backend-manager 5.0.73 → 5.0.74

package/test/payments/journey-payment-trial.js

@@ -0,0 +1,167 @@
+/**
+ * Test: Payment Journey - Trial
+ * Simulates: basic user → trial activation via webhook → trial ends → active paid
+ */
+const powertools = require('node-powertools');
+
+module.exports = {
+  description: 'Payment journey: basic → trial → active paid',
+  type: 'suite',
+  timeout: 30000,
+
+  tests: [
+    {
+      name: 'verify-starts-as-basic',
+      async run({ accounts, firestore, assert, state }) {
+        const uid = accounts['journey-payment-trial'].uid;
+        const userDoc = await firestore.get(`users/${uid}`);
+
+        assert.ok(userDoc, 'User doc should exist');
+        assert.equal(userDoc.subscription?.product?.id, 'basic', 'Should start as basic');
+        assert.equal(userDoc.subscription?.trial?.activated, false, 'Trial should not be activated');
+
+        state.uid = uid;
+        state.subscriptionId = '_test-sub-journey-trial';
+      },
+    },
+
+    {
+      name: 'write-trial-start-webhook',
+      async run({ firestore, state }) {
+        const now = powertools.timestamp(new Date(), { output: 'string' });
+        const nowUNIX = powertools.timestamp(now, { output: 'unix' });
+        const trialEnd = new Date();
+        trialEnd.setDate(trialEnd.getDate() + 14);
+
+        state.eventId1 = '_test-evt-journey-trial-start';
+
+        await firestore.delete(`payments-webhooks/${state.eventId1}`);
+        await firestore.delete(`payments-subscriptions/${state.subscriptionId}`);
+
+        // Webhook: subscription created in trialing status
+        await firestore.set(`payments-webhooks/${state.eventId1}`, {
+          id: state.eventId1,
+          processor: 'stripe',
+          status: 'pending',
+          uid: state.uid,
+          event: { type: 'customer.subscription.created' },
+          raw: {
+            id: state.eventId1,
+            type: 'customer.subscription.created',
+            data: {
+              object: {
+                id: state.subscriptionId,
+                object: 'subscription',
+                status: 'trialing',
+                metadata: { uid: state.uid },
+                cancel_at_period_end: false,
+                canceled_at: null,
+                current_period_end: Math.floor(trialEnd.getTime() / 1000),
+                current_period_start: Math.floor(Date.now() / 1000),
+                start_date: Math.floor(Date.now() / 1000),
+                trial_start: Math.floor(Date.now() / 1000),
+                trial_end: Math.floor(trialEnd.getTime() / 1000),
+                plan: { id: 'price_xxx', interval: 'month' },
+              },
+            },
+          },
+          error: null,
+          metadata: {
+            received: { timestamp: now, timestampUNIX: nowUNIX },
+            processed: { timestamp: null, timestampUNIX: null },
+          },
+        });
+      },
+    },
+
+    {
+      name: 'trial-activated',
+      async run({ firestore, assert, state, waitFor }) {
+        await waitFor(async () => {
+          const doc = await firestore.get(`payments-webhooks/${state.eventId1}`);
+          return doc?.status === 'completed';
+        }, 15000, 500);
+
+        const userDoc = await firestore.get(`users/${state.uid}`);
+
+        assert.equal(userDoc.subscription.product.id, 'premium', 'Product should be premium');
+        assert.equal(userDoc.subscription.status, 'active', 'Status should be active');
+        assert.equal(userDoc.subscription.trial.activated, true, 'Trial should be activated');
+      },
+    },
+
+    {
+      name: 'write-trial-to-active-webhook',
+      async run({ firestore, state }) {
+        const now = powertools.timestamp(new Date(), { output: 'string' });
+        const nowUNIX = powertools.timestamp(now, { output: 'unix' });
+        const futureDate = new Date();
+        futureDate.setMonth(futureDate.getMonth() + 1);
+
+        state.eventId2 = '_test-evt-journey-trial-active';
+
+        await firestore.delete(`payments-webhooks/${state.eventId2}`);
+
+        // Webhook: subscription transitions from trialing to active
+        await firestore.set(`payments-webhooks/${state.eventId2}`, {
+          id: state.eventId2,
+          processor: 'stripe',
+          status: 'pending',
+          uid: state.uid,
+          event: { type: 'customer.subscription.updated' },
+          raw: {
+            id: state.eventId2,
+            type: 'customer.subscription.updated',
+            data: {
+              object: {
+                id: state.subscriptionId,
+                object: 'subscription',
+                status: 'active',
+                metadata: { uid: state.uid },
+                cancel_at_period_end: false,
+                canceled_at: null,
+                current_period_end: Math.floor(futureDate.getTime() / 1000),
+                current_period_start: Math.floor(Date.now() / 1000),
+                start_date: Math.floor(Date.now() / 1000) - 86400 * 14,
+                trial_start: Math.floor(Date.now() / 1000) - 86400 * 14,
+                trial_end: Math.floor(Date.now() / 1000),
+                plan: { id: 'price_xxx', interval: 'month' },
+              },
+            },
+          },
+          error: null,
+          metadata: {
+            received: { timestamp: now, timestampUNIX: nowUNIX },
+            processed: { timestamp: null, timestampUNIX: null },
+          },
+        });
+      },
+    },
+
+    {
+      name: 'trial-transitioned-to-active',
+      async run({ firestore, assert, state, waitFor }) {
+        await waitFor(async () => {
+          const doc = await firestore.get(`payments-webhooks/${state.eventId2}`);
+          return doc?.status === 'completed';
+        }, 15000, 500);
+
+        const userDoc = await firestore.get(`users/${state.uid}`);
+
+        assert.equal(userDoc.subscription.product.id, 'premium', 'Product should be premium');
+        assert.equal(userDoc.subscription.status, 'active', 'Status should be active');
+        assert.equal(userDoc.subscription.trial.activated, true, 'Trial should remain activated (historical)');
+        assert.equal(userDoc.subscription.payment.frequency, 'monthly', 'Frequency should be monthly');
+      },
+    },
+
+    {
+      name: 'cleanup',
+      async run({ firestore, state }) {
+        await firestore.delete(`payments-webhooks/${state.eventId1}`);
+        await firestore.delete(`payments-webhooks/${state.eventId2}`);
+        await firestore.delete(`payments-subscriptions/${state.subscriptionId}`);
+      },
+    },
+  ],
+};

package/test/payments/journey-payment-upgrade.js

@@ -0,0 +1,136 @@
+/**
+ * Test: Payment Journey - Upgrade
+ * Simulates: basic user → Stripe webhook → premium active subscription
+ *
+ * Strategy: Directly write a mock webhook doc to payments-webhooks/{id}
+ * This fires the onWrite trigger in the emulator, simulating the full flow
+ */
+const powertools = require('node-powertools');
+
+module.exports = {
+  description: 'Payment journey: basic → premium upgrade via webhook',
+  type: 'suite',
+  timeout: 30000,
+
+  tests: [
+    {
+      name: 'verify-starts-as-basic',
+      async run({ accounts, firestore, assert, state }) {
+        const uid = accounts['journey-payment-upgrade'].uid;
+        const userDoc = await firestore.get(`users/${uid}`);
+
+        assert.ok(userDoc, 'User doc should exist');
+        assert.equal(userDoc.subscription?.product?.id, 'basic', 'Should start as basic');
+        assert.equal(userDoc.subscription?.status, 'active', 'Should be active');
+
+        state.uid = uid;
+      },
+    },
+
+    {
+      name: 'write-upgrade-webhook',
+      async run({ firestore, state }) {
+        const now = powertools.timestamp(new Date(), { output: 'string' });
+        const nowUNIX = powertools.timestamp(now, { output: 'unix' });
+        const futureDate = new Date();
+        futureDate.setFullYear(futureDate.getFullYear() + 1);
+
+        state.eventId = '_test-evt-journey-upgrade';
+        state.subscriptionId = '_test-sub-journey-upgrade';
+
+        // Clean up any prior test data
+        await firestore.delete(`payments-webhooks/${state.eventId}`);
+        await firestore.delete(`payments-subscriptions/${state.subscriptionId}`);
+
+        // Write mock webhook doc — this triggers the onWrite handler
+        await firestore.set(`payments-webhooks/${state.eventId}`, {
+          id: state.eventId,
+          processor: 'stripe',
+          status: 'pending',
+          uid: state.uid,
+          event: {
+            type: 'customer.subscription.created',
+          },
+          raw: {
+            id: state.eventId,
+            type: 'customer.subscription.created',
+            data: {
+              object: {
+                id: state.subscriptionId,
+                object: 'subscription',
+                status: 'active',
+                metadata: { uid: state.uid },
+                current_period_end: Math.floor(futureDate.getTime() / 1000),
+                current_period_start: Math.floor(Date.now() / 1000),
+                start_date: Math.floor(Date.now() / 1000),
+                cancel_at_period_end: false,
+                canceled_at: null,
+                trial_start: null,
+                trial_end: null,
+                plan: {
+                  id: 'price_xxx', // Matches config products[0].prices.monthly.stripe
+                  interval: 'month',
+                },
+              },
+            },
+          },
+          error: null,
+          metadata: {
+            received: { timestamp: now, timestampUNIX: nowUNIX },
+            processed: { timestamp: null, timestampUNIX: null },
+          },
+        });
+      },
+    },
+
+    {
+      name: 'webhook-processed-successfully',
+      async run({ firestore, assert, state, waitFor }) {
+        // Wait for the trigger to process the webhook
+        await waitFor(async () => {
+          const doc = await firestore.get(`payments-webhooks/${state.eventId}`);
+          return doc?.status === 'completed';
+        }, 15000, 500);
+
+        const webhookDoc = await firestore.get(`payments-webhooks/${state.eventId}`);
+        assert.equal(webhookDoc.status, 'completed', 'Webhook should be completed');
+        assert.ok(!webhookDoc.error, 'Webhook should not have error');
+      },
+    },
+
+    {
+      name: 'user-subscription-updated',
+      async run({ firestore, assert, state }) {
+        const userDoc = await firestore.get(`users/${state.uid}`);
+
+        assert.equal(userDoc.subscription.product.id, 'premium', 'Product should be premium');
+        assert.equal(userDoc.subscription.status, 'active', 'Status should be active');
+        assert.equal(userDoc.subscription.payment.processor, 'stripe', 'Processor should be stripe');
+        assert.equal(userDoc.subscription.payment.resourceId, state.subscriptionId, 'Resource ID should match');
+        assert.equal(userDoc.subscription.payment.frequency, 'monthly', 'Frequency should be monthly');
+        assert.equal(userDoc.subscription.cancellation.pending, false, 'Should not be pending cancellation');
+      },
+    },
+
+    {
+      name: 'subscription-doc-created',
+      async run({ firestore, assert, state }) {
+        const subDoc = await firestore.get(`payments-subscriptions/${state.subscriptionId}`);
+
+        assert.ok(subDoc, 'Subscription doc should exist');
+        assert.equal(subDoc.uid, state.uid, 'UID should match');
+        assert.equal(subDoc.processor, 'stripe', 'Processor should be stripe');
+        assert.equal(subDoc.subscription.product.id, 'premium', 'Product should be premium');
+        assert.equal(subDoc.subscription.status, 'active', 'Status should be active');
+      },
+    },
+
+    {
+      name: 'cleanup',
+      async run({ firestore, state }) {
+        await firestore.delete(`payments-webhooks/${state.eventId}`);
+        await firestore.delete(`payments-subscriptions/${state.subscriptionId}`);
+      },
+    },
+  ],
+};

package/test/payments/webhook.js

@@ -0,0 +1,128 @@
+/**
+ * Test: POST /payments/webhook
+ * Tests the webhook endpoint validates requests and saves to Firestore
+ */
+const { TEST_ACCOUNTS } = require('../../src/test/test-accounts.js');
+
+module.exports = {
+  description: 'Payment webhook endpoint',
+  type: 'group',
+  timeout: 30000,
+
+  tests: [
+    {
+      name: 'rejects-missing-processor',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post('payments/webhook', {});
+
+        assert.isError(response, 400, 'Should reject missing processor');
+      },
+    },
+
+    {
+      name: 'rejects-invalid-key',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post('payments/webhook?processor=stripe&key=wrong-key', {});
+
+        assert.isError(response, 401, 'Should reject invalid key');
+      },
+    },
+
+    {
+      name: 'rejects-unknown-processor',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post(`payments/webhook?processor=unknown&key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: 'evt_test_unknown',
+          type: 'test.event',
+          data: { object: {} },
+        });
+
+        assert.isError(response, 400, 'Should reject unknown processor');
+      },
+    },
+
+    {
+      name: 'accepts-valid-stripe-webhook',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const eventId = '_test-evt-valid-webhook';
+
+        // Clean up any existing doc
+        await firestore.delete(`payments-webhooks/${eventId}`);
+
+        const response = await http.as('none').post(`payments/webhook?processor=stripe&key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: eventId,
+          type: 'customer.subscription.updated',
+          data: {
+            object: {
+              id: 'sub_test_valid',
+              metadata: { uid: TEST_ACCOUNTS.basic.uid },
+              status: 'active',
+            },
+          },
+        });
+
+        assert.isSuccess(response, 'Should accept valid webhook');
+        assert.equal(response.data.received, true, 'Should confirm receipt');
+
+        // Verify doc was saved to Firestore
+        const doc = await firestore.get(`payments-webhooks/${eventId}`);
+        assert.ok(doc, 'Webhook doc should exist in Firestore');
+        assert.equal(doc.processor, 'stripe', 'Processor should be stripe');
+        assert.ok(
+          doc.status === 'pending' || doc.status === 'processing' || doc.status === 'completed',
+          'Status should be pending, processing, or completed',
+        );
+
+        // Clean up
+        await firestore.delete(`payments-webhooks/${eventId}`);
+      },
+    },
+
+    {
+      name: 'deduplicates-webhook-events',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const eventId = '_test-evt-duplicate';
+
+        // Clean up any existing doc
+        await firestore.delete(`payments-webhooks/${eventId}`);
+
+        // Send first webhook
+        await http.as('none').post(`payments/webhook?processor=stripe&key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: eventId,
+          type: 'customer.subscription.updated',
+          data: {
+            object: {
+              id: 'sub_test_dup',
+              metadata: { uid: TEST_ACCOUNTS.basic.uid },
+              status: 'active',
+            },
+          },
+        });
+
+        // Send duplicate
+        const response = await http.as('none').post(`payments/webhook?processor=stripe&key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: eventId,
+          type: 'customer.subscription.updated',
+          data: {
+            object: {
+              id: 'sub_test_dup',
+              metadata: { uid: TEST_ACCOUNTS.basic.uid },
+              status: 'active',
+            },
+          },
+        });
+
+        assert.isSuccess(response, 'Duplicate should still return 200');
+        assert.equal(response.data.duplicate, true, 'Should indicate duplicate');
+
+        // Clean up
+        await firestore.delete(`payments-webhooks/${eventId}`);
+      },
+    },
+  ],
+};

package/test/routes/test/schema.js

@@ -506,7 +506,7 @@ module.exports = {
         const { user } = response.data;
 
         assert.equal(user.authenticated, false, 'Should be unauthenticated');
-        assert.equal(user.plan, 'basic', 'Should default to basic plan');
+        assert.equal(user.subscription, 'basic', 'Should default to basic subscription');
       },
     },
 

package/test/routes/user/delete.js

@@ -54,7 +54,7 @@ module.exports = {
       name: 'remove-subscription-from-delete-user',
       async run({ firestore, state }) {
         // Remove the subscription (set to null to overwrite)
-        await firestore.set(`users/${state.deleteUid}`, { plan: null }, { merge: true });
+        await firestore.set(`users/${state.deleteUid}`, { subscription: null }, { merge: true });
       },
     },
 

package/test/routes/user/subscription.js

@@ -1,7 +1,7 @@
 /**
  * Test: GET /user/subscription
  * Tests the user get subscription info endpoint
- * Returns plan details for authenticated users
+ * Returns subscription details for authenticated users
  */
 module.exports = {
   description: 'User get subscription info',
@@ -17,17 +17,17 @@ module.exports = {
         const response = await http.get('user/subscription', {});
 
         assert.isSuccess(response, 'Get subscription info should succeed for authenticated user');
-        assert.hasProperty(response, 'data.plan', 'Response should contain plan object');
-        assert.hasProperty(response, 'data.plan.id', 'Plan should have id');
-        assert.hasProperty(response, 'data.plan.expires', 'Plan should have expires');
-        assert.hasProperty(response, 'data.plan.trial', 'Plan should have trial info');
-        assert.hasProperty(response, 'data.plan.payment', 'Plan should have payment info');
+        assert.hasProperty(response, 'data.subscription', 'Response should contain subscription object');
+        assert.hasProperty(response, 'data.subscription.product.id', 'Subscription should have id');
+        assert.hasProperty(response, 'data.subscription.expires', 'Subscription should have expires');
+        assert.hasProperty(response, 'data.subscription.trial', 'Subscription should have trial info');
+        assert.hasProperty(response, 'data.subscription.payment', 'Subscription should have payment info');
       },
     },
 
-    // Test 2: Plan has correct structure
+    // Test 2: Subscription has correct structure
     {
-      name: 'plan-structure-valid',
+      name: 'subscription-structure-valid',
       auth: 'basic',
       timeout: 15000,
 
@@ -36,31 +36,26 @@ module.exports = {
 
         assert.isSuccess(response, 'Get subscription info should succeed');
 
-        const plan = response.data.plan;
+        const subscription = response.data.subscription;
 
         // Check expires structure
-        assert.hasProperty(response, 'data.plan.expires.timestamp', 'expires should have timestamp');
-        assert.hasProperty(response, 'data.plan.expires.timestampUNIX', 'expires should have timestampUNIX');
+        assert.hasProperty(response, 'data.subscription.expires.timestamp', 'expires should have timestamp');
+        assert.hasProperty(response, 'data.subscription.expires.timestampUNIX', 'expires should have timestampUNIX');
 
         // Check trial structure
         assert.ok(
-          typeof plan.trial.activated === 'boolean',
+          typeof subscription.trial.activated === 'boolean',
           'trial.activated should be boolean'
         );
-        assert.hasProperty(response, 'data.plan.trial.date', 'trial should have date');
-        assert.hasProperty(response, 'data.plan.trial.date.timestamp', 'trial.date should have timestamp');
 
         // Check payment structure
-        assert.ok(
-          typeof plan.payment.active === 'boolean',
-          'payment.active should be boolean'
-        );
+        assert.hasProperty(response, 'data.subscription.payment', 'subscription should have payment');
       },
     },
 
     // Test 3: Premium user has active subscription
     {
-      name: 'premium-user-has-active-plan',
+      name: 'premium-user-has-active-subscription',
       auth: 'premium-active',
       timeout: 15000,
 
@@ -68,9 +63,8 @@ module.exports = {
         const response = await http.get('user/subscription', {});
 
         assert.isSuccess(response, 'Get subscription info should succeed for premium user');
-        // The API returns plan.id from the user doc (test account has plan.id = 'premium')
-        assert.hasProperty(response, 'data.plan.id', 'Premium user should have plan id');
-        assert.hasProperty(response, 'data.plan.payment', 'Premium user should have payment info');
+        assert.hasProperty(response, 'data.subscription.product.id', 'Premium user should have subscription id');
+        assert.hasProperty(response, 'data.subscription.payment', 'Premium user should have payment info');
       },
     },
 
@@ -84,8 +78,8 @@ module.exports = {
         const response = await http.get('user/subscription', {});
 
         assert.isSuccess(response, 'Get subscription info should succeed for expired premium');
-        assert.hasProperty(response, 'data.plan.id', 'Should still have plan id');
-        assert.hasProperty(response, 'data.plan.expires.timestampUNIX', 'Should have expires timestamp');
+        assert.hasProperty(response, 'data.subscription.product.id', 'Should still have subscription id');
+        assert.hasProperty(response, 'data.subscription.expires.timestampUNIX', 'Should have expires timestamp');
       },
     },
 

package/test/routes/user/user.js

@@ -39,9 +39,9 @@ module.exports = {
         assert.equal(user.auth.email, accounts.basic.email, 'Email should match test account');
         assert.equal(user.authenticated, true, 'User should be authenticated');
 
-        // Verify plan properties - basic user should have basic plan
-        assert.equal(user.plan.id, 'basic', 'Plan ID should be basic');
-        assert.equal(user.plan.status, 'active', 'Plan status should be active');
+        // Verify subscription properties - basic user should have basic subscription
+        assert.equal(user.subscription.product.id, 'basic', 'Subscription ID should be basic');
+        assert.equal(user.subscription.status, 'active', 'Subscription status should be active');
 
         // Verify roles - basic user has no special roles
         assert.equal(user.roles.admin, false, 'Basic user should not be admin');
@@ -74,8 +74,8 @@ module.exports = {
         // Verify roles - admin account has roles.admin = true in Firestore
         assert.equal(user.roles.admin, true, 'Admin account should have admin role');
 
-        // Verify plan - admin account is on basic plan
-        assert.equal(user.plan.id, 'basic', 'Admin plan ID should be basic');
+        // Verify subscription - admin account is on basic subscription
+        assert.equal(user.subscription.product.id, 'basic', 'Admin subscription ID should be basic');
       },
     },
 
@@ -101,7 +101,7 @@ module.exports = {
       },
     },
 
-    // Test 5: Premium active user - verify premium plan is retained
+    // Test 5: Premium active user - verify premium subscription is retained
     {
       name: 'premium-active-user-resolved-correctly',
       auth: 'premium-active',
@@ -118,18 +118,18 @@ module.exports = {
         assert.equal(user.auth.uid, accounts['premium-active'].uid, 'UID should match premium test account');
         assert.equal(user.auth.email, accounts['premium-active'].email, 'Email should match premium test account');
 
-        // Verify plan - premium user should retain premium plan
-        assert.equal(user.plan.id, 'premium', 'Plan ID should be premium');
-        assert.equal(user.plan.status, 'active', 'Plan status should be active');
+        // Verify subscription - premium user should retain premium subscription
+        assert.equal(user.subscription.product.id, 'premium', 'Subscription ID should be premium');
+        assert.equal(user.subscription.status, 'active', 'Subscription status should be active');
 
         // Verify expires is in the future
-        const expiresTimestamp = user.plan.expires?.timestampUNIX || 0;
+        const expiresTimestamp = user.subscription.expires?.timestampUNIX || 0;
         const now = Math.floor(Date.now() / 1000);
-        assert.ok(expiresTimestamp > now, 'Premium plan expires should be in the future');
+        assert.ok(expiresTimestamp > now, 'Premium subscription expires should be in the future');
       },
     },
 
-    // Test 6: Premium expired user - verify plan is downgraded to basic
+    // Test 6: Premium expired user - verify subscription is downgraded to basic
     {
       name: 'premium-expired-user-downgraded',
       auth: 'premium-expired',
@@ -145,8 +145,8 @@ module.exports = {
         // Verify auth properties
         assert.equal(user.auth.uid, accounts['premium-expired'].uid, 'UID should match expired premium test account');
 
-        // Verify plan - expired premium should be downgraded to basic by resolve-account
-        assert.equal(user.plan.id, 'basic', 'Expired premium plan should be downgraded to basic');
+        // Verify subscription - expired premium should be downgraded to basic by resolve-account
+        assert.equal(user.subscription.product.id, 'basic', 'Expired premium subscription should be downgraded to basic');
       },
     },
   ],

package/test/rules/user.js

@@ -6,7 +6,7 @@
  * - Users can read their own document
  * - Users can write to their own document (non-protected fields only)
  * - Users cannot read/write other users' documents
- * - Protected fields (auth, roles, flags, plan, affiliate, api, usage) cannot be written by users
+ * - Protected fields (auth, roles, flags, subscription, affiliate, api, usage) cannot be written by users
  *
  * @see templates/firestore.rules
  */
@@ -130,20 +130,20 @@ module.exports = {
       },
     },
 
-    // Test 7: User cannot write 'plan' field (protected)
+    // Test 7: User cannot write 'subscription' field (protected)
     {
-      name: 'user-cannot-write-plan-field',
+      name: 'user-cannot-write-subscription-field',
       auth: 'none',
 
       async run({ rules, accounts }) {
         const uid = accounts.basic.uid;
         const db = rules.asAccount('basic');
 
-        // Should fail - plan is protected
+        // Should fail - subscription is protected
         await rules.expectFailure(
           db.doc(`users/${uid}`).set({
-            plan: {
-              id: 'premium',
+            subscription: {
+              product: { id: 'premium' },
               status: 'active',
             },
           }, { merge: true })
@@ -317,7 +317,7 @@ module.exports = {
         await rules.expectSuccess(
           db.doc(`users/${basicUid}`).set({
             roles: { premium: true },
-            plan: { id: 'pro', status: 'active' },
+            subscription: { product: { id: 'pro' }, status: 'active' },
           }, { merge: true })
         );
       },
@@ -337,7 +337,7 @@ module.exports = {
           db.doc(`users/${newUid}`).set({
             auth: { uid: newUid, email: 'new@test.com' },
             roles: {},
-            plan: { id: 'basic', status: 'active' },
+            subscription: { product: { id: 'basic' }, status: 'active' },
           })
         );
       },