Merge remote-tracking branch 'origin/main' into pr/adamSellers/1039

package.json

@@ -1,9 +1,9 @@
 {
   "name": "@salesforce/core",
-  "version": "6.7.0",
+  "version": "6.7.1",
   "description": "Core libraries to interact with SFDX projects, orgs, and APIs.",
-  "main": "lib/exported",
-  "types": "lib/exported.d.ts",
+  "main": "lib/index",
+  "types": "lib/index.d.ts",
   "license": "BSD-3-Clause",
   "engines": {
     "node": ">=18.0.0"
@@ -62,13 +62,13 @@
     "@salesforce/ts-sinon": "^1.4.19",
     "@types/benchmark": "^2.1.5",
     "@types/chai-string": "^1.4.5",
-    "@types/jsonwebtoken": "9.0.5",
+    "@types/jsonwebtoken": "9.0.6",
     "@types/proper-lockfile": "^4.1.4",
     "benchmark": "^2.1.4",
     "chai-string": "^1.5.0",
     "ts-node": "^10.9.2",
     "ts-patch": "^3.1.1",
-    "typescript": "^5.3.3"
+    "typescript": "^5.4.2"
   },
   "repository": {
     "type": "git",

scripts/build.js

@@ -11,11 +11,11 @@ const { Generator } = require('npm-dts');
 const fs = require('fs');
 
 new Generator({
-  output: 'lib/exported.d.ts',
+  output: 'lib/index.d.ts',
 }).generate();
 
 const sharedConfig = {
-  entryPoints: ['src/exported.ts'],
+  entryPoints: ['src/index.ts'],
   bundle: true,
   // minify: true,
   plugins: [
@@ -33,7 +33,7 @@ const sharedConfig = {
     platform: 'node', // for CJS
     outdir: 'lib',
   });
-  const filePath = 'lib/exported.js';
+  const filePath = 'lib/index.js';
   let bundledEntryPoint = fs.readFileSync(filePath, 'utf8');
 
   const searchString = /\$\{process\.cwd\(\)\}\$\{require\("path"\)\.sep\}lib/g;

scripts/updateForBundling.js

@@ -1,4 +1,5 @@
 const fs = require('fs');
+const path = require('path');
 
 // Function to update package.json
 function updatePackageJson() {
@@ -62,6 +63,47 @@ function updateLoggerTs() {
   });
 }
 
+function updateLoadMessagesParam() {
+  const dirs = ['./src', './test'];
+  function replaceTextInFile(filePath) {
+    const data = fs.readFileSync(filePath, 'utf8');
+    const result = data.replace(
+      /Messages\.loadMessages\('@salesforce\/core'/g,
+      "Messages.loadMessages('@salesforce/core-bundle'"
+    );
+    fs.writeFileSync(filePath, result, 'utf8');
+  }
+  function traverseDirectory(directory) {
+    fs.readdirSync(directory).forEach((file) => {
+      const fullPath = path.join(directory, file);
+      if (fs.lstatSync(fullPath).isDirectory()) {
+        traverseDirectory(fullPath);
+      } else if (path.extname(fullPath) === '.ts') {
+        replaceTextInFile(fullPath);
+      }
+    });
+  }
+  dirs.forEach((dir) => {
+    traverseDirectory(dir);
+  });
+}
+
+function addTestSetupToIndex() {
+  const indexPath = './src/index.ts';
+  const testSetupExport = "export * from './testSetup';\n";
+  fs.readFile(indexPath, 'utf8', (err, data) => {
+    fs.appendFile(indexPath, testSetupExport, 'utf8', (err) => {
+      if (err) {
+        console.error(`Error appending to file: ${err}`);
+      } else {
+        console.log('Content successfully added to the file.');
+      }
+    });
+  });
+}
+
 // Run the update functions
 updatePackageJson();
 updateLoggerTs();
+updateLoadMessagesParam();
+addTestSetupToIndex();

src/org/authInfo.ts

@@ -333,8 +333,10 @@ export class AuthInfo extends AsyncOptionalCreatable<AuthInfo.Options> {
    * @param options The options to generate the URL.
    */
   public static getAuthorizationUrl(options: JwtOAuth2Config & { scope?: string }, oauth2?: OAuth2): string {
-    // Always use a verifier for enhanced security
-    options.useVerifier = true;
+    // Unless explicitly turned off, use a code verifier for enhanced security
+    if (options.useVerifier !== false) {
+      options.useVerifier = true;
+    }
     const oauth2Verifier = oauth2 ?? new OAuth2(options);
 
     // The state parameter allows the redirectUri callback listener to ignore request

src/webOAuthServer.ts

@@ -141,6 +141,8 @@ export class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Options> {
     if (!this.oauthConfig.clientId) this.oauthConfig.clientId = DEFAULT_CONNECTED_APP_INFO.clientId;
     if (!this.oauthConfig.loginUrl) this.oauthConfig.loginUrl = AuthInfo.getDefaultInstanceUrl();
     if (!this.oauthConfig.redirectUri) this.oauthConfig.redirectUri = `http://localhost:${port}/OauthRedirect`;
+    // Unless explicitly turned off, use a code verifier as a best practice
+    if (this.oauthConfig.useVerifier !== false) this.oauthConfig.useVerifier = true;
 
     this.webServer = await WebServer.create({ port });
     this.oauth2 = new OAuth2(this.oauthConfig);
@@ -237,6 +239,7 @@ export class WebOAuthServer extends AsyncCreatable<WebOAuthServer.Options> {
       this.logger.debug(`oauthConfig.loginUrl: ${this.oauthConfig.loginUrl}`);
       this.logger.debug(`oauthConfig.clientId: ${this.oauthConfig.clientId}`);
       this.logger.debug(`oauthConfig.redirectUri: ${this.oauthConfig.redirectUri}`);
+      this.logger.debug(`oauthConfig.useVerifier: ${this.oauthConfig.useVerifier}`);
       return authCode;
     }
     return null;

test/perf/logger/main.test.ts

@@ -5,7 +5,7 @@
  * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 import { Suite } from 'benchmark';
-import { Logger } from '../../../src/exported';
+import { Logger } from '../../../src';
 import { cleanup } from '../../../src/logger/cleanup';
 
 const suite = new Suite();

test/unit/config/configAggregatorTest.ts

@@ -11,7 +11,7 @@ import { assert, expect, config as chaiConfig } from 'chai';
 import { Config, ConfigProperties, SFDX_ALLOWED_PROPERTIES, SfdxPropertyKeys } from '../../../src/config/config';
 import { ConfigAggregator, ConfigInfo } from '../../../src/config/configAggregator';
 import { ConfigFile } from '../../../src/config/configFile';
-import { Messages, OrgConfigProperties, Lifecycle, ORG_CONFIG_ALLOWED_PROPERTIES } from '../../../src/exported';
+import { Messages, OrgConfigProperties, Lifecycle, ORG_CONFIG_ALLOWED_PROPERTIES } from '../../../src';
 import { TestContext } from '../../../src/testSetup';
 
 // if you add to this, make sure you use both the old and new name

test/unit/config/configFileConcurrency.test.ts

@@ -9,7 +9,7 @@ import { tmpdir } from 'node:os';
 import { rm } from 'node:fs/promises';
 import { expect } from 'chai';
 import { sleep } from '@salesforce/kit';
-import { ConfigFile } from '../../../src/exported';
+import { ConfigFile } from '../../../src';
 
 const FILENAME = 'concurrency.json';
 const sharedLocation = join('sfdx-core-ut', 'test', 'configFile');

test/unit/config/configFileTest.ts

@@ -14,7 +14,7 @@ import { expect } from 'chai';
 import { assert } from '@salesforce/ts-types';
 import lockfileLib from 'proper-lockfile';
 import { ConfigFile } from '../../../src/config/configFile';
-import { SfError } from '../../../src/exported';
+import { SfError } from '../../../src';
 import { shouldThrow, TestContext } from '../../../src/testSetup';
 
 describe('Config', () => {

test/unit/config/configTest.ts

@@ -17,7 +17,7 @@ import * as lockfileLib from 'proper-lockfile';
 import { Config, ConfigPropertyMeta } from '../../../src/config/config';
 import { ConfigFile } from '../../../src/config/configFile';
 import { ConfigContents } from '../../../src/config/configStackTypes';
-import { OrgConfigProperties } from '../../../src/exported';
+import { OrgConfigProperties } from '../../../src';
 import { shouldThrowSync, TestContext } from '../../../src/testSetup';
 
 const configFileContentsString = '{"target-dev-hub": "configTest_devhub","target-org": "configTest_default"}';

test/unit/projectTest.ts

@@ -11,7 +11,7 @@ import { join, sep } from 'node:path';
 import { expect } from 'chai';
 
 import { env } from '@salesforce/kit';
-import { Messages, NamedPackageDir } from '../../src/exported';
+import { Messages, NamedPackageDir } from '../../src';
 import { SfProject, SfProjectJson } from '../../src/sfProject';
 import { shouldThrow, shouldThrowSync, TestContext } from '../../src/testSetup';
 

test/unit/webOauthServerTest.ts

@@ -35,11 +35,24 @@ describe('WebOauthServer', () => {
   });
 
   describe('getAuthorizationUrl', () => {
-    it('should return authorization url', async () => {
+    it('should return authorization url with expected (default) params', async () => {
       const oauthServer = await WebOAuthServer.create({ oauthConfig: {} });
       const authUrl = oauthServer.getAuthorizationUrl();
       expect(authUrl).to.not.be.undefined;
       expect(authUrl).to.include('client_id=PlatformCLI');
+      expect(authUrl).to.include('code_challenge=');
+      expect(authUrl).to.include('state=');
+      expect(authUrl).to.include('response_type=code');
+    });
+
+    it('should return authorization url with no code_challenge', async () => {
+      const oauthServer = await WebOAuthServer.create({ oauthConfig: { useVerifier: false } });
+      const authUrl = oauthServer.getAuthorizationUrl();
+      expect(authUrl).to.not.be.undefined;
+      expect(authUrl).to.include('client_id=PlatformCLI');
+      expect(authUrl).to.not.include('code_challenge=');
+      expect(authUrl).to.include('state=');
+      expect(authUrl).to.include('response_type=code');
     });
   });
 
@@ -70,6 +83,37 @@ describe('WebOauthServer', () => {
       const handleSuccessStub = stubMethod($$.SANDBOX, oauthServer.webServer, 'handleSuccess').resolves();
       const authInfo = await oauthServer.authorizeAndSave();
       expect(authInfoStub.save.callCount).to.equal(1);
+      expect(authStub.callCount).to.equal(1);
+      const authCreateOptions = authStub.firstCall.args[0] as AuthInfo.Options;
+      expect(authCreateOptions).have.property('oauth2Options');
+      expect(authCreateOptions).have.property('oauth2');
+      expect(authCreateOptions.oauth2Options).to.have.property('useVerifier', true);
+      expect(authCreateOptions.oauth2Options).to.have.property('clientId', 'PlatformCLI');
+      expect(authCreateOptions.oauth2).to.have.property('codeVerifier');
+      expect(authCreateOptions.oauth2?.codeVerifier).to.have.length.greaterThan(1);
+      expect(authCreateOptions.oauth2).to.have.property('clientId', 'PlatformCLI');
+      expect(authInfo.getFields()).to.deep.equal(authFields);
+      expect(handleSuccessStub.calledOnce).to.be.true;
+    });
+
+    it('should save new AuthInfo without codeVerifier', async () => {
+      redirectStub = stubMethod($$.SANDBOX, WebServer.prototype, 'doRedirect').callsFake(async () => {});
+      stubMethod($$.SANDBOX, WebOAuthServer.prototype, 'executeOauthRequest').callsFake(async () => serverResponseStub);
+      const oauthServer = await WebOAuthServer.create({ oauthConfig: { useVerifier: false } });
+      await oauthServer.start();
+      // @ts-expect-error because private member
+      const handleSuccessStub = stubMethod($$.SANDBOX, oauthServer.webServer, 'handleSuccess').resolves();
+      const authInfo = await oauthServer.authorizeAndSave();
+      expect(authInfoStub.save.callCount).to.equal(1);
+      expect(authStub.callCount).to.equal(1);
+      const authCreateOptions = authStub.firstCall.args[0] as AuthInfo.Options;
+      expect(authCreateOptions).have.property('oauth2Options');
+      expect(authCreateOptions).have.property('oauth2');
+      expect(authCreateOptions.oauth2Options).to.have.property('useVerifier', false);
+      expect(authCreateOptions.oauth2Options).to.have.property('clientId', 'PlatformCLI');
+      expect(authCreateOptions.oauth2).to.have.property('codeVerifier');
+      expect(authCreateOptions.oauth2?.codeVerifier).to.be.undefined;
+      expect(authCreateOptions.oauth2).to.have.property('clientId', 'PlatformCLI');
       expect(authInfo.getFields()).to.deep.equal(authFields);
       expect(handleSuccessStub.calledOnce).to.be.true;
     });