abmp-npm 10.3.7 → 10.3.9

package/backend/members-area-methods.js

@@ -1,8 +1,13 @@
 const { auth } = require('@wix/essentials');
 const { members, authentication } = require('@wix/members');
+
+const { LOGIN_EMAIL_SYNC_STATUS } = require('./consts');
+
 const elevatedCreateMember = auth.elevate(members.createMember);
 const elevatedChangeLoginEmail = auth.elevate(authentication.changeLoginEmail);
 
+const LOG = '[loginEmailSync]';
+
 function prepareMemberData(partner) {
   const options = {
     member: {
@@ -37,48 +42,42 @@ const getCurrentMember = async () => {
 };
 
 /**
- * Updates Wix member login email if the member has a wixMemberId (registered Wix member)
- * @param {Object} member - Member object with wixMemberId and email
- * @param {Object} result - Result object to track Wix member updates
+ * Attempts to change a Wix member's login email to `member.email` and reports a structured
+ * outcome instead of swallowing failures. Never throws.
+ *
+ * Outcomes:
+ *  - SKIPPED: member has no wixMemberId, nothing to change.
+ *  - UPDATED: Wix login email changed successfully.
+ *  - FAILED:  change failed. The caller keeps the CMS login email unchanged (so it stays
+ *             consistent with Wix) and reports the member in the task result for manual handling.
+ *
+ * @param {Object} member - Member with { memberId, wixMemberId, email }
+ * @returns {Promise<Object>} outcome
  */
-async function updateWixMemberLoginEmail(member, result = {}) {
+async function updateWixMemberLoginEmail(member) {
+  const desiredEmail = member.email;
+  const base = { memberId: member.memberId, wixMemberId: member.wixMemberId, desiredEmail };
+
   if (!member.wixMemberId) {
-    console.log(`Member ${member.memberId} has no wixMemberId - skipping Wix login email update`);
-    return;
+    console.log(`${LOG} member ${member.memberId} has no wixMemberId - skipping`);
+    return { ...base, status: LOGIN_EMAIL_SYNC_STATUS.SKIPPED };
   }
 
-  try {
-    console.log(
-      `Updating Wix login email for member ${member.memberId} (wixMemberId: ${member.wixMemberId})`
-    );
-
-    const updatedWixMember = await elevatedChangeLoginEmail(member.wixMemberId, member.email);
+  console.log(
+    `${LOG} attempting login-email change for member ${member.memberId} (wixMemberId: ${member.wixMemberId}) -> ${desiredEmail}`
+  );
 
+  try {
+    const updatedWixMember = await elevatedChangeLoginEmail(member.wixMemberId, desiredEmail);
     console.log(
-      `✅ Successfully updated Wix login email for member ${member.memberId}: ${updatedWixMember.loginEmail}`
+      `${LOG} ✅ updated member ${member.memberId} (wixMemberId: ${member.wixMemberId}) -> ${updatedWixMember.loginEmail}`
     );
-
-    if (!result.wixMemberUpdates) {
-      result.wixMemberUpdates = { successful: 0, failed: 0 };
-    }
-    result.wixMemberUpdates.successful++;
+    return { ...base, status: LOGIN_EMAIL_SYNC_STATUS.UPDATED };
   } catch (error) {
-    console.error(`❌ Failed to update Wix login email for member ${member.memberId}:`, error);
-
-    if (!result.wixMemberUpdates) {
-      result.wixMemberUpdates = { successful: 0, failed: 0 };
-    }
-    result.wixMemberUpdates.failed++;
-
-    if (!result.wixMemberErrors) {
-      result.wixMemberErrors = [];
-    }
-    result.wixMemberErrors.push({
-      memberId: member.memberId,
-      wixMemberId: member.wixMemberId,
-      email: member.email,
-      error: error.message,
-    });
+    console.error(
+      `${LOG} ❌ login-email change failed for member ${member.memberId} (wixMemberId: ${member.wixMemberId}) -> ${desiredEmail}: ${error.message}`
+    );
+    return { ...base, status: LOGIN_EMAIL_SYNC_STATUS.FAILED, error: error.message };
   }
 }
 

package/backend/members-data-methods.js

@@ -1,5 +1,5 @@
 const { COLLECTIONS } = require('../public/consts');
-const { isWixHostedImage } = require('../public/Utils/sharedUtils');
+const { isWixHostedImage, emailsMatch, normalizeEmail } = require('../public/Utils/sharedUtils');
 
 const { MEMBERSHIPS_TYPES } = require('./consts');
 const { createSiteContact } = require('./contacts-methods');
@@ -15,6 +15,7 @@ const {
   generateGeoHash,
   searchAllItems,
   runIf,
+  withTransientErrorRetry,
 } = require('./utils');
 
 /**
@@ -35,7 +36,42 @@ async function findMemberByWixDataId(memberId) {
 }
 
 const hasDifferentEmails = memberData =>
-  memberData.contactFormEmail && memberData.contactFormEmail !== memberData.email;
+  Boolean(memberData.contactFormEmail) &&
+  !emailsMatch(memberData.contactFormEmail, memberData.email);
+
+/**
+ * Returns a shallow copy of a member record with its email fields normalized
+ * (lowercased + trimmed). Wix CRM and our uniqueness checks treat emails
+ * case-insensitively, so we persist them in canonical form to keep `.eq` lookups
+ * reliable. Only rewrites string values that are actually present.
+ * @param {Object} memberData
+ * @returns {Object}
+ */
+const normalizeMemberEmailFields = memberData => {
+  if (!memberData || typeof memberData !== 'object') return memberData;
+  const normalized = { ...memberData };
+  if (typeof normalized.email === 'string') {
+    normalized.email = normalizeEmail(normalized.email);
+  }
+  if (typeof normalized.contactFormEmail === 'string') {
+    normalized.contactFormEmail = normalizeEmail(normalized.contactFormEmail);
+  }
+  return normalized;
+};
+
+/**
+ * Whether a member's stored email fields are not already in canonical form
+ * (lowercased + trimmed) and therefore need the normalization backfill.
+ * @param {Object} member
+ * @returns {boolean}
+ */
+const memberNeedsEmailNormalization = member =>
+  (typeof member.email === 'string' &&
+    member.email.length > 0 &&
+    member.email !== normalizeEmail(member.email)) ||
+  (typeof member.contactFormEmail === 'string' &&
+    member.contactFormEmail.length > 0 &&
+    member.contactFormEmail !== normalizeEmail(member.contactFormEmail));
 
 async function createContactAndMemberIfNew(memberData) {
   if (!memberData) {
@@ -97,8 +133,14 @@ async function bulkSaveMembers(memberDataList, collectionName = COLLECTIONS.MEMB
   }
 
   try {
+    // Normalize email fields only for the members collection; other collections passed here
+    // (e.g. staging copies) don't have these fields and must be saved untouched.
+    const listToSave =
+      collectionName === COLLECTIONS.MEMBERS_DATA
+        ? memberDataList.map(normalizeMemberEmailFields)
+        : memberDataList;
     // bulkSave all with batches of 1000 items as this is the Velo limit for bulkSave
-    const batches = chunkArray(memberDataList, 1000);
+    const batches = chunkArray(listToSave, 1000);
     return await Promise.all(batches.map(batch => wixData.bulkSave(collectionName, batch)));
   } catch (error) {
     console.error('Error bulk saving members:', error);
@@ -117,11 +159,9 @@ async function findMemberById(memberId) {
   }
 
   try {
-    const queryResult = await wixData
-      .query(COLLECTIONS.MEMBERS_DATA)
-      .eq('memberId', memberId)
-      .limit(2)
-      .find();
+    const queryResult = await withTransientErrorRetry(() =>
+      wixData.query(COLLECTIONS.MEMBERS_DATA).eq('memberId', memberId).limit(2).find()
+    );
     if (queryResult.items.length > 1) {
       throw new Error(
         `Multiple members found with memberId ${memberId} members _ids are : [${queryResult.items.map(member => member._id).join(', ')}]`
@@ -134,6 +174,51 @@ async function findMemberById(memberId) {
   }
 }
 
+/**
+ * Retrieves existing members for a list of member IDs in bulk.
+ * Uses chunked `hasSome` queries so a full page of members costs a handful of
+ * requests instead of one query per member (the per-member fan-out made a whole
+ * page fail whenever a single query hit a transient "fetch failed").
+ * @param {Array<string|number>} memberIds - Member IDs to look up
+ * @returns {Promise<Map<string, Object>>} - Map of String(memberId) to member record (missing IDs are absent)
+ */
+async function findMembersByIds(memberIds) {
+  const uniqueIds = [...new Set((memberIds || []).filter(id => id !== undefined && id !== null))];
+  const membersById = new Map();
+  if (uniqueIds.length === 0) {
+    return membersById;
+  }
+
+  try {
+    const idChunks = chunkArray(uniqueIds, 100);
+    const chunkResults = await Promise.all(
+      idChunks.map(idsChunk =>
+        withTransientErrorRetry(() =>
+          queryAllItems(
+            wixData.query(COLLECTIONS.MEMBERS_DATA).hasSome('memberId', idsChunk).limit(1000)
+          )
+        )
+      )
+    );
+
+    const duplicateIds = new Set();
+    chunkResults.flat().forEach(member => {
+      const key = String(member.memberId);
+      if (membersById.has(key)) {
+        duplicateIds.add(key);
+      }
+      membersById.set(key, member);
+    });
+    if (duplicateIds.size > 0) {
+      throw new Error(`Multiple members found with memberId(s): [${[...duplicateIds].join(', ')}]`);
+    }
+    return membersById;
+  } catch (error) {
+    console.error('Error finding members by IDs:', error);
+    throw new Error(`Failed to retrieve member data: ${error.message}`);
+  }
+}
+
 /**
  * Method to get member by slug with flexible filtering options
  * @param {Object} options - Query options
@@ -244,24 +329,48 @@ const getAllEmptyAboutYouMembers = async () => {
  */
 async function updateMember(memberToUpdate) {
   try {
-    const updatedMember = await wixData.update(COLLECTIONS.MEMBERS_DATA, memberToUpdate);
+    const updatedMember = await wixData.update(
+      COLLECTIONS.MEMBERS_DATA,
+      normalizeMemberEmailFields(memberToUpdate)
+    );
     return updatedMember;
   } catch (error) {
     throw new Error(`Failed to update member data: ${error.message}`);
   }
 }
+/**
+ * Whether the given email is already used by a DIFFERENT member (case-insensitive).
+ * Returns false when the email is free or belongs to the same member, so a member can
+ * always keep/normalize their own email.
+ * @param {string} email
+ * @param {string|number} memberId - The member requesting the change
+ * @returns {Promise<boolean>}
+ */
 async function isEmailAlreadyUsed(email, memberId) {
   const member = await getMemberByContactEmail(email);
-  return member !== null && member.memberId !== memberId;
+  return member !== null && String(member.memberId) !== String(memberId);
 }
+/**
+ * Finds the member that owns an email (in either the login or contact-form field),
+ * matching case-insensitively. Emails are normalized (lowercased + trimmed) on write and
+ * backfilled by the email-normalization migration, so stored values are canonical: a single
+ * `.eq` against the normalized email is an exact, case-insensitive lookup.
+ * Throws if two DIFFERENT members share the email (a data-integrity violation).
+ * @param {string} email
+ * @returns {Promise<Object|null>}
+ */
 async function getMemberByContactEmail(email) {
+  const normalized = normalizeEmail(email);
+  if (!normalized) return null;
+
   const members = await wixData
     .query(COLLECTIONS.MEMBERS_DATA)
-    .eq('contactFormEmail', email)
-    .or(wixData.query(COLLECTIONS.MEMBERS_DATA).eq('email', email))
+    .eq('contactFormEmail', normalized)
+    .or(wixData.query(COLLECTIONS.MEMBERS_DATA).eq('email', normalized))
     .limit(2)
     .find()
     .then(res => res.items);
+
   if (members.length > 1) {
     throw new Error(
       `[getMemberByContactEmail] Multiple members found with same loginemail or contactFormEmail ${email} membersIds are : [${members.map(member => member.memberId).join(', ')}]`
@@ -451,6 +560,29 @@ const getAllMembersWithoutContactFormEmail = async () => {
   }
 };
 
+/**
+ * Gets all members whose email or contactFormEmail is stored with non-canonical casing
+ * (or surrounding whitespace) and therefore needs the normalization backfill.
+ * Wix Data cannot compare a field to its own lowercase form, so we fetch members that have
+ * an email set and filter in memory.
+ * @returns {Promise<Array>} - Array of member data
+ */
+const getAllMembersNeedingEmailNormalization = async () => {
+  try {
+    const membersQuery = wixData
+      .query(COLLECTIONS.MEMBERS_DATA)
+      .isNotEmpty('email')
+      .or(wixData.query(COLLECTIONS.MEMBERS_DATA).isNotEmpty('contactFormEmail'))
+      .limit(1000);
+
+    const allItems = await queryAllItems(membersQuery);
+    return allItems.filter(memberNeedsEmailNormalization);
+  } catch (error) {
+    console.error('Error getting members needing email normalization:', error);
+    throw new Error(`Failed to get members needing email normalization: ${error.message}`);
+  }
+};
+
 /* Gets all updated login emails from the updated emails database
  * @returns {Promise<Array>} - Array of updated email data
  */
@@ -488,9 +620,13 @@ const getMembersByIds = async memberIds => {
 
 const getMemberByEmail = async email => {
   try {
+    // Login emails are normalized on write, so match against the normalized value (see
+    // getMemberByContactEmail) — an exact `.eq` is a case-insensitive lookup.
+    const normalized = normalizeEmail(email);
+    if (!normalized) return null;
     const members = await wixData
       .query(COLLECTIONS.MEMBERS_DATA)
-      .eq('email', email)
+      .eq('email', normalized)
       .limit(2)
       .find()
       .then(res => res.items);
@@ -631,6 +767,7 @@ module.exports = {
   saveRegistrationData,
   bulkSaveMembers,
   findMemberById,
+  findMembersByIds,
   getMemberBySlug,
   getCMSMemberByWixMemberId,
   getAllEmptyAboutYouMembers,
@@ -638,6 +775,8 @@ module.exports = {
   getAllMembersWithExternalImages,
   getMembersWithWixUrl,
   getAllMembersWithoutContactFormEmail,
+  getAllMembersNeedingEmailNormalization,
+  memberNeedsEmailNormalization,
   getAllUpdatedLoginEmails,
   getMembersByIds,
   getMemberByEmail,

package/backend/pac-api-methods.js

@@ -1,3 +1,5 @@
+const axios = require('axios');
+
 const { PAC_API_URL, TEST_PAC_API_URL, BACKUP_API_URL } = require('./consts');
 const { getSecret } = require('./utils');
 
@@ -31,24 +33,22 @@ const fetchPACMembers = async ({ page, action, backupDate, isTestEnvironment })
   const url = `${baseUrl}/Members?${new URLSearchParams(queryParams).toString()}`;
   console.log(`Fetching PAC members from:  ${url}`);
   const headers = await getHeaders();
-  const fetchOptions = {
-    method: 'get',
-    headers: headers,
-  };
-  const response = await fetch(url, fetchOptions);
-  const responseType = response.headers.get('content-type');
+  const response = await axios.get(url, {
+    headers,
+    validateStatus: () => true,
+  });
+  const responseType = response.headers['content-type'] || '';
   if (!responseType.includes('application/json')) {
     const errorMessage = `[fetchPACMembers] got invalid responseType: ${responseType} for page ${page} and actionFilter ${action}`;
     console.error(errorMessage);
     throw new Error(errorMessage);
   }
-  if (response.ok) {
-    return response.json();
-  } else {
-    const errorMessage = `[fetchPACMembers] failed with status ${response.status} for page ${page} and actionFilter ${action}`;
-    console.error(errorMessage);
-    throw new Error(errorMessage);
+  if (response.status >= 200 && response.status < 300) {
+    return response.data;
   }
+  const errorMessage = `[fetchPACMembers] failed with status ${response.status} for page ${page} and actionFilter ${action}`;
+  console.error(errorMessage);
+  throw new Error(errorMessage);
 };
 
 module.exports = { fetchPACMembers, getHeaders }; //TODO: remove getHeaders from exported methods once npm movement finishes

package/backend/tasks/consts.js

@@ -22,6 +22,8 @@ const TASKS_NAMES = {
   fixPrimaryAddressChunk: 'fixPrimaryAddressChunk',
   scheduleFixUrlsWithSpaces: 'scheduleFixUrlsWithSpaces',
   fixUrlsWithSpacesChunk: 'fixUrlsWithSpacesChunk',
+  scheduleNormalizeMemberEmails: 'scheduleNormalizeMemberEmails',
+  normalizeMemberEmailsChunk: 'normalizeMemberEmailsChunk',
   dailyPullExecutionCheck: 'dailyPullExecutionCheck',
 };
 

package/backend/tasks/email-normalize-methods.js

@@ -0,0 +1,134 @@
+const { taskManager } = require('psdev-task-manager');
+
+const {
+  bulkSaveMembers,
+  getMembersByIds,
+  getAllMembersNeedingEmailNormalization,
+  memberNeedsEmailNormalization,
+} = require('../members-data-methods');
+const { chunkArray } = require('../utils');
+
+const { TASKS_NAMES } = require('./consts');
+
+const CHUNK_SIZE = 1000;
+
+/**
+ * One-off backfill: schedules tasks to normalize (lowercase + trim) the email and
+ * contactFormEmail fields of existing members so stored values match the normalize-on-write
+ * behavior, keeping case-insensitive uniqueness lookups reliable.
+ */
+async function scheduleNormalizeMemberEmails() {
+  console.log('=== Scheduling Member Email Normalization ===');
+
+  try {
+    const members = await getAllMembersNeedingEmailNormalization();
+    console.log(`Fetched ${members.length} members needing email normalization`);
+
+    const memberIds = [
+      ...new Set(
+        members
+          .map(member => Number(member.memberId))
+          .filter(memberId => Number.isFinite(memberId) && memberId > 0)
+      ),
+    ];
+    console.log(`Members to normalize: ${memberIds.length}`);
+
+    if (memberIds.length === 0) {
+      console.log('No members need email normalization');
+      return {
+        success: true,
+        message: 'No members need email normalization',
+        totalMembers: 0,
+        tasksScheduled: 0,
+      };
+    }
+
+    const chunks = chunkArray(memberIds, CHUNK_SIZE);
+    for (let i = 0; i < chunks.length; i++) {
+      const chunk = chunks[i];
+      const task = {
+        name: TASKS_NAMES.normalizeMemberEmailsChunk,
+        data: {
+          memberIds: chunk,
+          chunkIndex: i,
+          totalChunks: chunks.length,
+        },
+        type: 'scheduled',
+      };
+      await taskManager().schedule(task);
+      console.log(`Scheduled task ${i + 1}/${chunks.length} (${chunk.length} members)`);
+    }
+
+    const result = {
+      success: true,
+      message: `Scheduled ${chunks.length} tasks for ${memberIds.length} members`,
+      totalMembers: memberIds.length,
+      tasksScheduled: chunks.length,
+    };
+
+    console.log('=== Scheduling Complete ===');
+    console.log(JSON.stringify(result, null, 2));
+
+    return result;
+  } catch (error) {
+    console.error('Error scheduling member email normalization:', error);
+    throw error;
+  }
+}
+
+/**
+ * Processes a chunk of members, normalizing their email fields.
+ * bulkSaveMembers normalizes on write, so we only need to select the members that still
+ * have non-canonical values and save them.
+ */
+async function normalizeMemberEmailsChunk(data) {
+  const { memberIds, chunkIndex, totalChunks } = data;
+  console.log(
+    `Processing email normalization chunk ${chunkIndex + 1}/${totalChunks} (${memberIds.length} members)`
+  );
+
+  const result = {
+    successful: 0,
+    failed: 0,
+    skipped: 0,
+    errors: [],
+    failedIds: [],
+  };
+
+  try {
+    const members = await getMembersByIds(memberIds);
+    console.log(`Loaded ${members.length} members for this chunk`);
+
+    const membersToUpdate = members.filter(memberNeedsEmailNormalization);
+    result.skipped = members.length - membersToUpdate.length;
+
+    if (membersToUpdate.length === 0) {
+      console.log('No members need updating in this batch');
+      return result;
+    }
+
+    try {
+      await bulkSaveMembers(membersToUpdate);
+      result.successful += membersToUpdate.length;
+      console.log(`✅ Successfully normalized ${membersToUpdate.length} members`);
+    } catch (error) {
+      console.error('❌ Error bulk saving members:', error);
+      result.failed += membersToUpdate.length;
+      result.failedIds.push(...membersToUpdate.map(member => member.memberId));
+      result.errors.push({
+        error: error.message,
+        memberCount: membersToUpdate.length,
+      });
+    }
+
+    return result;
+  } catch (error) {
+    console.error(`Error processing email normalization chunk ${chunkIndex}:`, error);
+    throw error;
+  }
+}
+
+module.exports = {
+  scheduleNormalizeMemberEmails,
+  normalizeMemberEmailsChunk,
+};

package/backend/tasks/tasks-configs.js

@@ -10,6 +10,10 @@ const {
 } = require('./address-primary-methods');
 const { TASKS_NAMES } = require('./consts');
 const { dailyPullExecutionCheck } = require('./daily-pull-check-methods');
+const {
+  scheduleNormalizeMemberEmails,
+  normalizeMemberEmailsChunk,
+} = require('./email-normalize-methods');
 const {
   scheduleTaskForEmptyAboutYouMembers,
   convertAboutYouHtmlToRichContent,
@@ -203,6 +207,20 @@ const TASKS = {
     shouldSkipCheck: () => false,
     estimatedDurationSec: 80,
   },
+  [TASKS_NAMES.scheduleNormalizeMemberEmails]: {
+    name: TASKS_NAMES.scheduleNormalizeMemberEmails,
+    getIdentifier: () => 'SHOULD_NEVER_SKIP',
+    process: scheduleNormalizeMemberEmails,
+    shouldSkipCheck: () => false,
+    estimatedDurationSec: 80,
+  },
+  [TASKS_NAMES.normalizeMemberEmailsChunk]: {
+    name: TASKS_NAMES.normalizeMemberEmailsChunk,
+    getIdentifier: task => task.data,
+    process: normalizeMemberEmailsChunk,
+    shouldSkipCheck: () => false,
+    estimatedDurationSec: 80,
+  },
   [TASKS_NAMES.dailyPullExecutionCheck]: {
     name: TASKS_NAMES.dailyPullExecutionCheck,
     getIdentifier: task => task.data,

package/backend/tasks/tasks-helpers-methods.js

@@ -103,23 +103,23 @@ async function updateMemberRichContent(memberId) {
     content: htmlString,
   });
 
-  const requestOptions = {
-    method: 'post',
-    headers: {
-      'Content-Type': 'application/json',
-      Cookie: 'XSRF-TOKEN=1753949844|p--a7HsuVjR4',
-      Authorization: 'Bearer ' + (await getServerlessAuth()),
-    },
-    body: raw,
+  const requestHeaders = {
+    'Content-Type': 'application/json',
+    Cookie: 'XSRF-TOKEN=1753949844|p--a7HsuVjR4',
+    Authorization: 'Bearer ' + (await getServerlessAuth()),
   };
 
   try {
-    const response = await fetch(
+    const response = await axios.post(
       'https://www.wixapis.com/data-sync/v1/abmp-content-converter',
-      requestOptions
+      raw,
+      {
+        headers: requestHeaders,
+        validateStatus: () => true,
+      }
     );
-    if (response.ok) {
-      const data = await response.json();
+    if (response.status >= 200 && response.status < 300) {
+      const data = response.data;
       const updatedMember = {
         ...member,
         aboutYourSelf: data.richContent.richContent,
@@ -358,9 +358,13 @@ async function uploadMembersSitemap({ members, tokens, destinationFileName, site
 
   const url = `https://${host}${pathName}`;
   console.log('url', url);
-  const res = await fetch(url, { method, headers: reqOpts.headers, body });
-  if (!res.ok) {
-    const respText = await res.text();
+  const res = await axios.put(url, body, {
+    headers: reqOpts.headers,
+    transformResponse: [d => d],
+    validateStatus: () => true,
+  });
+  if (res.status < 200 || res.status >= 300) {
+    const respText = res.data;
     console.log('Response body', respText);
     throw new Error(`S3 PUT failed ${res.status} ${res.statusText}: ${respText}`);
   }
@@ -391,13 +395,13 @@ async function stsPost(body, baseAccessKeyId, baseSecretAccessKey) {
     accessKeyId: baseAccessKeyId,
     secretAccessKey: baseSecretAccessKey,
   });
-  const res = await fetch(`https://${host}${path}`, {
-    method,
+  const res = await axios.post(`https://${host}${path}`, body, {
     headers: reqOpts.headers,
-    body,
+    transformResponse: [d => d],
+    validateStatus: () => true,
   });
-  const text = await res.text();
-  if (!res.ok) throw new Error(`STS ${res.status}: ${text}`);
+  const text = res.data;
+  if (res.status < 200 || res.status >= 300) throw new Error(`STS ${res.status}: ${text}`);
 
   const accessKeyId = parseXmlVal(text, 'AccessKeyId');
   const secretAccessKey = parseXmlVal(text, 'SecretAccessKey');