backend-manager 5.9.4 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (251) hide show
  1. package/CLAUDE.md +6 -0
  2. package/package.json +8 -1
  3. package/src/cli/commands/install.js +4 -3
  4. package/src/cli/commands/setup-tests/backend-manager.js +2 -1
  5. package/src/cli/commands/setup-tests/firebase-admin.js +2 -1
  6. package/src/cli/commands/setup-tests/firebase-functions.js +2 -1
  7. package/src/cli/utils/safe-install.js +13 -0
  8. package/src/manager/routes/payments/cancel/post.js +22 -2
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  13. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  20. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  21. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  22. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  23. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  24. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  25. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  26. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  27. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  28. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  29. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  30. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  31. package/src/test/test-accounts.js +9 -0
  32. package/.codeclimate.yml +0 -32
  33. package/.nvmrc +0 -1
  34. package/CHANGELOG.md +0 -1432
  35. package/PROGRESS.md +0 -86
  36. package/TODO-2.md +0 -121
  37. package/TODO-CHARGEBLAST.md +0 -32
  38. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  39. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  40. package/TODO-email-auth.md +0 -14
  41. package/TODO.md +0 -187
  42. package/plans/mcp2.md +0 -247
  43. package/scripts/test-helper-providers.js +0 -162
  44. package/scripts/update-disposable-domains.js +0 -44
  45. package/templates/_.env +0 -42
  46. package/templates/_.gitignore +0 -60
  47. package/templates/backend-manager-config.json +0 -249
  48. package/templates/database.rules.json +0 -83
  49. package/templates/firebase.json +0 -66
  50. package/templates/firestore.indexes.json +0 -4
  51. package/templates/firestore.rules +0 -112
  52. package/templates/public/404.html +0 -26
  53. package/templates/public/index.html +0 -24
  54. package/templates/remoteconfig.template.json +0 -1
  55. package/templates/storage-lifecycle-config-1-day.json +0 -9
  56. package/templates/storage-lifecycle-config-30-days.json +0 -9
  57. package/templates/storage.rules +0 -8
  58. package/test/_init/accounts-validation.js +0 -58
  59. package/test/_legacy/ai/index.js +0 -231
  60. package/test/_legacy/ai/test.jpg +0 -0
  61. package/test/_legacy/ai/test.pdf +0 -0
  62. package/test/_legacy/index.js +0 -31
  63. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  64. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  66. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  67. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  68. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  69. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  70. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  71. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  72. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  73. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  74. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  75. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  76. package/test/_legacy/payment-resolver/index.js +0 -1558
  77. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  78. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  84. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  85. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  86. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  87. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  88. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  89. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  90. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  91. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  92. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  94. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  95. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  96. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  97. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  98. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  99. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  100. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  101. package/test/_legacy/test-new +0 -1178
  102. package/test/_legacy/test.md +0 -89
  103. package/test/_legacy/usage.js +0 -175
  104. package/test/_legacy/user.js +0 -31
  105. package/test/ai/tools-live.js +0 -170
  106. package/test/boot/emulator-boots.js +0 -37
  107. package/test/content/blog-generate.js +0 -160
  108. package/test/email/campaign-send.js +0 -45
  109. package/test/email/consent-lifecycle.js +0 -257
  110. package/test/email/feedback-and-plain-send.js +0 -52
  111. package/test/email/fixtures/editorial.json +0 -30
  112. package/test/email/fixtures/field-report.json +0 -53
  113. package/test/email/marketing-lifecycle.js +0 -132
  114. package/test/email/newsletter-generate.js +0 -819
  115. package/test/email/newsletter-templates.js +0 -491
  116. package/test/email/templates.js +0 -207
  117. package/test/email/transactional-send.js +0 -34
  118. package/test/email/transactional.js +0 -560
  119. package/test/email/validation.js +0 -710
  120. package/test/events/auth-delete-race.js +0 -201
  121. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  122. package/test/events/payments/journey-payments-cancel.js +0 -182
  123. package/test/events/payments/journey-payments-discount.js +0 -89
  124. package/test/events/payments/journey-payments-failure.js +0 -146
  125. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  126. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  127. package/test/events/payments/journey-payments-one-time.js +0 -136
  128. package/test/events/payments/journey-payments-plan-change.js +0 -144
  129. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  130. package/test/events/payments/journey-payments-suspend.js +0 -181
  131. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  132. package/test/events/payments/journey-payments-trial.js +0 -171
  133. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  134. package/test/events/payments/journey-payments-upgrade.js +0 -135
  135. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  136. package/test/fixtures/chargebee/subscription-active.json +0 -44
  137. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  138. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  139. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  140. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  141. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  142. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  143. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  144. package/test/fixtures/paypal/order-approved.json +0 -62
  145. package/test/fixtures/paypal/order-completed.json +0 -110
  146. package/test/fixtures/paypal/subscription-active.json +0 -76
  147. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  148. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  149. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  150. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  151. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  152. package/test/fixtures/stripe/subscription-active.json +0 -161
  153. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  154. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  155. package/test/functions/admin/database-read.js +0 -134
  156. package/test/functions/admin/database-write.js +0 -159
  157. package/test/functions/admin/edit-post.js +0 -366
  158. package/test/functions/admin/firestore-query.js +0 -207
  159. package/test/functions/admin/firestore-read.js +0 -129
  160. package/test/functions/admin/firestore-write.js +0 -105
  161. package/test/functions/admin/get-stats.js +0 -115
  162. package/test/functions/admin/send-email.js +0 -119
  163. package/test/functions/admin/send-notification.js +0 -208
  164. package/test/functions/admin/write-repo-content.js +0 -223
  165. package/test/functions/general/add-marketing-contact.js +0 -335
  166. package/test/functions/general/fetch-post.js +0 -54
  167. package/test/functions/general/generate-uuid.js +0 -114
  168. package/test/functions/test/authenticate.js +0 -64
  169. package/test/functions/user/create-custom-token.js +0 -73
  170. package/test/functions/user/delete.js +0 -135
  171. package/test/functions/user/get-active-sessions.js +0 -111
  172. package/test/functions/user/get-subscription-info.js +0 -99
  173. package/test/functions/user/regenerate-api-keys.js +0 -156
  174. package/test/functions/user/resolve.js +0 -52
  175. package/test/functions/user/sign-out-all-sessions.js +0 -94
  176. package/test/functions/user/sign-up.js +0 -252
  177. package/test/functions/user/submit-feedback.js +0 -104
  178. package/test/functions/user/validate-settings.js +0 -82
  179. package/test/helpers/ai-request-payload.js +0 -300
  180. package/test/helpers/ai-test-provider.js +0 -202
  181. package/test/helpers/ai-tools-format.js +0 -383
  182. package/test/helpers/content/blog-auto-publisher.js +0 -484
  183. package/test/helpers/content/feed-parser.js +0 -528
  184. package/test/helpers/content/ghostii-blocks.js +0 -134
  185. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  186. package/test/helpers/content/ghostii-write-article.js +0 -243
  187. package/test/helpers/environment.js +0 -230
  188. package/test/helpers/infer-contact.js +0 -113
  189. package/test/helpers/merge-line-files.js +0 -271
  190. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  191. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  192. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  193. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  194. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  195. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  196. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  197. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  198. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  199. package/test/helpers/sanitize.js +0 -222
  200. package/test/helpers/slugify.js +0 -394
  201. package/test/helpers/storage.js +0 -194
  202. package/test/helpers/user.js +0 -755
  203. package/test/helpers/webhook-forward.js +0 -418
  204. package/test/mcp/discovery.js +0 -53
  205. package/test/mcp/oauth.js +0 -161
  206. package/test/mcp/protocol.js +0 -268
  207. package/test/mcp/roles.js +0 -188
  208. package/test/mcp/utils.js +0 -245
  209. package/test/routes/admin/create-post.js +0 -364
  210. package/test/routes/admin/database.js +0 -131
  211. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  212. package/test/routes/admin/email.js +0 -114
  213. package/test/routes/admin/firestore-query.js +0 -204
  214. package/test/routes/admin/firestore.js +0 -127
  215. package/test/routes/admin/infer-contact.js +0 -218
  216. package/test/routes/admin/notification.js +0 -198
  217. package/test/routes/admin/post-resize-image.js +0 -184
  218. package/test/routes/admin/post.js +0 -368
  219. package/test/routes/admin/repo-content.js +0 -223
  220. package/test/routes/admin/stats.js +0 -112
  221. package/test/routes/content/post.js +0 -54
  222. package/test/routes/general/uuid.js +0 -115
  223. package/test/routes/marketing/campaign.js +0 -125
  224. package/test/routes/marketing/contact.js +0 -370
  225. package/test/routes/marketing/email-preferences.js +0 -292
  226. package/test/routes/marketing/push-send.js +0 -32
  227. package/test/routes/marketing/webhook-forward.js +0 -61
  228. package/test/routes/marketing/webhook.js +0 -639
  229. package/test/routes/payments/cancel.js +0 -140
  230. package/test/routes/payments/discount.js +0 -80
  231. package/test/routes/payments/dispute-alert.js +0 -320
  232. package/test/routes/payments/intent.js +0 -336
  233. package/test/routes/payments/portal.js +0 -92
  234. package/test/routes/payments/refund.js +0 -179
  235. package/test/routes/payments/trial-eligibility.js +0 -71
  236. package/test/routes/payments/webhook.js +0 -107
  237. package/test/routes/test/authenticate.js +0 -59
  238. package/test/routes/test/schema.js +0 -554
  239. package/test/routes/test/usage.js +0 -342
  240. package/test/routes/user/api-keys.js +0 -156
  241. package/test/routes/user/delete.js +0 -136
  242. package/test/routes/user/feedback.js +0 -104
  243. package/test/routes/user/sessions.js +0 -199
  244. package/test/routes/user/settings-validate.js +0 -82
  245. package/test/routes/user/signup.js +0 -542
  246. package/test/routes/user/subscription.js +0 -99
  247. package/test/routes/user/token.js +0 -73
  248. package/test/routes/user/user.js +0 -157
  249. package/test/rules/notifications.js +0 -410
  250. package/test/rules/payments-carts.js +0 -371
  251. package/test/rules/user.js +0 -396
@@ -1,542 +0,0 @@
1
- const { TEST_ACCOUNTS } = require('../../../src/test/test-accounts.js');
2
-
3
- // SSOT: Affiliate code from referrer account definition
4
- const REFERRER_AFFILIATE_CODE = TEST_ACCOUNTS.referrer.properties.affiliate.code;
5
-
6
- /**
7
- * Test Suite: POST /user/signup
8
- * Tests the complete user signup flow including:
9
- * - Using pre-created referrer with an affiliate code
10
- * - Calling user signup with that referral code
11
- * - Verifying the referral tracking works
12
- * - Edge cases: unauthenticated, signing up for another user, invalid affiliate code
13
- *
14
- * Note: referrer and referred accounts are pre-created by the test runner
15
- * The referrer has affiliate.code set at creation time (see test-accounts.js)
16
- */
17
- module.exports = {
18
- description: 'User signup flow with affiliate tracking',
19
- type: 'suite',
20
- timeout: 60000, // Longer timeout for auth events to process
21
-
22
- tests: [
23
- // --- Edge case tests ---
24
- {
25
- name: 'signup-with-invalid-affiliate-code',
26
- async run({ http, assert }) {
27
- // Try to sign up with a non-existent affiliate code
28
- // Use dedicated account so it doesn't affect other tests
29
- const signupResponse = await http.as('referred-invalid').post('backend-manager/user/signup', {
30
- attribution: {
31
- affiliate: { code: 'INVALID_CODE_12345' },
32
- },
33
- });
34
-
35
- // Should succeed but without referral tracking (invalid code is ignored)
36
- assert.isSuccess(signupResponse, 'Signup should succeed even with invalid affiliate code');
37
- },
38
- },
39
-
40
- // --- Main signup flow tests ---
41
- {
42
- name: 'verify-referrer-exists',
43
- async run({ firestore, assert, state, accounts }) {
44
- // Use the pre-created static referrer account
45
- state.referrerUid = accounts.referrer.uid;
46
- state.referrerEmail = accounts.referrer.email;
47
- state.referrerAffiliateCode = REFERRER_AFFILIATE_CODE;
48
-
49
- // Verify the referrer account exists and has the affiliate code
50
- const referrerDoc = await firestore.get(`users/${state.referrerUid}`);
51
-
52
- assert.ok(referrerDoc, 'Referrer user doc should exist');
53
- assert.equal(
54
- referrerDoc?.affiliate?.code,
55
- state.referrerAffiliateCode,
56
- 'Referrer should have affiliate code set'
57
- );
58
- },
59
- },
60
-
61
- {
62
- name: 'verify-referred-exists',
63
- async run({ firestore, assert, state, accounts }) {
64
- // Use the pre-created static referred account
65
- state.referredUid = accounts.referred.uid;
66
- state.referredEmail = accounts.referred.email;
67
-
68
- // Verify the referred account exists
69
- const referredDoc = await firestore.get(`users/${state.referredUid}`);
70
-
71
- assert.ok(referredDoc, 'Referred user doc should exist');
72
- },
73
- },
74
-
75
- {
76
- name: 'call-user-signup-with-affiliate',
77
- async run({ http, assert, state }) {
78
- // Call POST /user/signup as the referred user with the new attribution format
79
- // This triggers the referral tracking logic
80
- // Use .as('referred') to authenticate as that specific user via privateKey
81
- const signupResponse = await http.as('referred').post('backend-manager/user/signup', {
82
- attribution: {
83
- affiliate: {
84
- code: state.referrerAffiliateCode,
85
- timestamp: new Date().toISOString(),
86
- url: `https://example.com/?ref=${REFERRER_AFFILIATE_CODE}`,
87
- page: '/',
88
- },
89
- utm: {
90
- tags: {
91
- utm_source: 'test',
92
- utm_medium: 'referral',
93
- utm_campaign: 'signup-test',
94
- },
95
- timestamp: new Date().toISOString(),
96
- url: 'https://example.com/?utm_source=test',
97
- page: '/',
98
- },
99
- },
100
- context: {
101
- referrer: 'https://google.com',
102
- landingPage: 'https://example.com/',
103
- },
104
- });
105
-
106
- assert.isSuccess(signupResponse, `POST /user/signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
107
-
108
- // BEM API returns { data: { signedUp: true } }, http-client wraps in { data: response }
109
- const signedUp = signupResponse.data?.data?.signedUp || signupResponse.data?.signedUp;
110
- assert.ok(signedUp === true, `Should return signedUp: true (got: ${JSON.stringify(signupResponse.data)})`);
111
- },
112
- },
113
-
114
- {
115
- name: 'duplicate-signup-blocked',
116
- async run({ http, assert, state }) {
117
- // Try to call POST /user/signup again for the same user
118
- // This should be blocked since signup has already been processed
119
- const signupResponse = await http.as('referred').post('backend-manager/user/signup', {
120
- attribution: {
121
- affiliate: { code: state.referrerAffiliateCode },
122
- },
123
- });
124
-
125
- assert.isError(signupResponse, 400, 'Duplicate signup should be blocked');
126
- assert.ok(
127
- signupResponse.error?.includes('already been processed'),
128
- `Error should mention already processed: ${signupResponse.error}`
129
- );
130
- },
131
- },
132
-
133
- {
134
- name: 'wait-for-referral-update',
135
- async run({ firestore, assert, state, waitFor }) {
136
- // Wait for the referral to be recorded
137
- // The user signup endpoint calls updateReferral() which updates the referrer
138
-
139
- const referralFound = await waitFor(async () => {
140
- const referrerDoc = await firestore.get(`users/${state.referrerUid}`);
141
-
142
- if (!referrerDoc) {
143
- return false;
144
- }
145
-
146
- const referrals = referrerDoc?.affiliate?.referrals || [];
147
- return referrals.some(r => r.uid === state.referredUid);
148
- }, 30000, 1000); // Wait up to 30s, check every 1s
149
-
150
- assert.ok(referralFound, 'Referrer should have referred user in referrals array');
151
- },
152
- },
153
-
154
- {
155
- name: 'verify-referrer-has-referral',
156
- async run({ firestore, assert, state }) {
157
- // Verify the referrer now has the referred user in their referrals
158
- const referrerDoc = await firestore.get(`users/${state.referrerUid}`);
159
-
160
- assert.ok(referrerDoc, 'Should read referrer doc');
161
-
162
- const referrals = referrerDoc?.affiliate?.referrals || [];
163
-
164
- assert.ok(referrals.length > 0, 'Referrer should have at least one referral');
165
-
166
- const foundReferral = referrals.find(r => r.uid === state.referredUid);
167
-
168
- assert.ok(foundReferral, `Referrer should have ${state.referredUid} in referrals`);
169
- assert.ok(foundReferral.timestamp, 'Referral should have timestamp');
170
- },
171
- },
172
-
173
- {
174
- name: 'verify-attribution-data-saved',
175
- async run({ firestore, assert, state }) {
176
- // Verify the attribution data was saved correctly
177
- const referredDoc = await firestore.get(`users/${state.referredUid}`);
178
-
179
- assert.ok(referredDoc, 'Should read referred user doc');
180
-
181
- // Check attribution object (single source of truth for referrer info)
182
- const attribution = referredDoc?.attribution;
183
- assert.ok(attribution, 'Attribution object should exist');
184
- assert.ok(attribution?.affiliate?.code === state.referrerAffiliateCode, 'Attribution should have affiliate code');
185
- assert.ok(attribution?.utm?.tags?.utm_source === 'test', 'Attribution should have UTM source');
186
- assert.ok(attribution?.utm?.tags?.utm_campaign === 'signup-test', 'Attribution should have UTM campaign');
187
-
188
- // Check activity context was merged
189
- const activity = referredDoc?.activity;
190
- assert.ok(activity, 'Activity object should exist');
191
- assert.ok(activity?.referrer === 'https://google.com', 'Activity should have referrer from context');
192
- assert.ok(activity?.landingPage === 'https://example.com/', 'Activity should have landingPage from context');
193
-
194
- // Check flags
195
- assert.ok(referredDoc?.flags?.signupProcessed === true, 'signupProcessed flag should be true');
196
- },
197
- },
198
-
199
- // --- Disposable email referral test ---
200
- {
201
- name: 'disposable-email-referral-skipped',
202
- async run({ http, firestore, assert, state, accounts }) {
203
- // Record current referral count before disposable signup
204
- const referrerBefore = await firestore.get(`users/${state.referrerUid}`);
205
- const referralsBefore = referrerBefore?.affiliate?.referrals || [];
206
- state.referralCountBefore = referralsBefore.length;
207
-
208
- // Sign up a disposable email account with the referrer's affiliate code
209
- // The signup itself should succeed (account was created via Admin SDK, bypassing beforeCreate)
210
- // But the referral credit should be SKIPPED because the email is disposable
211
- const signupResponse = await http.as('referred-disposable').post('backend-manager/user/signup', {
212
- attribution: {
213
- affiliate: { code: state.referrerAffiliateCode },
214
- },
215
- });
216
-
217
- assert.isSuccess(signupResponse, 'Disposable email signup should succeed');
218
-
219
- // Verify NO new referral was added to the referrer
220
- // Small delay to ensure any async writes would have completed
221
- await new Promise((resolve) => setTimeout(resolve, 3000));
222
-
223
- const referrerAfter = await firestore.get(`users/${state.referrerUid}`);
224
- const referralsAfter = referrerAfter?.affiliate?.referrals || [];
225
-
226
- assert.equal(
227
- referralsAfter.length,
228
- state.referralCountBefore,
229
- `Referrer should NOT get credit for disposable email referral (before=${state.referralCountBefore}, after=${referralsAfter.length})`
230
- );
231
-
232
- const disposableReferral = referralsAfter.find(r => r.uid === accounts['referred-disposable'].uid);
233
- assert.ok(!disposableReferral, 'Disposable account should NOT appear in referrals');
234
- },
235
- },
236
-
237
- // --- Consent capture tests ---
238
- {
239
- name: 'consent-granted-both-records-canonical-shape',
240
- async run({ http, firestore, assert, accounts }) {
241
- const consentText = {
242
- legal: 'I agree to the Terms of Service and Privacy Policy.',
243
- marketing: 'Send me product updates and newsletters. You can unsubscribe anytime.',
244
- };
245
-
246
- // Use absurdly-old client timestamp to prove server time wins (defense vs clock skew)
247
- const signupResponse = await http.as('consent-granted').post('backend-manager/user/signup', {
248
- consent: {
249
- legal: { granted: true, text: consentText.legal, timestamp: '2000-01-01T00:00:00.000Z' },
250
- marketing: { granted: true, text: consentText.marketing, timestamp: '2000-01-01T00:00:00.000Z' },
251
- },
252
- });
253
-
254
- assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
255
-
256
- const userDoc = await firestore.get(`users/${accounts['consent-granted'].uid}`);
257
-
258
- // Legal
259
- assert.equal(userDoc?.consent?.legal?.status, 'granted', 'consent.legal.status should be granted');
260
- assert.equal(userDoc?.consent?.legal?.grantedAt?.source, 'signup', 'legal grantedAt.source should be signup-form');
261
- assert.equal(userDoc?.consent?.legal?.grantedAt?.text, consentText.legal, 'legal grantedAt.text should match client payload');
262
- assert.ok(userDoc?.consent?.legal?.grantedAt?.timestamp, 'legal grantedAt.timestamp should be set');
263
- assert.equal(typeof userDoc?.consent?.legal?.grantedAt?.timestampUNIX, 'number', 'legal grantedAt.timestampUNIX should be number');
264
-
265
- // Server-derived time MUST be used (the client-supplied 2000-01-01 should NOT appear).
266
- // grantedAt is stamped from Auth's creationTime, the same source as metadata.created,
267
- // so the two must be equal — and the client's 2000-01-01 (UNIX 946684800) is rejected.
268
- const legalUNIX = userDoc.consent.legal.grantedAt.timestampUNIX;
269
- const createdUNIX = userDoc.metadata.created.timestampUNIX;
270
- assert.equal(
271
- legalUNIX, createdUNIX,
272
- `legal grantedAt.timestampUNIX (${legalUNIX}) should match metadata.created (${createdUNIX}) — both from Auth creationTime`
273
- );
274
- assert.notEqual(legalUNIX, 946684800, 'legal grantedAt must NOT be the client-supplied 2000-01-01 time');
275
-
276
- // Marketing
277
- assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'consent.marketing.status should be granted');
278
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.source, 'signup', 'marketing grantedAt.source should be signup-form');
279
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, consentText.marketing, 'marketing grantedAt.text should match client payload');
280
- assert.equal(typeof userDoc?.consent?.marketing?.grantedAt?.timestampUNIX, 'number', 'marketing grantedAt.timestampUNIX should be number');
281
-
282
- // revokedAt should be all-null sibling object (NOT undefined, NOT missing)
283
- assert.ok(userDoc?.consent?.marketing?.revokedAt, 'marketing.revokedAt object should exist (not null)');
284
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.timestamp, null, 'marketing revokedAt.timestamp should be null');
285
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, null, 'marketing revokedAt.source should be null');
286
- },
287
- },
288
-
289
- {
290
- name: 'consent-marketing-declined-records-revokedAt',
291
- async run({ http, firestore, assert, accounts }) {
292
- const legalText = 'I agree to the Terms of Service and Privacy Policy.';
293
-
294
- const signupResponse = await http.as('consent-declined').post('backend-manager/user/signup', {
295
- consent: {
296
- legal: { granted: true, text: legalText },
297
- marketing: { granted: false, text: 'Send me updates.' },
298
- },
299
- });
300
-
301
- assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
302
-
303
- const userDoc = await firestore.get(`users/${accounts['consent-declined'].uid}`);
304
-
305
- // Legal — granted normally
306
- assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status should be granted');
307
- assert.equal(userDoc?.consent?.legal?.grantedAt?.source, 'signup', 'legal grantedAt.source should be signup-form');
308
-
309
- // Marketing — revoked at signup
310
- assert.equal(userDoc?.consent?.marketing?.status, 'revoked', 'marketing.status should be revoked');
311
-
312
- // grantedAt MUST be all-null (never granted, even though client passed text)
313
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.timestamp, null, 'marketing grantedAt.timestamp should be null');
314
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.source, null, 'marketing grantedAt.source should be null');
315
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, null, 'marketing grantedAt.text should be null (declined)');
316
-
317
- // revokedAt MUST have signup-form-declined source + server time
318
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, 'signup', 'marketing revokedAt.source should be signup-form-declined');
319
- assert.ok(userDoc?.consent?.marketing?.revokedAt?.timestamp, 'marketing revokedAt.timestamp should be set');
320
- assert.equal(typeof userDoc?.consent?.marketing?.revokedAt?.timestampUNIX, 'number', 'marketing revokedAt.timestampUNIX should be number');
321
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.text, null, 'marketing revokedAt.text should be null (decline has no message)');
322
- },
323
- },
324
-
325
- {
326
- name: 'consent-missing-defaults-to-revoked',
327
- async run({ http, firestore, assert, accounts }) {
328
- // Client sends NO consent field at all (legacy or malformed payload).
329
- // Expected: both legal + marketing default to revoked. No crash, no marketing sync.
330
- const signupResponse = await http.as('consent-missing').post('backend-manager/user/signup', {});
331
-
332
- assert.isSuccess(signupResponse, `Signup should succeed even with no consent: ${JSON.stringify(signupResponse, null, 2)}`);
333
-
334
- const userDoc = await firestore.get(`users/${accounts['consent-missing'].uid}`);
335
-
336
- assert.ok(userDoc?.consent, 'consent object should exist');
337
- assert.equal(userDoc?.consent?.legal?.status, 'revoked', 'legal.status should default to revoked');
338
- assert.equal(userDoc?.consent?.legal?.grantedAt?.timestamp, null, 'legal grantedAt.timestamp should be null');
339
- assert.equal(userDoc?.consent?.legal?.grantedAt?.source, null, 'legal grantedAt.source should be null');
340
-
341
- assert.equal(userDoc?.consent?.marketing?.status, 'revoked', 'marketing.status should default to revoked');
342
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.timestamp, null, 'marketing grantedAt.timestamp should be null');
343
-
344
- // Even when consent is missing entirely, the revokedAt block gets stamped with signup-form-declined.
345
- // This ensures the user doc has a recorded decline event for audit.
346
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, 'signup', 'marketing revokedAt.source should be signup-form-declined when consent missing');
347
- },
348
- },
349
-
350
- // --- Consent downgrade-protection tests ---
351
- // Guards against data loss when a LEGACY account (signed up before the flags.signupProcessed
352
- // flow existed, so flag never set) re-fires /user/signup on page load. Its localStorage
353
- // consent is long gone, so the payload is empty — without the guard, buildConsentRecord
354
- // would compute 'revoked' and the {merge:true} write would wipe the consent the user
355
- // actually granted months ago. The guard preserves any existing 'granted' status.
356
- {
357
- name: 'consent-empty-payload-preserves-existing-grant',
358
- async run({ http, firestore, assert, accounts }) {
359
- const uid = accounts['consent-preserve'].uid;
360
-
361
- // Seed the doc as an established account whose consent is already granted (as a real
362
- // legacy signup would be after the OMEGA migration backfilled consent). flags is left
363
- // at the schema default (signupProcessed: false) to mimic the legacy state exactly.
364
- // merge:true — preserve the runner-provisioned auth.uid (pollForUserDoc needs it).
365
- await firestore.set(`users/${uid}`, {
366
- consent: {
367
- legal: {
368
- status: 'granted',
369
- grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Legacy legal grant' },
370
- },
371
- marketing: {
372
- status: 'granted',
373
- grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Legacy marketing grant' },
374
- revokedAt: { timestamp: null, timestampUNIX: null, source: null, ip: null, text: null },
375
- },
376
- },
377
- flags: { signupProcessed: false },
378
- }, { merge: true });
379
-
380
- // Re-fire signup with NO consent payload (the legacy page-load case).
381
- const signupResponse = await http.as('consent-preserve').post('backend-manager/user/signup', {});
382
- assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
383
-
384
- const userDoc = await firestore.get(`users/${uid}`);
385
-
386
- // CRITICAL: the prior grants must survive — NOT be downgraded to revoked.
387
- assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status must stay granted (not downgraded by empty payload)');
388
- assert.equal(userDoc?.consent?.legal?.grantedAt?.text, 'Legacy legal grant', 'legal grantedAt must be the preserved original, not wiped');
389
- assert.equal(userDoc?.consent?.legal?.grantedAt?.timestampUNIX, 1735689600, 'legal grantedAt timestamp must be preserved');
390
-
391
- assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'marketing.status must stay granted (not downgraded by empty payload)');
392
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, 'Legacy marketing grant', 'marketing grantedAt must be the preserved original');
393
- // No spurious revokedAt should have been stamped over the preserved grant.
394
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.timestamp, null, 'marketing revokedAt must stay null (no decline was recorded)');
395
-
396
- // signupProcessed should now be flipped true by this run.
397
- assert.equal(userDoc?.flags?.signupProcessed, true, 'signupProcessed should be set true after the run');
398
- },
399
- },
400
- {
401
- name: 'consent-explicit-decline-does-not-downgrade-existing-grant',
402
- async run({ http, firestore, assert, accounts }) {
403
- const uid = accounts['consent-preserve'].uid;
404
-
405
- // Re-seed: granted marketing + UNSET signupProcessed so the route processes this call.
406
- // Then send a payload that explicitly DECLINES marketing. The guard must still preserve
407
- // the existing grant — only an explicit RE-GRANT may overwrite; a decline-over-grant on
408
- // the signup path is treated as a non-grant and must not wipe a prior consent.
409
- // merge:true — preserve the runner-provisioned auth.uid (pollForUserDoc needs it).
410
- await firestore.set(`users/${uid}`, {
411
- consent: {
412
- marketing: {
413
- status: 'granted',
414
- grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Prior marketing grant' },
415
- revokedAt: { timestamp: null, timestampUNIX: null, source: null, ip: null, text: null },
416
- },
417
- },
418
- flags: { signupProcessed: false },
419
- }, { merge: true });
420
-
421
- const signupResponse = await http.as('consent-preserve').post('backend-manager/user/signup', {
422
- consent: {
423
- legal: { granted: true, text: 'Legal grant on re-fire' },
424
- marketing: { granted: false, text: 'Declining marketing' },
425
- },
426
- });
427
- assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
428
-
429
- const userDoc = await firestore.get(`users/${uid}`);
430
-
431
- // Legal newly granted this call.
432
- assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status should be granted from this call');
433
- // Marketing was already granted; an explicit decline must NOT downgrade it.
434
- assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'marketing.status must stay granted (decline cannot downgrade an existing grant on signup path)');
435
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, 'Prior marketing grant', 'marketing grant must be the preserved original');
436
- },
437
- },
438
-
439
- // --- buildUserRecord layered deep-merge tests ---
440
- // The signup write must: (a) fill every schema leaf so the doc is complete (no migration
441
- // churn), (b) PRESERVE existing real values (api keys, subscription, roles, affiliate.code,
442
- // custom non-schema fields), and (c) apply the signup data on top — without Firestore's
443
- // map-replace wiping nested data. These tests seed adversarial existing state and verify.
444
- {
445
- name: 'merge-preserves-existing-and-fills-schema',
446
- async run({ http, firestore, assert, accounts }) {
447
- const uid = accounts['signup-merge'].uid;
448
-
449
- // Capture the REAL api keys onCreate generated — the signup write must preserve these
450
- // exactly (regenerating them would break the user's API access AND this test's auth,
451
- // since http.as() authenticates with api.privateKey). We assert against the real values,
452
- // NOT a seeded fake (seeding a fake privateKey would 401 the request).
453
- const before = await firestore.get(`users/${uid}`);
454
- const realClientId = before?.api?.clientId;
455
- const realPrivateKey = before?.api?.privateKey;
456
- const realAffiliateCode = before?.affiliate?.code;
457
-
458
- // Seed adversarial NON-auth state the signup write must NOT clobber: a paid subscription,
459
- // admin role, a custom non-schema field, and a deliberately PARTIAL attribution (only
460
- // affiliate.code) to prove leaves get filled, not replaced-away. We do NOT touch api.* —
461
- // that's the auth credential and is asserted-preserved via the captured real values.
462
- await firestore.set(`users/${uid}`, {
463
- subscription: { product: { id: 'pro', name: 'Pro' }, status: 'active' },
464
- roles: { admin: true, betaTester: false, developer: false },
465
- attribution: { affiliate: { code: 'PARTIALONLY' } },
466
- myCustomIntegration: { slackWebhook: 'https://hooks.slack.com/services/XXX' },
467
- }, { merge: true });
468
-
469
- const signupResponse = await http.as('signup-merge').post('backend-manager/user/signup', {
470
- consent: { legal: { granted: true, text: 'I agree.' }, marketing: { granted: true, text: 'Updates please.' } },
471
- attribution: { utm: { tags: { utm_source: 'newsletter' } } },
472
- });
473
- assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
474
-
475
- const doc = await firestore.get(`users/${uid}`);
476
-
477
- // (b) Existing real values must survive untouched — NOT regenerated/reset by the schema layer.
478
- assert.equal(doc?.api?.clientId, realClientId, 'api.clientId must be preserved (not regenerated)');
479
- assert.equal(doc?.api?.privateKey, realPrivateKey, 'api.privateKey must be preserved (not regenerated)');
480
- assert.equal(doc?.affiliate?.code, realAffiliateCode, 'affiliate.code must be preserved (not regenerated)');
481
- assert.equal(doc?.subscription?.product?.id, 'pro', 'subscription must be preserved (not reset to basic)');
482
- assert.equal(doc?.roles?.admin, true, 'roles.admin must be preserved (not reset to false)');
483
-
484
- // (b) Custom non-schema field must survive the merge.
485
- assert.equal(doc?.myCustomIntegration?.slackWebhook, 'https://hooks.slack.com/services/XXX', 'custom non-schema field must survive');
486
-
487
- // (a) Every attribution leaf must be present (the bug: partial write flattened the map).
488
- assert.hasProperty(doc, 'attribution.affiliate.code', 'attribution.affiliate.code must exist');
489
- assert.hasProperty(doc, 'attribution.affiliate.url', 'attribution.affiliate.url must exist (filled)');
490
- assert.hasProperty(doc, 'attribution.affiliate.page', 'attribution.affiliate.page must exist (filled)');
491
- assert.hasProperty(doc, 'attribution.affiliate.timestamp', 'attribution.affiliate.timestamp must exist (filled)');
492
- assert.hasProperty(doc, 'attribution.utm.url', 'attribution.utm.url must exist (filled)');
493
- assert.hasProperty(doc, 'attribution.utm.page', 'attribution.utm.page must exist (filled)');
494
- assert.hasProperty(doc, 'attribution.utm.timestamp', 'attribution.utm.timestamp must exist (filled)');
495
- // filled leaves should be null, not undefined/missing
496
- assert.equal(doc?.attribution?.affiliate?.url, null, 'unset attribution leaf should be null');
497
-
498
- // (c) Signup data applied on top.
499
- assert.equal(doc?.attribution?.affiliate?.code, 'PARTIALONLY', 'pre-existing affiliate.code preserved (signup did not send one)');
500
- assert.equal(doc?.attribution?.utm?.tags?.utm_source, 'newsletter', 'signup utm tag applied');
501
- assert.equal(doc?.flags?.signupProcessed, true, 'flags.signupProcessed set true');
502
- assert.equal(doc?.consent?.legal?.status, 'granted', 'consent applied');
503
- },
504
- },
505
- {
506
- name: 'merge-fills-all-leaves-on-schema-complete-doc',
507
- async run({ http, firestore, assert, accounts }) {
508
- // Sanity: after signup, the doc must contain the full set of top-level schema sections,
509
- // so a subsequent migration finds NOTHING to backfill. Reuses the signup-merge account
510
- // (already processed above → re-fire is rejected, but the doc from the prior test is the
511
- // artifact we assert against; this test just validates that doc's completeness).
512
- const uid = accounts['signup-merge'].uid;
513
- const doc = await firestore.get(`users/${uid}`);
514
-
515
- for (const section of ['auth', 'roles', 'flags', 'affiliate', 'metadata', 'activity', 'api', 'personal', 'attribution', 'consent', 'subscription']) {
516
- assert.hasProperty(doc, section, `doc must have top-level '${section}' section after signup`);
517
- }
518
- // Nested completeness spot-checks across the sections signup writes.
519
- assert.hasProperty(doc, 'activity.geolocation.ip', 'activity.geolocation.ip must exist');
520
- assert.hasProperty(doc, 'activity.client.userAgent', 'activity.client.userAgent must exist');
521
- assert.hasProperty(doc, 'personal.name.first', 'personal.name.first must exist');
522
- assert.hasProperty(doc, 'consent.marketing.revokedAt.source', 'consent.marketing.revokedAt.source must exist');
523
- assert.hasProperty(doc, 'metadata.created.timestampUNIX', 'metadata.created.timestampUNIX must exist');
524
- },
525
- },
526
-
527
- // --- Auth rejection test (at end per convention) ---
528
- {
529
- name: 'unauthenticated-rejected',
530
- async run({ http, assert }) {
531
- // Try to call POST /user/signup without authentication
532
- const signupResponse = await http.as('none').post('backend-manager/user/signup', {
533
- attribution: {
534
- affiliate: { code: REFERRER_AFFILIATE_CODE },
535
- },
536
- });
537
-
538
- assert.isError(signupResponse, 401, 'Signup should fail without authentication');
539
- },
540
- },
541
- ],
542
- };
@@ -1,99 +0,0 @@
1
- /**
2
- * Test: GET /user/subscription
3
- * Tests the user get subscription info endpoint
4
- * Returns subscription details for authenticated users
5
- */
6
- module.exports = {
7
- description: 'User get subscription info',
8
- type: 'group',
9
- tests: [
10
- // Test 1: Basic user can get subscription info
11
- {
12
- name: 'basic-user-succeeds',
13
- auth: 'basic',
14
- timeout: 15000,
15
-
16
- async run({ http, assert }) {
17
- const response = await http.get('backend-manager/user/subscription', {});
18
-
19
- assert.isSuccess(response, 'Get subscription info should succeed for authenticated user');
20
- assert.hasProperty(response, 'data.subscription', 'Response should contain subscription object');
21
- assert.hasProperty(response, 'data.subscription.product.id', 'Subscription should have id');
22
- assert.hasProperty(response, 'data.subscription.expires', 'Subscription should have expires');
23
- assert.hasProperty(response, 'data.subscription.trial', 'Subscription should have trial info');
24
- assert.hasProperty(response, 'data.subscription.payment', 'Subscription should have payment info');
25
- },
26
- },
27
-
28
- // Test 2: Subscription has correct structure
29
- {
30
- name: 'subscription-structure-valid',
31
- auth: 'basic',
32
- timeout: 15000,
33
-
34
- async run({ http, assert }) {
35
- const response = await http.get('backend-manager/user/subscription', {});
36
-
37
- assert.isSuccess(response, 'Get subscription info should succeed');
38
-
39
- const subscription = response.data.subscription;
40
-
41
- // Check expires structure
42
- assert.hasProperty(response, 'data.subscription.expires.timestamp', 'expires should have timestamp');
43
- assert.hasProperty(response, 'data.subscription.expires.timestampUNIX', 'expires should have timestampUNIX');
44
-
45
- // Check trial structure
46
- assert.ok(
47
- typeof subscription.trial.claimed === 'boolean',
48
- 'trial.claimed should be boolean'
49
- );
50
-
51
- // Check payment structure
52
- assert.hasProperty(response, 'data.subscription.payment', 'subscription should have payment');
53
- },
54
- },
55
-
56
- // Test 3: Premium user has active subscription
57
- {
58
- name: 'premium-user-has-active-subscription',
59
- auth: 'premium-active',
60
- timeout: 15000,
61
-
62
- async run({ http, assert }) {
63
- const response = await http.get('backend-manager/user/subscription', {});
64
-
65
- assert.isSuccess(response, 'Get subscription info should succeed for premium user');
66
- assert.hasProperty(response, 'data.subscription.product.id', 'Premium user should have subscription id');
67
- assert.hasProperty(response, 'data.subscription.payment', 'Premium user should have payment info');
68
- },
69
- },
70
-
71
- // Test 4: Expired premium user still gets info
72
- {
73
- name: 'expired-premium-returns-info',
74
- auth: 'premium-expired',
75
- timeout: 15000,
76
-
77
- async run({ http, assert }) {
78
- const response = await http.get('backend-manager/user/subscription', {});
79
-
80
- assert.isSuccess(response, 'Get subscription info should succeed for expired premium');
81
- assert.hasProperty(response, 'data.subscription.product.id', 'Should still have subscription id');
82
- assert.hasProperty(response, 'data.subscription.expires.timestampUNIX', 'Should have expires timestamp');
83
- },
84
- },
85
-
86
- // Test 5: Unauthenticated request fails
87
- {
88
- name: 'unauthenticated-rejected',
89
- auth: 'none',
90
- timeout: 15000,
91
-
92
- async run({ http, assert }) {
93
- const response = await http.get('backend-manager/user/subscription', {});
94
-
95
- assert.isError(response, 401, 'Get subscription info should fail without authentication');
96
- },
97
- },
98
- ],
99
- };