mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-17 16:37:43 +00:00
* docs(plugins): add microsoft 365 calendar provider plan * fix(jira): gate Electron requests behind one-shot capability Claim privileged Jira IPC before plugin startup and return responses through invoke instead of a broadcast event. Keep arbitrary HTTP(S) Jira hosts supported while rejecting redirects and bounding request resources. * fix(jira): enforce Electron request capability Bind privileged Jira IPC to a main-issued renderer-document token and strip raw Electron events from renderer callbacks. Scope image authentication by origin, base path, and resource type while preserving safe redirects and legacy configurations. * fix(electron): handle payload-only IPC lifecycle Clear Jira image authentication before replacement and when a new renderer document claims the capability. Parse before-close IDs from payload-only events so pending sync and finish-day hooks can complete. * fix(electron): address Jira IPC capability review findings - electron.effects: read ANY_FILE_DOWNLOADED payload at [0] after the payload-only IPC refactor (was [1], now undefined -> TypeError on every download); guard against a malformed payload - jira-capability: rotate the token on re-register so a renderer reload that reuses the WebFrameMain object is not permanently locked out of Jira; invalidates any stale token - document that the one-shot consumption order, not the bypassable main-frame check, is the real capability boundary - jira-electron-bridge: skip the no-op clearImgHeaders IPC round-trip when image auth was never set up (non-Jira detail-panel open/close) - jira-api: route a synchronous _toElectronRequestInit throw through _handleResponse instead of leaking a dangling request-log entry * test(electron): cover ANY_FILE_DOWNLOADED payload parsing Extract parseDownloadedFilePayload from ElectronEffects and add a regression spec pinning the payload-only shape ([file], not [event, file]) that caused a TypeError on every download. Hardened against non-array input surfaced by the new test. * fix(electron): restore Node ambient globals for frontend build
57 lines
2 KiB
JavaScript
57 lines
2 KiB
JavaScript
const test = require('node:test');
|
|
const assert = require('node:assert/strict');
|
|
const path = require('node:path');
|
|
|
|
require('ts-node/register/transpile-only');
|
|
|
|
const { JiraCapabilityRegistry } = require(
|
|
path.resolve(__dirname, 'jira-capability.ts'),
|
|
);
|
|
|
|
test('rotates the Jira capability when a renderer document re-registers', () => {
|
|
let counter = 0;
|
|
const registry = new JiraCapabilityRegistry(() => `test-token-${(counter += 1)}`);
|
|
const frame = {};
|
|
|
|
const first = registry.register(frame);
|
|
assert.equal(first, 'test-token-1');
|
|
|
|
// A reload re-registers the same frame object: a fresh token is issued and
|
|
// the stale one is invalidated, so the reloaded document is never locked out.
|
|
const second = registry.register(frame);
|
|
assert.equal(second, 'test-token-2');
|
|
assert.equal(registry.isAuthorized(frame, first), false);
|
|
assert.equal(registry.isAuthorized(frame, second), true);
|
|
});
|
|
|
|
test('only authorizes the issued token from the same renderer document', () => {
|
|
const registry = new JiraCapabilityRegistry(() => 'test-token');
|
|
const registeredFrame = {};
|
|
const otherFrame = {};
|
|
registry.register(registeredFrame);
|
|
|
|
assert.equal(registry.isAuthorized(registeredFrame, 'test-token'), true);
|
|
assert.equal(registry.isAuthorized(registeredFrame, 'wrong-token'), false);
|
|
assert.equal(registry.isAuthorized(otherFrame, 'test-token'), false);
|
|
assert.equal(registry.isAuthorized(registeredFrame, null), false);
|
|
});
|
|
|
|
test('unwraps only an authorized Jira capability envelope', () => {
|
|
const registry = new JiraCapabilityRegistry(() => 'test-token');
|
|
const frame = {};
|
|
registry.register(frame);
|
|
const payload = { requestId: 'request-1' };
|
|
|
|
assert.equal(
|
|
registry.unwrap(frame, {
|
|
capabilityToken: 'test-token',
|
|
payload,
|
|
}),
|
|
payload,
|
|
);
|
|
assert.throws(
|
|
() => registry.unwrap(frame, { capabilityToken: 'wrong-token', payload }),
|
|
/unauthorized/i,
|
|
);
|
|
assert.throws(() => registry.unwrap(frame, payload), /unauthorized/i);
|
|
});
|