backend-manager 5.9.4 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (251) hide show
  1. package/CLAUDE.md +6 -0
  2. package/package.json +8 -1
  3. package/src/cli/commands/install.js +4 -3
  4. package/src/cli/commands/setup-tests/backend-manager.js +2 -1
  5. package/src/cli/commands/setup-tests/firebase-admin.js +2 -1
  6. package/src/cli/commands/setup-tests/firebase-functions.js +2 -1
  7. package/src/cli/utils/safe-install.js +13 -0
  8. package/src/manager/routes/payments/cancel/post.js +22 -2
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  13. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  20. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  21. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  22. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  23. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  24. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  25. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  26. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  27. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  28. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  29. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  30. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  31. package/src/test/test-accounts.js +9 -0
  32. package/.codeclimate.yml +0 -32
  33. package/.nvmrc +0 -1
  34. package/CHANGELOG.md +0 -1432
  35. package/PROGRESS.md +0 -86
  36. package/TODO-2.md +0 -121
  37. package/TODO-CHARGEBLAST.md +0 -32
  38. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  39. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  40. package/TODO-email-auth.md +0 -14
  41. package/TODO.md +0 -187
  42. package/plans/mcp2.md +0 -247
  43. package/scripts/test-helper-providers.js +0 -162
  44. package/scripts/update-disposable-domains.js +0 -44
  45. package/templates/_.env +0 -42
  46. package/templates/_.gitignore +0 -60
  47. package/templates/backend-manager-config.json +0 -249
  48. package/templates/database.rules.json +0 -83
  49. package/templates/firebase.json +0 -66
  50. package/templates/firestore.indexes.json +0 -4
  51. package/templates/firestore.rules +0 -112
  52. package/templates/public/404.html +0 -26
  53. package/templates/public/index.html +0 -24
  54. package/templates/remoteconfig.template.json +0 -1
  55. package/templates/storage-lifecycle-config-1-day.json +0 -9
  56. package/templates/storage-lifecycle-config-30-days.json +0 -9
  57. package/templates/storage.rules +0 -8
  58. package/test/_init/accounts-validation.js +0 -58
  59. package/test/_legacy/ai/index.js +0 -231
  60. package/test/_legacy/ai/test.jpg +0 -0
  61. package/test/_legacy/ai/test.pdf +0 -0
  62. package/test/_legacy/index.js +0 -31
  63. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  64. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  66. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  67. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  68. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  69. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  70. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  71. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  72. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  73. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  74. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  75. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  76. package/test/_legacy/payment-resolver/index.js +0 -1558
  77. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  78. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  84. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  85. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  86. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  87. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  88. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  89. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  90. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  91. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  92. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  94. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  95. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  96. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  97. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  98. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  99. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  100. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  101. package/test/_legacy/test-new +0 -1178
  102. package/test/_legacy/test.md +0 -89
  103. package/test/_legacy/usage.js +0 -175
  104. package/test/_legacy/user.js +0 -31
  105. package/test/ai/tools-live.js +0 -170
  106. package/test/boot/emulator-boots.js +0 -37
  107. package/test/content/blog-generate.js +0 -160
  108. package/test/email/campaign-send.js +0 -45
  109. package/test/email/consent-lifecycle.js +0 -257
  110. package/test/email/feedback-and-plain-send.js +0 -52
  111. package/test/email/fixtures/editorial.json +0 -30
  112. package/test/email/fixtures/field-report.json +0 -53
  113. package/test/email/marketing-lifecycle.js +0 -132
  114. package/test/email/newsletter-generate.js +0 -819
  115. package/test/email/newsletter-templates.js +0 -491
  116. package/test/email/templates.js +0 -207
  117. package/test/email/transactional-send.js +0 -34
  118. package/test/email/transactional.js +0 -560
  119. package/test/email/validation.js +0 -710
  120. package/test/events/auth-delete-race.js +0 -201
  121. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  122. package/test/events/payments/journey-payments-cancel.js +0 -182
  123. package/test/events/payments/journey-payments-discount.js +0 -89
  124. package/test/events/payments/journey-payments-failure.js +0 -146
  125. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  126. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  127. package/test/events/payments/journey-payments-one-time.js +0 -136
  128. package/test/events/payments/journey-payments-plan-change.js +0 -144
  129. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  130. package/test/events/payments/journey-payments-suspend.js +0 -181
  131. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  132. package/test/events/payments/journey-payments-trial.js +0 -171
  133. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  134. package/test/events/payments/journey-payments-upgrade.js +0 -135
  135. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  136. package/test/fixtures/chargebee/subscription-active.json +0 -44
  137. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  138. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  139. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  140. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  141. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  142. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  143. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  144. package/test/fixtures/paypal/order-approved.json +0 -62
  145. package/test/fixtures/paypal/order-completed.json +0 -110
  146. package/test/fixtures/paypal/subscription-active.json +0 -76
  147. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  148. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  149. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  150. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  151. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  152. package/test/fixtures/stripe/subscription-active.json +0 -161
  153. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  154. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  155. package/test/functions/admin/database-read.js +0 -134
  156. package/test/functions/admin/database-write.js +0 -159
  157. package/test/functions/admin/edit-post.js +0 -366
  158. package/test/functions/admin/firestore-query.js +0 -207
  159. package/test/functions/admin/firestore-read.js +0 -129
  160. package/test/functions/admin/firestore-write.js +0 -105
  161. package/test/functions/admin/get-stats.js +0 -115
  162. package/test/functions/admin/send-email.js +0 -119
  163. package/test/functions/admin/send-notification.js +0 -208
  164. package/test/functions/admin/write-repo-content.js +0 -223
  165. package/test/functions/general/add-marketing-contact.js +0 -335
  166. package/test/functions/general/fetch-post.js +0 -54
  167. package/test/functions/general/generate-uuid.js +0 -114
  168. package/test/functions/test/authenticate.js +0 -64
  169. package/test/functions/user/create-custom-token.js +0 -73
  170. package/test/functions/user/delete.js +0 -135
  171. package/test/functions/user/get-active-sessions.js +0 -111
  172. package/test/functions/user/get-subscription-info.js +0 -99
  173. package/test/functions/user/regenerate-api-keys.js +0 -156
  174. package/test/functions/user/resolve.js +0 -52
  175. package/test/functions/user/sign-out-all-sessions.js +0 -94
  176. package/test/functions/user/sign-up.js +0 -252
  177. package/test/functions/user/submit-feedback.js +0 -104
  178. package/test/functions/user/validate-settings.js +0 -82
  179. package/test/helpers/ai-request-payload.js +0 -300
  180. package/test/helpers/ai-test-provider.js +0 -202
  181. package/test/helpers/ai-tools-format.js +0 -383
  182. package/test/helpers/content/blog-auto-publisher.js +0 -484
  183. package/test/helpers/content/feed-parser.js +0 -528
  184. package/test/helpers/content/ghostii-blocks.js +0 -134
  185. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  186. package/test/helpers/content/ghostii-write-article.js +0 -243
  187. package/test/helpers/environment.js +0 -230
  188. package/test/helpers/infer-contact.js +0 -113
  189. package/test/helpers/merge-line-files.js +0 -271
  190. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  191. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  192. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  193. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  194. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  195. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  196. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  197. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  198. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  199. package/test/helpers/sanitize.js +0 -222
  200. package/test/helpers/slugify.js +0 -394
  201. package/test/helpers/storage.js +0 -194
  202. package/test/helpers/user.js +0 -755
  203. package/test/helpers/webhook-forward.js +0 -418
  204. package/test/mcp/discovery.js +0 -53
  205. package/test/mcp/oauth.js +0 -161
  206. package/test/mcp/protocol.js +0 -268
  207. package/test/mcp/roles.js +0 -188
  208. package/test/mcp/utils.js +0 -245
  209. package/test/routes/admin/create-post.js +0 -364
  210. package/test/routes/admin/database.js +0 -131
  211. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  212. package/test/routes/admin/email.js +0 -114
  213. package/test/routes/admin/firestore-query.js +0 -204
  214. package/test/routes/admin/firestore.js +0 -127
  215. package/test/routes/admin/infer-contact.js +0 -218
  216. package/test/routes/admin/notification.js +0 -198
  217. package/test/routes/admin/post-resize-image.js +0 -184
  218. package/test/routes/admin/post.js +0 -368
  219. package/test/routes/admin/repo-content.js +0 -223
  220. package/test/routes/admin/stats.js +0 -112
  221. package/test/routes/content/post.js +0 -54
  222. package/test/routes/general/uuid.js +0 -115
  223. package/test/routes/marketing/campaign.js +0 -125
  224. package/test/routes/marketing/contact.js +0 -370
  225. package/test/routes/marketing/email-preferences.js +0 -292
  226. package/test/routes/marketing/push-send.js +0 -32
  227. package/test/routes/marketing/webhook-forward.js +0 -61
  228. package/test/routes/marketing/webhook.js +0 -639
  229. package/test/routes/payments/cancel.js +0 -140
  230. package/test/routes/payments/discount.js +0 -80
  231. package/test/routes/payments/dispute-alert.js +0 -320
  232. package/test/routes/payments/intent.js +0 -336
  233. package/test/routes/payments/portal.js +0 -92
  234. package/test/routes/payments/refund.js +0 -179
  235. package/test/routes/payments/trial-eligibility.js +0 -71
  236. package/test/routes/payments/webhook.js +0 -107
  237. package/test/routes/test/authenticate.js +0 -59
  238. package/test/routes/test/schema.js +0 -554
  239. package/test/routes/test/usage.js +0 -342
  240. package/test/routes/user/api-keys.js +0 -156
  241. package/test/routes/user/delete.js +0 -136
  242. package/test/routes/user/feedback.js +0 -104
  243. package/test/routes/user/sessions.js +0 -199
  244. package/test/routes/user/settings-validate.js +0 -82
  245. package/test/routes/user/signup.js +0 -542
  246. package/test/routes/user/subscription.js +0 -99
  247. package/test/routes/user/token.js +0 -73
  248. package/test/routes/user/user.js +0 -157
  249. package/test/rules/notifications.js +0 -410
  250. package/test/rules/payments-carts.js +0 -371
  251. package/test/rules/user.js +0 -396
@@ -1,710 +0,0 @@
1
- /**
2
- * Test: Email validation library (libraries/email/validation.js)
3
- * Unit tests for format, local part, disposable domain, corporate domain, typo domain, DNS, and mailbox checks
4
- *
5
- * Format, local part, disposable, corporate, and typo tests always run (free, sync, offline-safe).
6
- * DNS negative tests require TEST_EXTENDED_MODE (live DNS resolution).
7
- * Mailbox verification tests require TEST_EXTENDED_MODE + NEVERBOUNCE_API_KEY or ZEROBOUNCE_API_KEY.
8
- */
9
- const { validate, isDisposable, isCorporate, DEFAULT_CHECKS, ALL_CHECKS } = require('../../src/manager/libraries/email/validation.js');
10
-
11
- const HAS_MAILBOX_API_KEY = !!(process.env.NEVERBOUNCE_API_KEY || process.env.ZEROBOUNCE_API_KEY);
12
-
13
- module.exports = {
14
- description: 'Email validation',
15
- type: 'group',
16
- tests: [
17
- // --- Format checks ---
18
-
19
- {
20
- name: 'format-valid-email-passes',
21
- timeout: 5000,
22
-
23
- async run({ assert }) {
24
- const result = await validate('rachel.greene@gmail.com');
25
-
26
- assert.equal(result.valid, true, 'Valid email should pass');
27
- assert.propertyEquals(result, 'checks.format.valid', true, 'Format check should pass');
28
- },
29
- },
30
-
31
- {
32
- name: 'format-no-at-sign-fails',
33
- timeout: 5000,
34
-
35
- async run({ assert }) {
36
- const result = await validate('not-a-valid-email');
37
-
38
- assert.equal(result.valid, false, 'Missing @ should fail');
39
- assert.propertyEquals(result, 'checks.format.valid', false, 'Format check should fail');
40
- },
41
- },
42
-
43
- {
44
- name: 'format-no-domain-fails',
45
- timeout: 5000,
46
-
47
- async run({ assert }) {
48
- const result = await validate('user@');
49
-
50
- assert.equal(result.valid, false, 'Missing domain should fail');
51
- assert.propertyEquals(result, 'checks.format.valid', false, 'Format check should fail');
52
- },
53
- },
54
-
55
- {
56
- name: 'format-empty-string-fails',
57
- timeout: 5000,
58
-
59
- async run({ assert }) {
60
- const result = await validate('');
61
-
62
- assert.equal(result.valid, false, 'Empty string should fail');
63
- assert.propertyEquals(result, 'checks.format.valid', false, 'Format check should fail');
64
- },
65
- },
66
-
67
- {
68
- name: 'format-spaces-fails',
69
- timeout: 5000,
70
-
71
- async run({ assert }) {
72
- const result = await validate('user name@gmail.com');
73
-
74
- assert.equal(result.valid, false, 'Spaces should fail');
75
- assert.propertyEquals(result, 'checks.format.valid', false, 'Format check should fail');
76
- },
77
- },
78
-
79
- // --- Local part checks ---
80
-
81
- {
82
- name: 'localpart-test-blocked',
83
- timeout: 5000,
84
-
85
- async run({ assert }) {
86
- const result = await validate('test@gmail.com');
87
-
88
- assert.equal(result.valid, false, '"test" local part should be blocked');
89
- assert.propertyEquals(result, 'checks.localPart.blocked', true, 'Should be flagged as blocked');
90
- assert.propertyEquals(result, 'checks.localPart.localPart', 'test', 'Should include the local part');
91
- },
92
- },
93
-
94
- {
95
- name: 'localpart-noreply-blocked',
96
- timeout: 5000,
97
-
98
- async run({ assert }) {
99
- const result = await validate('noreply@company.com');
100
-
101
- assert.equal(result.valid, false, '"noreply" local part should be blocked');
102
- assert.propertyEquals(result, 'checks.localPart.blocked', true, 'Should be flagged as blocked');
103
- },
104
- },
105
-
106
- {
107
- name: 'localpart-admin-allowed',
108
- timeout: 5000,
109
-
110
- async run({ assert }) {
111
- const result = await validate('admin@company.com');
112
-
113
- assert.equal(result.valid, true, '"admin" local part should be allowed (team/role address)');
114
- assert.propertyEquals(result, 'checks.localPart.valid', true, 'localPart check should pass');
115
- },
116
- },
117
-
118
- {
119
- name: 'localpart-all-numeric-allowed',
120
- timeout: 5000,
121
-
122
- async run({ assert }) {
123
- // All-numeric local parts are legitimate (QQ emails like 1549482839@qq.com,
124
- // student IDs) — the ^\d+$ pattern was removed in v5.5.6 after NeverBounce
125
- // confirmed real users were being blocked.
126
- const result = await validate('123456@gmail.com');
127
-
128
- assert.equal(result.valid, true, 'All-numeric local part should be allowed');
129
- assert.propertyEquals(result, 'checks.localPart.valid', true, 'localPart check should pass');
130
- },
131
- },
132
-
133
- {
134
- name: 'localpart-repeating-chars-blocked',
135
- timeout: 5000,
136
-
137
- async run({ assert }) {
138
- const result = await validate('aaaa@gmail.com');
139
-
140
- assert.equal(result.valid, false, 'Repeating chars should be blocked');
141
- assert.propertyEquals(result, 'checks.localPart.blocked', true, 'Should be flagged as blocked');
142
- },
143
- },
144
-
145
- {
146
- name: 'localpart-keyboard-walk-blocked',
147
- timeout: 5000,
148
-
149
- async run({ assert }) {
150
- const result = await validate('asdf@gmail.com');
151
-
152
- assert.equal(result.valid, false, 'Keyboard walk should be blocked');
153
- assert.propertyEquals(result, 'checks.localPart.blocked', true, 'Should be flagged as blocked');
154
- },
155
- },
156
-
157
- {
158
- name: 'localpart-test-prefix-blocked',
159
- timeout: 5000,
160
-
161
- async run({ assert }) {
162
- const result = await validate('test.user@gmail.com');
163
-
164
- assert.equal(result.valid, false, '"test." prefix should be blocked');
165
- assert.propertyEquals(result, 'checks.localPart.blocked', true, 'Should be flagged as blocked');
166
- },
167
- },
168
-
169
- {
170
- name: 'localpart-letter-plus-numbers-allowed',
171
- timeout: 5000,
172
-
173
- async run({ assert }) {
174
- // Short letter + numbers local parts are legitimate (real Gmail users like
175
- // mi1925973, hk9526802) — the ^[a-z]{1,2}\d+$ pattern was removed in v5.5.6
176
- // after NeverBounce confirmed real users were being blocked.
177
- const result = await validate('a123@gmail.com');
178
-
179
- assert.equal(result.valid, true, 'Single letter + numbers should be allowed');
180
- assert.propertyEquals(result, 'checks.localPart.valid', true, 'localPart check should pass');
181
- },
182
- },
183
-
184
- {
185
- name: 'localpart-plus-suffix-stripped-before-check',
186
- timeout: 5000,
187
-
188
- async run({ assert }) {
189
- // "test+something" → strips to "test" → blocked
190
- const result = await validate('test+newsletter@gmail.com');
191
-
192
- assert.equal(result.valid, false, '"test+suffix" should still be blocked (strips +suffix first)');
193
- assert.propertyEquals(result, 'checks.localPart.blocked', true, 'Should be blocked after stripping suffix');
194
- },
195
- },
196
-
197
- {
198
- name: 'localpart-bem-suffix-allowed-on-real-names',
199
- timeout: 5000,
200
-
201
- async run({ assert }) {
202
- // "rachel.greene+bem" → strips to "rachel.greene" → allowed
203
- const result = await validate('rachel.greene+bem@gmail.com');
204
-
205
- assert.equal(result.valid, true, 'Real name with +bem suffix should pass');
206
- assert.propertyEquals(result, 'checks.localPart.valid', true, 'Local part check should pass');
207
- },
208
- },
209
-
210
- {
211
- name: 'localpart-real-name-passes',
212
- timeout: 5000,
213
-
214
- async run({ assert }) {
215
- const result = await validate('john.smith@company.com');
216
-
217
- assert.equal(result.valid, true, 'Real name should pass');
218
- assert.propertyEquals(result, 'checks.localPart.valid', true, 'Local part check should pass');
219
- },
220
- },
221
-
222
- {
223
- name: 'localpart-single-real-name-passes',
224
- timeout: 5000,
225
-
226
- async run({ assert }) {
227
- const result = await validate('rachel@company.com');
228
-
229
- assert.equal(result.valid, true, 'Single real name should pass');
230
- assert.propertyEquals(result, 'checks.localPart.valid', true, 'Local part check should pass');
231
- },
232
- },
233
-
234
- // --- Disposable domain checks ---
235
-
236
- {
237
- name: 'disposable-mailinator-blocked',
238
- timeout: 5000,
239
-
240
- async run({ assert }) {
241
- const result = await validate('rachel.greene@mailinator.com');
242
-
243
- assert.equal(result.valid, false, 'Mailinator should be invalid');
244
- assert.propertyEquals(result, 'checks.disposable.blocked', true, 'Should be flagged as blocked');
245
- assert.propertyEquals(result, 'checks.disposable.domain', 'mailinator.com', 'Should include blocked domain');
246
- },
247
- },
248
-
249
- {
250
- name: 'disposable-guerrillamail-blocked',
251
- timeout: 5000,
252
-
253
- async run({ assert }) {
254
- const result = await validate('rachel.greene@guerrillamail.com');
255
-
256
- assert.equal(result.valid, false, 'GuerrillaMail should be invalid');
257
- assert.propertyEquals(result, 'checks.disposable.blocked', true, 'Should be flagged as blocked');
258
- },
259
- },
260
-
261
- {
262
- name: 'disposable-tempmail-blocked',
263
- timeout: 5000,
264
-
265
- async run({ assert }) {
266
- const result = await validate('rachel.greene@temp-mail.org');
267
-
268
- assert.equal(result.valid, false, 'temp-mail.org should be invalid');
269
- assert.propertyEquals(result, 'checks.disposable.blocked', true, 'Should be flagged as blocked');
270
- },
271
- },
272
-
273
- {
274
- name: 'valid-gmail-passes-disposable',
275
- timeout: 5000,
276
-
277
- async run({ assert }) {
278
- const result = await validate('rachel.greene@gmail.com');
279
-
280
- assert.equal(result.valid, true, 'Gmail should be valid');
281
- assert.propertyEquals(result, 'checks.disposable.valid', true, 'Should pass disposable check');
282
- assert.propertyEquals(result, 'checks.disposable.blocked', false, 'Should not be blocked');
283
- },
284
- },
285
-
286
- {
287
- name: 'valid-custom-domain-passes',
288
- timeout: 5000,
289
-
290
- async run({ assert }) {
291
- const result = await validate('ian@somiibo.com');
292
-
293
- assert.equal(result.valid, true, 'Custom domain should be valid');
294
- assert.propertyEquals(result, 'checks.disposable.valid', true, 'Should pass disposable check');
295
- },
296
- },
297
-
298
- // --- Corporate / social-media domain checks ---
299
-
300
- {
301
- name: 'corporate-meta-blocked',
302
- timeout: 5000,
303
-
304
- async run({ assert }) {
305
- const result = await validate('ian@meta.com');
306
-
307
- assert.equal(result.valid, false, 'meta.com should be blocked');
308
- assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Should be flagged as blocked');
309
- assert.propertyEquals(result, 'checks.corporate.domain', 'meta.com', 'Should include blocked domain');
310
- assert.propertyEquals(result, 'checks.corporate.reason', 'Corporate/social-media domain', 'Should have human-readable reason');
311
- },
312
- },
313
-
314
- {
315
- name: 'corporate-instagram-blocked',
316
- timeout: 5000,
317
-
318
- async run({ assert }) {
319
- const result = await validate('rachel.greene@instagram.com');
320
-
321
- assert.equal(result.valid, false, 'instagram.com should be blocked');
322
- assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Should be flagged as blocked');
323
- },
324
- },
325
-
326
- {
327
- name: 'corporate-soundcloud-blocked',
328
- timeout: 5000,
329
-
330
- async run({ assert }) {
331
- const result = await validate('user@soundcloud.com');
332
-
333
- assert.equal(result.valid, false, 'soundcloud.com should be blocked');
334
- assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Should be flagged as blocked');
335
- },
336
- },
337
-
338
- {
339
- name: 'corporate-gmail-allowed',
340
- timeout: 5000,
341
-
342
- async run({ assert }) {
343
- const result = await validate('rachel.greene@gmail.com');
344
-
345
- assert.equal(result.valid, true, 'gmail.com should NOT be flagged as corporate');
346
- assert.propertyEquals(result, 'checks.corporate.valid', true, 'Corporate check should pass');
347
- assert.propertyEquals(result, 'checks.corporate.blocked', false, 'Should not be blocked');
348
- },
349
- },
350
-
351
- {
352
- name: 'corporate-runs-before-localpart',
353
- timeout: 5000,
354
-
355
- async run({ assert }) {
356
- // "test@meta.com" would be blocked by BOTH corporate and localPart;
357
- // corporate runs first, so we should see corporate (not localPart) in the result.
358
- const result = await validate('test@meta.com');
359
-
360
- assert.equal(result.valid, false, 'Should be blocked');
361
- assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Corporate should be the failure reason');
362
- assert.equal(result.checks.localPart, undefined, 'localPart should not run after corporate fails');
363
- },
364
- },
365
-
366
- {
367
- name: 'corporate-can-be-skipped-via-checks-option',
368
- timeout: 5000,
369
-
370
- async run({ assert }) {
371
- // Allow a caller to bypass the corporate check (e.g., during signup, where Meta employees are real users)
372
- const result = await validate('ian@meta.com', { checks: ['format', 'disposable', 'localPart'] });
373
-
374
- assert.equal(result.valid, true, 'Without corporate check, meta.com should pass');
375
- assert.equal(result.checks.corporate, undefined, 'corporate should not run');
376
- },
377
- },
378
-
379
- // --- Typo domain checks ---
380
-
381
- {
382
- name: 'typo-gamil-blocked',
383
- timeout: 5000,
384
-
385
- async run({ assert }) {
386
- const result = await validate('rachel.greene@gamil.com');
387
-
388
- assert.equal(result.valid, false, 'gamil.com should be blocked as a typo of gmail.com');
389
- assert.propertyEquals(result, 'checks.typo.valid', false, 'Typo check should fail');
390
- assert.propertyEquals(result, 'checks.typo.matchedPrefix', 'gamil.', 'Should report the matched prefix');
391
- assert.propertyEquals(result, 'checks.typo.reason', 'Likely misspelled domain', 'Should have human-readable reason');
392
- },
393
- },
394
-
395
- {
396
- name: 'typo-gmail-con-blocked',
397
- timeout: 5000,
398
-
399
- async run({ assert }) {
400
- const result = await validate('rachel.greene@gmail.con');
401
-
402
- assert.equal(result.valid, false, 'gmail.con should be blocked as a typo TLD');
403
- assert.propertyEquals(result, 'checks.typo.valid', false, 'Typo check should fail');
404
- },
405
- },
406
-
407
- {
408
- name: 'typo-correct-domains-pass',
409
- timeout: 5000,
410
-
411
- async run({ assert }) {
412
- const gmail = await validate('rachel.greene@gmail.com');
413
- const hotmail = await validate('rachel.greene@hotmail.com');
414
-
415
- assert.equal(gmail.valid, true, 'gmail.com should pass');
416
- assert.propertyEquals(gmail, 'checks.typo.valid', true, 'Typo check should pass for gmail.com');
417
- assert.equal(hotmail.valid, true, 'hotmail.com should pass');
418
- assert.propertyEquals(hotmail, 'checks.typo.valid', true, 'Typo check should pass for hotmail.com');
419
- },
420
- },
421
-
422
- // --- isCorporate helper ---
423
-
424
- {
425
- name: 'isCorporate-social-domain-detected',
426
- timeout: 5000,
427
-
428
- async run({ assert }) {
429
- assert.equal(isCorporate('user@meta.com'), true, 'meta.com should be corporate');
430
- assert.equal(isCorporate('user@instagram.com'), true, 'instagram.com should be corporate');
431
- assert.equal(isCorporate('user@soundcloud.com'), true, 'soundcloud.com should be corporate');
432
- assert.equal(isCorporate('user@tiktok.com'), true, 'tiktok.com should be corporate');
433
- assert.equal(isCorporate('user@linkedin.com'), true, 'linkedin.com should be corporate');
434
- },
435
- },
436
-
437
- {
438
- name: 'isCorporate-legitimate-domain-passes',
439
- timeout: 5000,
440
-
441
- async run({ assert }) {
442
- assert.equal(isCorporate('user@gmail.com'), false, 'gmail.com should not be corporate');
443
- assert.equal(isCorporate('user@somiibo.com'), false, 'Custom domain should not be corporate');
444
- assert.equal(isCorporate('user@mailinator.com'), false, 'Disposable is a separate category');
445
- },
446
- },
447
-
448
- {
449
- name: 'isCorporate-accepts-domain-only',
450
- timeout: 5000,
451
-
452
- async run({ assert }) {
453
- assert.equal(isCorporate('meta.com'), true, 'Should work with bare domain');
454
- assert.equal(isCorporate('gmail.com'), false, 'Should work with bare domain');
455
- },
456
- },
457
-
458
- {
459
- name: 'isCorporate-handles-edge-cases',
460
- timeout: 5000,
461
-
462
- async run({ assert }) {
463
- assert.equal(isCorporate(''), false, 'Empty string should return false');
464
- assert.equal(isCorporate(null), false, 'Null should return false');
465
- assert.equal(isCorporate(undefined), false, 'Undefined should return false');
466
- },
467
- },
468
-
469
- {
470
- name: 'isCorporate-case-insensitive',
471
- timeout: 5000,
472
-
473
- async run({ assert }) {
474
- assert.equal(isCorporate('user@META.COM'), true, 'Should be case-insensitive');
475
- assert.equal(isCorporate('USER@Instagram.Com'), true, 'Should be case-insensitive');
476
- },
477
- },
478
-
479
- // --- isDisposable helper ---
480
-
481
- {
482
- name: 'isDisposable-vendor-domain-detected',
483
- timeout: 5000,
484
-
485
- async run({ assert }) {
486
- assert.equal(isDisposable('user@mailinator.com'), true, 'mailinator.com should be disposable');
487
- assert.equal(isDisposable('user@guerrillamail.com'), true, 'guerrillamail.com should be disposable');
488
- },
489
- },
490
-
491
- {
492
- name: 'isDisposable-custom-domain-detected',
493
- timeout: 5000,
494
-
495
- async run({ assert }) {
496
- assert.equal(isDisposable('user@sharebot.net'), true, 'Custom list domain should be disposable');
497
- assert.equal(isDisposable('user@pickmemail.com'), true, 'Custom list domain should be disposable');
498
- },
499
- },
500
-
501
- {
502
- name: 'isDisposable-legitimate-domain-passes',
503
- timeout: 5000,
504
-
505
- async run({ assert }) {
506
- assert.equal(isDisposable('user@gmail.com'), false, 'gmail.com should not be disposable');
507
- assert.equal(isDisposable('user@somiibo.com'), false, 'Custom domain should not be disposable');
508
- },
509
- },
510
-
511
- {
512
- name: 'isDisposable-accepts-domain-only',
513
- timeout: 5000,
514
-
515
- async run({ assert }) {
516
- assert.equal(isDisposable('mailinator.com'), true, 'Should work with bare domain');
517
- assert.equal(isDisposable('gmail.com'), false, 'Should work with bare domain');
518
- },
519
- },
520
-
521
- {
522
- name: 'isDisposable-handles-edge-cases',
523
- timeout: 5000,
524
-
525
- async run({ assert }) {
526
- assert.equal(isDisposable(''), false, 'Empty string should return false');
527
- assert.equal(isDisposable(null), false, 'Null should return false');
528
- assert.equal(isDisposable(undefined), false, 'Undefined should return false');
529
- },
530
- },
531
-
532
- // --- Selective checks ---
533
-
534
- {
535
- name: 'checks-format-only',
536
- timeout: 5000,
537
-
538
- async run({ assert }) {
539
- // "test@gmail.com" normally blocked by localPart, but only running format
540
- const result = await validate('test@gmail.com', { checks: ['format'] });
541
-
542
- assert.equal(result.valid, true, 'Should pass with only format check');
543
- assert.propertyEquals(result, 'checks.format.valid', true, 'Format should pass');
544
- assert.equal(result.checks.localPart, undefined, 'localPart should not run');
545
- assert.equal(result.checks.disposable, undefined, 'disposable should not run');
546
- },
547
- },
548
-
549
- {
550
- name: 'checks-format-and-disposable-skips-localpart',
551
- timeout: 5000,
552
-
553
- async run({ assert }) {
554
- // "test@gmail.com" would be blocked by localPart, but we only run format + disposable
555
- const result = await validate('test@gmail.com', { checks: ['format', 'disposable'] });
556
-
557
- assert.equal(result.valid, true, 'Should pass without localPart check');
558
- assert.propertyEquals(result, 'checks.format.valid', true, 'Format should pass');
559
- assert.propertyEquals(result, 'checks.disposable.blocked', false, 'Disposable should pass');
560
- assert.equal(result.checks.localPart, undefined, 'localPart should not run');
561
- },
562
- },
563
-
564
- {
565
- name: 'checks-format-and-disposable-still-blocks-disposable',
566
- timeout: 5000,
567
-
568
- async run({ assert }) {
569
- const result = await validate('rachel.greene@mailinator.com', { checks: ['format', 'disposable'] });
570
-
571
- assert.equal(result.valid, false, 'Disposable should still fail');
572
- assert.propertyEquals(result, 'checks.disposable.blocked', true, 'Should be blocked');
573
- },
574
- },
575
-
576
- {
577
- name: 'checks-default-matches-expected',
578
- timeout: 5000,
579
-
580
- async run({ assert }) {
581
- assert.deepEqual(DEFAULT_CHECKS, ['format', 'disposable', 'corporate', 'localPart', 'typo'], 'DEFAULT_CHECKS should be all free sync checks (no dns/mailbox)');
582
- assert.deepEqual(ALL_CHECKS, ['format', 'disposable', 'corporate', 'localPart', 'typo', 'dns', 'mailbox'], 'ALL_CHECKS should add dns + mailbox');
583
- },
584
- },
585
-
586
- // --- DNS check behavior ---
587
-
588
- {
589
- name: 'dns-not-in-default-checks',
590
- timeout: 5000,
591
-
592
- async run({ assert }) {
593
- const result = await validate('rachel.greene@gmail.com');
594
-
595
- assert.equal(result.valid, true, 'Should be valid');
596
- assert.equal(result.checks.dns, undefined, 'DNS should not run with default checks (async/slow — opt-in)');
597
- },
598
- },
599
-
600
- {
601
- name: 'dns-valid-domain-passes',
602
- timeout: 15000,
603
-
604
- async run({ assert }) {
605
- // Offline-safe: on network errors the dns check is skipped (valid stays true);
606
- // only definitive no-MX/NXDOMAIN answers block.
607
- const result = await validate('rachel.greene@gmail.com', { checks: ['format', 'dns'] });
608
-
609
- assert.equal(result.valid, true, 'gmail.com should pass the DNS check');
610
- assert.hasProperty(result, 'checks.dns', 'Should have dns check result');
611
- },
612
- },
613
-
614
- {
615
- name: 'dns-nonexistent-domain-fails',
616
- timeout: 15000,
617
- skip: !process.env.TEST_EXTENDED_MODE
618
- ? 'TEST_EXTENDED_MODE not set (requires live DNS resolution)'
619
- : false,
620
-
621
- async run({ assert }) {
622
- const result = await validate('rachel.greene@thisdomaindoesnotexist99887766.com', { checks: ['format', 'dns'] });
623
-
624
- assert.equal(result.valid, false, 'Nonexistent domain should fail the DNS check');
625
- assert.propertyEquals(result, 'checks.dns.valid', false, 'DNS check should fail');
626
- },
627
- },
628
-
629
- // --- Mailbox verification behavior ---
630
-
631
- {
632
- name: 'mailbox-not-in-default-checks',
633
- timeout: 5000,
634
-
635
- async run({ assert }) {
636
- const result = await validate('rachel.greene@gmail.com');
637
-
638
- assert.equal(result.valid, true, 'Should be valid');
639
- assert.equal(result.checks.mailbox, undefined, 'Mailbox should not run with default checks');
640
- },
641
- },
642
-
643
- {
644
- name: 'mailbox-skipped-without-api-key',
645
- timeout: 5000,
646
-
647
- async run({ assert }) {
648
- const originalNB = process.env.NEVERBOUNCE_API_KEY;
649
- const originalZB = process.env.ZEROBOUNCE_API_KEY;
650
- delete process.env.NEVERBOUNCE_API_KEY;
651
- delete process.env.ZEROBOUNCE_API_KEY;
652
-
653
- try {
654
- const result = await validate('rachel.greene@gmail.com', { checks: ALL_CHECKS });
655
-
656
- assert.equal(result.valid, true, 'Should still be valid');
657
- assert.hasProperty(result, 'checks.mailbox', 'Should have mailbox check');
658
- assert.propertyEquals(result, 'checks.mailbox.skipped', true, 'Should be marked as skipped');
659
- } finally {
660
- if (originalNB) {
661
- process.env.NEVERBOUNCE_API_KEY = originalNB;
662
- }
663
- if (originalZB) {
664
- process.env.ZEROBOUNCE_API_KEY = originalZB;
665
- }
666
- }
667
- },
668
- },
669
-
670
- // --- Mailbox verification API checks (require TEST_EXTENDED_MODE + mailbox API key) ---
671
-
672
- {
673
- name: 'mailbox-valid-email-passes',
674
- timeout: 15000,
675
- skip: !process.env.TEST_EXTENDED_MODE || !HAS_MAILBOX_API_KEY
676
- ? 'TEST_EXTENDED_MODE or mailbox API key not set'
677
- : false,
678
-
679
- async run({ assert, skip }) {
680
- const result = await validate('disposable@gmail.com', { checks: ALL_CHECKS });
681
-
682
- if (result.checks.mailbox?.error?.includes('out of credits')) {
683
- skip('Mailbox verification out of credits');
684
- }
685
-
686
- assert.hasProperty(result, 'checks.mailbox', 'Should have mailbox check');
687
- assert.hasProperty(result, 'checks.mailbox.status', 'Should have status');
688
- },
689
- },
690
-
691
- {
692
- name: 'mailbox-fake-domain-fails',
693
- timeout: 15000,
694
- skip: !process.env.TEST_EXTENDED_MODE || !HAS_MAILBOX_API_KEY
695
- ? 'TEST_EXTENDED_MODE or mailbox API key not set'
696
- : false,
697
-
698
- async run({ assert, skip }) {
699
- const result = await validate('rachel.greene@thisfakedomain99999.com', { checks: ALL_CHECKS });
700
-
701
- if (result.checks.mailbox?.error?.includes('out of credits')) {
702
- skip('Mailbox verification out of credits');
703
- }
704
-
705
- assert.hasProperty(result, 'checks.mailbox.status', 'Should have status');
706
- assert.notEqual(result.checks.mailbox.status, 'valid', 'Fake domain should not be valid');
707
- },
708
- },
709
- ],
710
- };