[bcc-kz] Move API to WEB (#955)

Author: vetheslav

src/plugins/bcc-kz/__tests__/api/fetchAccounts.test.js

@@ -0,0 +1,97 @@
+import { fetchAccounts } from '../../api'
+
+function makeNetworkResponse (body) {
+  return {
+    ok: true,
+    status: 200,
+    statusText: 'OK',
+    url: 'https://m.bcc.kz/mock',
+    headers: {
+      forEach: () => {}
+    },
+    text: async () => JSON.stringify(body)
+  }
+}
+
+function createJwt (payload) {
+  const header = { alg: 'none', typ: 'JWT' }
+  const encode = (obj) => Buffer.from(JSON.stringify(obj))
+    .toString('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+
+  return `${encode(header)}.${encode(payload)}.signature`
+}
+
+describe('bcc-kz fetchAccounts web api', () => {
+  beforeEach(() => {
+    global.fetch = jest.fn()
+  })
+
+  it('calls main endpoint with bearer token and session code', async () => {
+    global.fetch
+      .mockResolvedValueOnce(makeNetworkResponse({
+        success: true,
+        reason: {
+          card: [],
+          current: [],
+          dep: [],
+          loan: [],
+          broker: [],
+          metal: []
+        }
+      }))
+      .mockResolvedValueOnce(makeNetworkResponse({
+        success: true,
+        reason: {
+          accounts_info: []
+        }
+      }))
+
+    await fetchAccounts({
+      accessToken: 'bearer-token',
+      sessionCode: 'session-code'
+    })
+
+    expect(global.fetch).toHaveBeenCalledTimes(2)
+    const firstUrl = global.fetch.mock.calls[0][0]
+    expect(firstUrl).toContain('https://m.bcc.kz/mb/!pkg_w_mb_main.operation?')
+    expect(firstUrl).toContain('action=ACCOUNTS_INFO')
+    expect(firstUrl).toContain('level=0')
+    expect(firstUrl).toContain('session_code=session-code')
+    expect(firstUrl).toContain('timestamp=')
+    expect(global.fetch.mock.calls[0][1].headers.Authorization).toBe('Bearer bearer-token')
+
+    const secondUrl = global.fetch.mock.calls[1][0]
+    expect(secondUrl).toContain('action=ACCOUNTS_ADDITIONAL_INFO')
+  })
+
+  it('recovers missing sessionCode from access token payload', async () => {
+    global.fetch
+      .mockResolvedValueOnce(makeNetworkResponse({
+        success: true,
+        reason: {
+          card: [],
+          current: [],
+          dep: [],
+          loan: [],
+          broker: [],
+          metal: []
+        }
+      }))
+      .mockResolvedValueOnce(makeNetworkResponse({
+        success: true,
+        reason: {
+          accounts_info: []
+        }
+      }))
+
+    await fetchAccounts({
+      accessToken: createJwt({ session_state: 'jwt-session-code' })
+    })
+
+    const firstUrl = global.fetch.mock.calls[0][0]
+    expect(firstUrl).toContain('session_code=jwt-session-code')
+  })
+})

src/plugins/bcc-kz/__tests__/api/fetchTransactions.test.js

@@ -0,0 +1,90 @@
+import { fetchTransactions } from '../../api'
+
+function makeNetworkResponse (body) {
+  return {
+    ok: true,
+    status: 200,
+    statusText: 'OK',
+    url: 'https://m.bcc.kz/mock',
+    headers: {
+      forEach: () => {}
+    },
+    text: async () => JSON.stringify(body)
+  }
+}
+
+function makeHtmlResponse (html) {
+  return {
+    ok: false,
+    status: 504,
+    statusText: 'Gateway Timeout',
+    url: 'https://m.bcc.kz/mock',
+    headers: {
+      forEach: () => {}
+    },
+    text: async () => html
+  }
+}
+
+describe('bcc-kz fetchTransactions web api', () => {
+  beforeEach(() => {
+    global.fetch = jest.fn()
+  })
+
+  it('uses GET_EXT_STATEMENT query in web format', async () => {
+    global.fetch.mockResolvedValueOnce(makeNetworkResponse({
+      success: true,
+      stmt: []
+    }))
+
+    await fetchTransactions(
+      {
+        accessToken: 'bearer-token',
+        sessionCode: 'session-code'
+      },
+      { productId: 14120379 },
+      new Date('2026-02-27T00:00:00+06:00'),
+      new Date('2026-03-05T00:00:00+06:00')
+    )
+
+    expect(global.fetch).toHaveBeenCalledTimes(1)
+    const url = global.fetch.mock.calls[0][0]
+    expect(url).toContain('action=GET_EXT_STATEMENT')
+    expect(url).toContain('account_id=14120379')
+    expect(url).toContain('date_begin=27.02.2026')
+    expect(url).toContain('date_end=05.03.2026')
+    expect(url).toContain('session_code=session-code')
+    expect(url).toContain('timestamp=')
+    expect(global.fetch.mock.calls[0][1].headers.Authorization).toBe('Bearer bearer-token')
+  })
+
+  it('falls back to chunked requests on html 504 response', async () => {
+    global.fetch
+      .mockResolvedValueOnce(makeHtmlResponse('<html><h1>504 Gateway Time-out</h1></html>'))
+      .mockResolvedValueOnce(makeNetworkResponse({
+        success: true,
+        stmt: [{ trn_id: 'a' }]
+      }))
+      .mockResolvedValueOnce(makeNetworkResponse({
+        success: true,
+        stmt: [{ trn_id: 'b' }]
+      }))
+
+    const result = await fetchTransactions(
+      {
+        accessToken: 'bearer-token',
+        sessionCode: 'session-code'
+      },
+      { productId: 14120379 },
+      new Date('2026-01-01T00:00:00+06:00'),
+      new Date('2026-02-09T00:00:00+06:00')
+    )
+
+    expect(global.fetch).toHaveBeenCalledTimes(3)
+    expect(global.fetch.mock.calls[1][0]).toContain('date_begin=01.01.2026')
+    expect(global.fetch.mock.calls[1][0]).toContain('date_end=31.01.2026')
+    expect(global.fetch.mock.calls[2][0]).toContain('date_begin=01.02.2026')
+    expect(global.fetch.mock.calls[2][0]).toContain('date_end=09.02.2026')
+    expect(result).toEqual([{ trn_id: 'a' }, { trn_id: 'b' }])
+  })
+})

src/plugins/bcc-kz/__tests__/api/login.test.js

@@ -0,0 +1,108 @@
+import { parse } from 'querystring'
+import { InvalidOtpCodeError } from '../../../../errors'
+import { login } from '../../api'
+
+function makeNetworkResponse (body) {
+  return {
+    ok: true,
+    status: 200,
+    statusText: 'OK',
+    url: 'https://m.bcc.kz/mock',
+    headers: {
+      forEach: () => {}
+    },
+    text: async () => JSON.stringify(body)
+  }
+}
+
+function createJwt (payload) {
+  const header = { alg: 'none', typ: 'JWT' }
+  const encode = (obj) => Buffer.from(JSON.stringify(obj))
+    .toString('base64')
+    .replace(/=/g, '')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+
+  return `${encode(header)}.${encode(payload)}.signature`
+}
+
+describe('bcc-kz login auth flow', () => {
+  beforeEach(() => {
+    global.ZenMoney = {
+      device: { brand: 'Google', model: 'Pixel 7' },
+      readLine: jest.fn().mockResolvedValue('2009')
+    }
+    global.fetch = jest.fn()
+  })
+
+  it('sends web auth payload with lowercase action in PASS and TOKEN', async () => {
+    global.fetch
+      .mockResolvedValueOnce(makeNetworkResponse({ success: true, verified: false, token: 'otp-token' }))
+      .mockResolvedValueOnce(makeNetworkResponse({ success: true, verified: true }))
+      .mockResolvedValueOnce(makeNetworkResponse({
+        access_token: 'bearer-token',
+        provider_response: {
+          session_code: 'session-code'
+        }
+      }))
+
+    const auth = { device: { deviceId: 'test-device-id' } }
+    await login(
+      { phone: '87000000000', password: 'test-password' },
+      auth
+    )
+
+    expect(global.fetch).toHaveBeenCalledTimes(3)
+
+    const passBody = parse(global.fetch.mock.calls[0][1].body)
+    expect(passBody.action).toBe('SIGN')
+    expect(passBody.ACTION).toBeUndefined()
+    expect(passBody.authType).toBe('PASS')
+    expect(passBody.client_id).toBe('dbp-channels-bcc-web')
+
+    const otpBody = parse(global.fetch.mock.calls[1][1].body)
+    expect(otpBody.action).toBe('SIGN')
+    expect(otpBody.ACTION).toBeUndefined()
+    expect(otpBody.authType).toBe('TOKEN')
+    expect(otpBody.token).toBe('otp-token')
+    expect(otpBody.verify_code).toBe('2009')
+
+    const connectBody = parse(global.fetch.mock.calls[2][1].body)
+    expect(global.fetch.mock.calls[2][0]).toBe('https://m.bcc.kz/auth/realms/bank/protocol/openid-connect/token')
+    expect(connectBody.action).toBe('CONNECT')
+    expect(connectBody.client_id).toBe('dbp-channels-bcc-web')
+    expect(connectBody.device_id).toBe('test-device-id')
+    expect(connectBody.OS).toContain('OS:Android10')
+    expect(auth.accessToken).toBe('bearer-token')
+    expect(auth.sessionCode).toBe('session-code')
+  })
+
+  it('maps OTP timeout response to InvalidOtpCodeError', async () => {
+    global.fetch
+      .mockResolvedValueOnce(makeNetworkResponse({ success: true, verified: false, token: 'otp-token' }))
+      .mockResolvedValueOnce(makeNetworkResponse({ success: false, reason: 'Время жизни OTP истекло.' }))
+
+    await expect(
+      login(
+        { phone: '87000000000', password: 'test-password' },
+        { device: { deviceId: 'test-device-id' } }
+      )
+    ).rejects.toBeInstanceOf(InvalidOtpCodeError)
+  })
+
+  it('extracts session code from access token when CONNECT body has no session_code', async () => {
+    global.fetch
+      .mockResolvedValueOnce(makeNetworkResponse({ success: true, verified: true, token: 'otp-token' }))
+      .mockResolvedValueOnce(makeNetworkResponse({
+        access_token: createJwt({ session_state: 'jwt-session-code' })
+      }))
+
+    const auth = { device: { deviceId: 'test-device-id' } }
+    await login(
+      { phone: '87000000000', password: 'test-password' },
+      auth
+    )
+
+    expect(auth.sessionCode).toBe('jwt-session-code')
+  })
+})

src/plugins/bcc-kz/__tests__/converters/accounts/creditCard.js

@@ -9,7 +9,7 @@ describe('convertAccounts', () => {
           acc_id: 'I/210330/1/988',
           type: 'Visa_Gold_Reward.png',
           account20: 'KZ688562204112187559',
-          card_num: '489993******2773',
+          card_num: '',
           note: '#картакарта',
           module: '10',
           currency: 'KZT',
@@ -109,7 +109,7 @@ describe('convertAccounts', () => {
               savings: false,
               syncIds: [
                 'KZ688562204112187559',
-                '489993******2773'
+                ''
               ],
               title: '#картакарта',
               totalAmountDue: 0,

src/plugins/bcc-kz/__tests__/converters/accounts/debitCard.js

@@ -9,7 +9,7 @@ describe('convertAccounts', () => {
           acc_id: 'ALM/19/P/217952-DC/19/302045',
           type: 'MasterCard_World_PayPass.png',
           account20: 'KZ248562204107417115',
-          card_num: '510445******7127',
+          card_num: '',
           note: 'MasterCard World PayPass ЗП',
           module: '10',
           currency: 'KZT',
@@ -66,7 +66,7 @@ describe('convertAccounts', () => {
               savings: false,
               syncIds: [
                 'KZ248562204107417115',
-                '510445******7127'
+                ''
               ],
               title: 'MasterCard World PayPass ЗП',
               type: 'ccard'
@@ -82,7 +82,7 @@ describe('convertAccounts', () => {
           acc_id: 'ALM/20/P/378307-C/20/262206',
           type: 'Visa_Reward_Virtual.png',
           account20: 'KZ348562204109395444',
-          card_num: '489993******6955',
+          card_num: '',
           note: 'Virtual',
           module: '10',
           currency: 'KZT',
@@ -166,7 +166,7 @@ describe('convertAccounts', () => {
               id: '2879843',
               instrument: 'KZT',
               savings: false,
-              syncIds: ['KZ348562204109395444', '489993******6955'],
+              syncIds: ['KZ348562204109395444', ''],
               title: 'Virtual',
               type: 'ccard',
               virtual: true
@@ -182,7 +182,7 @@ describe('convertAccounts', () => {
           acc_id: 'ALM/22/P/251597-C/22/115708',
           type: 'Visa_TravelCard.png',
           account20: 'KZ908562204116516952',
-          card_num: '446375******7973',
+          card_num: '',
           note: '#TravelCard',
           module: '10',
           currency: 'KZT',
@@ -269,7 +269,7 @@ describe('convertAccounts', () => {
               savings: false,
               syncIds: [
                 'KZ908562204116516952',
-                '446375******7973'
+                ''
               ],
               title: '#TravelCard',
               type: 'ccard'