calcom · joeauyeung · Jan 15, 2026 · Dec 9, 2025 · Dec 9, 2025 · Dec 9, 2025
diff --git a/packages/app-store/salesforce/.gitignore b/packages/app-store/salesforce/.gitignore
@@ -2,4 +2,5 @@ src/gql/fragment-masking.ts
 # src/gql/gql.ts
 src/gql/graphql.ts
 src/gql/index.ts
-schema.graphql
+schema.graphql
+sfdc-package/.sf
diff --git a/packages/app-store/salesforce/README.md b/packages/app-store/salesforce/README.md
@@ -18,3 +18,77 @@ When working with graphql files ensure that `yarn codegen:watch` is running in t
 The SFDC package is written using Apex. To develop this package, you need to have the Salesforce CLI installed. Then you can run `yarn sfdc:deploy:preview` to see what changes will be deployed to the scratch org. Running `yarn sfdc:deploy` will deploy the changes to the scratch org.
 
 Note that if you want to call your local development instances you need to change the "Named Credential" on the scratch org settings to point the `CalCom_Development` credential to the local instance.
+
+# Publishing the SFDC Package
+
+All commands should be run from the `sfdc-package` directory:
+
+```bash
+cd packages/app-store/salesforce/sfdc-package
+```
+
+### Initial Setup (One-time)
+
+If the package doesn't exist yet in the Dev Hub, create it:
+
+```bash
+sf package create \
+  --name "calcom-sfdc-package" \
+  --package-type Unlocked \
+  --path force-app \
+  --target-dev-hub team@cal.com
+```
+
+This registers the package and updates `sfdx-project.json` with the package ID.
+
+### Creating a New Package Version
+
+Each time you want to release changes, create a new version:
+
+```bash
+sf package version create \
+  --package "calcom-sfdc-package" \
+  --installation-key-bypass \
+  --wait 20 \
+  --target-dev-hub team@cal.com
+```
+
+Options:
+- `--installation-key-bypass`: Allows installation without a password
+- `--wait 20`: Waits up to 20 minutes for completion
+- `--code-coverage`: Add this flag when ready to promote (requires 75% Apex test coverage)
+
+### Viewing Packages and Installation URLs
+
+List all package versions:
+
+```bash
+sf package version list --target-dev-hub team@cal.com
+```
+
+The installation URL format is:
+
+```
+https://login.salesforce.com/packaging/installPackage.apexp?p0=<04t_SUBSCRIBER_PACKAGE_VERSION_ID>
+```
+
+### Promoting for Production
+
+Beta versions can only be installed in sandboxes/scratch orgs. To allow installation in production orgs, promote the version:
+
+```bash
+sf package version promote \
+  --package "calcom-sfdc-package@X.X.X-X" \
+  --target-dev-hub team@cal.com
+```
+
+Replace `X.X.X-X` with the version number (e.g., `0.1.0-1`).
+
+### Running Tests
+
+To run Apex tests and check code coverage:
+
+```bash
+sf project deploy start --target-org <org-alias>
+sf apex run test --test-level RunLocalTests --wait 10 --target-org <org-alias>
+```
diff --git a/packages/app-store/salesforce/api/user-sync.ts b/packages/app-store/salesforce/api/user-sync.ts
@@ -1,25 +1,143 @@
-import type { NextApiRequest, NextApiResponse } from "next";
-
+import { CredentialRepository } from "@calcom/features/credentials/repositories/CredentialRepository";
+import { getAttributeSyncRuleService } from "@calcom/features/ee/integration-attribute-sync/di/AttributeSyncRuleService.container";
+import { getIntegrationAttributeSyncService } from "@calcom/features/ee/integration-attribute-sync/di/IntegrationAttributeSyncService.container";
+import { UserRepository } from "@calcom/features/users/repositories/UserRepository";
 import logger from "@calcom/lib/logger";
+import { prisma } from "@calcom/prisma";
+import type { NextApiRequest, NextApiResponse } from "next";
+import { getAttributeSyncFieldMappingService } from "@calcom/features/ee/integration-attribute-sync/di/AttributeSyncFieldMappingService.container";
 
 const log = logger.getSubLogger({ prefix: ["[salesforce/user-sync]"] });
 
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
   if (req.method !== "POST") {
     return res.status(405).json({ error: "Method not allowed" });
   }
 
-  const { instanceUrl, orgId, salesforceUserId, email, changedFields, timestamp } = req.body;
+  const {
+    instanceUrl,
+    orgId: sfdcOrgId,
+    salesforceUserId,
+    email,
+    changedFields,
+    timestamp,
+  } = req.body;
 
   log.info("Received user sync request", {
     instanceUrl,
-    orgId,
+    sfdcOrgId,
     salesforceUserId,
+    email,
+    changedFields,
     timestamp,
   });
 
-  // TODO: Validate instanceUrl + orgId against stored credentials
-  // TODO: Sync changedFields to Cal.com user
+  const credentialRepository = new CredentialRepository(prisma);
+  const credential = await credentialRepository.findByAppIdAndKeyValue({
+    appId: "salesforce",
+    keyPath: ["instance_url"],
+    value: instanceUrl,
+    keyFields: ["id"],
+  });
+
+  if (!credential) {
+    log.error(`No credential found for ${instanceUrl}`);
+    return res.status(400).json({ error: "Invalid instance URL" });
+  }
+
+  if (!credential?.teamId) {
+    log.error(`Missing teamId for credential ${credential.id}`);
+    return res.status(400).json({ error: "Invalid credential ID" });
+  }
+
+  const salesforceCredentialId = (credential.key as { id?: string } | null)?.id;
+
+  if (!salesforceCredentialId) {
+    log.error(`Missing SFDC id for credential ${credential.id}`);
+    return res.status(400).json({ error: "Invalid credential ID" });
+  }
+
+  let storedSfdcOrgId: string | undefined;
+  try {
+    storedSfdcOrgId = new URL(salesforceCredentialId).pathname.split("/")[2];
+  } catch {
+    log.error(`Invalid SFDC credential URL format for credential ${credential.id}`);
+    return res.status(400).json({ error: "Invalid credential format" });
+  }
+
+  if (storedSfdcOrgId !== sfdcOrgId) {
+    log.error(`Mismatched orgId ${sfdcOrgId} for credential ${credential.id}`);
+    return res.status(400).json({ error: "Invalid org ID" });
+  }
+
+  const userRepository = new UserRepository(prisma);
+  const user = await userRepository.findByEmailAndTeamId({
+    email,
+    teamId: credential.teamId,
+  });
+
+  if (!user) {
+    log.error(
+      `User not found for email ${email} and teamId ${credential.teamId}`
+    );
+    return res.status(400).json({ error: "Invalid user" });
+  }
+
+  const organizationId = credential.teamId;
+
+  const integrationAttributeSyncService = getIntegrationAttributeSyncService();
+
+  const integrationAttributeSyncs =
+    await integrationAttributeSyncService.getAllByCredentialId(credential.id);
+
+  const attributeSyncRuleService = getAttributeSyncRuleService();
+  const attributeSyncFieldMappingService =
+    getAttributeSyncFieldMappingService();
+
+  const results = await Promise.allSettled(
+    integrationAttributeSyncs.map(async (sync) => {
+      // Only check rule if one exists - skip sync only if rule returns false
+      if (sync.attributeSyncRule) {
+        const shouldSyncApplyToUser =
+          await attributeSyncRuleService.shouldSyncApplyToUser({
+            user: {
+              id: user.id,
+              organizationId,
+            },
+            attributeSyncRule: sync.attributeSyncRule.rule,
+          });
+
+        if (!shouldSyncApplyToUser) return;
+      }
+
+      // Salesforce multi-select picklists use `;` as separator, convert to `,` for the service
+      const integrationFields = Object.fromEntries(
+        Object.entries(changedFields as Record<string, unknown>)
+          .filter(([, value]) => value != null)
+          .map(([key, value]) => [key, String(value).replaceAll(";", ",")])
+      );
+
+      await attributeSyncFieldMappingService.syncIntegrationFieldsToAttributes({
+        userId: user.id,
+        organizationId,
+        syncFieldMappings: sync.syncFieldMappings,
+        integrationFields,
+      });
+    })
+  );
+
+  const errors = results.filter(
+    (result): result is PromiseRejectedResult => result.status === "rejected"
+  );
+
+  if (errors.length > 0) {
+    log.error("Errors syncing user attributes", {
+      errors: errors.map((e) => e.reason),
+    });
+  }
 
   return res.status(200).json({ success: true });
 }
diff --git a/packages/app-store/salesforce/sfdc-package/.sfdx/sfdx-config.json b/packages/app-store/salesforce/sfdc-package/.sfdx/sfdx-config.json
@@ -0,0 +1,3 @@
+{
+  "defaultdevhubusername": "DevHub"
+}
diff --git a/...ore/salesforce/sfdc-package/force-app/main/default/classes/CalComCalloutQueueableTest.cls b/...ore/salesforce/sfdc-package/force-app/main/default/classes/CalComCalloutQueueableTest.cls
@@ -0,0 +1,108 @@
+@isTest
+private class CalComCalloutQueueableTest {
+
+    @isTest
+    static void testQueueableExecutionSuccess() {
+        CalComHttpMock.resetState();
+
+        List<CalComCalloutQueueable.UserChangePayload> payloads = createTestPayloads(1);
+
+        Test.setMock(HttpCalloutMock.class, new CalComHttpMock(200, '{"success": true}'));
+
+        Test.startTest();
+        CalComCalloutQueueable queueable = new CalComCalloutQueueable(payloads);
+        System.enqueueJob(queueable);
+        Test.stopTest();
+
+        System.assertEquals(1, CalComHttpMock.getCallCount(), 'Expected exactly one HTTP callout');
+        List<HttpRequest> requests = CalComHttpMock.getCapturedRequests();
+        System.assertEquals(1, requests.size(), 'Expected one captured request');
+        System.assertEquals('POST', requests[0].getMethod(), 'Request method should be POST');
+    }
+
+    @isTest
+    static void testQueueableExecutionWithMultiplePayloads() {
+        CalComHttpMock.resetState();
+
+        List<CalComCalloutQueueable.UserChangePayload> payloads = createTestPayloads(3);
+
+        Test.setMock(HttpCalloutMock.class, new CalComHttpMock(200, '{"success": true}'));
+
+        Test.startTest();
+        CalComCalloutQueueable queueable = new CalComCalloutQueueable(payloads);
+        System.enqueueJob(queueable);
+        Test.stopTest();
+
+        System.assertEquals(3, CalComHttpMock.getCallCount(), 'Expected three HTTP callouts for three payloads');
+    }
+
+    @isTest
+    static void testQueueableExecutionFailureResponse() {
+        CalComHttpMock.resetState();
+
+        List<CalComCalloutQueueable.UserChangePayload> payloads = createTestPayloads(1);
+
+        Test.setMock(HttpCalloutMock.class, new CalComHttpMock(500, '{"error": "Internal Server Error"}'));
+
+        Test.startTest();
+        CalComCalloutQueueable queueable = new CalComCalloutQueueable(payloads);
+        System.enqueueJob(queueable);
+        Test.stopTest();
+
+        System.assertEquals(1, CalComHttpMock.getCallCount(), 'Expected HTTP callout even for failure response');
+    }
+
+    @isTest
+    static void testQueueableExecutionEmptyPayloads() {
+        CalComHttpMock.resetState();
+
+        List<CalComCalloutQueueable.UserChangePayload> payloads = new List<CalComCalloutQueueable.UserChangePayload>();
+
+        Test.setMock(HttpCalloutMock.class, new CalComHttpMock());
+
+        Test.startTest();
+        CalComCalloutQueueable queueable = new CalComCalloutQueueable(payloads);
+        System.enqueueJob(queueable);
+        Test.stopTest();
+
+        System.assertEquals(0, CalComHttpMock.getCallCount(), 'Expected no HTTP callouts with empty payloads');
+    }
+
+    @isTest
+    static void testUserChangePayloadStructure() {
+        CalComCalloutQueueable.UserChangePayload payload = new CalComCalloutQueueable.UserChangePayload();
+        payload.salesforceUserId = UserInfo.getUserId();
+        payload.email = 'test@example.com';
+        payload.instanceUrl = 'https://test.salesforce.com';
+        payload.orgId = UserInfo.getOrganizationId();
+        payload.changedFields = new Map<String, Object>{'FirstName' => 'Test'};
+        payload.timestamp = Datetime.now().formatGMT('yyyy-MM-dd\'T\'HH:mm:ss.SSS\'Z\'');
+
+        System.assertNotEquals(null, payload.salesforceUserId, 'salesforceUserId should be set');
+        System.assertEquals('test@example.com', payload.email, 'email should match');
+        System.assertNotEquals(null, payload.instanceUrl, 'instanceUrl should be set');
+        System.assertNotEquals(null, payload.orgId, 'orgId should be set');
+        System.assertEquals(1, payload.changedFields.size(), 'changedFields should have one entry');
+        System.assertNotEquals(null, payload.timestamp, 'timestamp should be set');
+    }
+
+    private static List<CalComCalloutQueueable.UserChangePayload> createTestPayloads(Integer count) {
+        List<CalComCalloutQueueable.UserChangePayload> payloads = new List<CalComCalloutQueueable.UserChangePayload>();
+
+        for (Integer i = 0; i < count; i++) {
+            CalComCalloutQueueable.UserChangePayload payload = new CalComCalloutQueueable.UserChangePayload();
+            payload.salesforceUserId = UserInfo.getUserId();
+            payload.email = 'test' + i + '@example.com';
+            payload.instanceUrl = URL.getOrgDomainUrl().toExternalForm();
+            payload.orgId = UserInfo.getOrganizationId();
+            payload.changedFields = new Map<String, Object>{
+                'FirstName' => 'TestFirst' + i,
+                'LastName' => 'TestLast' + i
+            };
+            payload.timestamp = Datetime.now().formatGMT('yyyy-MM-dd\'T\'HH:mm:ss.SSS\'Z\'');
+            payloads.add(payload);
+        }
+
+        return payloads;
+    }
+}
diff --git a/...force/sfdc-package/force-app/main/default/classes/CalComCalloutQueueableTest.cls-meta.xml b/...force/sfdc-package/force-app/main/default/classes/CalComCalloutQueueableTest.cls-meta.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ApexClass xmlns="http://soap.sforce.com/2006/04/metadata">
+    <apiVersion>64.0</apiVersion>
+    <status>Active</status>
+</ApexClass>