require('../consts');
+const { summarizeLoginEmailOutcomes } = require('../daily-pull/utils');
+
+const { UPDATED, FAILED, SKIPPED } = LOGIN_EMAIL_SYNC_STATUS;
+
+describe('summarizeLoginEmailOutcomes', () => {
+  test('collects only FAILED outcomes as failures and failed ids', () => {
+    const outcomes = [
+      { memberId: 1, wixMemberId: 'w1', desiredEmail: 'a@x.com', status: UPDATED },
+      {
+        memberId: 2,
+        wixMemberId: 'w2',
+        desiredEmail: 'b@x.com',
+        status: FAILED,
+        error: 'duplicate',
+      },
+      { memberId: 3, status: SKIPPED, desiredEmail: 'c@x.com' },
+    ];
+
+    const { failedMemberIds, failures } = summarizeLoginEmailOutcomes(outcomes);
+
+    expect([...failedMemberIds]).toEqual([2]);
+    expect(failures).toEqual([
+      { memberId: 2, wixMemberId: 'w2', desiredEmail: 'b@x.com', error: 'duplicate' },
+    ]);
+  });
+
+  test('UPDATED and SKIPPED never produce failures (CMS email is left to advance/no-op)', () => {
+    const outcomes = [
+      { memberId: 1, status: UPDATED, desiredEmail: 'a@x.com' },
+      { memberId: 2, status: SKIPPED, desiredEmail: 'b@x.com' },
+    ];
+    const { failedMemberIds, failures } = summarizeLoginEmailOutcomes(outcomes);
+    expect(failedMemberIds.size).toBe(0);
+    expect(failures).toEqual([]);
+  });
+
+  test('defaults a missing error message', () => {
+    const { failures } = summarizeLoginEmailOutcomes([
+      { memberId: 9, wixMemberId: 'w9', desiredEmail: 'z@x.com', status: FAILED },
+    ]);
+    expect(failures[0].error).toBe('unknown error');
+  });
+
+  test('handles empty / missing input', () => {
+    expect(summarizeLoginEmailOutcomes([]).failures).toEqual([]);
+    expect(summarizeLoginEmailOutcomes().failures).toEqual([]);
+  });
+});

package/backend/__tests__/transient-retry-and-bulk-lookup.test.js

@@ -0,0 +1,129 @@
+jest.mock('../elevated-modules', () => ({
+  wixData: { query: jest.fn() },
+}));
+
+const { wixData } = require('../elevated-modules');
+const { findMembersByIds } = require('../members-data-methods');
+const { withTransientErrorRetry, isTransientNetworkError } = require('../utils');
+
+const makeQueryResult = items => ({ items, hasNext: () => false });
+
+const mockQueryReturning = find => {
+  const query = {
+    hasSome: jest.fn().mockReturnThis(),
+    limit: jest.fn().mockReturnThis(),
+    find,
+  };
+  wixData.query.mockReturnValue(query);
+  return query;
+};
+
+describe('isTransientNetworkError', () => {
+  test('matches undici "fetch failed" and common network error codes', () => {
+    expect(isTransientNetworkError(new Error('fetch failed'))).toBe(true);
+    expect(isTransientNetworkError({ message: 'request failed', code: 'ECONNRESET' })).toBe(true);
+    expect(
+      isTransientNetworkError({ message: 'fetch failed', cause: { code: 'UND_ERR_SOCKET' } })
+    ).toBe(true);
+  });
+
+  test('does not match application errors', () => {
+    expect(isTransientNetworkError(new Error('Multiple members found with memberId 1'))).toBe(
+      false
+    );
+    expect(isTransientNetworkError(new Error('WDE0025: validation failed'))).toBe(false);
+  });
+});
+
+describe('withTransientErrorRetry', () => {
+  test('retries transient failures and resolves with the eventual result', async () => {
+    const operation = jest
+      .fn()
+      .mockRejectedValueOnce(new Error('fetch failed'))
+      .mockResolvedValueOnce('ok');
+
+    await expect(withTransientErrorRetry(operation, { baseDelayMs: 1 })).resolves.toBe('ok');
+    expect(operation).toHaveBeenCalledTimes(2);
+  });
+
+  test('rethrows immediately on non-transient errors', async () => {
+    const operation = jest.fn().mockRejectedValue(new Error('validation failed'));
+
+    await expect(withTransientErrorRetry(operation, { baseDelayMs: 1 })).rejects.toThrow(
+      'validation failed'
+    );
+    expect(operation).toHaveBeenCalledTimes(1);
+  });
+
+  test('gives up after the configured number of retries', async () => {
+    const operation = jest.fn().mockRejectedValue(new Error('fetch failed'));
+
+    await expect(
+      withTransientErrorRetry(operation, { retries: 2, baseDelayMs: 1 })
+    ).rejects.toThrow('fetch failed');
+    expect(operation).toHaveBeenCalledTimes(3);
+  });
+});
+
+describe('findMembersByIds', () => {
+  beforeEach(() => {
+    wixData.query.mockReset();
+  });
+
+  test('returns a map of String(memberId) to member record', async () => {
+    mockQueryReturning(
+      jest.fn().mockResolvedValue(
+        makeQueryResult([
+          { _id: 'a', memberId: 1 },
+          { _id: 'b', memberId: 2 },
+        ])
+      )
+    );
+
+    const membersById = await findMembersByIds([1, 2, 3]);
+
+    expect(membersById.get('1')).toEqual({ _id: 'a', memberId: 1 });
+    expect(membersById.get('2')).toEqual({ _id: 'b', memberId: 2 });
+    expect(membersById.has('3')).toBe(false);
+  });
+
+  test('deduplicates input IDs and skips null/undefined before querying', async () => {
+    const query = mockQueryReturning(jest.fn().mockResolvedValue(makeQueryResult([])));
+
+    await findMembersByIds([1, 1, null, undefined, 2]);
+
+    expect(query.hasSome).toHaveBeenCalledWith('memberId', [1, 2]);
+  });
+
+  test('returns an empty map without querying when there are no IDs', async () => {
+    const membersById = await findMembersByIds([]);
+
+    expect(membersById.size).toBe(0);
+    expect(wixData.query).not.toHaveBeenCalled();
+  });
+
+  test('chunks large ID lists into multiple queries', async () => {
+    const query = mockQueryReturning(jest.fn().mockResolvedValue(makeQueryResult([])));
+    const ids = Array.from({ length: 250 }, (_, i) => i + 1);
+
+    await findMembersByIds(ids);
+
+    expect(query.hasSome).toHaveBeenCalledTimes(3);
+    expect(query.hasSome.mock.calls.map(call => call[1].length)).toEqual([100, 100, 50]);
+  });
+
+  test('throws when multiple records share the same memberId', async () => {
+    mockQueryReturning(
+      jest.fn().mockResolvedValue(
+        makeQueryResult([
+          { _id: 'a', memberId: 1 },
+          { _id: 'b', memberId: 1 },
+        ])
+      )
+    );
+
+    await expect(findMembersByIds([1])).rejects.toThrow(
+      'Multiple members found with memberId(s): [1]'
+    );
+  });
+});

package/backend/consts.js

@@ -34,6 +34,15 @@ const MEMBERSHIPS_TYPES = {
   PAC_STAFF: 'PAC STAFF',
 };
 
+/**
+ * Possible outcomes of attempting to change a Wix member's login email during the sync.
+ */
+const LOGIN_EMAIL_SYNC_STATUS = {
+  UPDATED: 'updated', // Wix login email successfully changed to the desired email
+  FAILED: 'failed', // change failed -> keep the CMS login email unchanged and report for manual handling
+  SKIPPED: 'skipped', // member has no wixMemberId, nothing to change
+};
+
 module.exports = {
   CONFIG_KEYS,
   MAX__MEMBERS_SEARCH_RESULTS,
@@ -45,4 +54,5 @@ module.exports = {
   MEMBERSHIPS_TYPES,
   SSO_TOKEN_AUTH_API_URL,
   BACKUP_API_URL,
+  LOGIN_EMAIL_SYNC_STATUS,
 };

package/backend/contacts-methods.js

@@ -28,6 +28,9 @@ async function createSiteContact(contactData) {
     },
   };
   console.log('[createSiteContact]contactInfo', JSON.stringify(contactInfo, null, 2));
+  // Intentionally NOT passing allowDuplicates: Wix CRM enforces email uniqueness
+  // case-insensitively, which is the guard we want against two different members sharing an
+  // email. Same-member cases never reach here — they collapse to a single entity upstream.
   const createContactResponse = await elevatedCreateContact(contactInfo);
   console.log(
     '[createSiteContact]createContactResponse',

package/backend/daily-pull/bulk-process-methods.js

@@ -1,8 +1,13 @@
-const { bulkSaveMembers, getMemberBySlug } = require('../members-data-methods');
+const { bulkSaveMembers, getMemberBySlug, findMembersByIds } = require('../members-data-methods');
 const { extractUrlCounter } = require('../utils');
 
 const { generateUpdatedMemberData } = require('./process-member-methods');
-const { changeWixMembersEmails, incrementUrlCounter, extractBaseUrl } = require('./utils');
+const {
+  changeWixMembersEmails,
+  summarizeLoginEmailOutcomes,
+  incrementUrlCounter,
+  extractBaseUrl,
+} = require('./utils');
 
 /**
  * Ensures unique URLs within a batch of members by deduplicating URLs
@@ -127,10 +132,18 @@ const bulkProcessAndSaveMemberData = async ({ memberDataList, currentPageNumber
   const startTime = Date.now();
 
   try {
+    // Prefetch all existing members for this page in a few chunked queries instead of
+    // one query per member — thousands of parallel lookups made the whole page fail
+    // whenever a single one hit a transient network error.
+    const existingMembersById = await findMembersByIds(
+      memberDataList.map(memberData => memberData?.memberid)
+    );
+
     const processedMemberDataPromises = memberDataList.map(memberData =>
       generateUpdatedMemberData({
         inputMemberData: memberData,
         currentPageNumber,
+        existingDbMember: existingMembersById.get(String(memberData?.memberid)) ?? null,
       })
     );
 
@@ -151,28 +164,55 @@ const bulkProcessAndSaveMemberData = async ({ memberDataList, currentPageNumber
     // Ensure unique URLs within the batch to prevent duplicates (also checks DB for cross-page conflicts)
     const uniqueUrlsNewToDBMembersList = await ensureUniqueUrlsInBatch(newMembers);
     const uniqueUrlsMembersData = [...uniqueUrlsNewToDBMembersList, ...existingMembers];
-    const toChangeWixMembersEmails = [];
+
+    // Change Wix login emails FIRST so we know which succeeded before saving the CMS records.
+    const toChangeWixMembersEmails = uniqueUrlsMembersData.filter(
+      member => member.wixMemberId && member.isLoginEmailChanged
+    );
+    let failedLoginEmailIds = new Set();
+    let loginEmailFailures = [];
+    if (toChangeWixMembersEmails.length > 0) {
+      const outcomes = await changeWixMembersEmails(toChangeWixMembersEmails);
+      ({ failedMemberIds: failedLoginEmailIds, failures: loginEmailFailures } =
+        summarizeLoginEmailOutcomes(outcomes));
+    }
+
     const toSaveMembersData = uniqueUrlsMembersData.map(member => {
-      const { isLoginEmailChanged, isNewToDb: _isNewToDb, ...restMemberData } = member;
-      if (member.wixMemberId && isLoginEmailChanged) {
-        toChangeWixMembersEmails.push(member);
+      // Transient flags only drive the sync above; never persist them.
+      const {
+        isLoginEmailChanged: _isLoginEmailChanged,
+        isNewToDb: _isNewToDb,
+        previousLoginEmail,
+        ...restMemberData
+      } = member;
+      // If the Wix login-email change failed, keep the CMS login email unchanged (revert to the
+      // previous value) so the CMS stays consistent with Wix; the failure is reported below for
+      // manual handling.
+      if (failedLoginEmailIds.has(member.memberId) && previousLoginEmail !== undefined) {
+        return { ...restMemberData, email: previousLoginEmail };
       }
-      return restMemberData; //we don't want to store the isLoginEmailChanged in the database, it's just a flag to know if we need to change the login email in Members area
+      return restMemberData;
     });
     const saveResult = await bulkSaveMembers(toSaveMembersData);
-    // Change login emails for users who was dropped but now are back to system as new members and have different loginEmail for users with action DROP
-    if (toChangeWixMembersEmails.length > 0) {
-      await changeWixMembersEmails(toChangeWixMembersEmails);
-    }
     const totalFailed = memberDataList.length - validMemberData.length;
     const processingTime = Date.now() - startTime;
 
+    if (loginEmailFailures.length > 0) {
+      console.error(
+        `[loginEmailSync] ${loginEmailFailures.length} login-email change(s) failed on page ${currentPageNumber}; CMS login email left unchanged for memberIds: [${loginEmailFailures
+          .map(failure => failure.memberId)
+          .join(', ')}]`
+      );
+    }
+
     return {
       ...saveResult,
       totalProcessed: memberDataList.length,
       totalSaved: validMemberData.length,
       totalFailed: totalFailed,
       processingTime: processingTime,
+      loginEmailFailedCount: loginEmailFailures.length,
+      loginEmailFailures,
     };
   } catch (error) {
     throw new Error(`Bulk operation failed: ${error.message}`);

package/backend/daily-pull/process-member-methods.js

@@ -58,16 +58,26 @@ const ensureUniqueUrl = async ({ url, memberId, fullName }) => {
  * @param {Object} options - The options object
  * @param {Object} options.inputMemberData - Raw member data from API
  * @param {number} options.currentPageNumber - Current page number being processed
+ * @param {Object|null} [options.existingDbMember] - Prefetched DB member (null if none exists).
+ *   Pass it when processing members in bulk to avoid one DB query per member; when omitted,
+ *   the member is looked up individually.
  * @returns {Promise<Object|null>} - Complete updated member data or null if validation fails
  */
-async function generateUpdatedMemberData({ inputMemberData, currentPageNumber }) {
+async function generateUpdatedMemberData({
+  inputMemberData,
+  currentPageNumber,
+  existingDbMember: prefetchedDbMember,
+}) {
   if (!validateCoreMemberData(inputMemberData)) {
     throw new Error(
       'Invalid member data: memberid, email (valid string), and memberships (array) are required'
     );
   }
 
-  const existingDbMember = await findMemberById(inputMemberData.memberid);
+  const existingDbMember =
+    prefetchedDbMember === undefined
+      ? await findMemberById(inputMemberData.memberid)
+      : prefetchedDbMember;
 
   const updatedMemberData = await createCoreMemberData(
     inputMemberData,
@@ -165,10 +175,12 @@ async function createCoreMemberData(inputMemberData, existingDbMember, currentPa
       newEmail &&
       existingDbMember.email !== newEmail;
     if (isMemberReinstatedWithNewEmail) {
-      // If exists in DB, and email was changed means this user was dropped before that's why it exists in DB, then only update loginEmail not contactFormEmail
+      // If exists in DB, and email was changed means this user was dropped before that's why it exists in DB, then only update loginEmail not contactFormEmail.
+      // previousLoginEmail lets the caller keep the old email if the Wix login-email change fails.
       return {
         email: newEmail,
         isLoginEmailChanged: true,
+        previousLoginEmail: existingDbMember.email,
       };
     }
     //If exists in DB but not reinstated with new email, then don't update emails

package/backend/daily-pull/utils.js

@@ -1,3 +1,4 @@
+const { LOGIN_EMAIL_SYNC_STATUS } = require('../consts');
 const { updateWixMemberLoginEmail } = require('../members-area-methods');
 const { extractUrlCounter } = require('../utils');
 
@@ -7,13 +8,49 @@ const isUpdatedMember = member => member.action !== MEMBER_ACTIONS.NONE;
 const isSiteAssociatedMember = (member, siteAssociation) =>
   member.memberships.some(membership => membership.association === siteAssociation);
 
+/**
+ * Attempts to change Wix login emails for the given members and returns one structured
+ * outcome per member (see updateWixMemberLoginEmail). Never throws for an individual member.
+ * @param {Array} toChangeWixMembersEmails
+ * @returns {Promise<Array>} outcomes
+ */
 const changeWixMembersEmails = async toChangeWixMembersEmails => {
   console.log(
-    `Changing login emails for ${toChangeWixMembersEmails.length} members with ids: [${toChangeWixMembersEmails.map(member => member.memberId).join(', ')}]`
+    `[loginEmailSync] changing login emails for ${toChangeWixMembersEmails.length} members with ids: [${toChangeWixMembersEmails.map(member => member.memberId).join(', ')}]`
   );
-  return await Promise.all(
-    toChangeWixMembersEmails.map(member => updateWixMemberLoginEmail(member, {}))
+  const outcomes = await Promise.all(
+    toChangeWixMembersEmails.map(member => updateWixMemberLoginEmail(member))
   );
+  const summary = outcomes.reduce((acc, outcome) => {
+    acc[outcome.status] = (acc[outcome.status] || 0) + 1;
+    return acc;
+  }, {});
+  console.log(`[loginEmailSync] results summary: ${JSON.stringify(summary)}`);
+  return outcomes;
+};
+
+/**
+ * Summarizes login-email sync outcomes for manual handling via the task result.
+ * Pure function so it can be unit-tested without Wix.
+ * @param {Array} outcomes - from updateWixMemberLoginEmail / changeWixMembersEmails
+ * @returns {{ failedMemberIds: Set, failures: Array }} set of failed memberIds (whose CMS login
+ *   email must be left unchanged) and the failure records to surface in the task result
+ */
+const summarizeLoginEmailOutcomes = (outcomes = []) => {
+  const failedMemberIds = new Set();
+  const failures = [];
+  outcomes.forEach(outcome => {
+    if (outcome.status === LOGIN_EMAIL_SYNC_STATUS.FAILED) {
+      failedMemberIds.add(outcome.memberId);
+      failures.push({
+        memberId: outcome.memberId,
+        wixMemberId: outcome.wixMemberId,
+        desiredEmail: outcome.desiredEmail,
+        error: outcome.error || 'unknown error',
+      });
+    }
+  });
+  return { failedMemberIds, failures };
 };
 
 const extractBaseUrl = url => {
@@ -105,6 +142,7 @@ module.exports = {
   isUpdatedMember,
   isSiteAssociatedMember,
   changeWixMembersEmails,
+  summarizeLoginEmailOutcomes,
   validateCoreMemberData,
   containsNonEnglish,
   createFullName,

package/backend/http-functions/interests.js

@@ -1,3 +1,5 @@
+const axios = require('axios');
+
 const { COLLECTIONS } = require('../../public/consts');
 const { clearCollection } = require('../cms-data-methods');
 const { CONFIG_KEYS } = require('../consts');
@@ -10,13 +12,9 @@ const getInterests = async () => {
     getSiteConfigs(CONFIG_KEYS.INTERESTS_API_URL),
     getHeaders(),
   ]);
-  const fetchOptions = {
-    method: 'get',
-    headers: headers,
-  };
   try {
-    const response = await fetch(url, fetchOptions);
-    return await response.json();
+    const response = await axios.get(url, { headers });
+    return response.data;
   } catch (e) {
     console.error('Error getting interests:', e);
     throw e;

package/backend/jobs.js

@@ -97,6 +97,20 @@ async function scheduleFixUrlsWithSpacesTask() {
   }
 }
 
+async function scheduleNormalizeMemberEmailsTask() {
+  try {
+    console.log('scheduleNormalizeMemberEmails started!');
+    return await taskManager().schedule({
+      name: TASKS_NAMES.scheduleNormalizeMemberEmails,
+      data: {},
+      type: 'scheduled',
+    });
+  } catch (error) {
+    console.error(`Failed to scheduleNormalizeMemberEmails: ${error.message}`);
+    throw new Error(`Failed to scheduleNormalizeMemberEmails: ${error.message}`);
+  }
+}
+
 async function runDailyPullExecutionCheck() {
   try {
     console.log('runDailyPullExecutionCheck started!');
@@ -126,5 +140,6 @@ module.exports = {
   scheduleCreateContactsFromMembersTask,
   scheduleFixPrimaryAddressForMembersTask,
   scheduleFixUrlsWithSpacesTask,
+  scheduleNormalizeMemberEmailsTask,
   runDailyPullExecutionCheck,
 };

package/backend/login/generate-member-session-token.js

@@ -0,0 +1,27 @@
+const { auth } = require('@wix/essentials');
+const { authentication } = require('@wix/identity');
+
+const elevatedSignOn = auth.elevate(authentication.signOn);
+
+/**
+ * Creates a Wix member session token for SSO / QA login using @wix/identity signOn (elevated).
+ * @param {string} email - Member login email
+ * @returns {Promise<string>} Session token for authentication.applySessionToken on the client
+ */
+async function generateMemberSessionToken(email) {
+  const trimmedEmail = (email || '').trim();
+  if (!trimmedEmail) {
+    throw new Error('Email is required to generate a session token');
+  }
+
+  const response = await elevatedSignOn({ email: trimmedEmail });
+  const sessionToken = response?.sessionToken;
+  if (!sessionToken) {
+    throw new Error('Failed to generate session token: empty response from signOn');
+  }
+  return sessionToken;
+}
+
+module.exports = {
+  generateMemberSessionToken,
+};

package/backend/login/index.js

@@ -1,7 +1,8 @@
-const { createLoginMethods } = require('./login-methods-factory');
-const { validateMemberToken } = require('./sso-methods');
+const { loginQAMember } = require('./qa-login-methods');
+const { validateMemberToken, authenticateSSOToken } = require('./sso-methods');
 
 module.exports = {
-  createLoginMethods,
+  loginQAMember,
   validateMemberToken,
+  authenticateSSOToken,
 };

package/backend/login/qa-login-methods.js

@@ -2,6 +2,8 @@ const { CONFIG_KEYS } = require('../consts');
 const { prepareMemberForQALogin, getQAUsers } = require('../members-data-methods');
 const { getSecret, getSiteConfigs } = require('../utils');
 
+const { generateMemberSessionToken } = require('./generate-member-session-token');
+
 const validateQAUser = async userEmail => {
   const qaUsers = await getQAUsers();
   const matchingUserEmail = qaUsers.find(user => user.email === userEmail)?.email;
@@ -16,10 +18,9 @@ const validateQAUser = async userEmail => {
  * @param {Object} params - The parameters for the login
  * @param {string} params.userEmail - The email of the user to login
  * @param {string} params.secret - The secret of the user to login
- * @param {Function} generateSessionToken - a dependency of the method, injected by the createLoginMethods function
  * @returns {Promise<Object>} The result of the login
  */
-const loginQAMember = async ({ userEmail, secret }, generateSessionToken) => {
+const loginQAMember = async ({ userEmail, secret }) => {
   try {
     const [qaSecret, allowAnyMember] = await Promise.all([
       getSecret('ABMP_QA_SECRET'),
@@ -36,7 +37,7 @@ const loginQAMember = async ({ userEmail, secret }, generateSessionToken) => {
     }
 
     const memberData = await prepareMemberForQALogin(userEmail);
-    const token = await generateSessionToken(memberData.email, qaSecret);
+    const token = await generateMemberSessionToken(memberData.email);
     return {
       success: true,
       token,

package/backend/login/sso-methods.js

@@ -1,5 +1,6 @@
 const { createHmac } = require('crypto');
 
+const axios = require('axios');
 const { decode } = require('jwt-js-decode');
 
 const { CONFIG_KEYS, SSO_TOKEN_AUTH_API_URL } = require('../consts');
@@ -14,6 +15,8 @@ const {
   getSecret,
 } = require('../utils');
 
+const { generateMemberSessionToken } = require('./generate-member-session-token');
+
 /**
  * Validates member token and retrieves member data
  * @param {string} memberIdInput - The member ID to validate
@@ -91,17 +94,16 @@ async function checkAndFetchSSO(token) {
   const SSO_TOKEN_AUTH_API_KEY = await getSecret('SSO_TOKEN_AUTH_API_KEY');
   const signature = createHmac('sha256', SSO_TOKEN_AUTH_API_KEY).update(token).digest('hex');
   const professionalassistcorpUrl = `${SSO_TOKEN_AUTH_API_URL}/eweb/SSOToken.ashx?token=${token}&Partner=Wix&Signature=${signature}`;
-  const options = {
-    method: 'get',
-  };
   try {
-    const httpResponse = await fetch(professionalassistcorpUrl, options);
+    const httpResponse = await axios.get(professionalassistcorpUrl, {
+      transformResponse: [d => d],
+      validateStatus: () => true,
+    });
     console.log('httpResponse status', httpResponse.status);
-    if (!httpResponse.ok) {
+    if (httpResponse.status < 200 || httpResponse.status >= 300) {
       throw new Error('Fetch did not succeed with status: ' + httpResponse.status);
     }
-    const responseToken = await httpResponse.text();
-    return responseToken;
+    return httpResponse.data;
   } catch (error) {
     console.error('Error in checkAndFetchSSO', error);
     return null;
@@ -112,10 +114,9 @@ async function checkAndFetchSSO(token) {
  * Authenticate an SSO token
  * @param {Object} params - The parameters for the authentication
  * @param {string} params.token - The token to authenticate
- * @param {Function} generateSessionToken - a dependency of the method, injected by the createLoginMethods function
  * @returns {Promise<Object>} The result of the authentication
  */
-const authenticateSSOToken = async ({ token }, generateSessionToken) => {
+const authenticateSSOToken = async ({ token }) => {
   const responseToken = await checkAndFetchSSO(token);
   const isValidToken = Boolean(
     responseToken && typeof responseToken === 'string' && responseToken?.trim()
@@ -135,7 +136,7 @@ const authenticateSSOToken = async ({ token }, generateSessionToken) => {
     const payload = jwt.payload;
     const memberData = await prepareMemberForSSOLogin(payload);
     console.log('memberDataCollectionId', memberData._id);
-    const sessionToken = await generateSessionToken(memberData.email);
+    const sessionToken = await generateMemberSessionToken(memberData.email);
     const authObj = {
       type: 'success',
       memberId: memberData._id,

package/backend/member-contact-orchestration.js

@@ -2,6 +2,8 @@
  * Orchestrates syncing between Wix Members and CRM Contacts.
  * Returns member data to save; caller does a single updateMember to avoid double-write.
  */
+const { emailsMatch } = require('../public/Utils/sharedUtils');
+
 const { createSiteContact, updateContactInfo, deleteSiteContact } = require('./contacts-methods');
 
 /**
@@ -18,7 +20,10 @@ async function updateContactEmail(newContactEmail, existingMemberData) {
 
   const { wixContactId, wixMemberId, email: loginEmail } = existingMemberData;
   const isSingleEntity = wixContactId === wixMemberId;
-  const contactEmailDiffersFromLogin = loginEmail !== newContactEmail;
+  // Compare case-insensitively: Wix CRM enforces email uniqueness without regard to case,
+  // so a contact email that equals the login email (e.g. different casing) must collapse to
+  // a single entity rather than attempt a duplicate contact write.
+  const contactEmailDiffersFromLogin = !emailsMatch(loginEmail, newContactEmail);
 
   if (!contactEmailDiffersFromLogin) {
     if (isSingleEntity) {