diff --git a/ReadMe.md b/ReadMe.md index 36c4176..a3284a0 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -28,7 +28,7 @@ Before connecting ElectronForce to a Salesforce org you need to create an Extern 5. Set the **Distribution State** to **Local** (for use only in this org). 6. Save the app, then open it and enable the **OAuth Plugin**. 7. In the OAuth plugin settings, set the **Callback URL** to `http://localhost:3835/callback`. -8. Add the following **OAuth Scopes**: `api` and `refresh_token, offline_access`. +8. Add the following **OAuth Scopes**: `api` and `refresh_token`. 9. Save. Copy the **Consumer Key** (Client ID) and **Consumer Secret** from the OAuth plugin detail page. For full details see the Salesforce Help article [Create an External Client App](https://help.salesforce.com/s/articleView?id=xcloud.create_a_local_external_client_app.htm&type=5). diff --git a/app/render.js b/app/render.js index 499569b..3f9ac86 100644 --- a/app/render.js +++ b/app/render.js @@ -749,7 +749,9 @@ window.api.receive('response_permset_detail', (data) => { window.api.receive('response_settings', (data) => { if (data.response) { document.getElementById('settings-consumer-key').value = data.response.consumerKey ?? ''; - document.getElementById('settings-consumer-secret').value = data.response.consumerSecret ?? ''; + if ('consumerSecret' in data.response) { + document.getElementById('settings-consumer-secret').value = data.response.consumerSecret ?? ''; + } document.getElementById('settings-login-url').value = data.response.loginUrl || 'https://login.salesforce.com'; document.getElementById('settings-callback-port').value = data.response.callbackPort ?? 3835; } diff --git a/main.js b/main.js index 6b53bb6..e39a71b 100644 --- a/main.js +++ b/main.js @@ -78,19 +78,18 @@ app.on('window-all-closed', () => { // Extra security filters. // See also: https://github.com/reZach/secure-electron-template app.on('web-contents-created', (event, contents) => { - // Block navigation to any non-file:// URL. - // The app only ever loads local file:// pages; external URLs (including OAuth - // authorization URLs) are opened via shell.openExternal and never cause - // Electron navigation. The OAuth localhost callback is handled by the HTTP - // server in src/electronForce.js, not by Electron navigation events. + // Restrict navigation to the application's own index.html only. + // External URLs (including OAuth authorization URLs) are opened via + // shell.openExternal and never trigger Electron navigation events. // https://electronjs.org/docs/tutorial/security#12-disable-or-limit-navigation + const indexUrl = `file://${path.join(app.getAppPath(), 'app', 'index.html')}`; contents.on('will-navigate', (navevent, url) => { - if (!url.startsWith('file://')) { + if (url !== indexUrl) { navevent.preventDefault(); } }); contents.on('will-redirect', (navevent, url) => { - if (!url.startsWith('file://')) { + if (url !== indexUrl) { navevent.preventDefault(); } }); diff --git a/package-lock.json b/package-lock.json index 4837715..27495d0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,30 +37,9 @@ "eslint-plugin-react": "^7.22.0", "husky": "^8.0.3", "jest": "^29.5.0", - "jest-environment-jsdom": "^30.2.0" + "jest-environment-jsdom": "^29.5.0" } }, - "node_modules/@asamuzakjp/css-color": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-3.2.0.tgz", - "integrity": "sha512-K1A6z8tS3XsmCMM86xoWdn7Fkdn9m6RSVtocUrJYIwZnFVkng/PvkEoWtOWmP+Scc6saYWHWZYbndEEXxl24jw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@csstools/css-calc": "^2.1.3", - "@csstools/css-color-parser": "^3.0.9", - "@csstools/css-parser-algorithms": "^3.0.4", - "@csstools/css-tokenizer": "^3.0.3", - "lru-cache": "^10.4.3" - } - }, - "node_modules/@asamuzakjp/css-color/node_modules/lru-cache": { - "version": "10.4.3", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", - "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", - "dev": true, - "license": "ISC" - }, "node_modules/@babel/code-frame": { "version": "7.29.0", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz", @@ -598,121 +577,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@csstools/color-helpers": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-5.1.0.tgz", - "integrity": "sha512-S11EXWJyy0Mz5SYvRmY8nJYTFFd1LCNV+7cXyAgQtOOuzb4EsgfqDufL+9esx72/eLhsRdGZwaldu/h+E4t4BA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/csstools" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/csstools" - } - ], - "license": "MIT-0", - "engines": { - "node": ">=18" - } - }, - "node_modules/@csstools/css-calc": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-2.1.4.tgz", - "integrity": "sha512-3N8oaj+0juUw/1H3YwmDDJXCgTB1gKU6Hc/bB502u9zR0q2vd786XJH9QfrKIEgFlZmhZiq6epXl4rHqhzsIgQ==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/csstools" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/csstools" - } - ], - "license": "MIT", - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "@csstools/css-parser-algorithms": "^3.0.5", - "@csstools/css-tokenizer": "^3.0.4" - } - }, - "node_modules/@csstools/css-color-parser": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-3.1.0.tgz", - "integrity": "sha512-nbtKwh3a6xNVIp/VRuXV64yTKnb1IjTAEEh3irzS+HkKjAOYLTGNb9pmVNntZ8iVBHcWDA2Dof0QtPgFI1BaTA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/csstools" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/csstools" - } - ], - "license": "MIT", - "dependencies": { - "@csstools/color-helpers": "^5.1.0", - "@csstools/css-calc": "^2.1.4" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "@csstools/css-parser-algorithms": "^3.0.5", - "@csstools/css-tokenizer": "^3.0.4" - } - }, - "node_modules/@csstools/css-parser-algorithms": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.5.tgz", - "integrity": "sha512-DaDeUkXZKjdGhgYaHNJTV9pV7Y9B3b644jCLs9Upc3VeNGg6LWARAT6O+Q+/COo+2gg/bM5rhpMAtf70WqfBdQ==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/csstools" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/csstools" - } - ], - "license": "MIT", - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "@csstools/css-tokenizer": "^3.0.4" - } - }, - "node_modules/@csstools/css-tokenizer": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-3.0.4.tgz", - "integrity": "sha512-Vd/9EVDiu6PPJt9yAh6roZP6El1xHrdvIVGjyBsHR0RYwNHgL7FJPyIIW4fANJNG6FtyZfvlRPpFI4ZM/lubvw==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/csstools" - }, - { - "type": "opencollective", - "url": "https://opencollective.com/csstools" - } - ], - "license": "MIT", - "engines": { - "node": ">=18" - } - }, "node_modules/@electron-forge/cli": { "version": "7.11.1", "resolved": "https://registry.npmjs.org/@electron-forge/cli/-/cli-7.11.1.tgz", @@ -2066,228 +1930,6 @@ "node": "^14.15.0 || ^16.10.0 || >=18.0.0" } }, - "node_modules/@jest/environment-jsdom-abstract": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/environment-jsdom-abstract/-/environment-jsdom-abstract-30.2.0.tgz", - "integrity": "sha512-kazxw2L9IPuZpQ0mEt9lu9Z98SqR74xcagANmMBU16X0lS23yPc0+S6hGLUz8kVRlomZEs/5S/Zlpqwf5yu6OQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/environment": "30.2.0", - "@jest/fake-timers": "30.2.0", - "@jest/types": "30.2.0", - "@types/jsdom": "^21.1.7", - "@types/node": "*", - "jest-mock": "30.2.0", - "jest-util": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - }, - "peerDependencies": { - "canvas": "^3.0.0", - "jsdom": "*" - }, - "peerDependenciesMeta": { - "canvas": { - "optional": true - } - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/@jest/environment": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-30.2.0.tgz", - "integrity": "sha512-/QPTL7OBJQ5ac09UDRa3EQes4gt1FTEG/8jZ/4v5IVzx+Cv7dLxlVIvfvSVRiiX2drWyXeBjkMSR8hvOWSog5g==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/fake-timers": "30.2.0", - "@jest/types": "30.2.0", - "@types/node": "*", - "jest-mock": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/@jest/fake-timers": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-30.2.0.tgz", - "integrity": "sha512-HI3tRLjRxAbBy0VO8dqqm7Hb2mIa8d5bg/NJkyQcOk7V118ObQML8RC5luTF/Zsg4474a+gDvhce7eTnP4GhYw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/types": "30.2.0", - "@sinonjs/fake-timers": "^13.0.0", - "@types/node": "*", - "jest-message-util": "30.2.0", - "jest-mock": "30.2.0", - "jest-util": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/@jest/schemas": { - "version": "30.0.5", - "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-30.0.5.tgz", - "integrity": "sha512-DmdYgtezMkh3cpU8/1uyXakv3tJRcmcXxBOcO0tbaozPwpmh4YMsnWrQm9ZmZMfa5ocbxzbFk6O4bDPEc/iAnA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@sinclair/typebox": "^0.34.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/@jest/types": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-30.2.0.tgz", - "integrity": "sha512-H9xg1/sfVvyfU7o3zMfBEjQ1gcsdeTMgqHoYdN79tuLqfTtuu7WckRA1R5whDwOzxaZAeMKTYWqP+WCAi0CHsg==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/pattern": "30.0.1", - "@jest/schemas": "30.0.5", - "@types/istanbul-lib-coverage": "^2.0.6", - "@types/istanbul-reports": "^3.0.4", - "@types/node": "*", - "@types/yargs": "^17.0.33", - "chalk": "^4.1.2" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/@sinclair/typebox": { - "version": "0.34.48", - "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.34.48.tgz", - "integrity": "sha512-kKJTNuK3AQOrgjjotVxMrCn1sUJwM76wMszfq1kdU4uYVJjvEWuFQ6HgvLt4Xz3fSmZlTOxJ/Ie13KnIcWQXFA==", - "dev": true, - "license": "MIT" - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/@sinonjs/fake-timers": { - "version": "13.0.5", - "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-13.0.5.tgz", - "integrity": "sha512-36/hTbH2uaWuGVERyC6da9YwGWnzUZXuPro/F2LfsdOsLnCojz/iSH8MxUt/FD2S5XBSVPhmArFUXcpCQ2Hkiw==", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "@sinonjs/commons": "^3.0.1" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/ci-info": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.4.0.tgz", - "integrity": "sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/sibiraj-s" - } - ], - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/jest-message-util": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-30.2.0.tgz", - "integrity": "sha512-y4DKFLZ2y6DxTWD4cDe07RglV88ZiNEdlRfGtqahfbIjfsw1nMCPx49Uev4IA/hWn3sDKyAnSPwoYSsAEdcimw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@babel/code-frame": "^7.27.1", - "@jest/types": "30.2.0", - "@types/stack-utils": "^2.0.3", - "chalk": "^4.1.2", - "graceful-fs": "^4.2.11", - "micromatch": "^4.0.8", - "pretty-format": "30.2.0", - "slash": "^3.0.0", - "stack-utils": "^2.0.6" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/jest-mock": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-30.2.0.tgz", - "integrity": "sha512-JNNNl2rj4b5ICpmAcq+WbLH83XswjPbjH4T7yvGzfAGCPh1rw+xVNbtk+FnRslvt9lkCcdn9i1oAoKUuFsOxRw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/types": "30.2.0", - "@types/node": "*", - "jest-util": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/jest-util": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-30.2.0.tgz", - "integrity": "sha512-QKNsM0o3Xe6ISQU869e+DhG+4CK/48aHYdJZGlFQVTjnbvgpcKyxpzk29fGiO7i/J8VENZ+d2iGnSsvmuHywlA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/types": "30.2.0", - "@types/node": "*", - "chalk": "^4.1.2", - "ci-info": "^4.2.0", - "graceful-fs": "^4.2.11", - "picomatch": "^4.0.2" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/picomatch": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", - "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/jonschlinkert" - } - }, - "node_modules/@jest/environment-jsdom-abstract/node_modules/pretty-format": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-30.2.0.tgz", - "integrity": "sha512-9uBdv/B4EefsuAL+pWqueZyZS2Ba+LxfFeQ9DN14HU4bN8bhaxKdkpjpB6fs9+pSjIBu+FXQHImEg8j/Lw0+vA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/schemas": "30.0.5", - "ansi-styles": "^5.2.0", - "react-is": "^18.3.1" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, "node_modules/@jest/expect": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", @@ -2349,30 +1991,6 @@ "node": "^14.15.0 || ^16.10.0 || >=18.0.0" } }, - "node_modules/@jest/pattern": { - "version": "30.0.1", - "resolved": "https://registry.npmjs.org/@jest/pattern/-/pattern-30.0.1.tgz", - "integrity": "sha512-gWp7NfQW27LaBQz3TITS8L7ZCQ0TLvtmI//4OwlQRx4rnWxcPNIYjxZpDcN4+UlGxgm3jS5QPz8IPTCkb59wZA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@types/node": "*", - "jest-regex-util": "30.0.1" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/@jest/pattern/node_modules/jest-regex-util": { - "version": "30.0.1", - "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-30.0.1.tgz", - "integrity": "sha512-jHEQgBXAgc+Gh4g0p3bCevgRCVRkB4VB70zhoAE48gxeSr1hfUOsM/C2WoJgVL7Eyg//hudYENbm3Ne+/dRVVA==", - "dev": true, - "license": "MIT", - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, "node_modules/@jest/reporters": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", @@ -3257,9 +2875,9 @@ } }, "node_modules/@types/jsdom": { - "version": "21.1.7", - "resolved": "https://registry.npmjs.org/@types/jsdom/-/jsdom-21.1.7.tgz", - "integrity": "sha512-yOriVnggzrnQ3a9OKOCxaVuSug3w3/SbOj5i7VwXWZEyUNl3bLF9V3MfxGbZKuwqJOQyRfqXyROBB1CoZLFWzA==", + "version": "20.0.1", + "resolved": "https://registry.npmjs.org/@types/jsdom/-/jsdom-20.0.1.tgz", + "integrity": "sha512-d0r18sZPmMQr1eG35u12FZfhIXNrnsPU/g5wvRKCUf/tOGilKKwYMYGqh33BNR6ba+2gkHw1EUiHoN3mn7E5IQ==", "dev": true, "license": "MIT", "dependencies": { @@ -3570,6 +3188,14 @@ "dev": true, "license": "Apache-2.0" }, + "node_modules/abab": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz", + "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==", + "deprecated": "Use your platform's native atob() and btoa() methods instead", + "dev": true, + "license": "BSD-3-Clause" + }, "node_modules/abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -3590,6 +3216,17 @@ "node": ">=0.4.0" } }, + "node_modules/acorn-globals": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-7.0.1.tgz", + "integrity": "sha512-umOSDSDrfHbTNPuNpC2NSnnA3LUrqpevPb4T9jRx4MagXNS0rs+gwiTcAvqCRmsD6utzsrzNt+ebm00SNWiC3Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "acorn": "^8.1.0", + "acorn-walk": "^8.0.2" + } + }, "node_modules/acorn-import-phases": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/acorn-import-phases/-/acorn-import-phases-1.0.4.tgz", @@ -3613,6 +3250,19 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, + "node_modules/acorn-walk": { + "version": "8.3.5", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.5.tgz", + "integrity": "sha512-HEHNfbars9v4pgpW6SO1KSPkfoS0xVOM/9UzkJltjlsHZmJasxg8aXkuZa7SMf8vKGIBhpUsPluQSqhJFCqebw==", + "dev": true, + "license": "MIT", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, "node_modules/agent-base": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", @@ -5130,20 +4780,33 @@ "node": ">=0.6.0" } }, + "node_modules/cssom": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.5.0.tgz", + "integrity": "sha512-iKuQcq+NdHqlAcwUY0o/HL69XQrUaQdMjmStJ8JFmUaiiQErlhrmuigkg/CU4E2J0IyUKUrMAgl36TvN67MqTw==", + "dev": true, + "license": "MIT" + }, "node_modules/cssstyle": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-4.6.0.tgz", - "integrity": "sha512-2z+rWdzbbSZv6/rhtvzvqeZQHrBaqgogqt85sqFNbabZOuFbCVFb8kPeEtZjiKkbrm395irpNKiYeFeLiQnFPg==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz", + "integrity": "sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==", "dev": true, "license": "MIT", "dependencies": { - "@asamuzakjp/css-color": "^3.2.0", - "rrweb-cssom": "^0.8.0" + "cssom": "~0.3.6" }, "engines": { - "node": ">=18" + "node": ">=8" } }, + "node_modules/cssstyle/node_modules/cssom": { + "version": "0.3.8", + "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz", + "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==", + "dev": true, + "license": "MIT" + }, "node_modules/csv-parse": { "version": "5.6.0", "resolved": "https://registry.npmjs.org/csv-parse/-/csv-parse-5.6.0.tgz", @@ -5164,30 +4827,31 @@ "license": "BSD-2-Clause" }, "node_modules/data-urls": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-5.0.0.tgz", - "integrity": "sha512-ZYP5VBHshaDAiVZxjbRVcFJpc+4xGgT0bK3vzy1HLN8jTO975HEbuYzZJcHoQEY5K1a0z8YayJkyVETa08eNTg==", + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-3.0.2.tgz", + "integrity": "sha512-Jy/tj3ldjZJo63sVAvg6LHt2mHvl4V6AgRAmNDtLdm7faqtsx+aJG42rsyCo9JCoRVKwPFzKlIPx3DIibwSIaQ==", "dev": true, "license": "MIT", "dependencies": { - "whatwg-mimetype": "^4.0.0", - "whatwg-url": "^14.0.0" + "abab": "^2.0.6", + "whatwg-mimetype": "^3.0.0", + "whatwg-url": "^11.0.0" }, "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/data-urls/node_modules/tr46": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-5.1.1.tgz", - "integrity": "sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz", + "integrity": "sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==", "dev": true, "license": "MIT", "dependencies": { - "punycode": "^2.3.1" + "punycode": "^2.1.1" }, "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/data-urls/node_modules/webidl-conversions": { @@ -5201,17 +4865,17 @@ } }, "node_modules/data-urls/node_modules/whatwg-url": { - "version": "14.2.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-14.2.0.tgz", - "integrity": "sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz", + "integrity": "sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==", "dev": true, "license": "MIT", "dependencies": { - "tr46": "^5.1.0", + "tr46": "^3.0.0", "webidl-conversions": "^7.0.0" }, "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/data-view-buffer": { @@ -5531,6 +5195,30 @@ "node": ">=6.0.0" } }, + "node_modules/domexception": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/domexception/-/domexception-4.0.0.tgz", + "integrity": "sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==", + "deprecated": "Use your platform's native DOMException instead", + "dev": true, + "license": "MIT", + "dependencies": { + "webidl-conversions": "^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/domexception/node_modules/webidl-conversions": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz", + "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + } + }, "node_modules/ds-store": { "version": "0.1.6", "resolved": "https://registry.npmjs.org/ds-store/-/ds-store-0.1.6.tgz", @@ -6491,6 +6179,28 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/escodegen": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz", + "integrity": "sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "esprima": "^4.0.1", + "estraverse": "^5.2.0", + "esutils": "^2.0.2" + }, + "bin": { + "escodegen": "bin/escodegen.js", + "esgenerate": "bin/esgenerate.js" + }, + "engines": { + "node": ">=6.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, "node_modules/eslint": { "version": "8.57.1", "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", @@ -8042,16 +7752,16 @@ "license": "ISC" }, "node_modules/html-encoding-sniffer": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-4.0.0.tgz", - "integrity": "sha512-Y22oTqIU4uuPgEemfz7NDJz6OeKf12Lsu+QC+s3BVpda64lTiMYCyGwg5ki4vFxkMwQdeZDl2adZoqUgdFuTgQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-3.0.0.tgz", + "integrity": "sha512-oWv4T4yJ52iKrufjnyZPkrN0CH3QnrUqdB6In1g5Fe1mia8GmF36gnfNySxoZtxD5+NmYw1EElVXiBk93UeskA==", "dev": true, "license": "MIT", "dependencies": { - "whatwg-encoding": "^3.1.1" + "whatwg-encoding": "^2.0.0" }, "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/html-escaper": { @@ -9323,23 +9033,26 @@ } }, "node_modules/jest-environment-jsdom": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-30.2.0.tgz", - "integrity": "sha512-zbBTiqr2Vl78pKp/laGBREYzbZx9ZtqPjOK4++lL4BNDhxRnahg51HtoDrk9/VjIy9IthNEWdKVd7H5bqBhiWQ==", + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-environment-jsdom/-/jest-environment-jsdom-29.7.0.tgz", + "integrity": "sha512-k9iQbsf9OyOfdzWH8HDmrRT0gSIcX+FLNW7IQq94tFX0gynPwqDTW0Ho6iMVNjGz/nb+l/vW3dWM2bbLLpkbXA==", "dev": true, "license": "MIT", "dependencies": { - "@jest/environment": "30.2.0", - "@jest/environment-jsdom-abstract": "30.2.0", - "@types/jsdom": "^21.1.7", + "@jest/environment": "^29.7.0", + "@jest/fake-timers": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/jsdom": "^20.0.0", "@types/node": "*", - "jsdom": "^26.1.0" + "jest-mock": "^29.7.0", + "jest-util": "^29.7.0", + "jsdom": "^20.0.0" }, "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" }, "peerDependencies": { - "canvas": "^3.0.0" + "canvas": "^2.5.0" }, "peerDependenciesMeta": { "canvas": { @@ -9347,200 +9060,6 @@ } } }, - "node_modules/jest-environment-jsdom/node_modules/@jest/environment": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-30.2.0.tgz", - "integrity": "sha512-/QPTL7OBJQ5ac09UDRa3EQes4gt1FTEG/8jZ/4v5IVzx+Cv7dLxlVIvfvSVRiiX2drWyXeBjkMSR8hvOWSog5g==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/fake-timers": "30.2.0", - "@jest/types": "30.2.0", - "@types/node": "*", - "jest-mock": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/@jest/fake-timers": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-30.2.0.tgz", - "integrity": "sha512-HI3tRLjRxAbBy0VO8dqqm7Hb2mIa8d5bg/NJkyQcOk7V118ObQML8RC5luTF/Zsg4474a+gDvhce7eTnP4GhYw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/types": "30.2.0", - "@sinonjs/fake-timers": "^13.0.0", - "@types/node": "*", - "jest-message-util": "30.2.0", - "jest-mock": "30.2.0", - "jest-util": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/@jest/schemas": { - "version": "30.0.5", - "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-30.0.5.tgz", - "integrity": "sha512-DmdYgtezMkh3cpU8/1uyXakv3tJRcmcXxBOcO0tbaozPwpmh4YMsnWrQm9ZmZMfa5ocbxzbFk6O4bDPEc/iAnA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@sinclair/typebox": "^0.34.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/@jest/types": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-30.2.0.tgz", - "integrity": "sha512-H9xg1/sfVvyfU7o3zMfBEjQ1gcsdeTMgqHoYdN79tuLqfTtuu7WckRA1R5whDwOzxaZAeMKTYWqP+WCAi0CHsg==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/pattern": "30.0.1", - "@jest/schemas": "30.0.5", - "@types/istanbul-lib-coverage": "^2.0.6", - "@types/istanbul-reports": "^3.0.4", - "@types/node": "*", - "@types/yargs": "^17.0.33", - "chalk": "^4.1.2" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/@sinclair/typebox": { - "version": "0.34.48", - "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.34.48.tgz", - "integrity": "sha512-kKJTNuK3AQOrgjjotVxMrCn1sUJwM76wMszfq1kdU4uYVJjvEWuFQ6HgvLt4Xz3fSmZlTOxJ/Ie13KnIcWQXFA==", - "dev": true, - "license": "MIT" - }, - "node_modules/jest-environment-jsdom/node_modules/@sinonjs/fake-timers": { - "version": "13.0.5", - "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-13.0.5.tgz", - "integrity": "sha512-36/hTbH2uaWuGVERyC6da9YwGWnzUZXuPro/F2LfsdOsLnCojz/iSH8MxUt/FD2S5XBSVPhmArFUXcpCQ2Hkiw==", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "@sinonjs/commons": "^3.0.1" - } - }, - "node_modules/jest-environment-jsdom/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/jest-environment-jsdom/node_modules/ci-info": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.4.0.tgz", - "integrity": "sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/sibiraj-s" - } - ], - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/jest-environment-jsdom/node_modules/jest-message-util": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-30.2.0.tgz", - "integrity": "sha512-y4DKFLZ2y6DxTWD4cDe07RglV88ZiNEdlRfGtqahfbIjfsw1nMCPx49Uev4IA/hWn3sDKyAnSPwoYSsAEdcimw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@babel/code-frame": "^7.27.1", - "@jest/types": "30.2.0", - "@types/stack-utils": "^2.0.3", - "chalk": "^4.1.2", - "graceful-fs": "^4.2.11", - "micromatch": "^4.0.8", - "pretty-format": "30.2.0", - "slash": "^3.0.0", - "stack-utils": "^2.0.6" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/jest-mock": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-30.2.0.tgz", - "integrity": "sha512-JNNNl2rj4b5ICpmAcq+WbLH83XswjPbjH4T7yvGzfAGCPh1rw+xVNbtk+FnRslvt9lkCcdn9i1oAoKUuFsOxRw==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/types": "30.2.0", - "@types/node": "*", - "jest-util": "30.2.0" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/jest-util": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-30.2.0.tgz", - "integrity": "sha512-QKNsM0o3Xe6ISQU869e+DhG+4CK/48aHYdJZGlFQVTjnbvgpcKyxpzk29fGiO7i/J8VENZ+d2iGnSsvmuHywlA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/types": "30.2.0", - "@types/node": "*", - "chalk": "^4.1.2", - "ci-info": "^4.2.0", - "graceful-fs": "^4.2.11", - "picomatch": "^4.0.2" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, - "node_modules/jest-environment-jsdom/node_modules/picomatch": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", - "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/jonschlinkert" - } - }, - "node_modules/jest-environment-jsdom/node_modules/pretty-format": { - "version": "30.2.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-30.2.0.tgz", - "integrity": "sha512-9uBdv/B4EefsuAL+pWqueZyZS2Ba+LxfFeQ9DN14HU4bN8bhaxKdkpjpB6fs9+pSjIBu+FXQHImEg8j/Lw0+vA==", - "dev": true, - "license": "MIT", - "dependencies": { - "@jest/schemas": "30.0.5", - "ansi-styles": "^5.2.0", - "react-is": "^18.3.1" - }, - "engines": { - "node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0" - } - }, "node_modules/jest-environment-node": { "version": "29.7.0", "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", @@ -9978,38 +9497,44 @@ } }, "node_modules/jsdom": { - "version": "26.1.0", - "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-26.1.0.tgz", - "integrity": "sha512-Cvc9WUhxSMEo4McES3P7oK3QaXldCfNWp7pl2NNeiIFlCoLr3kfq9kb1fxftiwk1FLV7CvpvDfonxtzUDeSOPg==", - "dev": true, - "license": "MIT", - "dependencies": { - "cssstyle": "^4.2.1", - "data-urls": "^5.0.0", - "decimal.js": "^10.5.0", - "html-encoding-sniffer": "^4.0.0", - "http-proxy-agent": "^7.0.2", - "https-proxy-agent": "^7.0.6", + "version": "20.0.3", + "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-20.0.3.tgz", + "integrity": "sha512-SYhBvTh89tTfCD/CRdSOm13mOBa42iTaTyfyEWBdKcGdPxPtLFBXuHR8XHb33YNYaP+lLbmSvBTsnoesCNJEsQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "abab": "^2.0.6", + "acorn": "^8.8.1", + "acorn-globals": "^7.0.0", + "cssom": "^0.5.0", + "cssstyle": "^2.3.0", + "data-urls": "^3.0.2", + "decimal.js": "^10.4.2", + "domexception": "^4.0.0", + "escodegen": "^2.0.0", + "form-data": "^4.0.0", + "html-encoding-sniffer": "^3.0.0", + "http-proxy-agent": "^5.0.0", + "https-proxy-agent": "^5.0.1", "is-potential-custom-element-name": "^1.0.1", - "nwsapi": "^2.2.16", - "parse5": "^7.2.1", - "rrweb-cssom": "^0.8.0", + "nwsapi": "^2.2.2", + "parse5": "^7.1.1", "saxes": "^6.0.0", "symbol-tree": "^3.2.4", - "tough-cookie": "^5.1.1", - "w3c-xmlserializer": "^5.0.0", + "tough-cookie": "^4.1.2", + "w3c-xmlserializer": "^4.0.0", "webidl-conversions": "^7.0.0", - "whatwg-encoding": "^3.1.1", - "whatwg-mimetype": "^4.0.0", - "whatwg-url": "^14.1.1", - "ws": "^8.18.0", - "xml-name-validator": "^5.0.0" + "whatwg-encoding": "^2.0.0", + "whatwg-mimetype": "^3.0.0", + "whatwg-url": "^11.0.0", + "ws": "^8.11.0", + "xml-name-validator": "^4.0.0" }, "engines": { - "node": ">=18" + "node": ">=14" }, "peerDependencies": { - "canvas": "^3.0.0" + "canvas": "^2.5.0" }, "peerDependenciesMeta": { "canvas": { @@ -10017,88 +9542,43 @@ } } }, - "node_modules/jsdom/node_modules/agent-base": { - "version": "7.1.4", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", - "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 14" - } - }, - "node_modules/jsdom/node_modules/http-proxy-agent": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", - "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", + "node_modules/jsdom/node_modules/tough-cookie": { + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.4.tgz", + "integrity": "sha512-Loo5UUvLD9ScZ6jh8beX1T6sO1w2/MpCRpEP7V280GKMVUQ0Jzar2U3UJPsrdbziLEMMhu3Ujnq//rhiFuIeag==", "dev": true, - "license": "MIT", + "license": "BSD-3-Clause", "dependencies": { - "agent-base": "^7.1.0", - "debug": "^4.3.4" + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.2.0", + "url-parse": "^1.5.3" }, "engines": { - "node": ">= 14" + "node": ">=6" } }, - "node_modules/jsdom/node_modules/https-proxy-agent": { - "version": "7.0.6", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", - "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", + "node_modules/jsdom/node_modules/tr46": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz", + "integrity": "sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==", "dev": true, "license": "MIT", "dependencies": { - "agent-base": "^7.1.2", - "debug": "4" + "punycode": "^2.1.1" }, "engines": { - "node": ">= 14" - } - }, - "node_modules/jsdom/node_modules/tldts": { - "version": "6.1.86", - "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.86.tgz", - "integrity": "sha512-WMi/OQ2axVTf/ykqCQgXiIct+mSQDFdH2fkwhPwgEwvJ1kSzZRiinb0zF2Xb8u4+OqPChmyI6MEu4EezNJz+FQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "tldts-core": "^6.1.86" - }, - "bin": { - "tldts": "bin/cli.js" - } - }, - "node_modules/jsdom/node_modules/tldts-core": { - "version": "6.1.86", - "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.86.tgz", - "integrity": "sha512-Je6p7pkk+KMzMv2XXKmAE3McmolOQFdxkKw0R8EYNr7sELW46JqnNeTX8ybPiQgvg1ymCoF8LXs5fzFaZvJPTA==", - "dev": true, - "license": "MIT" - }, - "node_modules/jsdom/node_modules/tough-cookie": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.2.tgz", - "integrity": "sha512-FVDYdxtnj0G6Qm/DhNPSb8Ju59ULcup3tuJxkFb5K8Bv2pUXILbf0xZWU8PX8Ov19OXljbUyveOFwRMwkXzO+A==", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "tldts": "^6.1.32" - }, - "engines": { - "node": ">=16" + "node": ">=12" } }, - "node_modules/jsdom/node_modules/tr46": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-5.1.1.tgz", - "integrity": "sha512-hdF5ZgjTqgAntKkklYw0R03MG2x/bSzTtkxmIRw/sTNV8YXsCJ1tfLAX23lhxhHJlEf3CRCOCGGWw3vI3GaSPw==", + "node_modules/jsdom/node_modules/universalify": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", + "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", "dev": true, "license": "MIT", - "dependencies": { - "punycode": "^2.3.1" - }, "engines": { - "node": ">=18" + "node": ">= 4.0.0" } }, "node_modules/jsdom/node_modules/webidl-conversions": { @@ -10112,17 +9592,17 @@ } }, "node_modules/jsdom/node_modules/whatwg-url": { - "version": "14.2.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-14.2.0.tgz", - "integrity": "sha512-De72GdQZzNTUBBChsXueQUnPKDkg/5A5zp7pFDuQAj5UFoENpiACU0wlCvzpAGnTkj++ihpKwKyYewn/XNUbKw==", + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz", + "integrity": "sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==", "dev": true, "license": "MIT", "dependencies": { - "tr46": "^5.1.0", + "tr46": "^3.0.0", "webidl-conversions": "^7.0.0" }, "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/jsesc": { @@ -12134,6 +11614,19 @@ "dev": true, "license": "MIT" }, + "node_modules/psl": { + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/psl/-/psl-1.15.0.tgz", + "integrity": "sha512-JZd3gMVBAVQkSs6HdNZo9Sdo0LNcQeMNP3CozBJb3JYC/QUYZTnKxP+f8oWRX4rHP5EurWxqAHTSwUCjlNKa1w==", + "dev": true, + "license": "MIT", + "dependencies": { + "punycode": "^2.3.1" + }, + "funding": { + "url": "https://github.com/sponsors/lupomontero" + } + }, "node_modules/pump": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz", @@ -12172,6 +11665,13 @@ ], "license": "MIT" }, + "node_modules/querystringify": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", + "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", + "dev": true, + "license": "MIT" + }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -12455,6 +11955,13 @@ "node": ">=0.10.0" } }, + "node_modules/requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "dev": true, + "license": "MIT" + }, "node_modules/resedit": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/resedit/-/resedit-2.0.3.tgz", @@ -12640,13 +12147,6 @@ "node": ">=8.0" } }, - "node_modules/rrweb-cssom": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.8.0.tgz", - "integrity": "sha512-guoltQEx+9aMf2gDZ0s62EcV8lsXR+0w8915TC3ITdn2YueuNjdAYh/levpU9nFaoChh9RUS5ZdQMrKfVEN9tw==", - "dev": true, - "license": "MIT" - }, "node_modules/run-async": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", @@ -14242,6 +13742,17 @@ "punycode": "^2.1.0" } }, + "node_modules/url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" + } + }, "node_modules/username": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/username/-/username-5.1.0.tgz", @@ -14289,16 +13800,16 @@ } }, "node_modules/w3c-xmlserializer": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz", - "integrity": "sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-4.0.0.tgz", + "integrity": "sha512-d+BFHzbiCx6zGfz0HyQ6Rg69w9k19nviJspaj4yNscGjrHu94sVP+aRm75yEbCh+r2/yR+7q6hux9LVtbuTGBw==", "dev": true, "license": "MIT", "dependencies": { - "xml-name-validator": "^5.0.0" + "xml-name-validator": "^4.0.0" }, "engines": { - "node": ">=18" + "node": ">=14" } }, "node_modules/walker": { @@ -14447,9 +13958,9 @@ } }, "node_modules/whatwg-encoding": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz", - "integrity": "sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-2.0.0.tgz", + "integrity": "sha512-p41ogyeMUrw3jWclHWTQg1k05DSVXPLcVxRTYsXUk+ZooOCZLcoYgPZ/HL/D/N+uQPOtcp1me1WhBEaX02mhWg==", "deprecated": "Use @exodus/bytes instead for a more spec-conformant and faster implementation", "dev": true, "license": "MIT", @@ -14457,7 +13968,7 @@ "iconv-lite": "0.6.3" }, "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/whatwg-encoding/node_modules/iconv-lite": { @@ -14474,13 +13985,13 @@ } }, "node_modules/whatwg-mimetype": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz", - "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz", + "integrity": "sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==", "dev": true, "license": "MIT", "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/whatwg-url": { @@ -14673,13 +14184,13 @@ } }, "node_modules/xml-name-validator": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-5.0.0.tgz", - "integrity": "sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-4.0.0.tgz", + "integrity": "sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==", "dev": true, "license": "Apache-2.0", "engines": { - "node": ">=18" + "node": ">=12" } }, "node_modules/xml2js": { diff --git a/package.json b/package.json index efa9e21..a2c3607 100644 --- a/package.json +++ b/package.json @@ -53,6 +53,6 @@ "eslint-plugin-react": "^7.22.0", "husky": "^8.0.3", "jest": "^29.5.0", - "jest-environment-jsdom": "^30.2.0" + "jest-environment-jsdom": "^29.5.0" } } diff --git a/src/electronForce.js b/src/electronForce.js index df32e69..cd54907 100644 --- a/src/electronForce.js +++ b/src/electronForce.js @@ -1,4 +1,5 @@ const http = require('http'); +const crypto = require('crypto'); const { URL } = require('url'); const jsforce = require('jsforce'); // eslint-disable-next-line import/no-extraneous-dependencies @@ -26,6 +27,9 @@ const logMessage = (channel, message, data) => { }; const createConnection = (org) => { + if (!sfConnections[org]) { + throw new Error(`Not connected to org: ${org}`); + } const conn = new jsforce.Connection(sfConnections[org]); conn.on('refresh', (newAccessToken) => { sfConnections[org].accessToken = newAccessToken; @@ -74,7 +78,8 @@ const handlers = { loginUrl, }); - const authUrl = oauth2.getAuthorizationUrl({ scope: 'api refresh_token' }); + const state = crypto.randomBytes(16).toString('hex'); + const authUrl = oauth2.getAuthorizationUrl({ scope: 'api refresh_token', state }); // Notify the renderer so it can show a status message. mainWindow.webContents.send('response_oauth_url', { url: authUrl }); @@ -84,7 +89,7 @@ const handlers = { // One-time HTTP server to receive the OAuth callback. const server = http.createServer(async (req, res) => { - const reqUrl = new URL(req.url, `http://localhost:${port}`); + const reqUrl = new URL(req.url, `http://127.0.0.1:${port}`); if (reqUrl.pathname !== '/callback') { res.writeHead(404); @@ -92,6 +97,22 @@ const handlers = { return; } + const returnedState = reqUrl.searchParams.get('state'); + if (!returnedState || returnedState !== state) { + res.writeHead(400); + res.end('Invalid state parameter'); + server.close(); + logMessage('Error', 'OAuth callback state mismatch – possible CSRF attempt'); + mainWindow.webContents.send('response_generic', { + status: false, + message: 'OAuth Failed', + response: 'Invalid state parameter', + limitInfo: {}, + request: args, + }); + return; + } + const code = reqUrl.searchParams.get('code'); const oauthError = reqUrl.searchParams.get('error'); @@ -158,7 +179,18 @@ const handlers = { } }); - server.listen(port); + server.listen(port, '127.0.0.1'); + + server.on('error', (serverErr) => { + logMessage('Error', `OAuth callback server error: ${serverErr}`); + mainWindow.webContents.send('response_generic', { + status: false, + message: 'OAuth Callback Server Error', + response: String(serverErr), + limitInfo: {}, + request: args, + }); + }); // Close the server automatically after 5 minutes. const timeout = setTimeout(() => { @@ -227,7 +259,11 @@ const handlers = { mainWindow.webContents.send('response_settings', { status: true, message: 'Settings Saved', - response: saved, + response: { + consumerKey, + loginUrl, + callbackPort, + }, limitInfo: {}, request: args, }); @@ -245,8 +281,9 @@ const handlers = { // Logout of Salesforce. sf_logout: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); await conn.logout(); logMessage('Info', `Logged out of ${args.org}`); @@ -257,14 +294,14 @@ const handlers = { limitInfo: conn.limitInfo, request: args, }); - sfConnections[args.org] = null; + delete sfConnections[args.org]; } catch (err) { logMessage('Error', `Logout Failed ${err}`); mainWindow.webContents.send('response_logout', { status: false, message: 'Logout Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -272,8 +309,9 @@ const handlers = { // Run a SOQL Query against your org. sf_query: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.query(args.rest_api_soql_text); logMessage('Info', `Ran Query: ${args.rest_api_soql_text}`); @@ -291,7 +329,7 @@ const handlers = { status: false, message: 'Query Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -299,8 +337,9 @@ const handlers = { // Run SOSL search. sf_search: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.search(args.rest_api_sosl_text); logMessage('Info', `Ran Search: ${args.rest_api_sosl_text}`); @@ -323,7 +362,7 @@ const handlers = { status: false, message: 'Search Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -331,8 +370,9 @@ const handlers = { // Run an object describe. sf_describe: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.sobject(args.rest_api_describe_text).describe(); logMessage('Info', `Describe of ${args.rest_api_describe_text} Successful`); @@ -350,7 +390,7 @@ const handlers = { status: false, message: 'Describe Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -358,8 +398,9 @@ const handlers = { // Run a Global Describe sf_describeGlobal: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.describeGlobal(); logMessage('Info', 'Global Describe Successful'); @@ -377,7 +418,7 @@ const handlers = { status: false, message: 'Describe Global Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -385,8 +426,9 @@ const handlers = { // Fetch the Organization object from the active org. sf_orgExplore: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.sobject('Organization').describe(); const fields = result.fields.map((field) => field.name).join(', '); @@ -409,7 +451,7 @@ const handlers = { status: false, message: 'Org Fetch Failed', response: err, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -417,8 +459,9 @@ const handlers = { // Report current org limits sf_orgLimits: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.limits(); logMessage('Info', 'Fetched Org limits'); @@ -436,7 +479,7 @@ const handlers = { status: false, message: 'Limits Check Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -444,8 +487,9 @@ const handlers = { // List all profiles. sf_orgProfiles: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const profileQuery = 'SELECT Id, Name, Description FROM Profile'; const result = await conn.query(profileQuery); @@ -464,7 +508,7 @@ const handlers = { status: false, message: 'Profile Listing Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -472,8 +516,9 @@ const handlers = { // List all PermSets. sf_orgPermSets: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const psQuery = 'SELECT Id, Name, Label, Description, IsCustom, IsOwnedByProfile, Profile.Name FROM PermissionSet ORDER BY IsOwnedByProfile, IsCustom DESC'; const result = await conn.query(psQuery); @@ -492,7 +537,7 @@ const handlers = { status: false, message: 'PermSet Listing Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } @@ -500,8 +545,9 @@ const handlers = { // Fetch details about a permission set. sf_orgPermSetDetail: async (event, args) => { - const conn = createConnection(args.org); + let conn; try { + conn = createConnection(args.org); const result = await conn.sobject('PermissionSet').describe(); logMessage('Info', 'Fetched Permission Set Describe'); @@ -540,7 +586,7 @@ const handlers = { status: false, message: 'Permission Set Detail Lookup Failed', response: `${err}`, - limitInfo: conn.limitInfo, + limitInfo: conn ? conn.limitInfo : {}, request: args, }); } diff --git a/tests/electronForce.test.js b/tests/electronForce.test.js index ce91a5b..4a6670a 100644 --- a/tests/electronForce.test.js +++ b/tests/electronForce.test.js @@ -34,6 +34,7 @@ describe('sf_oauth_start', () => { let mockAuthorize; let mockIdentity; let mockConnInstance; + let capturedState = null; beforeAll(() => { jest.useFakeTimers(); @@ -46,6 +47,7 @@ describe('sf_oauth_start', () => { beforeEach(() => { jest.clearAllMocks(); + capturedState = null; // Always return a mock server from createServer. http.createServer.mockReturnValue(mockServer); @@ -58,10 +60,11 @@ describe('sf_oauth_start', () => { callbackPort: 3835, }); - // jsforce.OAuth2 mock. - mockGetAuthorizationUrl = jest.fn( - () => 'https://login.salesforce.com/authorize?client_id=test', - ); + // jsforce.OAuth2 mock – capture the state parameter for use in callback tests. + mockGetAuthorizationUrl = jest.fn((params) => { + capturedState = params.state; + return 'https://login.salesforce.com/authorize?client_id=test'; + }); mockOAuth2Instance = { getAuthorizationUrl: mockGetAuthorizationUrl }; jsforce.OAuth2 = jest.fn(() => mockOAuth2Instance); @@ -112,9 +115,34 @@ describe('sf_oauth_start', () => { ); }); - it('starts the HTTP server on the configured callback port', async () => { + it('includes a state parameter in the authorization URL request', async () => { await handlers.sf_oauth_start({}, {}); - expect(mockServer.listen).toHaveBeenCalledWith(3835); + expect(mockGetAuthorizationUrl).toHaveBeenCalledWith( + expect.objectContaining({ state: expect.any(String) }), + ); + expect(capturedState).toHaveLength(32); + }); + + it('starts the HTTP server bound to 127.0.0.1 on the configured callback port', async () => { + await handlers.sf_oauth_start({}, {}); + expect(mockServer.listen).toHaveBeenCalledWith(3835, '127.0.0.1'); + }); + + it('registers an error handler on the server', async () => { + await handlers.sf_oauth_start({}, {}); + expect(mockServer.on).toHaveBeenCalledWith('error', expect.any(Function)); + }); + + it('sends response_generic when the server emits an error', async () => { + await handlers.sf_oauth_start({}, {}); + const [[, errorHandler]] = mockServer.on.mock.calls.filter( + ([event]) => event === 'error', + ); + errorHandler(new Error('EADDRINUSE')); + expect(mockSend).toHaveBeenCalledWith( + 'response_generic', + expect.objectContaining({ status: false, message: 'OAuth Callback Server Error' }), + ); }); it('registers a close handler on the server to clear the timeout', async () => { @@ -199,9 +227,37 @@ describe('sf_oauth_start', () => { expect(res.writeHead).toHaveBeenCalledWith(404); }); - it('sends response_login with the correct shape on a successful code exchange', async () => { + it('sends response_generic and closes the server when state is missing', async () => { const req = makeReq('/callback?code=AUTH_CODE'); const res = makeRes(); + mockServer.close.mockClear(); + await requestListener(req, res); + + expect(res.writeHead).toHaveBeenCalledWith(400); + expect(mockServer.close).toHaveBeenCalled(); + expect(mockSend).toHaveBeenCalledWith( + 'response_generic', + expect.objectContaining({ status: false, message: 'OAuth Failed', response: 'Invalid state parameter' }), + ); + }); + + it('sends response_generic and closes the server when state does not match', async () => { + const req = makeReq('/callback?code=AUTH_CODE&state=wrong-state-value'); + const res = makeRes(); + mockServer.close.mockClear(); + await requestListener(req, res); + + expect(res.writeHead).toHaveBeenCalledWith(400); + expect(mockServer.close).toHaveBeenCalled(); + expect(mockSend).toHaveBeenCalledWith( + 'response_generic', + expect.objectContaining({ status: false, message: 'OAuth Failed', response: 'Invalid state parameter' }), + ); + }); + + it('sends response_login with the correct shape on a successful code exchange', async () => { + const req = makeReq(`/callback?code=AUTH_CODE&state=${capturedState}`); + const res = makeRes(); await requestListener(req, res); expect(res.writeHead).toHaveBeenCalledWith(200, expect.any(Object)); @@ -215,14 +271,14 @@ describe('sf_oauth_start', () => { }); it('passes the auth code directly to conn.authorize', async () => { - const req = makeReq('/callback?code=MY_AUTH_CODE'); + const req = makeReq(`/callback?code=MY_AUTH_CODE&state=${capturedState}`); const res = makeRes(); await requestListener(req, res); expect(mockAuthorize).toHaveBeenCalledWith('MY_AUTH_CODE'); }); it('closes the server after a successful code exchange', async () => { - const req = makeReq('/callback?code=AUTH_CODE'); + const req = makeReq(`/callback?code=AUTH_CODE&state=${capturedState}`); const res = makeRes(); mockServer.close.mockClear(); await requestListener(req, res); @@ -230,7 +286,7 @@ describe('sf_oauth_start', () => { }); it('sends response_generic and closes the server when OAuth returns an error parameter', async () => { - const req = makeReq('/callback?error=access_denied'); + const req = makeReq(`/callback?error=access_denied&state=${capturedState}`); const res = makeRes(); mockServer.close.mockClear(); await requestListener(req, res); @@ -244,7 +300,7 @@ describe('sf_oauth_start', () => { }); it('sends response_generic when no code parameter is present', async () => { - const req = makeReq('/callback'); + const req = makeReq(`/callback?state=${capturedState}`); const res = makeRes(); await requestListener(req, res); @@ -258,7 +314,7 @@ describe('sf_oauth_start', () => { it('sends response_generic when token exchange rejects', async () => { mockAuthorize.mockRejectedValue(new Error('token error')); - const req = makeReq('/callback?code=BAD_CODE'); + const req = makeReq(`/callback?code=BAD_CODE&state=${capturedState}`); const res = makeRes(); await requestListener(req, res); @@ -273,7 +329,7 @@ describe('sf_oauth_start', () => { }); it('stores the refreshToken in the connection entry', async () => { - const req = makeReq('/callback?code=AUTH_CODE'); + const req = makeReq(`/callback?code=AUTH_CODE&state=${capturedState}`); const res = makeRes(); await requestListener(req, res); @@ -286,7 +342,7 @@ describe('sf_oauth_start', () => { }); it('stores the oauth2 config in the connection entry', async () => { - const req = makeReq('/callback?code=AUTH_CODE'); + const req = makeReq(`/callback?code=AUTH_CODE&state=${capturedState}`); const res = makeRes(); await requestListener(req, res); @@ -301,7 +357,7 @@ describe('sf_oauth_start', () => { }); it('attaches a refresh listener to the connection after successful code exchange', async () => { - const req = makeReq('/callback?code=AUTH_CODE'); + const req = makeReq(`/callback?code=AUTH_CODE&state=${capturedState}`); const res = makeRes(); await requestListener(req, res); @@ -309,7 +365,7 @@ describe('sf_oauth_start', () => { }); it('refresh listener updates the stored access token', async () => { - const req = makeReq('/callback?code=AUTH_CODE'); + const req = makeReq(`/callback?code=AUTH_CODE&state=${capturedState}`); const res = makeRes(); await requestListener(req, res); @@ -390,15 +446,20 @@ describe('sf_save_settings', () => { jest.clearAllMocks(); }); - it('sends response_settings with status true when saveSettings returns true', async () => { + it('sends response_settings with status true and the saved settings object (without consumerSecret) when saveSettings returns true', async () => { settings.saveSettings.mockReturnValue(true); await handlers.sf_save_settings({}, settingsArgs); - expect(mockSend).toHaveBeenCalledWith( - 'response_settings', - expect.objectContaining({ status: true, message: 'Settings Saved' }), - ); + const [[, sentPayload]] = mockSend.mock.calls; + expect(sentPayload.status).toBe(true); + expect(sentPayload.message).toBe('Settings Saved'); + expect(sentPayload.response).toEqual({ + consumerKey: 'new-key', + loginUrl: 'https://test.salesforce.com', + callbackPort: 4000, + }); + expect(sentPayload.response).not.toHaveProperty('consumerSecret'); }); it('sends response_generic with status false when saveSettings returns false', async () => { @@ -442,19 +503,24 @@ describe('createConnection', () => { }); it('returns the jsforce.Connection instance', () => { - expect(createConnection('any-org')).toBe(mockConnInstance); + // '00D000000000001' was seeded into sfConnections by the oauth callback suite above. + expect(createConnection('00D000000000001')).toBe(mockConnInstance); }); it('calls jsforce.Connection exactly once', () => { - createConnection('any-org'); + createConnection('00D000000000001'); expect(jsforce.Connection).toHaveBeenCalledTimes(1); }); it('attaches a refresh event listener to the connection', () => { - createConnection('any-org'); + createConnection('00D000000000001'); expect(mockConnInstance.on).toHaveBeenCalledWith('refresh', expect.any(Function)); }); + it('throws when the org is not in sfConnections', () => { + expect(() => createConnection('unknown-org')).toThrow('Not connected to org: unknown-org'); + }); + it('refresh listener updates sfConnections[org].accessToken', () => { // '00D000000000001' was seeded into sfConnections by the oauth callback // suite above (module state is shared across describe blocks). diff --git a/tests/render.test.js b/tests/render.test.js index f3f7a8a..fa1f0f8 100644 --- a/tests/render.test.js +++ b/tests/render.test.js @@ -207,6 +207,18 @@ describe('response_settings handler', () => { expect(document.getElementById('settings-status-message').innerText).toBe('An error occurred saving settings.'); }); + + it('does not clear the consumerSecret field when consumerSecret is absent from the response', () => { + document.getElementById('settings-consumer-secret').value = 'existing-secret'; + + receivedCallbacks.response_settings({ + status: true, + message: 'Settings Saved', + response: { consumerKey: 'k', loginUrl: 'https://login.salesforce.com' }, + }); + + expect(document.getElementById('settings-consumer-secret').value).toBe('existing-secret'); + }); }); // ── sf_save_settings ───────────────────────────────────────────────────────