build(deps): bump body-parser and express

Bumps [body-parser](https://github.com/expressjs/body-parser) to 1.20.4 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `body-parser` from 1.19.2 to 1.20.4
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](https://github.com/expressjs/body-parser/compare/1.19.2...1.20.4)

Updates `express` from 4.17.3 to 4.22.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.17.3...v4.22.1)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 1.20.4
  dependency-type: indirect
- dependency-name: express
  dependency-version: 4.22.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/server-tests.yml

@@ -97,7 +97,6 @@ jobs:
           npm i
           jq '.sasJsConfig.serverUrl |= "${{ secrets.SASJS_SERVER_URL }}"' ./public/config.json > ./public/config.temp && mv ./public/config.temp ./public/config.json
           jq '.sasJsConfig.serverType |= "SASJS"' ./public/config.json > ./public/config.temp && mv ./public/config.temp ./public/config.json
-          jq '.sasJsConfig.loginMechanism |= "Default"' ./public/config.json > ./public/config.temp && mv ./public/config.temp ./public/config.json
           jq '.userName |= "${{ secrets.SASJS_USERNAME }}"' ./public/config.json > ./public/config.temp && mv ./public/config.temp ./public/config.json
           jq '.password |= "${{ secrets.SASJS_PASSWORD }}"' ./public/config.json > ./public/config.temp && mv ./public/config.temp ./public/config.json
 
@@ -111,10 +110,8 @@ jobs:
         shell: bash
 
       - name: Run cypress on sasjs
-        env:
-          TERM: dumb
         run: |
-          sed -i "s|sasjsTestsUrl: '.*'|sasjsTestsUrl: 'http://localhost:3000'|g" ./cypress.config.js
+          sed -i "s|sasjsTestsUrl: '.*'|sasjsTestsUrl: 'http://localhost:5173'|g" ./cypress.config.js
           sed -i "s|username: '.*'|username: '${{ secrets.SASJS_USERNAME }}'|g" ./cypress.config.js
           sed -i "s|password: '.*'|password: '${{ secrets.SASJS_PASSWORD }}'|g" ./cypress.config.js
           cat ./cypress.config.js

.gitpod.yml

@@ -0,0 +1,2 @@
+tasks:
+  - init: npm install && npm run build

cypress.config.js

@@ -9,7 +9,7 @@ module.exports = defineConfig({
     supportFile: 'cypress/support/index.js'
   },
   env: {
-    sasjsTestsUrl: 'http://localhost:3000',
+    sasjsTestsUrl: 'http://localhost:5173',
     username: '',
     password: '',
     screenshotOnRunFailure: false,

cypress/integration/sasjs.tests.ts

@@ -9,12 +9,10 @@ context('sasjs-tests', function () {
   })
 
   beforeEach(() => {
-    cy.visit(sasjsTestsUrl)
+    cy.reload()
   })
 
   function loginIfNeeded() {
-    cy.get('login-form, tests-view', { timeout: 30000 }).should('exist')
-
     cy.get('body').then(($body) => {
       if ($body.find('login-form').length > 0) {
         cy.get('login-form')

package.json

@@ -53,7 +53,7 @@
     "cp": "0.2.0",
     "cypress": "^15.7.1",
     "dotenv": "16.0.0",
-    "express": "4.17.3",
+    "express": "4.22.1",
     "jest": "29.7.0",
     "jest-environment-jsdom": "^29.7.0",
     "jest-extended": "4.0.2",
@@ -76,8 +76,8 @@
   },
   "main": "index.js",
   "dependencies": {
-    "@sasjs/utils": "^3.5.6",
+    "@sasjs/utils": "3.5.6",
-    "axios": "1.15.0",
+    "axios": "1.12.2",
     "axios-cookiejar-support": "5.0.5",
     "form-data": "4.0.4",
     "https": "1.0.0",

sasjs-tests/sasjs/sasjsconfig.json

@@ -7,7 +7,7 @@
   "targets": [
     {
       "name": "4gl",
-      "serverUrl": "https://sas.4gl.io",
+      "serverUrl": "https://sas9.4gl.io",
       "serverType": "SASJS",
       "httpsAgentOptions": {
         "allowInsecureRequests": false

sasjs-tests/vite.config.js

@@ -1,8 +1,5 @@
 import { defineConfig } from 'vite'
 export default defineConfig({
-  server: {
-    port: 3000
-  },
   build: {
     assetsInlineLimit: 0,
     assetsDir: ''

src/auth/AuthManager.ts

@@ -375,7 +375,7 @@ export class AuthManager {
    *
    */
   public async logOut() {
-    this.requestClient.resetInMemoryAuthState()
+    this.requestClient.clearCsrfTokens()
 
     return this.requestClient.get(this.logoutUrl, undefined).then(() => true)
   }

src/job-execution/WebJobExecutor.ts

@@ -97,9 +97,11 @@ export class WebJobExecutor extends BaseJobExecutor {
         apiUrl = apiUrl.replace('_program=', '__program=')
       }
 
-      // Append context name to URL if provided and non-empty
+      // if context name exists and is not blank string
-      apiUrl += config.contextName?.trim()
+      // then add _contextname variable in apiUrl
-        ? `&_contextname=${encodeURIComponent(config.contextName)}`
+      apiUrl +=
+        config.contextName && !/\s/.test(config.contextName)
+          ? `&_contextname=${config.contextName}`
           : ''
     }
 

src/request/RequestClient.ts

@@ -28,9 +28,6 @@ import {
 import { InvalidSASjsCsrfError } from '../types/errors/InvalidSASjsCsrfError'
 import { inspect } from 'util'
 
-const getLogger = () =>
-  (typeof process !== 'undefined' && process.logger) || console
-
 export class RequestClient implements HttpClient {
   private requests: SASjsRequest[] = []
   private requestsLimit: number = 10
@@ -40,7 +37,6 @@ export class RequestClient implements HttpClient {
   protected csrfToken: CsrfToken = { headerName: '', value: '' }
   protected fileUploadCsrfToken: CsrfToken | undefined
   protected httpClient!: AxiosInstance
-  private isRecoveringFromNetworkError = false
 
   constructor(
     protected baseUrl: string,
@@ -81,36 +77,6 @@ export class RequestClient implements HttpClient {
     localStorage.setItem('refreshToken', '')
   }
 
-  public resetInMemoryAuthState() {
-    const logger = getLogger()
-    const clearedCookies: string[] = []
-
-    this.clearCsrfTokens()
-    if (typeof localStorage !== 'undefined') {
-      this.clearLocalStorageTokens()
-    }
-    if (typeof document !== 'undefined') {
-      clearedCookies.push(...this.clearAllCookies())
-    }
-
-    logger.warn('[resetInMemoryAuthState] cleared', {
-      cookies: clearedCookies,
-      localStorage: typeof localStorage !== 'undefined'
-    })
-  }
-
-  private clearAllCookies(): string[] {
-    const cookies = document.cookie.split(';')
-    const cleared: string[] = []
-    for (const cookie of cookies) {
-      const name = cookie.split('=')[0].trim()
-      if (!name) continue
-      document.cookie = `${name}=; Max-Age=0; Path=/;`
-      cleared.push(name)
-    }
-    return cleared
-  }
-
   public getBaseUrl() {
     return this.httpClient.defaults.baseURL || ''
   }
@@ -388,14 +354,9 @@ export class RequestClient implements HttpClient {
     const csrfTokenKey = Object.keys(params).find((k) =>
       k?.toLowerCase().includes('csrf')
     )
-    const logger = getLogger()
-
     if (csrfTokenKey) {
       this.csrfToken.value = params[csrfTokenKey]
       this.csrfToken.headerName = this.csrfToken.headerName || 'x-csrf-token'
-      logger.warn('[authorize] CSRF from form', {
-        headerName: this.csrfToken.headerName
-      })
     }
 
     const formData = new FormData()
@@ -410,23 +371,15 @@ export class RequestClient implements HttpClient {
       throw new Error('Auth Form URL is null or undefined.')
     }
 
-    logger.warn('[authorize] posting to', { authUrl })
-
     return await this.httpClient
       .post(authUrl, formData, {
         responseType: 'text',
         headers: { Accept: '*/*', 'Content-Type': 'text/plain' }
       })
-      .then((res) => {
+      .then((res) => res.data)
-        logger.warn('[authorize] success', { status: res.status })
-        return res.data
-      })
       .catch((error) => {
-        logger.error('[authorize] failed', {
+        const logger = process.logger || console
-          code: error?.code,
+        logger.error(error)
-          status: error?.response?.status,
-          message: error?.message
-        })
       })
   }
 
@@ -625,16 +578,9 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
 
   protected parseAndSetCsrfToken = (response: AxiosResponse) => {
     const token = this.parseCsrfToken(response)
-    const logger = getLogger()
 
     if (token) {
       this.csrfToken = token
-      logger.warn('[parseAndSetCsrfToken] set', {
-        headerName: token.headerName,
-        hasValue: !!token.value
-      })
-    } else {
-      logger.warn('[parseAndSetCsrfToken] no token found in response')
     }
   }
 
@@ -654,11 +600,6 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
     }
   }
 
-  private logHandleError(step: string, details?: Record<string, any>) {
-    const logger = getLogger()
-    logger.warn(`[handleError] ${step}`, details || '')
-  }
-
   protected handleError = async (
     e: any,
     callback: any,
@@ -666,19 +607,7 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
   ) => {
     const response = e.response as AxiosResponse
 
-    this.logHandleError('entered', {
-      errorType: e?.constructor?.name,
-      code: e?.code,
-      status: response?.status,
-      url: e?.config?.url || response?.config?.url,
-      hasResponse: !!response,
-      isRecovering: this.isRecoveringFromNetworkError
-    })
-
     if (e instanceof AuthorizeError) {
-      this.logHandleError('AuthorizeError — fetching confirmUrl', {
-        confirmUrl: e.confirmUrl
-      })
       const res = await this.httpClient
         .get(e.confirmUrl, {
           responseType: 'text',
@@ -688,24 +617,13 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
           throw prefixMessage(err, 'Error while getting error confirmUrl. ')
         })
 
-      const needsAuthorize = isAuthorizeFormRequired(res?.data as string)
+      if (isAuthorizeFormRequired(res?.data as string)) {
-      this.logHandleError(
-        'AuthorizeError — authorize form required: ' + needsAuthorize
-      )
-
-      if (needsAuthorize) {
         await this.authorize(res.data as string).catch((err) => {
           throw prefixMessage(err, 'Error while authorizing request. ')
         })
       }
 
-      this.logHandleError('AuthorizeError — retrying callback')
       return await callback().catch((err: any) => {
-        this.logHandleError('AuthorizeError — callback failed', {
-          errorType: err?.constructor?.name,
-          code: err?.code,
-          message: err?.message
-        })
         throw prefixMessage(
           err,
           'Error while executing callback in handleError. '
@@ -714,14 +632,12 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
     }
 
     if (e instanceof LoginRequiredError) {
-      this.logHandleError('LoginRequiredError — clearing CSRF and re-throwing')
       this.clearCsrfTokens()
 
       throw e
     }
 
     if (e instanceof InvalidSASjsCsrfError) {
-      this.logHandleError('InvalidSASjsCsrfError — re-fetching CSRF cookie')
       // Fetching root and creating CSRF cookie
       await this.httpClient
         .get('/', {
@@ -733,22 +649,13 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
               response.data
             )?.[1]
 
-          this.logHandleError(
-            'InvalidSASjsCsrfError — cookie found: ' + !!cookie
-          )
           if (cookie) document.cookie = cookie
         })
         .catch((err) => {
           throw prefixMessage(err, 'Error while re-fetching CSRF token.')
         })
 
-      this.logHandleError('InvalidSASjsCsrfError — retrying callback')
       return await callback().catch((err: any) => {
-        this.logHandleError('InvalidSASjsCsrfError — callback failed', {
-          errorType: err?.constructor?.name,
-          code: err?.code,
-          message: err?.message
-        })
         throw prefixMessage(
           err,
           'Error while executing callback in handleError. '
@@ -759,20 +666,8 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
     if (response?.status === 403 || response?.status === 449) {
       this.parseAndSetCsrfToken(response)
 
-      const hasToken = !!(this.csrfToken.headerName && this.csrfToken.value)
+      if (this.csrfToken.headerName && this.csrfToken.value) {
-      this.logHandleError('403/449 — parsed CSRF from response', {
-        hasToken,
-        headerName: this.csrfToken.headerName
-      })
-
-      if (hasToken) {
-        this.logHandleError('403/449 — retrying callback with new CSRF')
         return await callback().catch((err: any) => {
-          this.logHandleError('403/449 — callback failed', {
-            errorType: err?.constructor?.name,
-            code: err?.code,
-            message: err?.message
-          })
           throw prefixMessage(
             err,
             'Error while executing callback in handleError. '
@@ -780,9 +675,6 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
         })
       }
 
-      this.logHandleError(
-        '403/449 — no CSRF in response, throwing original error'
-      )
       throw e
     } else if (response?.status === 404) {
       throw new NotFoundError(response.config.url!)
@@ -795,68 +687,6 @@ ${resHeaders}${parsedResBody ? `\n\n${parsedResBody}` : ''}
       throw new CertificateError(e.message)
     }
 
-    if (
-      e.isAxiosError &&
-      !response &&
-      e.code === 'ERR_NETWORK' &&
-      !this.isRecoveringFromNetworkError
-    ) {
-      // Opaque ERR_NETWORK usually means the server rejected stale credentials.
-      // Wipe in-memory auth state, re-establish session via GET /,
-      // then retry the original request.
-      this.logHandleError('ERR_NETWORK — clearing all auth state')
-      this.resetInMemoryAuthState()
-      this.isRecoveringFromNetworkError = true
-      try {
-        // Re-establish session and CSRF cookie
-        this.logHandleError('ERR_NETWORK — re-establishing session via GET /')
-        const rootResponse = await this.httpClient
-          .get('/', { withXSRFToken: true })
-          .catch((err) => {
-            this.logHandleError('ERR_NETWORK — GET / failed', {
-              code: err?.code,
-              status: err?.response?.status,
-              message: err?.message
-            })
-            return err.response
-          })
-
-        if (rootResponse?.data) {
-          const cookie =
-            /<script>document.cookie = '(XSRF-TOKEN=.*; Max-Age=86400; SameSite=Strict; Path=\/;)'<\/script>/.exec(
-              rootResponse.data
-            )?.[1]
-
-          if (cookie && typeof document !== 'undefined') {
-            document.cookie = cookie
-            this.logHandleError('ERR_NETWORK — XSRF-TOKEN cookie restored')
-          }
-
-          this.parseAndSetCsrfToken(rootResponse)
-        }
-
-        this.logHandleError('ERR_NETWORK — retrying original request')
-        return await callback()
-      } catch (retryErr: any) {
-        // Session could not be recovered — surface LoginRequiredError
-        this.logHandleError(
-          'ERR_NETWORK — retry failed, throwing LoginRequiredError',
-          {
-            errorType: retryErr?.constructor?.name,
-            code: retryErr?.code,
-            message: retryErr?.message
-          }
-        )
-        throw new LoginRequiredError()
-      } finally {
-        this.isRecoveringFromNetworkError = false
-      }
-    }
-
-    this.logHandleError('unhandled — throwing as-is', {
-      message: e?.message,
-      code: e?.code
-    })
     if (e.message) throw e
     else throw prefixMessage(e, 'Error while handling error. ')
   }

src/request/Sas9RequestClient.ts

@@ -23,13 +23,6 @@ export class Sas9RequestClient extends RequestClient {
     }
   }
 
-  public resetInMemoryAuthState() {
-    super.resetInMemoryAuthState()
-    if (this.httpClient.defaults.jar) {
-      ;(this.httpClient.defaults.jar as tough.CookieJar).removeAllCookiesSync()
-    }
-  }
-
   public async login(username: string, password: string, jobsPath: string) {
     const codeInjectorPath = `/User Folders/${username}/My Folder/sasjs/runner`
     if (this.httpClient.defaults.jar) {

src/test/RequestClient.spec.ts

@@ -589,42 +589,6 @@ ${resHeaders[0]}: ${resHeaders[1]}${
         requestClient['handleError'](error, () => {}, false)
       ).resolves.toEqual(undefined)
     })
-
-    it('should clear CSRF and retry once on opaque ERR_NETWORK', async () => {
-      const networkError = {
-        isAxiosError: true,
-        code: 'ERR_NETWORK',
-        message: 'Network Error'
-      }
-      requestClient['csrfToken'] = { headerName: 'h', value: 'v' }
-      const callback = jest.fn().mockResolvedValue('ok')
-
-      await expect(
-        requestClient['handleError'](networkError, callback)
-      ).resolves.toEqual('ok')
-
-      expect(callback).toHaveBeenCalledTimes(1)
-      expect(requestClient['csrfToken']).toEqual({ headerName: '', value: '' })
-    })
-
-    it('should throw LoginRequiredError if retry also fails with ERR_NETWORK', async () => {
-      const networkError = {
-        isAxiosError: true,
-        code: 'ERR_NETWORK',
-        message: 'Network Error'
-      }
-      const innerHandle = jest.fn(() =>
-        requestClient['handleError'](networkError, () =>
-          Promise.reject(networkError)
-        )
-      )
-
-      await expect(
-        requestClient['handleError'](networkError, innerHandle)
-      ).rejects.toThrow(LoginRequiredError)
-
-      expect(innerHandle).toHaveBeenCalledTimes(1)
-    })
   })
 })