backend-manager 5.9.5 → 5.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (244) hide show
  1. package/package.json +8 -1
  2. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
  3. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
  4. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
  5. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
  6. package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
  7. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
  8. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
  9. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
  10. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
  11. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
  12. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
  13. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
  14. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
  15. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
  16. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
  17. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
  18. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
  19. package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
  20. package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
  21. package/src/test/fixtures/firebase-project/database-debug.log +12 -0
  22. package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
  23. package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
  24. package/.codeclimate.yml +0 -32
  25. package/.nvmrc +0 -1
  26. package/CHANGELOG.md +0 -1440
  27. package/PROGRESS.md +0 -93
  28. package/TODO-2.md +0 -121
  29. package/TODO-CHARGEBLAST.md +0 -32
  30. package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
  31. package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
  32. package/TODO-email-auth.md +0 -14
  33. package/TODO.md +0 -187
  34. package/plans/mcp2.md +0 -247
  35. package/plans/suspended-subscription-dead-zone.md +0 -97
  36. package/scripts/test-helper-providers.js +0 -162
  37. package/scripts/update-disposable-domains.js +0 -44
  38. package/templates/_.env +0 -42
  39. package/templates/_.gitignore +0 -60
  40. package/templates/backend-manager-config.json +0 -249
  41. package/templates/database.rules.json +0 -83
  42. package/templates/firebase.json +0 -66
  43. package/templates/firestore.indexes.json +0 -4
  44. package/templates/firestore.rules +0 -112
  45. package/templates/public/404.html +0 -26
  46. package/templates/public/index.html +0 -24
  47. package/templates/remoteconfig.template.json +0 -1
  48. package/templates/storage-lifecycle-config-1-day.json +0 -9
  49. package/templates/storage-lifecycle-config-30-days.json +0 -9
  50. package/templates/storage.rules +0 -8
  51. package/test/_init/accounts-validation.js +0 -58
  52. package/test/_legacy/ai/index.js +0 -231
  53. package/test/_legacy/ai/test.jpg +0 -0
  54. package/test/_legacy/ai/test.pdf +0 -0
  55. package/test/_legacy/index.js +0 -31
  56. package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
  57. package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
  58. package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
  59. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
  60. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
  61. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
  62. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
  63. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
  64. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
  65. package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
  66. package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
  67. package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
  68. package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
  69. package/test/_legacy/payment-resolver/index.js +0 -1558
  70. package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
  71. package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
  72. package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
  73. package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
  74. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
  75. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
  76. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
  77. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
  78. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
  79. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
  80. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
  81. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
  82. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
  83. package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
  84. package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
  85. package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
  86. package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
  87. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
  88. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
  89. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
  90. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
  91. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
  92. package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
  93. package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
  94. package/test/_legacy/test-new +0 -1178
  95. package/test/_legacy/test.md +0 -89
  96. package/test/_legacy/usage.js +0 -175
  97. package/test/_legacy/user.js +0 -31
  98. package/test/ai/tools-live.js +0 -170
  99. package/test/boot/emulator-boots.js +0 -37
  100. package/test/content/blog-generate.js +0 -160
  101. package/test/email/campaign-send.js +0 -45
  102. package/test/email/consent-lifecycle.js +0 -257
  103. package/test/email/feedback-and-plain-send.js +0 -52
  104. package/test/email/fixtures/editorial.json +0 -30
  105. package/test/email/fixtures/field-report.json +0 -53
  106. package/test/email/marketing-lifecycle.js +0 -132
  107. package/test/email/newsletter-generate.js +0 -819
  108. package/test/email/newsletter-templates.js +0 -491
  109. package/test/email/templates.js +0 -207
  110. package/test/email/transactional-send.js +0 -34
  111. package/test/email/transactional.js +0 -560
  112. package/test/email/validation.js +0 -710
  113. package/test/events/auth-delete-race.js +0 -201
  114. package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
  115. package/test/events/payments/journey-payments-cancel.js +0 -182
  116. package/test/events/payments/journey-payments-discount.js +0 -89
  117. package/test/events/payments/journey-payments-failure.js +0 -146
  118. package/test/events/payments/journey-payments-legacy-product.js +0 -149
  119. package/test/events/payments/journey-payments-one-time-failure.js +0 -111
  120. package/test/events/payments/journey-payments-one-time.js +0 -136
  121. package/test/events/payments/journey-payments-plan-change.js +0 -144
  122. package/test/events/payments/journey-payments-refund-webhook.js +0 -180
  123. package/test/events/payments/journey-payments-suspend.js +0 -181
  124. package/test/events/payments/journey-payments-trial-cancel.js +0 -130
  125. package/test/events/payments/journey-payments-trial.js +0 -171
  126. package/test/events/payments/journey-payments-uid-resolution.js +0 -132
  127. package/test/events/payments/journey-payments-upgrade.js +0 -135
  128. package/test/fixtures/chargebee/invoice-one-time.json +0 -27
  129. package/test/fixtures/chargebee/subscription-active.json +0 -44
  130. package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
  131. package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
  132. package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
  133. package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
  134. package/test/fixtures/chargebee/subscription-paused.json +0 -42
  135. package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
  136. package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
  137. package/test/fixtures/paypal/order-approved.json +0 -62
  138. package/test/fixtures/paypal/order-completed.json +0 -110
  139. package/test/fixtures/paypal/subscription-active.json +0 -76
  140. package/test/fixtures/paypal/subscription-cancelled.json +0 -50
  141. package/test/fixtures/paypal/subscription-suspended.json +0 -65
  142. package/test/fixtures/stripe/checkout-session-completed.json +0 -130
  143. package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
  144. package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
  145. package/test/fixtures/stripe/subscription-active.json +0 -161
  146. package/test/fixtures/stripe/subscription-canceled.json +0 -161
  147. package/test/fixtures/stripe/subscription-trialing.json +0 -161
  148. package/test/functions/admin/database-read.js +0 -134
  149. package/test/functions/admin/database-write.js +0 -159
  150. package/test/functions/admin/edit-post.js +0 -366
  151. package/test/functions/admin/firestore-query.js +0 -207
  152. package/test/functions/admin/firestore-read.js +0 -129
  153. package/test/functions/admin/firestore-write.js +0 -105
  154. package/test/functions/admin/get-stats.js +0 -115
  155. package/test/functions/admin/send-email.js +0 -119
  156. package/test/functions/admin/send-notification.js +0 -208
  157. package/test/functions/admin/write-repo-content.js +0 -223
  158. package/test/functions/general/add-marketing-contact.js +0 -335
  159. package/test/functions/general/fetch-post.js +0 -54
  160. package/test/functions/general/generate-uuid.js +0 -114
  161. package/test/functions/test/authenticate.js +0 -64
  162. package/test/functions/user/create-custom-token.js +0 -73
  163. package/test/functions/user/delete.js +0 -135
  164. package/test/functions/user/get-active-sessions.js +0 -111
  165. package/test/functions/user/get-subscription-info.js +0 -99
  166. package/test/functions/user/regenerate-api-keys.js +0 -156
  167. package/test/functions/user/resolve.js +0 -52
  168. package/test/functions/user/sign-out-all-sessions.js +0 -94
  169. package/test/functions/user/sign-up.js +0 -252
  170. package/test/functions/user/submit-feedback.js +0 -104
  171. package/test/functions/user/validate-settings.js +0 -82
  172. package/test/helpers/ai-request-payload.js +0 -300
  173. package/test/helpers/ai-test-provider.js +0 -202
  174. package/test/helpers/ai-tools-format.js +0 -383
  175. package/test/helpers/content/blog-auto-publisher.js +0 -484
  176. package/test/helpers/content/feed-parser.js +0 -528
  177. package/test/helpers/content/ghostii-blocks.js +0 -134
  178. package/test/helpers/content/ghostii-feed-integration.js +0 -404
  179. package/test/helpers/content/ghostii-write-article.js +0 -243
  180. package/test/helpers/environment.js +0 -230
  181. package/test/helpers/infer-contact.js +0 -113
  182. package/test/helpers/merge-line-files.js +0 -271
  183. package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
  184. package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
  185. package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
  186. package/test/helpers/payment/paypal/parse-webhook.js +0 -539
  187. package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
  188. package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
  189. package/test/helpers/payment/stripe/parse-webhook.js +0 -447
  190. package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
  191. package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
  192. package/test/helpers/sanitize.js +0 -222
  193. package/test/helpers/slugify.js +0 -394
  194. package/test/helpers/storage.js +0 -194
  195. package/test/helpers/user.js +0 -755
  196. package/test/helpers/webhook-forward.js +0 -418
  197. package/test/mcp/discovery.js +0 -53
  198. package/test/mcp/oauth.js +0 -161
  199. package/test/mcp/protocol.js +0 -268
  200. package/test/mcp/roles.js +0 -188
  201. package/test/mcp/utils.js +0 -245
  202. package/test/routes/admin/create-post.js +0 -364
  203. package/test/routes/admin/database.js +0 -131
  204. package/test/routes/admin/deduplicate-image-alts.js +0 -190
  205. package/test/routes/admin/email.js +0 -114
  206. package/test/routes/admin/firestore-query.js +0 -204
  207. package/test/routes/admin/firestore.js +0 -127
  208. package/test/routes/admin/infer-contact.js +0 -218
  209. package/test/routes/admin/notification.js +0 -198
  210. package/test/routes/admin/post-resize-image.js +0 -184
  211. package/test/routes/admin/post.js +0 -368
  212. package/test/routes/admin/repo-content.js +0 -223
  213. package/test/routes/admin/stats.js +0 -112
  214. package/test/routes/content/post.js +0 -54
  215. package/test/routes/general/uuid.js +0 -115
  216. package/test/routes/marketing/campaign.js +0 -125
  217. package/test/routes/marketing/contact.js +0 -370
  218. package/test/routes/marketing/email-preferences.js +0 -292
  219. package/test/routes/marketing/push-send.js +0 -32
  220. package/test/routes/marketing/webhook-forward.js +0 -61
  221. package/test/routes/marketing/webhook.js +0 -639
  222. package/test/routes/payments/cancel.js +0 -163
  223. package/test/routes/payments/discount.js +0 -80
  224. package/test/routes/payments/dispute-alert.js +0 -320
  225. package/test/routes/payments/intent.js +0 -336
  226. package/test/routes/payments/portal.js +0 -92
  227. package/test/routes/payments/refund.js +0 -179
  228. package/test/routes/payments/trial-eligibility.js +0 -71
  229. package/test/routes/payments/webhook.js +0 -107
  230. package/test/routes/test/authenticate.js +0 -59
  231. package/test/routes/test/schema.js +0 -554
  232. package/test/routes/test/usage.js +0 -342
  233. package/test/routes/user/api-keys.js +0 -156
  234. package/test/routes/user/delete.js +0 -136
  235. package/test/routes/user/feedback.js +0 -104
  236. package/test/routes/user/sessions.js +0 -199
  237. package/test/routes/user/settings-validate.js +0 -82
  238. package/test/routes/user/signup.js +0 -542
  239. package/test/routes/user/subscription.js +0 -99
  240. package/test/routes/user/token.js +0 -73
  241. package/test/routes/user/user.js +0 -157
  242. package/test/rules/notifications.js +0 -410
  243. package/test/rules/payments-carts.js +0 -371
  244. package/test/rules/user.js +0 -396
@@ -1,292 +0,0 @@
1
- /**
2
- * Test: POST /marketing/email-preferences
3
- *
4
- * Two modes:
5
- * - Anonymous HMAC: from email-footer unsubscribe link. Requires email + asmId + sig.
6
- * Hits SendGrid ASM and (NEW) mirrors to user doc if email maps to a user.
7
- * - Authenticated: from account-page toggle. Requires only `action`.
8
- * Writes consent.marketing to user doc with source='account' and hits SendGrid + Beehiiv
9
- * via the email library.
10
- *
11
- * Set TEST_EXTENDED_MODE=true to hit real SendGrid + Beehiiv. Otherwise provider calls
12
- * are skipped but user-doc mutations still happen.
13
- */
14
- const crypto = require('crypto');
15
-
16
- const TEST_EMAIL = 'rachel.greene+bem-unsub@gmail.com';
17
- const TEST_ASM_ID = '24077';
18
-
19
- function generateSig(email) {
20
- return crypto.createHmac('sha256', process.env.UNSUBSCRIBE_HMAC_KEY).update(email.toLowerCase()).digest('hex');
21
- }
22
-
23
- module.exports = {
24
- description: 'Marketing email-preferences (anonymous HMAC + authenticated)',
25
- type: 'group',
26
- tests: [
27
- // ─── Anonymous HMAC flow ───
28
-
29
- {
30
- name: 'anon-unsubscribe-valid-sig-succeeds',
31
- auth: 'none',
32
- timeout: 15000,
33
- async run({ http, assert }) {
34
- const sig = generateSig(TEST_EMAIL);
35
- const response = await http.post('backend-manager/marketing/email-preferences', {
36
- email: TEST_EMAIL,
37
- asmId: TEST_ASM_ID,
38
- action: 'unsubscribe',
39
- sig,
40
- });
41
- assert.isSuccess(response, 'Unsubscribe with valid sig should succeed');
42
- assert.propertyEquals(response, 'data.success', true, 'success should be true');
43
- },
44
- },
45
-
46
- {
47
- name: 'anon-subscribe-valid-sig-succeeds',
48
- auth: 'none',
49
- timeout: 15000,
50
- async run({ http, assert }) {
51
- const sig = generateSig(TEST_EMAIL);
52
- const response = await http.post('backend-manager/marketing/email-preferences', {
53
- email: TEST_EMAIL,
54
- asmId: TEST_ASM_ID,
55
- action: 'subscribe',
56
- sig,
57
- });
58
- assert.isSuccess(response, 'Subscribe with valid sig should succeed');
59
- assert.propertyEquals(response, 'data.success', true, 'success should be true');
60
- },
61
- },
62
-
63
- {
64
- name: 'anon-resubscribe-rejected',
65
- auth: 'none',
66
- timeout: 15000,
67
- async run({ http, assert }) {
68
- // Old 'resubscribe' action is no longer accepted — must use 'subscribe'
69
- const sig = generateSig(TEST_EMAIL);
70
- const response = await http.post('backend-manager/marketing/email-preferences', {
71
- email: TEST_EMAIL,
72
- asmId: TEST_ASM_ID,
73
- action: 'resubscribe',
74
- sig,
75
- });
76
- assert.isError(response, 400, 'Old "resubscribe" action should be rejected');
77
- },
78
- },
79
-
80
- {
81
- name: 'anon-invalid-sig-rejected',
82
- auth: 'none',
83
- timeout: 15000,
84
- async run({ http, assert }) {
85
- const response = await http.post('backend-manager/marketing/email-preferences', {
86
- email: TEST_EMAIL,
87
- asmId: TEST_ASM_ID,
88
- action: 'unsubscribe',
89
- sig: 'invalid-signature-value',
90
- });
91
- assert.isError(response, 403, 'Invalid sig should return 403');
92
- },
93
- },
94
-
95
- {
96
- name: 'anon-missing-email-rejected',
97
- auth: 'none',
98
- timeout: 15000,
99
- async run({ http, assert }) {
100
- const response = await http.post('backend-manager/marketing/email-preferences', {
101
- asmId: TEST_ASM_ID,
102
- action: 'unsubscribe',
103
- sig: 'anything',
104
- });
105
- assert.isError(response, 400, 'Missing email should return 400');
106
- },
107
- },
108
-
109
- {
110
- name: 'anon-invalid-email-rejected',
111
- auth: 'none',
112
- timeout: 15000,
113
- async run({ http, assert }) {
114
- const sig = generateSig('not-an-email');
115
- const response = await http.post('backend-manager/marketing/email-preferences', {
116
- email: 'not-an-email',
117
- asmId: TEST_ASM_ID,
118
- action: 'unsubscribe',
119
- sig,
120
- });
121
- assert.isError(response, 400, 'Invalid email format should return 400');
122
- },
123
- },
124
-
125
- {
126
- name: 'anon-missing-asmid-rejected',
127
- auth: 'none',
128
- timeout: 15000,
129
- async run({ http, assert }) {
130
- const sig = generateSig(TEST_EMAIL);
131
- const response = await http.post('backend-manager/marketing/email-preferences', {
132
- email: TEST_EMAIL,
133
- action: 'unsubscribe',
134
- sig,
135
- });
136
- assert.isError(response, 400, 'Missing asmId should return 400');
137
- },
138
- },
139
-
140
- {
141
- name: 'anon-invalid-action-rejected',
142
- auth: 'none',
143
- timeout: 15000,
144
- async run({ http, assert }) {
145
- const sig = generateSig(TEST_EMAIL);
146
- const response = await http.post('backend-manager/marketing/email-preferences', {
147
- email: TEST_EMAIL,
148
- asmId: TEST_ASM_ID,
149
- action: 'delete',
150
- sig,
151
- });
152
- assert.isError(response, 400, 'Invalid action should return 400');
153
- },
154
- },
155
-
156
- {
157
- name: 'anon-wrong-email-sig-rejected',
158
- auth: 'none',
159
- timeout: 15000,
160
- async run({ http, assert }) {
161
- // sig generated for a different email — must not validate against TEST_EMAIL
162
- const sig = generateSig('someone-else@gmail.com');
163
- const response = await http.post('backend-manager/marketing/email-preferences', {
164
- email: TEST_EMAIL,
165
- asmId: TEST_ASM_ID,
166
- action: 'unsubscribe',
167
- sig,
168
- });
169
- assert.isError(response, 403, 'Sig for different email should return 403');
170
- },
171
- },
172
-
173
- // ─── Authenticated mode ───
174
-
175
- {
176
- name: 'auth-unsubscribe-writes-consent-and-records-source-account',
177
- auth: 'basic',
178
- timeout: 15000,
179
- async run({ http, firestore, assert, accounts }) {
180
- const uid = accounts.basic.uid;
181
-
182
- const beforeMs = Date.now();
183
- const response = await http.as('basic').post('backend-manager/marketing/email-preferences', {
184
- action: 'unsubscribe',
185
- });
186
- const afterMs = Date.now();
187
-
188
- assert.isSuccess(response, `Authenticated unsubscribe should succeed: ${JSON.stringify(response, null, 2)}`);
189
- assert.propertyEquals(response, 'data.success', true, 'success should be true');
190
- assert.propertyEquals(response, 'data.action', 'unsubscribe', 'action echoed in response');
191
-
192
- const userDoc = await firestore.get(`users/${uid}`);
193
-
194
- assert.equal(userDoc?.consent?.marketing?.status, 'revoked', 'consent.marketing.status should be revoked');
195
- assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, 'account', 'revokedAt.source should be account');
196
- assert.ok(userDoc?.consent?.marketing?.revokedAt?.timestamp, 'revokedAt.timestamp should be set');
197
- assert.equal(typeof userDoc?.consent?.marketing?.revokedAt?.timestampUNIX, 'number', 'revokedAt.timestampUNIX should be number');
198
-
199
- // Server time used (defense against clock manipulation).
200
- // Server uses Math.round, so the stamped value can be 1 second past Math.floor(afterMs/1000)
201
- // when the request takes >500ms. Use Math.round on the upper bound + a small fudge.
202
- const revokedUNIX = userDoc.consent.marketing.revokedAt.timestampUNIX;
203
- const beforeUNIX = Math.floor(beforeMs / 1000);
204
- const afterUNIX = Math.round(afterMs / 1000) + 1;
205
- assert.ok(
206
- revokedUNIX >= beforeUNIX && revokedUNIX <= afterUNIX,
207
- `revokedAt.timestampUNIX (${revokedUNIX}) should be server time, between ${beforeUNIX} and ${afterUNIX}`
208
- );
209
- },
210
- },
211
-
212
- {
213
- name: 'auth-subscribe-after-unsubscribe-flips-status-keeps-prior-revokedAt',
214
- auth: 'basic',
215
- timeout: 15000,
216
- async run({ http, firestore, assert, accounts }) {
217
- const uid = accounts.basic.uid;
218
-
219
- // Capture revokedAt from the previous test
220
- const beforeDoc = await firestore.get(`users/${uid}`);
221
- const priorRevokedAt = beforeDoc?.consent?.marketing?.revokedAt;
222
- assert.ok(priorRevokedAt?.timestamp, 'Prior test should have left a revokedAt timestamp');
223
-
224
- const response = await http.as('basic').post('backend-manager/marketing/email-preferences', {
225
- action: 'subscribe',
226
- });
227
-
228
- assert.isSuccess(response, `Authenticated subscribe should succeed: ${JSON.stringify(response, null, 2)}`);
229
-
230
- const userDoc = await firestore.get(`users/${uid}`);
231
-
232
- // status flips
233
- assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'status should flip to granted');
234
-
235
- // grantedAt populated with new server time + source=account
236
- assert.equal(userDoc?.consent?.marketing?.grantedAt?.source, 'account', 'grantedAt.source should be account');
237
- assert.ok(userDoc?.consent?.marketing?.grantedAt?.timestamp, 'grantedAt.timestamp should be set');
238
-
239
- // revokedAt UNTOUCHED — still reflects the most recent revoke
240
- assert.equal(
241
- userDoc?.consent?.marketing?.revokedAt?.timestamp,
242
- priorRevokedAt.timestamp,
243
- 'revokedAt.timestamp should be preserved from prior revoke'
244
- );
245
- assert.equal(
246
- userDoc?.consent?.marketing?.revokedAt?.source,
247
- priorRevokedAt.source,
248
- 'revokedAt.source should be preserved from prior revoke'
249
- );
250
- },
251
- },
252
-
253
- {
254
- name: 'auth-invalid-action-rejected',
255
- auth: 'basic',
256
- timeout: 15000,
257
- async run({ http, assert }) {
258
- const response = await http.as('basic').post('backend-manager/marketing/email-preferences', {
259
- action: 'delete',
260
- });
261
- assert.isError(response, 400, 'Invalid action should return 400');
262
- },
263
- },
264
-
265
- {
266
- name: 'auth-opt-in-old-name-rejected',
267
- auth: 'basic',
268
- timeout: 15000,
269
- async run({ http, assert }) {
270
- // Old proposed 'opt-in' is NOT accepted — must use 'subscribe'
271
- const response = await http.as('basic').post('backend-manager/marketing/email-preferences', {
272
- action: 'opt-in',
273
- });
274
- assert.isError(response, 400, 'Old "opt-in" name should be rejected (use "subscribe")');
275
- },
276
- },
277
-
278
- {
279
- name: 'unauthenticated-without-sig-rejected',
280
- auth: 'none',
281
- timeout: 15000,
282
- async run({ http, assert }) {
283
- // Unauthenticated + no sig → email field is required for HMAC path → 400.
284
- // (No auth means we hit the anonymous path; no email/asmId means missing-required.)
285
- const response = await http.post('backend-manager/marketing/email-preferences', {
286
- action: 'unsubscribe',
287
- });
288
- assert.isError(response, 400, 'Unauthenticated request without HMAC fields should 400');
289
- },
290
- },
291
- ],
292
- };
@@ -1,32 +0,0 @@
1
- /**
2
- * Test: Push notification send
3
- * Sends a test push notification to a specific FCM token.
4
- * Requires TEST_EXTENDED_MODE=true and TEST_FCM_TOKEN env var.
5
- */
6
- module.exports = {
7
- description: 'Push notification send',
8
- auth: 'admin',
9
- skip: !process.env.TEST_EXTENDED_MODE
10
- ? 'TEST_EXTENDED_MODE not set'
11
- : !process.env.TEST_FCM_TOKEN
12
- ? 'TEST_FCM_TOKEN env var not set'
13
- : false,
14
- timeout: 30000,
15
-
16
- async run({ http, assert, config }) {
17
- const response = await http.post('backend-manager/marketing/campaign', {
18
- name: '[TEST] Push notification',
19
- subject: 'This is a test push notification from BEM',
20
- type: 'push',
21
- test: true,
22
- sendAt: 'now',
23
- filters: { token: process.env.TEST_FCM_TOKEN },
24
- });
25
-
26
- assert.isSuccess(response, 'Should create and send push campaign');
27
- assert.ok(response.data.id, 'Should have campaign ID');
28
- assert.equal(response.data.status, 'sent', 'Should be sent immediately');
29
- assert.ok(response.data.providers?.push, 'Should have push result');
30
- assert.equal(response.data.providers.push.sent, 1, 'Should have sent to 1 token');
31
- },
32
- };
@@ -1,61 +0,0 @@
1
- /**
2
- * Test: POST /marketing/webhook/forward (parent forwarder)
3
- *
4
- * This route is gated to only work when Manager.config.parent === 'self'.
5
- * Most test runs happen on a CHILD brand (e.g. Somiibo's backend-manager-config.json
6
- * has `parent: 'https://api.itwcreativeworks.com'`), so the route should return 404.
7
- *
8
- * The actual fan-out behavior (reading brands collection, derive API URLs,
9
- * POST to each child) is verified by unit-style tests in test/helpers/webhook-forward.js
10
- * which exercise the forwarder logic against a mock admin + mock fetch — no emulator
11
- * round-trip required.
12
- *
13
- * This file only verifies the GATE: on a non-parent BEM, the route is invisible.
14
- */
15
- module.exports = {
16
- description: 'Marketing webhook forwarder gating (parent-only)',
17
- type: 'group',
18
- timeout: 15000,
19
-
20
- tests: [
21
- {
22
- name: 'forwarder-returns-404-on-non-parent-brand',
23
- auth: 'none',
24
- async run({ http, assert, config, skip }) {
25
- // This gate only applies to CHILD brands. If this brand IS the parent
26
- // (config.parent === 'self'), the forwarder route is visible by design,
27
- // so there's nothing to assert here — skip rather than fail.
28
- if (!config.parent || config.parent === 'self') {
29
- skip('Brand is its own parent (config.parent === "self") — forwarder gate does not apply');
30
- }
31
-
32
- const response = await http.as('none').post(
33
- `backend-manager/marketing/webhook/forward?provider=sendgrid&key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`,
34
- [{ sg_event_id: 'should-not-process', event: 'group_unsubscribe', email: 'test@example.com' }]
35
- );
36
-
37
- assert.isError(response, 404, 'Forwarder should be invisible (404) on non-parent BEMs');
38
- },
39
- },
40
-
41
- {
42
- name: 'forwarder-returns-404-even-with-valid-key',
43
- auth: 'none',
44
- async run({ http, assert, config, skip }) {
45
- // Only meaningful on a CHILD brand. On the parent itself the forwarder is
46
- // visible by design, so skip rather than fail.
47
- if (!config.parent || config.parent === 'self') {
48
- skip('Brand is its own parent (config.parent === "self") — forwarder gate does not apply');
49
- }
50
-
51
- // A valid key shouldn't unlock the forwarder — gate is on config.parent, not key.
52
- const response = await http.as('none').post(
53
- `backend-manager/marketing/webhook/forward?provider=beehiiv&key=${process.env.BACKEND_MANAGER_WEBHOOK_KEY}`,
54
- { id: 'should-not-process', event: 'subscription.unsubscribed', email: 'test@example.com' }
55
- );
56
-
57
- assert.isError(response, 404, 'Even with valid key, non-parent returns 404');
58
- },
59
- },
60
- ],
61
- };