Validate the unknown object is either plain object of primitive

[lakhveerk]

For more information about how to contribute to this repo, visit this page.

Description

In externalAppAuthnetication and externalAppAutneticationForCEA, some APIs accept IActionExecuteInvokeRequest as input. This interface has a data property that can be of type string | Record<string, unknown>. The unknown type in Record is unknown. Currently, we post the value as it is to host sdk. However, it could have contained values that are not serializable.
The copilot team that consumes the API confirms that the type would be either primitive or plain object. This PR validate the data and throws if that is not the case.

Main changes in the PR:

1. Added validation function isPrimitiveOrPlainObject in utils.ts file.
2. Added validation for IActionExecuteInvokeRequest.data element in ExternalAppAuthentication and ExternalAppAuthenticationForCEA capabilities.

Validation

Validation performed:

1. <Step 1>
2. <Step 2>

Unit Tests added:

Unit tests are required for all changes. If no unit tests were added as part of this change, please explain why they aren't necessary.

<Yes/No>

End-to-end tests added:

<Yes/No>

Additional Requirements

Change file added:

Ensure the change file meets the formatting requirements.

<Yes/No>

Related PRs:

Remove this section if n/a

Next/remaining steps:

List the next or remaining steps in implementing the overall feature in subsequent PRs (or is the feature 100% complete after this?).

Remove this section if n/a

• Item 1
• Item 2

Screenshots:

Remove this section if n/a

Before	After
< image1 >	< image2 >

[TrevorJoelHarris]

Small questions about testing

[TrevorJoelHarris]

Probably no need for a @beta tag here since this isn't exported outside of the library

[lakhveerk]

removed!

[TrevorJoelHarris]

I couldn't tell by looking at your unit tests: do you have any unit tests that hit line 548 and actually recurse through? That would be I guess an object with no functions at the top level but a function inside of one of its members.

[lakhveerk]

I added the second expect in this test to explicitly test the function in nested object.

it('should return false for nested structures with non-plain objects', () => {
  expect(isPrimitiveOrPlainObject({ a: [1, 2, new Date()] })).toBe(false);
  expect(isPrimitiveOrPlainObject({ a: { b: [1, 2, function () {}] } })).toBe(false);
});

[lakhveerk]

I added this change as well since you last reviewed @TrevorJoelHarris

[MengyiGong]

just curious, where the 1000 from? why we decide to use 1000 instead of other number?

[lakhveerk]

Because Anand from 3pcxp said, he does not see it going any further than that, and he recommended capping it

[MengyiGong]

nit: It would be great if you could add this context as a comment for this function to help the next developer understand the logic.

[lakhveerk]

I added a comment saying Recursion is limited to a maximum depth of 1000 to prevent excessive nesting and potential stack overflow. Does that work?

[MengyiGong]

nit: what about this approach ( it covers all primitive types without needing to list each one individually) :

 return value === null || (typeof value !== 'object' && typeof value !== 'function');
}

[lakhveerk]

The function needs to allow the nested primitives in an object as well. This check will incorrectly return false if the value was a plain object or an array of primitives.

[MengyiGong]

I might not know much of the background context, and I feel confused and curious about where these magic numbers (like 64, 5, 512) come from.

[lakhveerk]

They all came from 3pcxp team. In this PR, I am just dividing the already existing function into smaller functions. These numbers were added when the support was added for MEs in last December