backend-manager 5.0.89 → 5.0.92

package/test/events/payments/journey-payments-one-time.js

@@ -0,0 +1,128 @@
+/**
+ * Test: Payment Journey - One-Time Purchase
+ * Simulates: user → test intent (one-time product) → auto-webhook → purchase-completed
+ *
+ * Uses the test processor to exercise the full intent→webhook→trigger pipeline
+ * for one-time payments. Unlike subscriptions, one-time payments only write to
+ * payments-orders/{orderId} — they do NOT modify users/{uid}.subscription.
+ *
+ * Requires at least one product with type: 'one-time' in config.payment.products
+ */
+module.exports = {
+  description: 'Payment journey: one-time purchase via test intent → purchase-completed',
+  type: 'suite',
+  timeout: 30000,
+
+  tests: [
+    {
+      name: 'resolve-one-time-product',
+      async run({ accounts, firestore, assert, state, config }) {
+        const uid = accounts['journey-payments-one-time'].uid;
+        const userDoc = await firestore.get(`users/${uid}`);
+
+        assert.ok(userDoc, 'User doc should exist');
+
+        // Resolve first one-time product from config
+        const oneTimeProduct = config.payment.products.find(p => p.type === 'one-time' && p.prices?.once);
+        assert.ok(oneTimeProduct, 'Config should have at least one one-time product');
+
+        state.uid = uid;
+        state.productId = oneTimeProduct.id;
+        state.productName = oneTimeProduct.name;
+        state.price = oneTimeProduct.prices.once.amount;
+
+        // Snapshot subscription before purchase — should remain unchanged after
+        state.subscriptionBefore = userDoc.subscription || null;
+      },
+    },
+
+    {
+      name: 'create-one-time-intent',
+      async run({ http, assert, state }) {
+        const response = await http.as('journey-payments-one-time').post('payments/intent', {
+          processor: 'test',
+          productId: state.productId,
+        });
+
+        assert.isSuccess(response, 'Intent should succeed');
+        assert.ok(response.data.id, 'Should return intent ID');
+        assert.ok(response.data.orderId, 'Should return orderId');
+        assert.match(response.data.orderId, /^\d{4}-\d{4}-\d{4}$/, 'orderId should be XXXX-XXXX-XXXX format');
+        assert.ok(response.data.url, 'Should return URL');
+
+        state.intentId = response.data.id;
+        state.orderId = response.data.orderId;
+
+        // Derive webhook event ID from intent ID (same timestamp)
+        state.eventId = response.data.id.replace('_test-cs-', '_test-evt-');
+      },
+    },
+
+    {
+      name: 'webhook-transition-purchase-completed',
+      async run({ firestore, assert, state, waitFor }) {
+        // Poll until the webhook is processed
+        await waitFor(async () => {
+          const doc = await firestore.get(`payments-webhooks/${state.eventId}`);
+          return doc?.status === 'completed';
+        }, 15000, 500);
+
+        const webhookDoc = await firestore.get(`payments-webhooks/${state.eventId}`);
+        assert.ok(webhookDoc, 'Webhook doc should exist');
+        assert.equal(webhookDoc.transition, 'purchase-completed', 'Transition should be purchase-completed');
+        assert.equal(webhookDoc.orderId, state.orderId, 'Webhook doc orderId should match intent');
+        assert.equal(webhookDoc.event?.category, 'one-time', 'Category should be one-time');
+      },
+    },
+
+    {
+      name: 'order-doc-created',
+      async run({ firestore, assert, state }) {
+        const orderDoc = await firestore.get(`payments-orders/${state.orderId}`);
+
+        assert.ok(orderDoc, 'Order doc should exist');
+        assert.equal(orderDoc.id, state.orderId, 'ID should match orderId');
+        assert.equal(orderDoc.type, 'one-time', 'Type should be one-time');
+        assert.equal(orderDoc.owner, state.uid, 'Owner should match');
+        assert.equal(orderDoc.processor, 'test', 'Processor should be test');
+        assert.equal(orderDoc.unified.product.id, state.productId, `Product should be ${state.productId}`);
+        assert.equal(orderDoc.unified.payment.processor, 'test', 'Unified processor should be test');
+        assert.equal(orderDoc.unified.payment.orderId, state.orderId, 'Unified orderId should match');
+      },
+    },
+
+    {
+      name: 'subscription-unchanged',
+      async run({ firestore, assert, state }) {
+        // One-time payments must NOT modify users/{uid}.subscription
+        const userDoc = await firestore.get(`users/${state.uid}`);
+        const subAfter = userDoc.subscription || null;
+
+        assert.deepEqual(
+          subAfter?.product?.id,
+          state.subscriptionBefore?.product?.id,
+          'Subscription product should be unchanged after one-time purchase',
+        );
+        assert.deepEqual(
+          subAfter?.status,
+          state.subscriptionBefore?.status,
+          'Subscription status should be unchanged after one-time purchase',
+        );
+      },
+    },
+
+    {
+      name: 'intent-doc-created',
+      async run({ firestore, assert, state }) {
+        const intentDoc = await firestore.get(`payments-intents/${state.orderId}`);
+
+        assert.ok(intentDoc, 'Intent doc should exist');
+        assert.equal(intentDoc.id, state.orderId, 'ID should match orderId');
+        assert.equal(intentDoc.intentId, state.intentId, 'Intent ID should match processor session ID');
+        assert.equal(intentDoc.owner, state.uid, 'Owner should match');
+        assert.equal(intentDoc.processor, 'test', 'Processor should be test');
+        assert.equal(intentDoc.productId, state.productId, `Product should be ${state.productId}`);
+      },
+    },
+  ],
+};

package/test/events/payments/journey-payments-plan-change.js

@@ -0,0 +1,126 @@
+/**
+ * Test: Payment Journey - Plan Change
+ * Simulates: basic → paid product A → plan-changed webhook → paid product B
+ *
+ * Uses test intent for initial subscription, then manual webhook to change plans.
+ * Requires at least two paid subscription products in config.
+ */
+module.exports = {
+  description: 'Payment journey: paid product A → plan-changed → paid product B',
+  type: 'suite',
+  timeout: 30000,
+
+  tests: [
+    {
+      name: 'setup-paid-subscription',
+      async run({ accounts, firestore, assert, state, config, http, waitFor }) {
+        const uid = accounts['journey-payments-plan-change'].uid;
+
+        // Resolve two distinct paid subscription products from config
+        const paidProducts = config.payment.products.filter(p => p.id !== 'basic' && p.type === 'subscription' && p.prices);
+        assert.ok(paidProducts.length >= 2, 'Config should have at least two paid subscription products');
+
+        const productA = paidProducts[0];
+        const productB = paidProducts[1];
+
+        state.uid = uid;
+        state.productA = { id: productA.id, name: productA.name, priceId: productA.prices.monthly.stripe };
+        state.productB = { id: productB.id, name: productB.name, priceId: productB.prices.monthly.stripe };
+
+        // Create subscription via test intent (product A)
+        const response = await http.as('journey-payments-plan-change').post('payments/intent', {
+          processor: 'test',
+          productId: productA.id,
+          frequency: 'monthly',
+        });
+        assert.isSuccess(response, 'Intent should succeed');
+        state.orderId = response.data.orderId;
+
+        // Wait for subscription to activate
+        await waitFor(async () => {
+          const userDoc = await firestore.get(`users/${uid}`);
+          return userDoc?.subscription?.product?.id === productA.id;
+        }, 15000, 500);
+
+        const userDoc = await firestore.get(`users/${uid}`);
+        assert.equal(userDoc.subscription?.product?.id, productA.id, `Should start as ${productA.id}`);
+        assert.equal(userDoc.subscription?.status, 'active', 'Should be active');
+
+        state.subscriptionId = userDoc.subscription.payment.resourceId;
+      },
+    },
+
+    {
+      name: 'send-plan-change-webhook',
+      async run({ http, assert, state, config }) {
+        const futureDate = new Date();
+        futureDate.setMonth(futureDate.getMonth() + 1);
+
+        state.eventId = `_test-evt-journey-plan-change-${Date.now()}`;
+
+        // Send subscription.updated with a different product's price ID
+        const response = await http.as('none').post(`payments/webhook?processor=test&key=${config.backendManagerKey}`, {
+          id: state.eventId,
+          type: 'customer.subscription.updated',
+          data: {
+            object: {
+              id: state.subscriptionId,
+              object: 'subscription',
+              status: 'active',
+              metadata: { uid: state.uid, orderId: state.orderId },
+              cancel_at_period_end: false,
+              canceled_at: null,
+              current_period_end: Math.floor(futureDate.getTime() / 1000),
+              current_period_start: Math.floor(Date.now() / 1000),
+              start_date: Math.floor(Date.now() / 1000) - 86400 * 30,
+              trial_start: null,
+              trial_end: null,
+              plan: { id: state.productB.priceId, interval: 'month' },
+            },
+          },
+        });
+
+        assert.isSuccess(response, 'Webhook should be accepted');
+      },
+    },
+
+    {
+      name: 'plan-changed-transition-detected',
+      async run({ firestore, assert, state, waitFor }) {
+        await waitFor(async () => {
+          const doc = await firestore.get(`payments-webhooks/${state.eventId}`);
+          return doc?.status === 'completed';
+        }, 15000, 500);
+
+        const webhookDoc = await firestore.get(`payments-webhooks/${state.eventId}`);
+        assert.ok(webhookDoc, 'Webhook doc should exist');
+        assert.equal(webhookDoc.transition, 'plan-changed', 'Transition should be plan-changed');
+      },
+    },
+
+    {
+      name: 'subscription-updated-to-product-b',
+      async run({ firestore, assert, state }) {
+        const userDoc = await firestore.get(`users/${state.uid}`);
+
+        assert.equal(userDoc.subscription.product.id, state.productB.id, `Product should be ${state.productB.id}`);
+        assert.equal(userDoc.subscription.product.name, state.productB.name, `Product name should be ${state.productB.name}`);
+        assert.equal(userDoc.subscription.status, 'active', 'Status should still be active');
+        assert.equal(userDoc.subscription.payment.processor, 'test', 'Processor should be test');
+        assert.equal(userDoc.subscription.payment.frequency, 'monthly', 'Frequency should be monthly');
+        assert.equal(userDoc.subscription.payment.resourceId, state.subscriptionId, 'Resource ID should be the same subscription');
+      },
+    },
+
+    {
+      name: 'order-doc-updated',
+      async run({ firestore, assert, state }) {
+        const orderDoc = await firestore.get(`payments-orders/${state.orderId}`);
+
+        assert.ok(orderDoc, 'Order doc should exist');
+        assert.equal(orderDoc.unified.product.id, state.productB.id, `Order product should be ${state.productB.id}`);
+        assert.equal(orderDoc.unified.status, 'active', 'Order status should be active');
+      },
+    },
+  ],
+};

package/test/events/payments/journey-payments-upgrade.js

@@ -88,8 +88,8 @@ module.exports = {
         assert.equal(orderDoc.owner, state.uid, 'Owner should match');
         assert.equal(orderDoc.processor, 'test', 'Processor should be test');
         assert.equal(orderDoc.resourceId, state.subscriptionId, 'Resource ID should match');
-        assert.equal(orderDoc.subscription.product.id, state.paidProductId, `Product should be ${state.paidProductId}`);
-        assert.equal(orderDoc.subscription.status, 'active', 'Status should be active');
+        assert.equal(orderDoc.unified.product.id, state.paidProductId, `Product should be ${state.paidProductId}`);
+        assert.equal(orderDoc.unified.status, 'active', 'Status should be active');
       },
     },
 

package/test/functions/admin/send-email.js

@@ -8,7 +8,6 @@
  *
  * Possible status values:
  * - 'sent': Email sent via SendGrid
- * - 'non-unique': Duplicate email detected (when ensureUnique: true)
  * - 'queued': Scheduled beyond 71 hours, saved to queue for later
  */
 module.exports = {
@@ -26,7 +25,6 @@ module.exports = {
         const response = await http.command('admin:send-email', {
           to: [{ email: `_test-receiver@${config.domain}` }],
           copy: false,
-          ensureUnique: false,
         });
 
         assert.isError(response, 400, 'Missing subject should return 400');
@@ -44,7 +42,6 @@ module.exports = {
           subject: 'BEM Test Email - Status Sent',
           to: [{ email: `_test-receiver@${config.domain}`, name: 'Test Receiver' }],
           copy: false,
-          ensureUnique: false,
           data: {
             email: {
               subject: 'BEM Test Email - Status Sent',
@@ -55,7 +52,7 @@ module.exports = {
 
         assert.isSuccess(response, 'Admin should be able to send email');
         assert.hasProperty(response, 'data.status', 'Response should have status');
-        assert.equal(response.data.status, 'sent', 'Status should be sent when ensureUnique is false');
+        assert.equal(response.data.status, 'sent', 'Status should be sent');
       },
     },
 
@@ -73,7 +70,6 @@ module.exports = {
           subject: 'BEM Test Email - Status Queued',
           to: [{ email: `_test-receiver@${config.domain}`, name: 'Test Receiver' }],
           copy: false,
-          ensureUnique: false,
           sendAt: sendAt,
           data: {
             email: {
@@ -89,89 +85,6 @@ module.exports = {
       },
     },
 
-    // Test 6: Status 'non-unique' - Duplicate email detected
-    // This test sends two identical emails with ensureUnique: true
-    // The second one should return 'non-unique' status
-    {
-      name: 'status-non-unique',
-      auth: 'admin',
-      timeout: 120000, // Long timeout because ensureUnique waits ~45 seconds
-
-      async run({ http, assert, config }) {
-        const uniqueSubject = `BEM Test Email - Unique Check ${Date.now()}`;
-
-        // Send first email with ensureUnique: true
-        const response1Promise = http.command('admin:send-email', {
-          subject: uniqueSubject,
-          to: [{ email: `_test-receiver@${config.domain}` }],
-          copy: false,
-          ensureUnique: true,
-          categories: ['bem-test-unique'],
-          data: {
-            email: {
-              subject: uniqueSubject,
-              body: 'Testing ensureUnique feature.',
-            },
-          },
-        });
-
-        // Send second identical email immediately (same subject, to, categories = same hash)
-        const response2Promise = http.command('admin:send-email', {
-          subject: uniqueSubject,
-          to: [{ email: `_test-receiver@${config.domain}` }],
-          copy: false,
-          ensureUnique: true,
-          categories: ['bem-test-unique'],
-          data: {
-            email: {
-              subject: uniqueSubject,
-              body: 'Testing ensureUnique feature.',
-            },
-          },
-        });
-
-        // Wait for both
-        const [response1, response2] = await Promise.all([response1Promise, response2Promise]);
-
-        // Both should succeed
-        assert.isSuccess(response1, 'First email should succeed');
-        assert.isSuccess(response2, 'Second email should succeed');
-
-        // One should be 'sent', the other 'non-unique'
-        const statuses = [response1.data.status, response2.data.status].sort();
-        assert.equal(statuses[0], 'non-unique', 'One email should have status non-unique');
-        assert.equal(statuses[1], 'sent', 'One email should have status sent');
-      },
-    },
-
-    // Test 7: Unauthorized sender domain rejected by SendGrid
-    // TODO: SendGrid accepts emails from unauthorized domains at API level
-    // (they may fail at delivery). Consider adding BEM-level validation.
-    // {
-    //   name: 'unauthorized-from-domain-rejected',
-    //   auth: 'admin',
-    //   timeout: 30000,
-    //
-    //   async run({ http, assert, config }) {
-    //     const response = await http.command('admin:send-email', {
-    //       subject: 'BEM Test Email - Unauthorized Sender',
-    //       to: [{ email: `_test-receiver@${config.domain}` }],
-    //       from: { email: 'fake-sender@example.com', name: 'Fake Sender' },
-    //       copy: false,
-    //       ensureUnique: false,
-    //       data: {
-    //         email: {
-    //           subject: 'BEM Test Email - Unauthorized Sender',
-    //           body: 'This email should fail because the sender domain is not authorized.',
-    //         },
-    //       },
-    //     });
-    //
-    //     // SendGrid rejects emails from unauthorized sender domains with 403
-    //     assert.isError(response, 500, 'Sending from unauthorized domain should fail');
-    //   },
-    // },
-
     // --- Auth rejection tests (at end per convention) ---
     {
       name: 'unauthenticated-rejected',