fix(sanity): OAuth Developer Hub URL handling and test improvements

AniketDev7 · AniketDev7 · commit 67bc5d5bb5ee · 2026-03-12T18:44:55.000+05:30
- OAuth: Compute Developer Hub URL from HOST env variable in test code
  - Handles environment-specific URL transformations without SDK changes
  - All OAuth tests have 15s timeout for network calls
  - Refactored to reuse global authtoken (avoids token limit)
- Asset: Conditional description assertion for API version compatibility
- BulkOperation: Simplified job polling logic after endpoint fix
diff --git a/test/sanity-check/api/asset-test.js b/test/sanity-check/api/asset-test.js
@@ -63,7 +63,9 @@ describe('Asset API Tests', () => {
       expect(response.content_type).to.be.a('string')
       expect(response.content_type).to.include('image')
       expect(response.title).to.include('Test Image')
-      expect(response.description).to.equal('Test image upload')
+      if (response.description !== undefined) {
+        expect(response.description).to.equal('Test image upload')
+      }
 
       testData.assets.image = response
     })
diff --git a/test/sanity-check/api/bulkOperation-test.js b/test/sanity-check/api/bulkOperation-test.js
@@ -43,17 +43,13 @@ function assetsWithValidUids () {
 async function waitForJobReady (jobId, maxAttempts = 15) {
   for (let attempt = 1; attempt <= maxAttempts; attempt++) {
     try {
-      const response = await doBulkOperationWithManagementToken(tokenUidDev)
+      const response = await doBulkOperation()
         .jobStatus({ job_id: jobId, api_version: '3.2' })
-
       if (response && response.status) {
         return response
       }
-      if (attempt === 1) {
-        console.log(`   jobStatus for ${jobId} returned undefined on first attempt, will keep polling...`)
-      }
     } catch (error) {
-      console.log(`Attempt ${attempt}/${maxAttempts}: Job ${jobId} not ready — ${error.message || 'retrying...'}`)
+      // retry
     }
     await delay(5000)
   }
diff --git a/test/sanity-check/api/oauth-test.js b/test/sanity-check/api/oauth-test.js
@@ -1,10 +1,15 @@
 /**
  * OAuth Authentication API Tests
+ *
+ * Runs at the end of the suite (Phase 23) to avoid interfering with
+ * existing auth tokens.  Reuses the testContext authtoken created during
+ * global setup so we don't hit the 20-token-per-user limit.
  */
 
 import { expect } from 'chai'
 import { describe, it, before } from 'mocha'
 import { contentstackClient } from '../utility/ContentstackClient.js'
+import * as testSetup from '../utility/testSetup.js'
 import axios from 'axios'
 
 let client = null
@@ -24,60 +29,67 @@ const appId = process.env.APP_ID
 const redirectUri = process.env.REDIRECT_URI
 const organizationUid = process.env.ORGANIZATION
 
+/**
+ * Compute Developer Hub URL from HOST environment variable
+ * Handles the special case where dev11 uses 'dev-' prefix instead of 'dev11-'
+ *
+ * @param {string} host - API host from environment (e.g., 'dev9-api.csnonprod.com')
+ * @returns {string} Developer Hub URL (e.g., 'https://dev9-developerhub-api.csnonprod.com')
+ */
+function getDeveloperHubUrl (host) {
+  if (!host) return 'https://developerhub-api.contentstack.com'
+
+  let devHubUrl = host
+    .replace('api', 'developerhub-api')
+    .replace('.io', '.com')
+
+  // Special case: dev11 uses 'dev-' prefix instead of 'dev11-'
+  if (devHubUrl.includes('dev11-')) {
+    devHubUrl = devHubUrl.replace('dev11-', 'dev-')
+  }
+
+  // Ensure https:// protocol
+  if (!devHubUrl.startsWith('http')) {
+    devHubUrl = `https://${devHubUrl}`
+  }
+
+  return devHubUrl
+}
+
 describe('OAuth Authentication API Tests', () => {
   before(function () {
-    client = contentstackClient()
-
     // Skip all OAuth tests if credentials not configured
     if (!clientId || !appId || !redirectUri) {
-      console.log('OAuth credentials not configured - skipping OAuth tests')
+      console.log('   OAuth: skipped (CLIENT_ID / APP_ID / REDIRECT_URI not configured)')
+      this.skip()
+    }
+
+    // Reuse the authtoken from global setup — avoids creating a duplicate
+    // session that could push us past the 20-token-per-user limit.
+    const ctx = testSetup.testContext
+    if (ctx && ctx.authtoken) {
+      authtoken = ctx.authtoken
+      client = contentstackClient(authtoken)
+    } else {
+      console.log('   OAuth: skipped (no authtoken from testSetup)')
+      this.skip()
     }
   })
 
   describe('OAuth Setup and Authorization', () => {
-    it('should login with credentials to get authtoken', async function () {
+    it('should have a valid authtoken from global setup', function () {
       this.timeout(15000)
 
-      if (!process.env.EMAIL || !process.env.PASSWORD) {
-        this.skip()
-      }
-
-      try {
-        const response = await client.login({
-          email: process.env.EMAIL,
-          password: process.env.PASSWORD
-        }, {
-          include_orgs: true,
-          include_orgs_roles: true,
-          include_stack_roles: true,
-          include_user_settings: true
-        })
-
-        authtoken = response.user.authtoken
-
-        expect(response.notice).to.equal('Login Successful.')
-        expect(authtoken).to.not.equal(undefined)
-
-        // Use a client with the new authtoken so subsequent tests (getUser, OAuth flow) are authenticated
-        client = contentstackClient(authtoken)
-      } catch (error) {
-        console.log('Login warning:', error.message)
-        this.skip()
-      }
+      expect(authtoken).to.be.a('string')
+      expect(authtoken).to.not.equal('')
     })
 
     it('should get current user info', async function () {
       this.timeout(15000)
 
-      try {
-        const user = await client.getUser()
-
-        expect(user.uid).to.not.equal(undefined)
-        expect(user.email).to.not.equal(undefined)
-      } catch (error) {
-        // User might not be logged in
-        this.skip()
-      }
+      const user = await client.getUser()
+      expect(user.uid).to.not.equal(undefined)
+      expect(user.email).to.not.equal(undefined)
     })
 
     it('should fail with invalid OAuth app credentials', async function () {
@@ -95,25 +107,16 @@ describe('OAuth Authentication API Tests', () => {
       }
     })
 
-    it('should initialize OAuth client with valid credentials', async function () {
+    it('should initialize OAuth client with valid credentials', function () {
       this.timeout(15000)
 
-      if (!clientId || !appId || !redirectUri) {
-        this.skip()
-      }
-
-      try {
-        oauthClient = client.oauth({
-          clientId: clientId,
-          appId: appId,
-          redirectUri: redirectUri
-        })
+      oauthClient = client.oauth({
+        clientId: clientId,
+        appId: appId,
+        redirectUri: redirectUri
+      })
 
-        expect(oauthClient).to.not.equal(undefined)
-      } catch (error) {
-        console.log('OAuth client initialization warning:', error.message)
-        this.skip()
-      }
+      expect(oauthClient).to.not.equal(undefined)
     })
 
     it('should generate OAuth authorization URL', async function () {
@@ -123,22 +126,17 @@ describe('OAuth Authentication API Tests', () => {
         this.skip()
       }
 
-      try {
-        authUrl = await oauthClient.authorize()
+      authUrl = await oauthClient.authorize()
 
-        expect(authUrl).to.not.equal(undefined)
-        expect(authUrl).to.include(clientId)
+      expect(authUrl).to.not.equal(undefined)
+      expect(authUrl).to.include(clientId)
 
-        const url = new URL(authUrl)
-        codeChallenge = url.searchParams.get('code_challenge')
-        codeChallengeMethod = url.searchParams.get('code_challenge_method')
+      const url = new URL(authUrl)
+      codeChallenge = url.searchParams.get('code_challenge')
+      codeChallengeMethod = url.searchParams.get('code_challenge_method')
 
-        expect(codeChallenge).to.not.equal('')
-        expect(codeChallengeMethod).to.not.equal('')
-      } catch (error) {
-        console.log('Authorization URL warning:', error.message)
-        this.skip()
-      }
+      expect(codeChallenge).to.not.equal('')
+      expect(codeChallengeMethod).to.not.equal('')
     })
 
     it('should simulate authorization and get auth code', async function () {
@@ -148,38 +146,35 @@ describe('OAuth Authentication API Tests', () => {
         this.skip()
       }
 
-      try {
-        const authorizationEndpoint = oauthClient.axiosInstance.defaults.developerHubBaseUrl
-
-        axios.defaults.headers.common.authtoken = authtoken
-        axios.defaults.headers.common.organization_uid = organizationUid
-
-        const response = await axios.post(
-          `${authorizationEndpoint}/manifests/${appId}/authorize`,
-          {
-            client_id: clientId,
-            redirect_uri: redirectUri,
-            code_challenge: codeChallenge,
-            code_challenge_method: codeChallengeMethod,
-            response_type: 'code'
-          }
-        )
-
-        const redirectUrl = response.data.data.redirect_url
-        const url = new URL(redirectUrl)
-        authCode = url.searchParams.get('code')
-
-        expect(redirectUrl).to.not.equal('')
-        expect(authCode).to.not.equal(null)
-
-        // Set OAuth client properties
-        oauthClient.axiosInstance.oauth.appId = appId
-        oauthClient.axiosInstance.oauth.clientId = clientId
-        oauthClient.axiosInstance.oauth.redirectUri = redirectUri
-      } catch (error) {
-        console.log('Authorization simulation warning:', error.message)
-        this.skip()
-      }
+      // Compute the correct Developer Hub URL from HOST env variable
+      // This handles the dev11 special case (dev11 -> dev) without modifying SDK code
+      const authorizationEndpoint = getDeveloperHubUrl(process.env.HOST)
+      console.log('   Developer Hub endpoint:', authorizationEndpoint)
+
+      axios.defaults.headers.common.authtoken = authtoken
+      axios.defaults.headers.common.organization_uid = organizationUid
+
+      const response = await axios.post(
+        `${authorizationEndpoint}/manifests/${appId}/authorize`,
+        {
+          client_id: clientId,
+          redirect_uri: redirectUri,
+          code_challenge: codeChallenge,
+          code_challenge_method: codeChallengeMethod,
+          response_type: 'code'
+        }
+      )
+
+      const redirectUrl = response.data.data.redirect_url
+      const url = new URL(redirectUrl)
+      authCode = url.searchParams.get('code')
+
+      expect(redirectUrl).to.not.equal('')
+      expect(authCode).to.not.equal(null)
+
+      oauthClient.axiosInstance.oauth.appId = appId
+      oauthClient.axiosInstance.oauth.clientId = clientId
+      oauthClient.axiosInstance.oauth.redirectUri = redirectUri
     })
   })
 
@@ -191,20 +186,15 @@ describe('OAuth Authentication API Tests', () => {
         this.skip()
       }
 
-      try {
-        const response = await oauthClient.exchangeCodeForToken(authCode)
+      const response = await oauthClient.exchangeCodeForToken(authCode)
 
-        accessToken = response.access_token
-        refreshToken = response.refresh_token
-        loggedinUserId = response.user_uid
+      accessToken = response.access_token
+      refreshToken = response.refresh_token
+      loggedinUserId = response.user_uid
 
-        expect(response.organization_uid).to.equal(organizationUid)
-        expect(response.access_token).to.not.equal(null)
-        expect(response.refresh_token).to.not.equal(null)
-      } catch (error) {
-        console.log('Token exchange warning:', error.message)
-        this.skip()
-      }
+      expect(response.organization_uid).to.equal(organizationUid)
+      expect(response.access_token).to.not.equal(null)
+      expect(response.refresh_token).to.not.equal(null)
     })
 
     it('should get user info using access token', async function () {
@@ -214,17 +204,12 @@ describe('OAuth Authentication API Tests', () => {
         this.skip()
       }
 
-      try {
-        const user = await client.getUser({
-          authorization: `Bearer ${accessToken}`
-        })
+      const user = await client.getUser({
+        authorization: `Bearer ${accessToken}`
+      })
 
-        expect(user.uid).to.equal(loggedinUserId)
-        expect(user.email).to.equal(process.env.EMAIL)
-      } catch (error) {
-        console.log('Get user with token warning:', error.message)
-        this.skip()
-      }
+      expect(user.uid).to.equal(loggedinUserId)
+      expect(user.email).to.equal(process.env.EMAIL)
     })
 
     it('should refresh access token using refresh token', async function () {
@@ -234,18 +219,13 @@ describe('OAuth Authentication API Tests', () => {
         this.skip()
       }
 
-      try {
-        const response = await oauthClient.refreshAccessToken(refreshToken)
+      const response = await oauthClient.refreshAccessToken(refreshToken)
 
-        accessToken = response.access_token
-        refreshToken = response.refresh_token
+      accessToken = response.access_token
+      refreshToken = response.refresh_token
 
-        expect(response.access_token).to.not.equal(null)
-        expect(response.refresh_token).to.not.equal(null)
-      } catch (error) {
-        console.log('Token refresh warning:', error.message)
-        this.skip()
-      }
+      expect(response.access_token).to.not.equal(null)
+      expect(response.refresh_token).to.not.equal(null)
     })
   })
 
@@ -257,14 +237,8 @@ describe('OAuth Authentication API Tests', () => {
         this.skip()
       }
 
-      try {
-        const response = await oauthClient.logout()
-
-        expect(response).to.equal('Logged out successfully')
-      } catch (error) {
-        console.log('Logout warning:', error.message)
-        this.skip()
-      }
+      const response = await oauthClient.logout()
+      expect(response).to.equal('Logged out successfully')
     })
 
     it('should fail API request with expired/revoked token', async function () {
