backend-manager 5.9.4 → 5.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE.md +6 -0
- package/package.json +8 -1
- package/src/cli/commands/install.js +4 -3
- package/src/cli/commands/setup-tests/backend-manager.js +2 -1
- package/src/cli/commands/setup-tests/firebase-admin.js +2 -1
- package/src/cli/commands/setup-tests/firebase-functions.js +2 -1
- package/src/cli/utils/safe-install.js +13 -0
- package/src/manager/routes/payments/cancel/post.js +22 -2
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
- package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
- package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
- package/src/test/fixtures/firebase-project/database-debug.log +12 -0
- package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
- package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
- package/src/test/test-accounts.js +9 -0
- package/.codeclimate.yml +0 -32
- package/.nvmrc +0 -1
- package/CHANGELOG.md +0 -1432
- package/PROGRESS.md +0 -86
- package/TODO-2.md +0 -121
- package/TODO-CHARGEBLAST.md +0 -32
- package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
- package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
- package/TODO-email-auth.md +0 -14
- package/TODO.md +0 -187
- package/plans/mcp2.md +0 -247
- package/scripts/test-helper-providers.js +0 -162
- package/scripts/update-disposable-domains.js +0 -44
- package/templates/_.env +0 -42
- package/templates/_.gitignore +0 -60
- package/templates/backend-manager-config.json +0 -249
- package/templates/database.rules.json +0 -83
- package/templates/firebase.json +0 -66
- package/templates/firestore.indexes.json +0 -4
- package/templates/firestore.rules +0 -112
- package/templates/public/404.html +0 -26
- package/templates/public/index.html +0 -24
- package/templates/remoteconfig.template.json +0 -1
- package/templates/storage-lifecycle-config-1-day.json +0 -9
- package/templates/storage-lifecycle-config-30-days.json +0 -9
- package/templates/storage.rules +0 -8
- package/test/_init/accounts-validation.js +0 -58
- package/test/_legacy/ai/index.js +0 -231
- package/test/_legacy/ai/test.jpg +0 -0
- package/test/_legacy/ai/test.pdf +0 -0
- package/test/_legacy/index.js +0 -31
- package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
- package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
- package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
- package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
- package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
- package/test/_legacy/payment-resolver/index.js +0 -1558
- package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
- package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
- package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
- package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
- package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
- package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
- package/test/_legacy/test-new +0 -1178
- package/test/_legacy/test.md +0 -89
- package/test/_legacy/usage.js +0 -175
- package/test/_legacy/user.js +0 -31
- package/test/ai/tools-live.js +0 -170
- package/test/boot/emulator-boots.js +0 -37
- package/test/content/blog-generate.js +0 -160
- package/test/email/campaign-send.js +0 -45
- package/test/email/consent-lifecycle.js +0 -257
- package/test/email/feedback-and-plain-send.js +0 -52
- package/test/email/fixtures/editorial.json +0 -30
- package/test/email/fixtures/field-report.json +0 -53
- package/test/email/marketing-lifecycle.js +0 -132
- package/test/email/newsletter-generate.js +0 -819
- package/test/email/newsletter-templates.js +0 -491
- package/test/email/templates.js +0 -207
- package/test/email/transactional-send.js +0 -34
- package/test/email/transactional.js +0 -560
- package/test/email/validation.js +0 -710
- package/test/events/auth-delete-race.js +0 -201
- package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
- package/test/events/payments/journey-payments-cancel.js +0 -182
- package/test/events/payments/journey-payments-discount.js +0 -89
- package/test/events/payments/journey-payments-failure.js +0 -146
- package/test/events/payments/journey-payments-legacy-product.js +0 -149
- package/test/events/payments/journey-payments-one-time-failure.js +0 -111
- package/test/events/payments/journey-payments-one-time.js +0 -136
- package/test/events/payments/journey-payments-plan-change.js +0 -144
- package/test/events/payments/journey-payments-refund-webhook.js +0 -180
- package/test/events/payments/journey-payments-suspend.js +0 -181
- package/test/events/payments/journey-payments-trial-cancel.js +0 -130
- package/test/events/payments/journey-payments-trial.js +0 -171
- package/test/events/payments/journey-payments-uid-resolution.js +0 -132
- package/test/events/payments/journey-payments-upgrade.js +0 -135
- package/test/fixtures/chargebee/invoice-one-time.json +0 -27
- package/test/fixtures/chargebee/subscription-active.json +0 -44
- package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
- package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
- package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
- package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
- package/test/fixtures/chargebee/subscription-paused.json +0 -42
- package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
- package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
- package/test/fixtures/paypal/order-approved.json +0 -62
- package/test/fixtures/paypal/order-completed.json +0 -110
- package/test/fixtures/paypal/subscription-active.json +0 -76
- package/test/fixtures/paypal/subscription-cancelled.json +0 -50
- package/test/fixtures/paypal/subscription-suspended.json +0 -65
- package/test/fixtures/stripe/checkout-session-completed.json +0 -130
- package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
- package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
- package/test/fixtures/stripe/subscription-active.json +0 -161
- package/test/fixtures/stripe/subscription-canceled.json +0 -161
- package/test/fixtures/stripe/subscription-trialing.json +0 -161
- package/test/functions/admin/database-read.js +0 -134
- package/test/functions/admin/database-write.js +0 -159
- package/test/functions/admin/edit-post.js +0 -366
- package/test/functions/admin/firestore-query.js +0 -207
- package/test/functions/admin/firestore-read.js +0 -129
- package/test/functions/admin/firestore-write.js +0 -105
- package/test/functions/admin/get-stats.js +0 -115
- package/test/functions/admin/send-email.js +0 -119
- package/test/functions/admin/send-notification.js +0 -208
- package/test/functions/admin/write-repo-content.js +0 -223
- package/test/functions/general/add-marketing-contact.js +0 -335
- package/test/functions/general/fetch-post.js +0 -54
- package/test/functions/general/generate-uuid.js +0 -114
- package/test/functions/test/authenticate.js +0 -64
- package/test/functions/user/create-custom-token.js +0 -73
- package/test/functions/user/delete.js +0 -135
- package/test/functions/user/get-active-sessions.js +0 -111
- package/test/functions/user/get-subscription-info.js +0 -99
- package/test/functions/user/regenerate-api-keys.js +0 -156
- package/test/functions/user/resolve.js +0 -52
- package/test/functions/user/sign-out-all-sessions.js +0 -94
- package/test/functions/user/sign-up.js +0 -252
- package/test/functions/user/submit-feedback.js +0 -104
- package/test/functions/user/validate-settings.js +0 -82
- package/test/helpers/ai-request-payload.js +0 -300
- package/test/helpers/ai-test-provider.js +0 -202
- package/test/helpers/ai-tools-format.js +0 -383
- package/test/helpers/content/blog-auto-publisher.js +0 -484
- package/test/helpers/content/feed-parser.js +0 -528
- package/test/helpers/content/ghostii-blocks.js +0 -134
- package/test/helpers/content/ghostii-feed-integration.js +0 -404
- package/test/helpers/content/ghostii-write-article.js +0 -243
- package/test/helpers/environment.js +0 -230
- package/test/helpers/infer-contact.js +0 -113
- package/test/helpers/merge-line-files.js +0 -271
- package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
- package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
- package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
- package/test/helpers/payment/paypal/parse-webhook.js +0 -539
- package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
- package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
- package/test/helpers/payment/stripe/parse-webhook.js +0 -447
- package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
- package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
- package/test/helpers/sanitize.js +0 -222
- package/test/helpers/slugify.js +0 -394
- package/test/helpers/storage.js +0 -194
- package/test/helpers/user.js +0 -755
- package/test/helpers/webhook-forward.js +0 -418
- package/test/mcp/discovery.js +0 -53
- package/test/mcp/oauth.js +0 -161
- package/test/mcp/protocol.js +0 -268
- package/test/mcp/roles.js +0 -188
- package/test/mcp/utils.js +0 -245
- package/test/routes/admin/create-post.js +0 -364
- package/test/routes/admin/database.js +0 -131
- package/test/routes/admin/deduplicate-image-alts.js +0 -190
- package/test/routes/admin/email.js +0 -114
- package/test/routes/admin/firestore-query.js +0 -204
- package/test/routes/admin/firestore.js +0 -127
- package/test/routes/admin/infer-contact.js +0 -218
- package/test/routes/admin/notification.js +0 -198
- package/test/routes/admin/post-resize-image.js +0 -184
- package/test/routes/admin/post.js +0 -368
- package/test/routes/admin/repo-content.js +0 -223
- package/test/routes/admin/stats.js +0 -112
- package/test/routes/content/post.js +0 -54
- package/test/routes/general/uuid.js +0 -115
- package/test/routes/marketing/campaign.js +0 -125
- package/test/routes/marketing/contact.js +0 -370
- package/test/routes/marketing/email-preferences.js +0 -292
- package/test/routes/marketing/push-send.js +0 -32
- package/test/routes/marketing/webhook-forward.js +0 -61
- package/test/routes/marketing/webhook.js +0 -639
- package/test/routes/payments/cancel.js +0 -140
- package/test/routes/payments/discount.js +0 -80
- package/test/routes/payments/dispute-alert.js +0 -320
- package/test/routes/payments/intent.js +0 -336
- package/test/routes/payments/portal.js +0 -92
- package/test/routes/payments/refund.js +0 -179
- package/test/routes/payments/trial-eligibility.js +0 -71
- package/test/routes/payments/webhook.js +0 -107
- package/test/routes/test/authenticate.js +0 -59
- package/test/routes/test/schema.js +0 -554
- package/test/routes/test/usage.js +0 -342
- package/test/routes/user/api-keys.js +0 -156
- package/test/routes/user/delete.js +0 -136
- package/test/routes/user/feedback.js +0 -104
- package/test/routes/user/sessions.js +0 -199
- package/test/routes/user/settings-validate.js +0 -82
- package/test/routes/user/signup.js +0 -542
- package/test/routes/user/subscription.js +0 -99
- package/test/routes/user/token.js +0 -73
- package/test/routes/user/user.js +0 -157
- package/test/rules/notifications.js +0 -410
- package/test/rules/payments-carts.js +0 -371
- package/test/rules/user.js +0 -396
|
@@ -1,418 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Test: marketing/webhook/forward route — unit-style coverage
|
|
3
|
-
*
|
|
4
|
-
* Why this exists as a unit test (not an emulator test):
|
|
5
|
-
*
|
|
6
|
-
* The forwarder is gated on Manager.isParent() (config.parent === 'self'). In real test runs
|
|
7
|
-
* we run AGAINST a child brand's BEM (Somiibo, etc.), so the route is invisible
|
|
8
|
-
* (404). To verify the fan-out logic, we exercise the route handler directly
|
|
9
|
-
* against a mocked admin SDK + mocked fetch, no HTTP needed.
|
|
10
|
-
*
|
|
11
|
-
* What's covered:
|
|
12
|
-
* - Gate: returns 404 if Manager.isParent() returns false (config.parent !== 'self')
|
|
13
|
-
* - Auth: returns 401 if key missing/wrong
|
|
14
|
-
* - Provider validation: returns 400 if missing
|
|
15
|
-
* - Brand iteration: reads brands collection, derives API URLs
|
|
16
|
-
* - URL derivation: brand.url 'https://somiibo.com' → 'https://api.somiibo.com/backend-manager/marketing/webhook?provider=X&key=Y'
|
|
17
|
-
* - Body forwarding: raw body POSTed to every child unchanged
|
|
18
|
-
* - Failure isolation: one failed child doesn't break the others
|
|
19
|
-
* - Brands without brand.url skipped silently
|
|
20
|
-
*/
|
|
21
|
-
|
|
22
|
-
// Mock wonderful-fetch before requiring the route — the route does
|
|
23
|
-
// `require('wonderful-fetch')` at module load time.
|
|
24
|
-
//
|
|
25
|
-
// CRITICAL: every test file is `require()`d into the SAME Node process by the
|
|
26
|
-
// runner, so the require cache is shared. We MUST save the original
|
|
27
|
-
// wonderful-fetch cache entry here and restore it in the suite-level `cleanup`
|
|
28
|
-
// below — otherwise this mock leaks into every test file that runs afterwards
|
|
29
|
-
// (e.g. emulator route tests whose `Manager.require('wonderful-fetch')` would
|
|
30
|
-
// then return our stub instead of doing a real HTTP round-trip).
|
|
31
|
-
const originalFetchPath = require.resolve('wonderful-fetch');
|
|
32
|
-
const originalFetchCacheEntry = require.cache[originalFetchPath];
|
|
33
|
-
const fetchCalls = [];
|
|
34
|
-
let fetchMockBehavior = () => ({ received: true });
|
|
35
|
-
|
|
36
|
-
// Intercept require cache so our mock takes the place of wonderful-fetch
|
|
37
|
-
require.cache[originalFetchPath] = {
|
|
38
|
-
id: originalFetchPath,
|
|
39
|
-
filename: originalFetchPath,
|
|
40
|
-
loaded: true,
|
|
41
|
-
exports: async (url, opts) => {
|
|
42
|
-
fetchCalls.push({ url, opts });
|
|
43
|
-
return fetchMockBehavior(url, opts);
|
|
44
|
-
},
|
|
45
|
-
};
|
|
46
|
-
|
|
47
|
-
const route = require('../../src/manager/routes/marketing/webhook/forward/post.js');
|
|
48
|
-
|
|
49
|
-
// Restore the real wonderful-fetch in the require cache so the mock is confined
|
|
50
|
-
// to this file. Without this, the stub leaks process-wide and poisons every
|
|
51
|
-
// later test file's HTTP calls.
|
|
52
|
-
function restoreFetch() {
|
|
53
|
-
if (originalFetchCacheEntry) {
|
|
54
|
-
require.cache[originalFetchPath] = originalFetchCacheEntry;
|
|
55
|
-
} else {
|
|
56
|
-
delete require.cache[originalFetchPath];
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
// --- Test scaffolding ---
|
|
61
|
-
|
|
62
|
-
function makeFirestoreMock(brandDocs) {
|
|
63
|
-
return {
|
|
64
|
-
collection: (name) => {
|
|
65
|
-
if (name !== 'brands') {
|
|
66
|
-
throw new Error(`Unexpected collection: ${name}`);
|
|
67
|
-
}
|
|
68
|
-
return {
|
|
69
|
-
get: async () => ({
|
|
70
|
-
forEach: (cb) => {
|
|
71
|
-
for (const { id, data } of brandDocs) {
|
|
72
|
-
cb({ id, data: () => data });
|
|
73
|
-
}
|
|
74
|
-
},
|
|
75
|
-
}),
|
|
76
|
-
};
|
|
77
|
-
},
|
|
78
|
-
};
|
|
79
|
-
}
|
|
80
|
-
|
|
81
|
-
function makeAdminMock(brandDocs) {
|
|
82
|
-
const fs = makeFirestoreMock(brandDocs);
|
|
83
|
-
return { firestore: () => fs };
|
|
84
|
-
}
|
|
85
|
-
|
|
86
|
-
function makeAssistant({ query, body }) {
|
|
87
|
-
const responses = [];
|
|
88
|
-
return {
|
|
89
|
-
request: { query: query || {} },
|
|
90
|
-
ref: { req: { body: body !== undefined ? body : [] } },
|
|
91
|
-
log: () => {},
|
|
92
|
-
error: () => {},
|
|
93
|
-
respond: (data, opts) => {
|
|
94
|
-
responses.push({ data, code: opts?.code || 200 });
|
|
95
|
-
return { data, code: opts?.code || 200 };
|
|
96
|
-
},
|
|
97
|
-
_responses: responses,
|
|
98
|
-
};
|
|
99
|
-
}
|
|
100
|
-
|
|
101
|
-
function makeManager(configOverrides) {
|
|
102
|
-
const config = {
|
|
103
|
-
parent: 'self',
|
|
104
|
-
...configOverrides,
|
|
105
|
-
};
|
|
106
|
-
return {
|
|
107
|
-
config,
|
|
108
|
-
libraries: {}, // Not used in this route — admin comes in via libraries arg
|
|
109
|
-
isParent: () => config.parent === 'self',
|
|
110
|
-
};
|
|
111
|
-
}
|
|
112
|
-
|
|
113
|
-
function resetFetchMock() {
|
|
114
|
-
fetchCalls.length = 0;
|
|
115
|
-
fetchMockBehavior = () => ({ received: true });
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
// Saves and restores process.env so tests don't leak side effects
|
|
119
|
-
function withEnv(envOverrides, fn) {
|
|
120
|
-
const saved = {};
|
|
121
|
-
for (const k of Object.keys(envOverrides)) {
|
|
122
|
-
saved[k] = process.env[k];
|
|
123
|
-
process.env[k] = envOverrides[k];
|
|
124
|
-
}
|
|
125
|
-
return Promise.resolve(fn()).finally(() => {
|
|
126
|
-
for (const k of Object.keys(envOverrides)) {
|
|
127
|
-
if (saved[k] === undefined) delete process.env[k];
|
|
128
|
-
else process.env[k] = saved[k];
|
|
129
|
-
}
|
|
130
|
-
});
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
module.exports = {
|
|
134
|
-
description: 'webhook/forward unit tests (mocked admin + fetch)',
|
|
135
|
-
type: 'group',
|
|
136
|
-
|
|
137
|
-
// Restore the real wonderful-fetch after this file's tests so the require-cache
|
|
138
|
-
// stub does not leak into any test file that runs later in the same process.
|
|
139
|
-
cleanup() {
|
|
140
|
-
restoreFetch();
|
|
141
|
-
},
|
|
142
|
-
|
|
143
|
-
tests: [
|
|
144
|
-
// ─── Gating ───
|
|
145
|
-
|
|
146
|
-
{
|
|
147
|
-
name: 'returns-404-when-parent-not-self',
|
|
148
|
-
async run({ assert }) {
|
|
149
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
150
|
-
resetFetchMock();
|
|
151
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' } });
|
|
152
|
-
const Manager = makeManager({ parent: 'https://api.itwcreativeworks.com' }); // NOT 'self'
|
|
153
|
-
const admin = makeAdminMock([]);
|
|
154
|
-
|
|
155
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
156
|
-
|
|
157
|
-
assert.equal(assistant._responses.length, 1, 'should respond once');
|
|
158
|
-
assert.equal(assistant._responses[0].code, 404, 'should return 404');
|
|
159
|
-
assert.equal(fetchCalls.length, 0, 'should NOT call fetch when gated');
|
|
160
|
-
});
|
|
161
|
-
},
|
|
162
|
-
},
|
|
163
|
-
|
|
164
|
-
{
|
|
165
|
-
name: 'allows-route-when-parent-is-self',
|
|
166
|
-
async run({ assert }) {
|
|
167
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
168
|
-
resetFetchMock();
|
|
169
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' } });
|
|
170
|
-
const Manager = makeManager({ parent: 'self' });
|
|
171
|
-
const admin = makeAdminMock([]); // No brands — but route still reaches the fan-out step
|
|
172
|
-
|
|
173
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
174
|
-
|
|
175
|
-
assert.equal(assistant._responses[0].code, 200, 'should return 200 when parent: self');
|
|
176
|
-
assert.equal(assistant._responses[0].data.forwarded, 0, 'no brands means 0 forwarded');
|
|
177
|
-
});
|
|
178
|
-
},
|
|
179
|
-
},
|
|
180
|
-
|
|
181
|
-
// ─── Auth ───
|
|
182
|
-
|
|
183
|
-
{
|
|
184
|
-
name: 'rejects-missing-provider',
|
|
185
|
-
async run({ assert }) {
|
|
186
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
187
|
-
resetFetchMock();
|
|
188
|
-
const assistant = makeAssistant({ query: { key: 'test-key' } }); // no provider
|
|
189
|
-
const Manager = makeManager();
|
|
190
|
-
const admin = makeAdminMock([]);
|
|
191
|
-
|
|
192
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
193
|
-
|
|
194
|
-
assert.equal(assistant._responses[0].code, 400, 'missing provider → 400');
|
|
195
|
-
});
|
|
196
|
-
},
|
|
197
|
-
},
|
|
198
|
-
|
|
199
|
-
{
|
|
200
|
-
name: 'rejects-missing-key',
|
|
201
|
-
async run({ assert }) {
|
|
202
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
203
|
-
resetFetchMock();
|
|
204
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid' } }); // no key
|
|
205
|
-
const Manager = makeManager();
|
|
206
|
-
const admin = makeAdminMock([]);
|
|
207
|
-
|
|
208
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
209
|
-
|
|
210
|
-
assert.equal(assistant._responses[0].code, 401, 'missing key → 401');
|
|
211
|
-
});
|
|
212
|
-
},
|
|
213
|
-
},
|
|
214
|
-
|
|
215
|
-
{
|
|
216
|
-
name: 'rejects-wrong-key',
|
|
217
|
-
async run({ assert }) {
|
|
218
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'real-key' }, async () => {
|
|
219
|
-
resetFetchMock();
|
|
220
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'wrong-key' } });
|
|
221
|
-
const Manager = makeManager();
|
|
222
|
-
const admin = makeAdminMock([]);
|
|
223
|
-
|
|
224
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
225
|
-
|
|
226
|
-
assert.equal(assistant._responses[0].code, 401, 'wrong key → 401');
|
|
227
|
-
});
|
|
228
|
-
},
|
|
229
|
-
},
|
|
230
|
-
|
|
231
|
-
// ─── Fan-out logic ───
|
|
232
|
-
|
|
233
|
-
{
|
|
234
|
-
name: 'derives-api-url-from-brand-url-and-fans-out',
|
|
235
|
-
async run({ assert }) {
|
|
236
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
237
|
-
resetFetchMock();
|
|
238
|
-
const body = [{ sg_event_id: 'evt1', event: 'group_unsubscribe', email: 't@example.com' }];
|
|
239
|
-
const assistant = makeAssistant({
|
|
240
|
-
query: { provider: 'sendgrid', key: 'test-key' },
|
|
241
|
-
body,
|
|
242
|
-
});
|
|
243
|
-
const Manager = makeManager();
|
|
244
|
-
const admin = makeAdminMock([
|
|
245
|
-
{ id: 'somiibo', data: { brand: { id: 'somiibo', url: 'https://somiibo.com' } } },
|
|
246
|
-
{ id: 'chatsy', data: { brand: { id: 'chatsy', url: 'https://chatsy.com' } } },
|
|
247
|
-
]);
|
|
248
|
-
|
|
249
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
250
|
-
|
|
251
|
-
assert.equal(fetchCalls.length, 2, 'should fan out to both brands');
|
|
252
|
-
assert.equal(
|
|
253
|
-
fetchCalls[0].url,
|
|
254
|
-
'https://api.somiibo.com/backend-manager/marketing/webhook?provider=sendgrid&key=test-key',
|
|
255
|
-
'first child URL derived correctly'
|
|
256
|
-
);
|
|
257
|
-
assert.equal(
|
|
258
|
-
fetchCalls[1].url,
|
|
259
|
-
'https://api.chatsy.com/backend-manager/marketing/webhook?provider=sendgrid&key=test-key',
|
|
260
|
-
'second child URL derived correctly'
|
|
261
|
-
);
|
|
262
|
-
assert.deepEqual(fetchCalls[0].opts.body, body, 'raw body forwarded unchanged');
|
|
263
|
-
assert.equal(assistant._responses[0].data.succeeded, 2, '2 children succeeded');
|
|
264
|
-
});
|
|
265
|
-
},
|
|
266
|
-
},
|
|
267
|
-
|
|
268
|
-
{
|
|
269
|
-
name: 'forwards-raw-body-unchanged-for-beehiiv',
|
|
270
|
-
async run({ assert }) {
|
|
271
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
272
|
-
resetFetchMock();
|
|
273
|
-
const body = {
|
|
274
|
-
id: 'beehiiv-evt1',
|
|
275
|
-
event: 'subscription.unsubscribed',
|
|
276
|
-
email: 'x@example.com',
|
|
277
|
-
publication_id: 'pub_abc',
|
|
278
|
-
};
|
|
279
|
-
const assistant = makeAssistant({
|
|
280
|
-
query: { provider: 'beehiiv', key: 'test-key' },
|
|
281
|
-
body,
|
|
282
|
-
});
|
|
283
|
-
const Manager = makeManager();
|
|
284
|
-
const admin = makeAdminMock([
|
|
285
|
-
{ id: 'somiibo', data: { brand: { id: 'somiibo', url: 'https://somiibo.com' } } },
|
|
286
|
-
]);
|
|
287
|
-
|
|
288
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
289
|
-
|
|
290
|
-
assert.equal(fetchCalls.length, 1);
|
|
291
|
-
assert.ok(fetchCalls[0].url.includes('provider=beehiiv'), 'provider param preserved');
|
|
292
|
-
assert.deepEqual(fetchCalls[0].opts.body, body, 'raw Beehiiv body forwarded unchanged');
|
|
293
|
-
});
|
|
294
|
-
},
|
|
295
|
-
},
|
|
296
|
-
|
|
297
|
-
{
|
|
298
|
-
name: 'skips-brands-without-brand-url',
|
|
299
|
-
async run({ assert }) {
|
|
300
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
301
|
-
resetFetchMock();
|
|
302
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' }, body: [] });
|
|
303
|
-
const Manager = makeManager();
|
|
304
|
-
const admin = makeAdminMock([
|
|
305
|
-
{ id: 'somiibo', data: { brand: { id: 'somiibo', url: 'https://somiibo.com' } } },
|
|
306
|
-
{ id: 'partial-brand', data: { brand: { id: 'partial-brand' /* no url */ } } },
|
|
307
|
-
{ id: 'no-brand-key', data: { /* no brand at all */ } },
|
|
308
|
-
]);
|
|
309
|
-
|
|
310
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
311
|
-
|
|
312
|
-
assert.equal(fetchCalls.length, 1, 'only the brand with a URL should be fanned to');
|
|
313
|
-
assert.ok(fetchCalls[0].url.includes('api.somiibo.com'), 'somiibo was the one called');
|
|
314
|
-
});
|
|
315
|
-
},
|
|
316
|
-
},
|
|
317
|
-
|
|
318
|
-
{
|
|
319
|
-
name: 'failure-isolation-one-bad-child-does-not-break-others',
|
|
320
|
-
async run({ assert }) {
|
|
321
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
322
|
-
resetFetchMock();
|
|
323
|
-
fetchMockBehavior = (url) => {
|
|
324
|
-
if (url.includes('chatsy.com')) {
|
|
325
|
-
throw new Error('connection refused');
|
|
326
|
-
}
|
|
327
|
-
return { received: true };
|
|
328
|
-
};
|
|
329
|
-
|
|
330
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' }, body: [] });
|
|
331
|
-
const Manager = makeManager();
|
|
332
|
-
const admin = makeAdminMock([
|
|
333
|
-
{ id: 'somiibo', data: { brand: { id: 'somiibo', url: 'https://somiibo.com' } } },
|
|
334
|
-
{ id: 'chatsy', data: { brand: { id: 'chatsy', url: 'https://chatsy.com' } } },
|
|
335
|
-
{ id: 'dashqr', data: { brand: { id: 'dashqr', url: 'https://dashqr.com' } } },
|
|
336
|
-
]);
|
|
337
|
-
|
|
338
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
339
|
-
|
|
340
|
-
assert.equal(fetchCalls.length, 3, 'all 3 children attempted');
|
|
341
|
-
const response = assistant._responses[0];
|
|
342
|
-
assert.equal(response.code, 200, 'response is still 200 — provider should not retry parent');
|
|
343
|
-
assert.equal(response.data.succeeded, 2, '2 children succeeded');
|
|
344
|
-
assert.equal(response.data.failed, 1, '1 child failed');
|
|
345
|
-
assert.ok(response.data.failures, 'failures array populated');
|
|
346
|
-
assert.equal(response.data.failures[0].brandId, 'chatsy', 'failure entry names the brand');
|
|
347
|
-
});
|
|
348
|
-
},
|
|
349
|
-
},
|
|
350
|
-
|
|
351
|
-
{
|
|
352
|
-
name: 'invalid-brand-url-counted-as-failure-not-thrown',
|
|
353
|
-
async run({ assert }) {
|
|
354
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
355
|
-
resetFetchMock();
|
|
356
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' }, body: [] });
|
|
357
|
-
const Manager = makeManager();
|
|
358
|
-
const admin = makeAdminMock([
|
|
359
|
-
{ id: 'somiibo', data: { brand: { id: 'somiibo', url: 'https://somiibo.com' } } },
|
|
360
|
-
{ id: 'broken', data: { brand: { id: 'broken', url: 'not-a-valid-url' } } },
|
|
361
|
-
]);
|
|
362
|
-
|
|
363
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
364
|
-
|
|
365
|
-
const response = assistant._responses[0];
|
|
366
|
-
assert.equal(response.code, 200, 'route still returns 200');
|
|
367
|
-
assert.equal(response.data.succeeded, 1, 'somiibo succeeded');
|
|
368
|
-
assert.equal(response.data.failed, 1, 'broken brand counted as failed');
|
|
369
|
-
assert.equal(fetchCalls.length, 1, 'only the valid URL was actually fetched');
|
|
370
|
-
});
|
|
371
|
-
},
|
|
372
|
-
},
|
|
373
|
-
|
|
374
|
-
{
|
|
375
|
-
name: 'self-is-included-in-fanout',
|
|
376
|
-
async run({ assert }) {
|
|
377
|
-
// The parent's own brand IS expected to be in the brands collection.
|
|
378
|
-
// It should be fanned to via HTTP like any other brand, so its own
|
|
379
|
-
// BEM processes its own user updates the same way as siblings.
|
|
380
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
381
|
-
resetFetchMock();
|
|
382
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' }, body: [] });
|
|
383
|
-
const Manager = makeManager({ brand: { id: 'itw-creative-works' } });
|
|
384
|
-
const admin = makeAdminMock([
|
|
385
|
-
{ id: 'itw-creative-works', data: { brand: { id: 'itw-creative-works', url: 'https://itwcreativeworks.com' } } },
|
|
386
|
-
{ id: 'somiibo', data: { brand: { id: 'somiibo', url: 'https://somiibo.com' } } },
|
|
387
|
-
]);
|
|
388
|
-
|
|
389
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
390
|
-
|
|
391
|
-
assert.equal(fetchCalls.length, 2, 'parent fans out to ALL brands including itself');
|
|
392
|
-
assert.ok(
|
|
393
|
-
fetchCalls.some(c => c.url.includes('api.itwcreativeworks.com')),
|
|
394
|
-
'self IS in the fan-out target list'
|
|
395
|
-
);
|
|
396
|
-
});
|
|
397
|
-
},
|
|
398
|
-
},
|
|
399
|
-
|
|
400
|
-
{
|
|
401
|
-
name: 'zero-brands-handled-gracefully',
|
|
402
|
-
async run({ assert }) {
|
|
403
|
-
await withEnv({ BACKEND_MANAGER_WEBHOOK_KEY: 'test-key' }, async () => {
|
|
404
|
-
resetFetchMock();
|
|
405
|
-
const assistant = makeAssistant({ query: { provider: 'sendgrid', key: 'test-key' }, body: [] });
|
|
406
|
-
const Manager = makeManager();
|
|
407
|
-
const admin = makeAdminMock([]);
|
|
408
|
-
|
|
409
|
-
await route({ assistant, Manager, libraries: { admin } });
|
|
410
|
-
|
|
411
|
-
assert.equal(fetchCalls.length, 0);
|
|
412
|
-
assert.equal(assistant._responses[0].code, 200, 'still 200 with no brands');
|
|
413
|
-
assert.equal(assistant._responses[0].data.forwarded, 0);
|
|
414
|
-
});
|
|
415
|
-
},
|
|
416
|
-
},
|
|
417
|
-
],
|
|
418
|
-
};
|
package/test/mcp/discovery.js
DELETED
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Test: MCP OAuth discovery endpoints
|
|
3
|
-
* Tests .well-known/oauth-authorization-server and .well-known/oauth-protected-resource
|
|
4
|
-
*
|
|
5
|
-
* Run: npx mgr test bem:mcp/discovery
|
|
6
|
-
*/
|
|
7
|
-
const fetch = require('wonderful-fetch');
|
|
8
|
-
|
|
9
|
-
const BASE_URL = 'http://localhost:5002';
|
|
10
|
-
|
|
11
|
-
module.exports = {
|
|
12
|
-
description: 'MCP OAuth discovery endpoints',
|
|
13
|
-
type: 'group',
|
|
14
|
-
|
|
15
|
-
tests: [
|
|
16
|
-
{
|
|
17
|
-
name: 'oauth-authorization-server returns valid metadata',
|
|
18
|
-
async run({ assert }) {
|
|
19
|
-
const response = await fetch(`${BASE_URL}/.well-known/oauth-authorization-server`, {
|
|
20
|
-
method: 'GET',
|
|
21
|
-
response: 'json',
|
|
22
|
-
timeout: 10000,
|
|
23
|
-
});
|
|
24
|
-
|
|
25
|
-
assert.ok(response, 'Discovery endpoint should return a response');
|
|
26
|
-
assert.ok(response.issuer, 'Should have issuer');
|
|
27
|
-
assert.ok(response.authorization_endpoint, 'Should have authorization_endpoint');
|
|
28
|
-
assert.ok(response.token_endpoint, 'Should have token_endpoint');
|
|
29
|
-
assert.ok(response.authorization_endpoint.includes('/backend-manager/mcp/authorize'), 'authorization_endpoint should point to mcp/authorize');
|
|
30
|
-
assert.ok(response.token_endpoint.includes('/backend-manager/mcp/token'), 'token_endpoint should point to mcp/token');
|
|
31
|
-
assert.ok(response.response_types_supported.includes('code'), 'Should support code response type');
|
|
32
|
-
assert.ok(response.code_challenge_methods_supported.includes('S256'), 'Should support PKCE S256');
|
|
33
|
-
},
|
|
34
|
-
},
|
|
35
|
-
|
|
36
|
-
{
|
|
37
|
-
name: 'oauth-protected-resource returns valid metadata',
|
|
38
|
-
async run({ assert }) {
|
|
39
|
-
const response = await fetch(`${BASE_URL}/.well-known/oauth-protected-resource`, {
|
|
40
|
-
method: 'GET',
|
|
41
|
-
response: 'json',
|
|
42
|
-
timeout: 10000,
|
|
43
|
-
});
|
|
44
|
-
|
|
45
|
-
assert.ok(response, 'Protected resource endpoint should return a response');
|
|
46
|
-
assert.ok(response.resource, 'Should have resource');
|
|
47
|
-
assert.ok(response.resource.includes('/backend-manager/mcp'), 'resource should point to MCP endpoint');
|
|
48
|
-
assert.ok(Array.isArray(response.authorization_servers), 'Should have authorization_servers array');
|
|
49
|
-
assert.ok(response.authorization_servers.length > 0, 'Should have at least one authorization server');
|
|
50
|
-
},
|
|
51
|
-
},
|
|
52
|
-
],
|
|
53
|
-
};
|
package/test/mcp/oauth.js
DELETED
|
@@ -1,161 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Test: MCP OAuth authorize + token endpoints
|
|
3
|
-
* Tests admin auto-approve, manual form fallback, token exchange
|
|
4
|
-
*
|
|
5
|
-
* Run: npx mgr test bem:mcp/oauth
|
|
6
|
-
*/
|
|
7
|
-
const fetch = require('wonderful-fetch');
|
|
8
|
-
|
|
9
|
-
const BASE_URL = 'http://localhost:5002';
|
|
10
|
-
|
|
11
|
-
async function fetchJSON(url, options) {
|
|
12
|
-
try {
|
|
13
|
-
const text = await fetch(url, { ...options, response: 'text', timeout: 10000 });
|
|
14
|
-
|
|
15
|
-
try {
|
|
16
|
-
return JSON.parse(text);
|
|
17
|
-
} catch (e) {
|
|
18
|
-
return { _raw: text };
|
|
19
|
-
}
|
|
20
|
-
} catch (error) {
|
|
21
|
-
// wonderful-fetch throws on non-2xx — parse the error body if available
|
|
22
|
-
const msg = error.message || '';
|
|
23
|
-
|
|
24
|
-
try {
|
|
25
|
-
return JSON.parse(msg);
|
|
26
|
-
} catch (e) {
|
|
27
|
-
return { _errorMessage: msg };
|
|
28
|
-
}
|
|
29
|
-
}
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
module.exports = {
|
|
33
|
-
description: 'MCP OAuth authorize + token flow',
|
|
34
|
-
type: 'group',
|
|
35
|
-
|
|
36
|
-
tests: [
|
|
37
|
-
// --- Authorize endpoint ---
|
|
38
|
-
|
|
39
|
-
{
|
|
40
|
-
name: 'authorize auto-approves when client_id is admin key',
|
|
41
|
-
async run({ http, assert }) {
|
|
42
|
-
const key = process.env.BACKEND_MANAGER_KEY;
|
|
43
|
-
const response = await http.as('none').get(
|
|
44
|
-
'backend-manager/mcp/authorize',
|
|
45
|
-
{
|
|
46
|
-
client_id: key,
|
|
47
|
-
redirect_uri: 'https://example.com/callback',
|
|
48
|
-
state: 'test-state-123',
|
|
49
|
-
},
|
|
50
|
-
);
|
|
51
|
-
|
|
52
|
-
assert.ok(response, 'Should get a response');
|
|
53
|
-
},
|
|
54
|
-
},
|
|
55
|
-
|
|
56
|
-
{
|
|
57
|
-
name: 'authorize redirects to consumer auth URL when no matching client_id',
|
|
58
|
-
async run({ assert }) {
|
|
59
|
-
// The fixture has brand.url = "https://example.com", so the handler redirects
|
|
60
|
-
// to example.com/token. This proves the redirect path works.
|
|
61
|
-
try {
|
|
62
|
-
const response = await fetch(
|
|
63
|
-
`${BASE_URL}/backend-manager/mcp/authorize?redirect_uri=https://example.com/callback&state=abc`,
|
|
64
|
-
{ method: 'GET', response: 'text', timeout: 10000 },
|
|
65
|
-
);
|
|
66
|
-
assert.ok(response, 'Should get a response after following redirect');
|
|
67
|
-
} catch (error) {
|
|
68
|
-
// Redirect to external site may fail — that's fine, it means the redirect happened
|
|
69
|
-
assert.ok(true, 'Redirect was attempted');
|
|
70
|
-
}
|
|
71
|
-
},
|
|
72
|
-
},
|
|
73
|
-
|
|
74
|
-
// --- Token endpoint ---
|
|
75
|
-
|
|
76
|
-
{
|
|
77
|
-
name: 'token rejects GET method',
|
|
78
|
-
async run({ assert }) {
|
|
79
|
-
const response = await fetchJSON(`${BASE_URL}/backend-manager/mcp/token`, {
|
|
80
|
-
method: 'GET',
|
|
81
|
-
});
|
|
82
|
-
|
|
83
|
-
assert.equal(response.error, 'Method not allowed', 'Should reject GET');
|
|
84
|
-
},
|
|
85
|
-
},
|
|
86
|
-
|
|
87
|
-
{
|
|
88
|
-
name: 'token exchanges admin key for access_token',
|
|
89
|
-
async run({ assert }) {
|
|
90
|
-
const key = process.env.BACKEND_MANAGER_KEY;
|
|
91
|
-
const response = await fetchJSON(`${BASE_URL}/backend-manager/mcp/token`, {
|
|
92
|
-
method: 'POST',
|
|
93
|
-
headers: { 'Content-Type': 'application/json' },
|
|
94
|
-
body: JSON.stringify({ code: key }),
|
|
95
|
-
});
|
|
96
|
-
|
|
97
|
-
assert.ok(response, 'Token exchange should return a response');
|
|
98
|
-
assert.equal(response.access_token, key, 'access_token should be the admin key');
|
|
99
|
-
assert.equal(response.token_type, 'Bearer', 'token_type should be Bearer');
|
|
100
|
-
},
|
|
101
|
-
},
|
|
102
|
-
|
|
103
|
-
{
|
|
104
|
-
name: 'token rejects invalid code',
|
|
105
|
-
async run({ assert }) {
|
|
106
|
-
const response = await fetchJSON(`${BASE_URL}/backend-manager/mcp/token`, {
|
|
107
|
-
method: 'POST',
|
|
108
|
-
headers: { 'Content-Type': 'application/json' },
|
|
109
|
-
body: JSON.stringify({ code: 'invalid-key-12345' }),
|
|
110
|
-
});
|
|
111
|
-
|
|
112
|
-
assert.equal(response.error, 'invalid_grant', 'Error should be invalid_grant');
|
|
113
|
-
assert.ok(response.error_description, 'Should have error_description');
|
|
114
|
-
},
|
|
115
|
-
},
|
|
116
|
-
|
|
117
|
-
{
|
|
118
|
-
name: 'token rejects empty body',
|
|
119
|
-
async run({ assert }) {
|
|
120
|
-
const response = await fetchJSON(`${BASE_URL}/backend-manager/mcp/token`, {
|
|
121
|
-
method: 'POST',
|
|
122
|
-
headers: { 'Content-Type': 'application/json' },
|
|
123
|
-
body: JSON.stringify({}),
|
|
124
|
-
});
|
|
125
|
-
|
|
126
|
-
assert.equal(response.error, 'invalid_grant', 'Should return invalid_grant');
|
|
127
|
-
},
|
|
128
|
-
},
|
|
129
|
-
|
|
130
|
-
// --- Dynamic Client Registration ---
|
|
131
|
-
|
|
132
|
-
{
|
|
133
|
-
name: 'register returns a client_id',
|
|
134
|
-
async run({ assert }) {
|
|
135
|
-
const response = await fetchJSON(`${BASE_URL}/backend-manager/mcp/register`, {
|
|
136
|
-
method: 'POST',
|
|
137
|
-
headers: { 'Content-Type': 'application/json' },
|
|
138
|
-
body: JSON.stringify({
|
|
139
|
-
client_name: 'Test MCP Client',
|
|
140
|
-
redirect_uris: ['https://example.com/callback'],
|
|
141
|
-
}),
|
|
142
|
-
});
|
|
143
|
-
|
|
144
|
-
assert.ok(response.client_id, 'Should return a client_id');
|
|
145
|
-
assert.ok(response.client_id.startsWith('mcp_'), 'client_id should start with mcp_');
|
|
146
|
-
assert.equal(response.client_name, 'Test MCP Client', 'Should echo client_name');
|
|
147
|
-
},
|
|
148
|
-
},
|
|
149
|
-
|
|
150
|
-
{
|
|
151
|
-
name: 'register rejects GET method',
|
|
152
|
-
async run({ assert }) {
|
|
153
|
-
const response = await fetchJSON(`${BASE_URL}/backend-manager/mcp/register`, {
|
|
154
|
-
method: 'GET',
|
|
155
|
-
});
|
|
156
|
-
|
|
157
|
-
assert.equal(response.error, 'Method not allowed', 'Should reject GET');
|
|
158
|
-
},
|
|
159
|
-
},
|
|
160
|
-
],
|
|
161
|
-
};
|