@W-20893693: Adding AM topic with users, role and org subtopics

Author: amit-kumar8-sf

packages/b2c-cli/test/commands/am/orgs/audit.test.ts

@@ -10,19 +10,15 @@ import {http, HttpResponse} from 'msw';
 import {setupServer} from 'msw/node';
 import {isolateConfig, restoreConfig} from '@salesforce/b2c-tooling-sdk/test-utils';
 import OrgAudit from '../../../../src/commands/am/orgs/audit.js';
-import {stubCommandConfigAndLogger, stubJsonEnabled, makeCommandThrowOnError} from '../../../helpers/test-setup.js';
+import {
+  stubCommandConfigAndLogger,
+  stubJsonEnabled,
+  makeCommandThrowOnError,
+  stubImplicitOAuthStrategy,
+} from '../../../helpers/test-setup.js';
 
 const TEST_HOST = 'account.test.demandware.com';
 const BASE_URL = `https://${TEST_HOST}/dw/rest/v1`;
-const OAUTH_URL = `https://${TEST_HOST}/dwsso/oauth2/access_token`;
-
-function createMockJWT(payload: Record<string, unknown> = {}): string {
-  const header = {alg: 'HS256', typ: 'JWT'};
-  const defaultPayload = {sub: 'test-client', iat: Math.floor(Date.now() / 1000), ...payload};
-  const headerB64 = Buffer.from(JSON.stringify(header)).toString('base64url');
-  const payloadB64 = Buffer.from(JSON.stringify(defaultPayload)).toString('base64url');
-  return `${headerB64}.${payloadB64}.signature`;
-}
 
 /**
  * Unit tests for org audit command CLI logic.
@@ -103,15 +99,10 @@ describe('org audit', () => {
 
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, true);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/org-123`, () => {
           return HttpResponse.json(mockOrg);
         }),
@@ -140,15 +131,10 @@ describe('org audit', () => {
       (command as any).flags = {};
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, false);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/org-123`, () => {
           return HttpResponse.json(mockOrg);
         }),
@@ -173,15 +159,10 @@ describe('org audit', () => {
 
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, true);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/org-123`, () => {
           return HttpResponse.json(mockOrg);
         }),
@@ -206,14 +187,10 @@ describe('org audit', () => {
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, true);
 
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
+
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/Test%20Organization`, () => {
           return HttpResponse.json({error: {message: 'Not found'}}, {status: 404});
         }),
@@ -241,15 +218,10 @@ describe('org audit', () => {
 
       stubCommandConfigAndLogger(command);
       makeCommandThrowOnError(command);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/nonexistent-org`, () => {
           return HttpResponse.json({error: {message: 'Not found'}}, {status: 404});
         }),
@@ -278,15 +250,10 @@ describe('org audit', () => {
       (command as any).flags = {columns: 'timestamp,authorDisplayName,eventType'};
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, false);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/org-123`, () => {
           return HttpResponse.json(mockOrg);
         }),
@@ -312,15 +279,10 @@ describe('org audit', () => {
       (command as any).flags = {extended: true};
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, false);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/org-123`, () => {
           return HttpResponse.json(mockOrg);
         }),
@@ -345,6 +307,8 @@ describe('org audit', () => {
 
       stubCommandConfigAndLogger(command);
       stubJsonEnabled(command, true);
+      // Mock implicit OAuth strategy to avoid browser-based flow
+      stubImplicitOAuthStrategy(command);
 
       const logsWithTimestamps = [
         {
@@ -357,13 +321,6 @@ describe('org audit', () => {
       ];
 
       server.use(
-        http.post(OAUTH_URL, () => {
-          return HttpResponse.json({
-            access_token: createMockJWT({sub: 'test-client'}),
-            expires_in: 1800,
-            scope: 'sfcc.accountmanager.user.manage',
-          });
-        }),
         http.get(`${BASE_URL}/organizations/org-123`, () => {
           return HttpResponse.json(mockOrg);
         }),

packages/b2c-cli/test/helpers/test-setup.ts

@@ -8,8 +8,19 @@ import type {Config} from '@oclif/core';
 import {captureOutput} from '@oclif/test';
 import sinon from 'sinon';
 import {isolateConfig, restoreConfig} from '@salesforce/b2c-tooling-sdk/test-utils';
+import {ImplicitOAuthStrategy} from '@salesforce/b2c-tooling-sdk/auth';
 import {stubParse} from './stub-parse.js';
 
+type TokenResponse = {
+  accessToken: string;
+  expires: Date;
+  scopes: string[];
+};
+
+function futureDate(minutes: number): Date {
+  return new Date(Date.now() + minutes * 60 * 1000);
+}
+
 /**
  * Run a command silently, capturing stdout/stderr.
  * Use this when you don't need to verify console output.
@@ -137,3 +148,29 @@ export function makeCommandThrowOnError(command: any): void {
     throw new Error(msg);
   };
 }
+
+/**
+ * Mocks getOAuthStrategy to return ImplicitOAuthStrategy with mocked implicitFlowLogin.
+ * This follows the pattern from oauth-implicit.test.ts to avoid browser-based OAuth flow.
+ * Use this for AM command tests that need to test implicit flow behavior without triggering
+ * the interactive browser-based authentication.
+ *
+ * @param command - The command instance to stub
+ * @param accountManagerHost - Account Manager hostname (default: 'account.test.demandware.com')
+ */
+export function stubImplicitOAuthStrategy(command: any, accountManagerHost = 'account.test.demandware.com'): void {
+  const strategy = new ImplicitOAuthStrategy({
+    clientId: 'test-client-id',
+    accountManagerHost,
+  });
+
+  // Mock implicitFlowLogin to avoid browser-based OAuth flow (following oauth-implicit.test.ts pattern)
+  (strategy as unknown as {implicitFlowLogin: () => Promise<TokenResponse>}).implicitFlowLogin = async () => ({
+    accessToken: 'test-token',
+    expires: futureDate(30),
+    scopes: [],
+  });
+
+  // Stub getOAuthStrategy to return our mocked strategy
+  sinon.stub(command as {getOAuthStrategy: () => typeof strategy}, 'getOAuthStrategy').returns(strategy);
+}

packages/b2c-tooling-sdk/src/cli/am-command.ts

@@ -7,29 +7,56 @@ import {Command} from '@oclif/core';
 import {OAuthCommand} from './oauth-command.js';
 import {createAccountManagerClient} from '../clients/am-api.js';
 import type {AccountManagerClient} from '../clients/am-api.js';
+import type {AuthMethod} from './config.js';
 
 /**
  * Base command for Account Manager operations.
  *
  * Extends OAuthCommand with Account Manager client setup for users, roles, and organizations.
+ * Overrides default auth methods to prioritize implicit flow for Account Manager operations.
  *
  * @example
  * export default class UserList extends AmCommand<typeof UserList> {
  *   async run(): Promise<void> {
- *     const users = await listUsers(this.accountManagerUsersClient, {});
+ *     const users = await this.accountManagerClient.listUsers({});
  *     // ...
  *   }
  * }
  *
  * @example
  * export default class OrgList extends AmCommand<typeof OrgList> {
  *   async run(): Promise<void> {
- *     const orgs = await this.accountManagerOrgsClient.listOrgs();
+ *     const orgs = await this.accountManagerClient.listOrgs();
  *     // ...
  *   }
  * }
  */
 export abstract class AmCommand<T extends typeof Command> extends OAuthCommand<T> {
+  /**
+   * Override default auth methods to prioritize implicit flow for Account Manager.
+   * Gets the default methods from parent class, then ensures 'implicit' is first.
+   * If 'implicit' is already present, moves it to first position.
+   * If 'implicit' is not present, prepends it to the beginning.
+   */
+  protected override getDefaultAuthMethods(): AuthMethod[] {
+    const defaultMethods = super.getDefaultAuthMethods();
+    const implicitIndex = defaultMethods.indexOf('implicit');
+
+    if (implicitIndex === 0) {
+      // Already first, return as-is
+      return defaultMethods;
+    }
+
+    if (implicitIndex > 0) {
+      // Implicit exists but not first - move it to first
+      const methods = [...defaultMethods];
+      methods.splice(implicitIndex, 1);
+      return ['implicit', ...methods];
+    }
+
+    // Implicit not present - prepend it
+    return ['implicit', ...defaultMethods];
+  }
   private _accountManagerClient?: AccountManagerClient;
 
   /**

packages/b2c-tooling-sdk/src/cli/oauth-command.ts

@@ -13,6 +13,12 @@ import {ImplicitOAuthStrategy} from '../auth/oauth-implicit.js';
 import {t} from '../i18n/index.js';
 import {DEFAULT_ACCOUNT_MANAGER_HOST} from '../defaults.js';
 
+/**
+ * Default OAuth authentication methods array used by getOAuthStrategy.
+ * Extracted from getOAuthStrategy() to ensure getDefaultAuthMethods() returns the same array.
+ */
+const DEFAULT_OAUTH_AUTH_METHODS: AuthMethod[] = ['client-credentials', 'implicit'];
+
 /**
  * Base command for operations requiring OAuth authentication.
  * Use this for platform-level operations like ODS, APIs.
@@ -85,6 +91,17 @@ export abstract class OAuthCommand<T extends typeof Command> extends BaseCommand
     return this.resolvedConfig.values.accountManagerHost ?? DEFAULT_ACCOUNT_MANAGER_HOST;
   }
 
+  /**
+   * Gets the default authentication methods in priority order.
+   * This method is used by getOAuthStrategy() when no auth methods are specified in config.
+   * Subclasses can override this to change the default priority.
+   *
+   * @returns Array of auth methods in priority order (first is highest priority)
+   */
+  protected getDefaultAuthMethods(): AuthMethod[] {
+    return DEFAULT_OAUTH_AUTH_METHODS;
+  }
+
   /**
    * Gets an OAuth auth strategy based on allowed auth methods and available credentials.
    *
@@ -96,8 +113,8 @@ export abstract class OAuthCommand<T extends typeof Command> extends BaseCommand
   protected getOAuthStrategy(): OAuthStrategy | ImplicitOAuthStrategy {
     const config = this.resolvedConfig.values;
     const accountManagerHost = this.accountManagerHost;
-    // Default to client-credentials and implicit if no methods specified
-    const allowedMethods = config.authMethods || (['client-credentials', 'implicit'] as AuthMethod[]);
+    // Use getDefaultAuthMethods() to get default array, allowing subclasses to override
+    const allowedMethods = config.authMethods || this.getDefaultAuthMethods();
 
     for (const method of allowedMethods) {
       switch (method) {