fix: fix env test security issue

commercelayer · May 29, 2024 · 1ef3125 · 1ef3125
1 parent 133789a
commit 1ef3125
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 31 deletions.
diff --git a/specs/commercelayer.spec.ts b/specs/commercelayer.spec.ts
@@ -32,7 +32,7 @@ describe('SDK:commercelayer suite', () => {
 		jest.setTimeout(10000)
 		const headers = true
 
-		const cli = await getClient(true)
+		const cli = await getClient({})
 
 		const reader = cli.addRawResponseReader({ headers })
 		expect(reader).not.toBeUndefined()
@@ -61,7 +61,7 @@ describe('SDK:commercelayer suite', () => {
 		}
 
 		const domain = process.env.CL_SDK_DOMAIN as string
-		const expiredToken = 'eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6IjliN2JiZmVlMzQzZDVkNDQ5ZGFkODhmMjg0MGEyZTM3YzhkZWFlZTg5NjM4MGQ1ODA2YTc4NWVkMWQ1OTc5ZjAifQ.eyJ1c2VyIjp7ImlkIjoiYUVaa3lTQlhMVyJ9LCJhcHBsaWNhdGlvbiI6eyJpZCI6Ik54RFppeUFBa04iLCJraW5kIjoidXNlciIsInB1YmxpYyI6ZmFsc2V9LCJzY29wZSI6InByb3Zpc2lvbmluZy1hcGkiLCJleHAiOjE3MTI3NTU1NzQsInRlc3QiOmZhbHNlLCJyYW5kIjowLjQwNzEwODk4NDE5ODU4NDU0LCJpYXQiOjE3MTI3NDgzNzQsImlzcyI6Imh0dHBzOi8vY29tbWVyY2VsYXllci5pbyJ9.IXs33dY4PcaedryPyU99kxPQfyVQYcLPwK8GRamVY18KQyiOgCXJbqUMQMfk4WzKaiI3HHwSlbqVXSKe4P3gGHHIUXj1Xdc07VtcS9AZpu6QgMoec1lgeK1pcV41DtWaj-QekN61HFr_oLHTjvlcpO31FJB-Zw50C1trj8gK-dtnYbzH9_AIevWnPMzRGRGq2xcPO7Uw0bEa8pSxkl_gO6e4wM55IPB9IQX86qmW9q_tD7T7IwGEB8mbcwMC7E4YtjlwAzZCXbBuMvFKj5Wma3DwM1Z0-dJAbCw6c-YOzCKvXgnmMYaHgWLnTcpJTk3UpJ_SpZn_kwUa31VFhVP3nupfNTr9bg7Z_kQ9120Vrgq0MMB4wr0c8SARz1pcvvqeU4eUHgamQlugbgoYx8Vm-kxNzcdyT8nRDlAdd1-xglghjLZNcQkxD_rJZWyYd234MXPgpshLYENfkh-QvCxdRjCh_iHazufa3taYcuc4KwQ-Vw-oeiBozNh3JgptjUrd3GMavLpDbXEUa8tH2dz7H2yEjH5vKo5pprno5gKQWnIVO0yHcI32TmWIalV8nouyfvOCrRQaCqJJK7NCtbZZMEVarWP09i6wUy1FKI3rfnBmAIHZxcEn1yOS5ESXfXj8Kt4GVmPG7yIDmCw8P37JAi2xb45oXldzyTyk1jbQMq4'
+		const expiredToken = process.env.CL_SDK_ACCESS_TOKEN_EXPIRED as string
 
 		const cli = CommerceLayerProvisioning({
 			domain,

diff --git a/specs/error.spec.ts b/specs/error.spec.ts
@@ -8,7 +8,7 @@ import { getClient } from '../test/common'
 let clp: CommerceLayerProvisioningClient
 
 
-beforeAll(async () => { clp = await getClient(true) })
+beforeAll(async () => { clp = await getClient({}) })
 
 
 describe('SDK:error suite', () => {

diff --git a/test/common.ts b/test/common.ts
@@ -1,5 +1,5 @@
 import getToken from './token'
-import CommerceLayerProvisioning, { CommerceLayerProvisioningClient, QueryParamsList, QueryParamsRetrieve, RequestObj } from '../src'
+import CommerceLayerProvisioning, { CommerceLayerConfig, CommerceLayerProvisioningClient, QueryParamsList, QueryParamsRetrieve, RequestObj } from '../src'
 import dotenv from 'dotenv'
 import { inspect } from 'util'
 import isEqual from 'lodash.isequal'
@@ -19,7 +19,7 @@ const INTERCEPTOR_CANCEL = 'TEST-INTERCEPTED'
 const REQUEST_TIMEOUT = 5550
 const REQUEST_OPTIONS: RequestConfig = {
 	timeout: REQUEST_TIMEOUT,
-	params: { }
+	params: {}
 } as const
 
 export const TestData = {
@@ -57,26 +57,38 @@ export const CommonData = {
 
 let currentAccessToken: string
 
-const initClient = async (): Promise<CommerceLayerProvisioningClient> => {
-	const token = await getToken('user')
-	if (token === null) throw new Error('Unable to get access token')
-	const accessToken = token.accessToken
-	currentAccessToken = accessToken
+const initClient = async (config: CommerceLayerConfig): Promise<CommerceLayerProvisioningClient> => {
+
+	let accessToken: string
+
+	if (config.accessToken) accessToken = config.accessToken
+	else {
+		const token = await getToken('user')
+		if (token === null) throw new Error('Unable to get access token')
+		accessToken = token.accessToken
+	}
+
 	const client = CommerceLayerProvisioning({ accessToken, domain })
-	client.config({ timeout: GLOBAL_TIMEOUT })
-	jest.setTimeout(GLOBAL_TIMEOUT)
+	currentAccessToken = accessToken
+
+	client.config({ timeout: config.timeout || GLOBAL_TIMEOUT })
+	try { jest.setTimeout(config.timeout || GLOBAL_TIMEOUT) } catch (err: any) { }
+
 	return client
+
 }
 
+
 const fakeClient = async (): Promise<CommerceLayerProvisioningClient> => {
 	const accessToken = 'fake-access-token'
 	const client = CommerceLayerProvisioning({ accessToken, domain })
 	currentAccessToken = accessToken
 	return client
 }
 
-const getClient = (instance?: boolean): Promise<CommerceLayerProvisioningClient> => {
-	return instance ?  initClient() : fakeClient()
+
+const getClient = (config?: CommerceLayerConfig): Promise<CommerceLayerProvisioningClient> => {
+	return config ? initClient(config) : fakeClient()
 }
 
 const printObject = (obj: unknown): string => {
@@ -112,20 +124,20 @@ const randomValue = (type: string, name?: string): any | Array<any> => {
 
 	if (type.startsWith('boolean')) values = booleans
 	else
-	if (type.startsWith('integer') || type.startsWith('number')) values = numbers
-	else
-	if (type.startsWith('fload') || type.startsWith('decimal')) values = numbers
-	else
-	if (type.startsWith('object')) values = objects
-	else
-	if (type.startsWith('string')) values = strings
-	else values = strings
+		if (type.startsWith('integer') || type.startsWith('number')) values = numbers
+		else
+			if (type.startsWith('fload') || type.startsWith('decimal')) values = numbers
+			else
+				if (type.startsWith('object')) values = objects
+				else
+					if (type.startsWith('string')) values = strings
+					else values = strings
 
 	let value = values[Math.floor(Math.random() * (values.length - 1))]
 
 	if (type === 'string') value = `${value}_${Math.floor(Math.random() * 100)}`
 
-	if (type.endsWith('[]')) value = [ value ]
+	if (type.endsWith('[]')) value = [value]
 
 	return value
 
@@ -137,7 +149,7 @@ export { handleError, interceptRequest, randomValue }
 
 
 const checkCommon = (request: RequestObj, type: string, id?: string, token?: string, relationship?: string) => {
-	expect(request.url.pathname).toBe('/api/' + type + (id ? `/${id}` : '') + (relationship ? `/${relationship}`: ''))
+	expect(request.url.pathname).toBe('/api/' + type + (id ? `/${id}` : '') + (relationship ? `/${relationship}` : ''))
 	expect(request.options.headers).toBeDefined()
 	if (request.options.headers) expect(request.options.headers['Authorization']).toContain('Bearer ' + (token || ''))
 	expect(request.options.signal).not.toBeNull()
@@ -156,12 +168,12 @@ const checkCommonData = (data: any, type: string, attributes: any, id?: string)
 }
 
 const checkParam = (url: string | URL, name: string, value: string | number | boolean) => {
-	const params = (url instanceof URL)? url.searchParams : new URL(url).searchParams
+	const params = (url instanceof URL) ? url.searchParams : new URL(url).searchParams
 	expect(params.has(name)).toBeTruthy()
 	expect(params.get(name)).toBe(String(value))
 }
 
-const checkCommonParamsList = (request: RequestObj, params: QueryParamsList<Resource>) =>  {
+const checkCommonParamsList = (request: RequestObj, params: QueryParamsList<Resource>) => {
 	const url = new URL(request.url)
 	if (params.pageNumber) checkParam(url, 'page[number]', params.pageNumber)
 	if (params.pageSize) checkParam(url, 'page[size]', params.pageSize)

diff --git a/test/spot.ts b/test/spot.ts
@@ -2,6 +2,7 @@
 import clProvisioning from '../src'
 import { inspect } from 'util'
 import getToken from './token'
+import { getClient } from './common'
 // import { } from '../lib/index'
 
 
@@ -17,11 +18,8 @@ async function refreshToken(old: string): Promise<string> {
 	const domain = process.env.CL_SDK_DOMAIN
 	const accessToken = process.env.CL_SDK_ACCESS_TOKEN || ''
 
-	const clp = clProvisioning({
-		accessToken,
-		domain,
-		refreshToken
-	})
+	const clp = await getClient({ accessToken, domain })
+	clp.config({ refreshToken })
 
 	try {