super-productivity/electron/jira-capability.test.cjs
Johannes Millan 95d3b212bc
fix(electron): gate Jira IPC behind a one-shot capability (#9008)
* docs(plugins): add microsoft 365 calendar provider plan

* fix(jira): gate Electron requests behind one-shot capability

Claim privileged Jira IPC before plugin startup and return responses through invoke instead of a broadcast event. Keep arbitrary HTTP(S) Jira hosts supported while rejecting redirects and bounding request resources.

* fix(jira): enforce Electron request capability

Bind privileged Jira IPC to a main-issued renderer-document token and strip raw Electron events from renderer callbacks. Scope image authentication by origin, base path, and resource type while preserving safe redirects and legacy configurations.

* fix(electron): handle payload-only IPC lifecycle

Clear Jira image authentication before replacement and when a new renderer document claims the capability. Parse before-close IDs from payload-only events so pending sync and finish-day hooks can complete.

* fix(electron): address Jira IPC capability review findings

- electron.effects: read ANY_FILE_DOWNLOADED payload at [0] after the
  payload-only IPC refactor (was [1], now undefined -> TypeError on every
  download); guard against a malformed payload
- jira-capability: rotate the token on re-register so a renderer reload
  that reuses the WebFrameMain object is not permanently locked out of
  Jira; invalidates any stale token
- document that the one-shot consumption order, not the bypassable
  main-frame check, is the real capability boundary
- jira-electron-bridge: skip the no-op clearImgHeaders IPC round-trip
  when image auth was never set up (non-Jira detail-panel open/close)
- jira-api: route a synchronous _toElectronRequestInit throw through
  _handleResponse instead of leaking a dangling request-log entry

* test(electron): cover ANY_FILE_DOWNLOADED payload parsing

Extract parseDownloadedFilePayload from ElectronEffects and add a
regression spec pinning the payload-only shape ([file], not [event,
file]) that caused a TypeError on every download. Hardened against
non-array input surfaced by the new test.

* fix(electron): restore Node ambient globals for frontend build
2026-07-14 21:02:27 +02:00

57 lines
2 KiB
JavaScript

const test = require('node:test');
const assert = require('node:assert/strict');
const path = require('node:path');
require('ts-node/register/transpile-only');
const { JiraCapabilityRegistry } = require(
path.resolve(__dirname, 'jira-capability.ts'),
);
test('rotates the Jira capability when a renderer document re-registers', () => {
let counter = 0;
const registry = new JiraCapabilityRegistry(() => `test-token-${(counter += 1)}`);
const frame = {};
const first = registry.register(frame);
assert.equal(first, 'test-token-1');
// A reload re-registers the same frame object: a fresh token is issued and
// the stale one is invalidated, so the reloaded document is never locked out.
const second = registry.register(frame);
assert.equal(second, 'test-token-2');
assert.equal(registry.isAuthorized(frame, first), false);
assert.equal(registry.isAuthorized(frame, second), true);
});
test('only authorizes the issued token from the same renderer document', () => {
const registry = new JiraCapabilityRegistry(() => 'test-token');
const registeredFrame = {};
const otherFrame = {};
registry.register(registeredFrame);
assert.equal(registry.isAuthorized(registeredFrame, 'test-token'), true);
assert.equal(registry.isAuthorized(registeredFrame, 'wrong-token'), false);
assert.equal(registry.isAuthorized(otherFrame, 'test-token'), false);
assert.equal(registry.isAuthorized(registeredFrame, null), false);
});
test('unwraps only an authorized Jira capability envelope', () => {
const registry = new JiraCapabilityRegistry(() => 'test-token');
const frame = {};
registry.register(frame);
const payload = { requestId: 'request-1' };
assert.equal(
registry.unwrap(frame, {
capabilityToken: 'test-token',
payload,
}),
payload,
);
assert.throws(
() => registry.unwrap(frame, { capabilityToken: 'wrong-token', payload }),
/unauthorized/i,
);
assert.throws(() => registry.unwrap(frame, payload), /unauthorized/i);
});