backend-manager 5.9.5 → 5.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +8 -1
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/metadata.json +14 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.html +486 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.md +41 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/newsletter.mjml +97 -0
- package/{test/email/fixtures/clean.json → src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/structure.json} +16 -4
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-11T03-28-07/summary.md +1 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/metadata.json +14 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.html +486 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.md +41 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/newsletter.mjml +97 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/structure.json +42 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-00-28/summary.md +1 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/metadata.json +14 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.html +486 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.md +41 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/newsletter.mjml +97 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/structure.json +42 -0
- package/src/test/fixtures/firebase-project/.temp/newsletter/run-2026-06-18T01-01-34/summary.md +1 -0
- package/src/test/fixtures/firebase-project/.temp/test-mode.json +6 -0
- package/src/test/fixtures/firebase-project/database-debug.log +12 -0
- package/src/test/fixtures/firebase-project/firestore-debug.log +136 -0
- package/src/test/fixtures/firebase-project/pubsub-debug.log +17 -0
- package/.codeclimate.yml +0 -32
- package/.nvmrc +0 -1
- package/CHANGELOG.md +0 -1440
- package/PROGRESS.md +0 -93
- package/TODO-2.md +0 -121
- package/TODO-CHARGEBLAST.md +0 -32
- package/TODO-WEBHOOK-KEY-LEGACY-REMOVAL.md +0 -15
- package/TODO-WEBHOOK-KEY-UPGRADE.md +0 -138
- package/TODO-email-auth.md +0 -14
- package/TODO.md +0 -187
- package/plans/mcp2.md +0 -247
- package/plans/suspended-subscription-dead-zone.md +0 -97
- package/scripts/test-helper-providers.js +0 -162
- package/scripts/update-disposable-domains.js +0 -44
- package/templates/_.env +0 -42
- package/templates/_.gitignore +0 -60
- package/templates/backend-manager-config.json +0 -249
- package/templates/database.rules.json +0 -83
- package/templates/firebase.json +0 -66
- package/templates/firestore.indexes.json +0 -4
- package/templates/firestore.rules +0 -112
- package/templates/public/404.html +0 -26
- package/templates/public/index.html +0 -24
- package/templates/remoteconfig.template.json +0 -1
- package/templates/storage-lifecycle-config-1-day.json +0 -9
- package/templates/storage-lifecycle-config-30-days.json +0 -9
- package/templates/storage.rules +0 -8
- package/test/_init/accounts-validation.js +0 -58
- package/test/_legacy/ai/index.js +0 -231
- package/test/_legacy/ai/test.jpg +0 -0
- package/test/_legacy/ai/test.pdf +0 -0
- package/test/_legacy/index.js +0 -31
- package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +0 -98
- package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +0 -578
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +0 -38
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +0 -135
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +0 -42
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +0 -44
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +0 -39
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +0 -143
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +0 -48
- package/test/_legacy/payment-resolver/coinbase/orders/regular.json +0 -204
- package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +0 -204
- package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +0 -125
- package/test/_legacy/payment-resolver/index.js +0 -1558
- package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/paypal/orders/regular.json +0 -120
- package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +0 -323
- package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +0 -192
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +0 -125
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +0 -76
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +0 -114
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +0 -114
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +0 -111
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +0 -132
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +0 -107
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +0 -91
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +0 -147
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +0 -120
- package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/stripe/orders/regular.json +0 -91
- package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +0 -421
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +0 -349
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +0 -430
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +0 -319
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +0 -319
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +0 -414
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +0 -319
- package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +0 -339
- package/test/_legacy/test-new +0 -1178
- package/test/_legacy/test.md +0 -89
- package/test/_legacy/usage.js +0 -175
- package/test/_legacy/user.js +0 -31
- package/test/ai/tools-live.js +0 -170
- package/test/boot/emulator-boots.js +0 -37
- package/test/content/blog-generate.js +0 -160
- package/test/email/campaign-send.js +0 -45
- package/test/email/consent-lifecycle.js +0 -257
- package/test/email/feedback-and-plain-send.js +0 -52
- package/test/email/fixtures/editorial.json +0 -30
- package/test/email/fixtures/field-report.json +0 -53
- package/test/email/marketing-lifecycle.js +0 -132
- package/test/email/newsletter-generate.js +0 -819
- package/test/email/newsletter-templates.js +0 -491
- package/test/email/templates.js +0 -207
- package/test/email/transactional-send.js +0 -34
- package/test/email/transactional.js +0 -560
- package/test/email/validation.js +0 -710
- package/test/events/auth-delete-race.js +0 -201
- package/test/events/payments/journey-payments-cancel-endpoint.js +0 -100
- package/test/events/payments/journey-payments-cancel.js +0 -182
- package/test/events/payments/journey-payments-discount.js +0 -89
- package/test/events/payments/journey-payments-failure.js +0 -146
- package/test/events/payments/journey-payments-legacy-product.js +0 -149
- package/test/events/payments/journey-payments-one-time-failure.js +0 -111
- package/test/events/payments/journey-payments-one-time.js +0 -136
- package/test/events/payments/journey-payments-plan-change.js +0 -144
- package/test/events/payments/journey-payments-refund-webhook.js +0 -180
- package/test/events/payments/journey-payments-suspend.js +0 -181
- package/test/events/payments/journey-payments-trial-cancel.js +0 -130
- package/test/events/payments/journey-payments-trial.js +0 -171
- package/test/events/payments/journey-payments-uid-resolution.js +0 -132
- package/test/events/payments/journey-payments-upgrade.js +0 -135
- package/test/fixtures/chargebee/invoice-one-time.json +0 -27
- package/test/fixtures/chargebee/subscription-active.json +0 -44
- package/test/fixtures/chargebee/subscription-cancelled.json +0 -42
- package/test/fixtures/chargebee/subscription-in-trial.json +0 -41
- package/test/fixtures/chargebee/subscription-legacy-plan.json +0 -41
- package/test/fixtures/chargebee/subscription-non-renewing.json +0 -41
- package/test/fixtures/chargebee/subscription-paused.json +0 -42
- package/test/fixtures/chargebee/webhook-payment-failed.json +0 -51
- package/test/fixtures/chargebee/webhook-subscription-created.json +0 -47
- package/test/fixtures/paypal/order-approved.json +0 -62
- package/test/fixtures/paypal/order-completed.json +0 -110
- package/test/fixtures/paypal/subscription-active.json +0 -76
- package/test/fixtures/paypal/subscription-cancelled.json +0 -50
- package/test/fixtures/paypal/subscription-suspended.json +0 -65
- package/test/fixtures/stripe/checkout-session-completed.json +0 -130
- package/test/fixtures/stripe/invoice-payment-failed.json +0 -148
- package/test/fixtures/stripe/invoice-subscription-payment-failed.json +0 -28
- package/test/fixtures/stripe/subscription-active.json +0 -161
- package/test/fixtures/stripe/subscription-canceled.json +0 -161
- package/test/fixtures/stripe/subscription-trialing.json +0 -161
- package/test/functions/admin/database-read.js +0 -134
- package/test/functions/admin/database-write.js +0 -159
- package/test/functions/admin/edit-post.js +0 -366
- package/test/functions/admin/firestore-query.js +0 -207
- package/test/functions/admin/firestore-read.js +0 -129
- package/test/functions/admin/firestore-write.js +0 -105
- package/test/functions/admin/get-stats.js +0 -115
- package/test/functions/admin/send-email.js +0 -119
- package/test/functions/admin/send-notification.js +0 -208
- package/test/functions/admin/write-repo-content.js +0 -223
- package/test/functions/general/add-marketing-contact.js +0 -335
- package/test/functions/general/fetch-post.js +0 -54
- package/test/functions/general/generate-uuid.js +0 -114
- package/test/functions/test/authenticate.js +0 -64
- package/test/functions/user/create-custom-token.js +0 -73
- package/test/functions/user/delete.js +0 -135
- package/test/functions/user/get-active-sessions.js +0 -111
- package/test/functions/user/get-subscription-info.js +0 -99
- package/test/functions/user/regenerate-api-keys.js +0 -156
- package/test/functions/user/resolve.js +0 -52
- package/test/functions/user/sign-out-all-sessions.js +0 -94
- package/test/functions/user/sign-up.js +0 -252
- package/test/functions/user/submit-feedback.js +0 -104
- package/test/functions/user/validate-settings.js +0 -82
- package/test/helpers/ai-request-payload.js +0 -300
- package/test/helpers/ai-test-provider.js +0 -202
- package/test/helpers/ai-tools-format.js +0 -383
- package/test/helpers/content/blog-auto-publisher.js +0 -484
- package/test/helpers/content/feed-parser.js +0 -528
- package/test/helpers/content/ghostii-blocks.js +0 -134
- package/test/helpers/content/ghostii-feed-integration.js +0 -404
- package/test/helpers/content/ghostii-write-article.js +0 -243
- package/test/helpers/environment.js +0 -230
- package/test/helpers/infer-contact.js +0 -113
- package/test/helpers/merge-line-files.js +0 -271
- package/test/helpers/payment/chargebee/parse-webhook.js +0 -413
- package/test/helpers/payment/chargebee/to-unified-one-time.js +0 -147
- package/test/helpers/payment/chargebee/to-unified-subscription.js +0 -648
- package/test/helpers/payment/paypal/parse-webhook.js +0 -539
- package/test/helpers/payment/paypal/to-unified-one-time.js +0 -382
- package/test/helpers/payment/paypal/to-unified-subscription.js +0 -820
- package/test/helpers/payment/stripe/parse-webhook.js +0 -447
- package/test/helpers/payment/stripe/to-unified-one-time.js +0 -306
- package/test/helpers/payment/stripe/to-unified-subscription.js +0 -708
- package/test/helpers/sanitize.js +0 -222
- package/test/helpers/slugify.js +0 -394
- package/test/helpers/storage.js +0 -194
- package/test/helpers/user.js +0 -755
- package/test/helpers/webhook-forward.js +0 -418
- package/test/mcp/discovery.js +0 -53
- package/test/mcp/oauth.js +0 -161
- package/test/mcp/protocol.js +0 -268
- package/test/mcp/roles.js +0 -188
- package/test/mcp/utils.js +0 -245
- package/test/routes/admin/create-post.js +0 -364
- package/test/routes/admin/database.js +0 -131
- package/test/routes/admin/deduplicate-image-alts.js +0 -190
- package/test/routes/admin/email.js +0 -114
- package/test/routes/admin/firestore-query.js +0 -204
- package/test/routes/admin/firestore.js +0 -127
- package/test/routes/admin/infer-contact.js +0 -218
- package/test/routes/admin/notification.js +0 -198
- package/test/routes/admin/post-resize-image.js +0 -184
- package/test/routes/admin/post.js +0 -368
- package/test/routes/admin/repo-content.js +0 -223
- package/test/routes/admin/stats.js +0 -112
- package/test/routes/content/post.js +0 -54
- package/test/routes/general/uuid.js +0 -115
- package/test/routes/marketing/campaign.js +0 -125
- package/test/routes/marketing/contact.js +0 -370
- package/test/routes/marketing/email-preferences.js +0 -292
- package/test/routes/marketing/push-send.js +0 -32
- package/test/routes/marketing/webhook-forward.js +0 -61
- package/test/routes/marketing/webhook.js +0 -639
- package/test/routes/payments/cancel.js +0 -163
- package/test/routes/payments/discount.js +0 -80
- package/test/routes/payments/dispute-alert.js +0 -320
- package/test/routes/payments/intent.js +0 -336
- package/test/routes/payments/portal.js +0 -92
- package/test/routes/payments/refund.js +0 -179
- package/test/routes/payments/trial-eligibility.js +0 -71
- package/test/routes/payments/webhook.js +0 -107
- package/test/routes/test/authenticate.js +0 -59
- package/test/routes/test/schema.js +0 -554
- package/test/routes/test/usage.js +0 -342
- package/test/routes/user/api-keys.js +0 -156
- package/test/routes/user/delete.js +0 -136
- package/test/routes/user/feedback.js +0 -104
- package/test/routes/user/sessions.js +0 -199
- package/test/routes/user/settings-validate.js +0 -82
- package/test/routes/user/signup.js +0 -542
- package/test/routes/user/subscription.js +0 -99
- package/test/routes/user/token.js +0 -73
- package/test/routes/user/user.js +0 -157
- package/test/rules/notifications.js +0 -410
- package/test/rules/payments-carts.js +0 -371
- package/test/rules/user.js +0 -396
|
@@ -1,542 +0,0 @@
|
|
|
1
|
-
const { TEST_ACCOUNTS } = require('../../../src/test/test-accounts.js');
|
|
2
|
-
|
|
3
|
-
// SSOT: Affiliate code from referrer account definition
|
|
4
|
-
const REFERRER_AFFILIATE_CODE = TEST_ACCOUNTS.referrer.properties.affiliate.code;
|
|
5
|
-
|
|
6
|
-
/**
|
|
7
|
-
* Test Suite: POST /user/signup
|
|
8
|
-
* Tests the complete user signup flow including:
|
|
9
|
-
* - Using pre-created referrer with an affiliate code
|
|
10
|
-
* - Calling user signup with that referral code
|
|
11
|
-
* - Verifying the referral tracking works
|
|
12
|
-
* - Edge cases: unauthenticated, signing up for another user, invalid affiliate code
|
|
13
|
-
*
|
|
14
|
-
* Note: referrer and referred accounts are pre-created by the test runner
|
|
15
|
-
* The referrer has affiliate.code set at creation time (see test-accounts.js)
|
|
16
|
-
*/
|
|
17
|
-
module.exports = {
|
|
18
|
-
description: 'User signup flow with affiliate tracking',
|
|
19
|
-
type: 'suite',
|
|
20
|
-
timeout: 60000, // Longer timeout for auth events to process
|
|
21
|
-
|
|
22
|
-
tests: [
|
|
23
|
-
// --- Edge case tests ---
|
|
24
|
-
{
|
|
25
|
-
name: 'signup-with-invalid-affiliate-code',
|
|
26
|
-
async run({ http, assert }) {
|
|
27
|
-
// Try to sign up with a non-existent affiliate code
|
|
28
|
-
// Use dedicated account so it doesn't affect other tests
|
|
29
|
-
const signupResponse = await http.as('referred-invalid').post('backend-manager/user/signup', {
|
|
30
|
-
attribution: {
|
|
31
|
-
affiliate: { code: 'INVALID_CODE_12345' },
|
|
32
|
-
},
|
|
33
|
-
});
|
|
34
|
-
|
|
35
|
-
// Should succeed but without referral tracking (invalid code is ignored)
|
|
36
|
-
assert.isSuccess(signupResponse, 'Signup should succeed even with invalid affiliate code');
|
|
37
|
-
},
|
|
38
|
-
},
|
|
39
|
-
|
|
40
|
-
// --- Main signup flow tests ---
|
|
41
|
-
{
|
|
42
|
-
name: 'verify-referrer-exists',
|
|
43
|
-
async run({ firestore, assert, state, accounts }) {
|
|
44
|
-
// Use the pre-created static referrer account
|
|
45
|
-
state.referrerUid = accounts.referrer.uid;
|
|
46
|
-
state.referrerEmail = accounts.referrer.email;
|
|
47
|
-
state.referrerAffiliateCode = REFERRER_AFFILIATE_CODE;
|
|
48
|
-
|
|
49
|
-
// Verify the referrer account exists and has the affiliate code
|
|
50
|
-
const referrerDoc = await firestore.get(`users/${state.referrerUid}`);
|
|
51
|
-
|
|
52
|
-
assert.ok(referrerDoc, 'Referrer user doc should exist');
|
|
53
|
-
assert.equal(
|
|
54
|
-
referrerDoc?.affiliate?.code,
|
|
55
|
-
state.referrerAffiliateCode,
|
|
56
|
-
'Referrer should have affiliate code set'
|
|
57
|
-
);
|
|
58
|
-
},
|
|
59
|
-
},
|
|
60
|
-
|
|
61
|
-
{
|
|
62
|
-
name: 'verify-referred-exists',
|
|
63
|
-
async run({ firestore, assert, state, accounts }) {
|
|
64
|
-
// Use the pre-created static referred account
|
|
65
|
-
state.referredUid = accounts.referred.uid;
|
|
66
|
-
state.referredEmail = accounts.referred.email;
|
|
67
|
-
|
|
68
|
-
// Verify the referred account exists
|
|
69
|
-
const referredDoc = await firestore.get(`users/${state.referredUid}`);
|
|
70
|
-
|
|
71
|
-
assert.ok(referredDoc, 'Referred user doc should exist');
|
|
72
|
-
},
|
|
73
|
-
},
|
|
74
|
-
|
|
75
|
-
{
|
|
76
|
-
name: 'call-user-signup-with-affiliate',
|
|
77
|
-
async run({ http, assert, state }) {
|
|
78
|
-
// Call POST /user/signup as the referred user with the new attribution format
|
|
79
|
-
// This triggers the referral tracking logic
|
|
80
|
-
// Use .as('referred') to authenticate as that specific user via privateKey
|
|
81
|
-
const signupResponse = await http.as('referred').post('backend-manager/user/signup', {
|
|
82
|
-
attribution: {
|
|
83
|
-
affiliate: {
|
|
84
|
-
code: state.referrerAffiliateCode,
|
|
85
|
-
timestamp: new Date().toISOString(),
|
|
86
|
-
url: `https://example.com/?ref=${REFERRER_AFFILIATE_CODE}`,
|
|
87
|
-
page: '/',
|
|
88
|
-
},
|
|
89
|
-
utm: {
|
|
90
|
-
tags: {
|
|
91
|
-
utm_source: 'test',
|
|
92
|
-
utm_medium: 'referral',
|
|
93
|
-
utm_campaign: 'signup-test',
|
|
94
|
-
},
|
|
95
|
-
timestamp: new Date().toISOString(),
|
|
96
|
-
url: 'https://example.com/?utm_source=test',
|
|
97
|
-
page: '/',
|
|
98
|
-
},
|
|
99
|
-
},
|
|
100
|
-
context: {
|
|
101
|
-
referrer: 'https://google.com',
|
|
102
|
-
landingPage: 'https://example.com/',
|
|
103
|
-
},
|
|
104
|
-
});
|
|
105
|
-
|
|
106
|
-
assert.isSuccess(signupResponse, `POST /user/signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
107
|
-
|
|
108
|
-
// BEM API returns { data: { signedUp: true } }, http-client wraps in { data: response }
|
|
109
|
-
const signedUp = signupResponse.data?.data?.signedUp || signupResponse.data?.signedUp;
|
|
110
|
-
assert.ok(signedUp === true, `Should return signedUp: true (got: ${JSON.stringify(signupResponse.data)})`);
|
|
111
|
-
},
|
|
112
|
-
},
|
|
113
|
-
|
|
114
|
-
{
|
|
115
|
-
name: 'duplicate-signup-blocked',
|
|
116
|
-
async run({ http, assert, state }) {
|
|
117
|
-
// Try to call POST /user/signup again for the same user
|
|
118
|
-
// This should be blocked since signup has already been processed
|
|
119
|
-
const signupResponse = await http.as('referred').post('backend-manager/user/signup', {
|
|
120
|
-
attribution: {
|
|
121
|
-
affiliate: { code: state.referrerAffiliateCode },
|
|
122
|
-
},
|
|
123
|
-
});
|
|
124
|
-
|
|
125
|
-
assert.isError(signupResponse, 400, 'Duplicate signup should be blocked');
|
|
126
|
-
assert.ok(
|
|
127
|
-
signupResponse.error?.includes('already been processed'),
|
|
128
|
-
`Error should mention already processed: ${signupResponse.error}`
|
|
129
|
-
);
|
|
130
|
-
},
|
|
131
|
-
},
|
|
132
|
-
|
|
133
|
-
{
|
|
134
|
-
name: 'wait-for-referral-update',
|
|
135
|
-
async run({ firestore, assert, state, waitFor }) {
|
|
136
|
-
// Wait for the referral to be recorded
|
|
137
|
-
// The user signup endpoint calls updateReferral() which updates the referrer
|
|
138
|
-
|
|
139
|
-
const referralFound = await waitFor(async () => {
|
|
140
|
-
const referrerDoc = await firestore.get(`users/${state.referrerUid}`);
|
|
141
|
-
|
|
142
|
-
if (!referrerDoc) {
|
|
143
|
-
return false;
|
|
144
|
-
}
|
|
145
|
-
|
|
146
|
-
const referrals = referrerDoc?.affiliate?.referrals || [];
|
|
147
|
-
return referrals.some(r => r.uid === state.referredUid);
|
|
148
|
-
}, 30000, 1000); // Wait up to 30s, check every 1s
|
|
149
|
-
|
|
150
|
-
assert.ok(referralFound, 'Referrer should have referred user in referrals array');
|
|
151
|
-
},
|
|
152
|
-
},
|
|
153
|
-
|
|
154
|
-
{
|
|
155
|
-
name: 'verify-referrer-has-referral',
|
|
156
|
-
async run({ firestore, assert, state }) {
|
|
157
|
-
// Verify the referrer now has the referred user in their referrals
|
|
158
|
-
const referrerDoc = await firestore.get(`users/${state.referrerUid}`);
|
|
159
|
-
|
|
160
|
-
assert.ok(referrerDoc, 'Should read referrer doc');
|
|
161
|
-
|
|
162
|
-
const referrals = referrerDoc?.affiliate?.referrals || [];
|
|
163
|
-
|
|
164
|
-
assert.ok(referrals.length > 0, 'Referrer should have at least one referral');
|
|
165
|
-
|
|
166
|
-
const foundReferral = referrals.find(r => r.uid === state.referredUid);
|
|
167
|
-
|
|
168
|
-
assert.ok(foundReferral, `Referrer should have ${state.referredUid} in referrals`);
|
|
169
|
-
assert.ok(foundReferral.timestamp, 'Referral should have timestamp');
|
|
170
|
-
},
|
|
171
|
-
},
|
|
172
|
-
|
|
173
|
-
{
|
|
174
|
-
name: 'verify-attribution-data-saved',
|
|
175
|
-
async run({ firestore, assert, state }) {
|
|
176
|
-
// Verify the attribution data was saved correctly
|
|
177
|
-
const referredDoc = await firestore.get(`users/${state.referredUid}`);
|
|
178
|
-
|
|
179
|
-
assert.ok(referredDoc, 'Should read referred user doc');
|
|
180
|
-
|
|
181
|
-
// Check attribution object (single source of truth for referrer info)
|
|
182
|
-
const attribution = referredDoc?.attribution;
|
|
183
|
-
assert.ok(attribution, 'Attribution object should exist');
|
|
184
|
-
assert.ok(attribution?.affiliate?.code === state.referrerAffiliateCode, 'Attribution should have affiliate code');
|
|
185
|
-
assert.ok(attribution?.utm?.tags?.utm_source === 'test', 'Attribution should have UTM source');
|
|
186
|
-
assert.ok(attribution?.utm?.tags?.utm_campaign === 'signup-test', 'Attribution should have UTM campaign');
|
|
187
|
-
|
|
188
|
-
// Check activity context was merged
|
|
189
|
-
const activity = referredDoc?.activity;
|
|
190
|
-
assert.ok(activity, 'Activity object should exist');
|
|
191
|
-
assert.ok(activity?.referrer === 'https://google.com', 'Activity should have referrer from context');
|
|
192
|
-
assert.ok(activity?.landingPage === 'https://example.com/', 'Activity should have landingPage from context');
|
|
193
|
-
|
|
194
|
-
// Check flags
|
|
195
|
-
assert.ok(referredDoc?.flags?.signupProcessed === true, 'signupProcessed flag should be true');
|
|
196
|
-
},
|
|
197
|
-
},
|
|
198
|
-
|
|
199
|
-
// --- Disposable email referral test ---
|
|
200
|
-
{
|
|
201
|
-
name: 'disposable-email-referral-skipped',
|
|
202
|
-
async run({ http, firestore, assert, state, accounts }) {
|
|
203
|
-
// Record current referral count before disposable signup
|
|
204
|
-
const referrerBefore = await firestore.get(`users/${state.referrerUid}`);
|
|
205
|
-
const referralsBefore = referrerBefore?.affiliate?.referrals || [];
|
|
206
|
-
state.referralCountBefore = referralsBefore.length;
|
|
207
|
-
|
|
208
|
-
// Sign up a disposable email account with the referrer's affiliate code
|
|
209
|
-
// The signup itself should succeed (account was created via Admin SDK, bypassing beforeCreate)
|
|
210
|
-
// But the referral credit should be SKIPPED because the email is disposable
|
|
211
|
-
const signupResponse = await http.as('referred-disposable').post('backend-manager/user/signup', {
|
|
212
|
-
attribution: {
|
|
213
|
-
affiliate: { code: state.referrerAffiliateCode },
|
|
214
|
-
},
|
|
215
|
-
});
|
|
216
|
-
|
|
217
|
-
assert.isSuccess(signupResponse, 'Disposable email signup should succeed');
|
|
218
|
-
|
|
219
|
-
// Verify NO new referral was added to the referrer
|
|
220
|
-
// Small delay to ensure any async writes would have completed
|
|
221
|
-
await new Promise((resolve) => setTimeout(resolve, 3000));
|
|
222
|
-
|
|
223
|
-
const referrerAfter = await firestore.get(`users/${state.referrerUid}`);
|
|
224
|
-
const referralsAfter = referrerAfter?.affiliate?.referrals || [];
|
|
225
|
-
|
|
226
|
-
assert.equal(
|
|
227
|
-
referralsAfter.length,
|
|
228
|
-
state.referralCountBefore,
|
|
229
|
-
`Referrer should NOT get credit for disposable email referral (before=${state.referralCountBefore}, after=${referralsAfter.length})`
|
|
230
|
-
);
|
|
231
|
-
|
|
232
|
-
const disposableReferral = referralsAfter.find(r => r.uid === accounts['referred-disposable'].uid);
|
|
233
|
-
assert.ok(!disposableReferral, 'Disposable account should NOT appear in referrals');
|
|
234
|
-
},
|
|
235
|
-
},
|
|
236
|
-
|
|
237
|
-
// --- Consent capture tests ---
|
|
238
|
-
{
|
|
239
|
-
name: 'consent-granted-both-records-canonical-shape',
|
|
240
|
-
async run({ http, firestore, assert, accounts }) {
|
|
241
|
-
const consentText = {
|
|
242
|
-
legal: 'I agree to the Terms of Service and Privacy Policy.',
|
|
243
|
-
marketing: 'Send me product updates and newsletters. You can unsubscribe anytime.',
|
|
244
|
-
};
|
|
245
|
-
|
|
246
|
-
// Use absurdly-old client timestamp to prove server time wins (defense vs clock skew)
|
|
247
|
-
const signupResponse = await http.as('consent-granted').post('backend-manager/user/signup', {
|
|
248
|
-
consent: {
|
|
249
|
-
legal: { granted: true, text: consentText.legal, timestamp: '2000-01-01T00:00:00.000Z' },
|
|
250
|
-
marketing: { granted: true, text: consentText.marketing, timestamp: '2000-01-01T00:00:00.000Z' },
|
|
251
|
-
},
|
|
252
|
-
});
|
|
253
|
-
|
|
254
|
-
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
255
|
-
|
|
256
|
-
const userDoc = await firestore.get(`users/${accounts['consent-granted'].uid}`);
|
|
257
|
-
|
|
258
|
-
// Legal
|
|
259
|
-
assert.equal(userDoc?.consent?.legal?.status, 'granted', 'consent.legal.status should be granted');
|
|
260
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.source, 'signup', 'legal grantedAt.source should be signup-form');
|
|
261
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.text, consentText.legal, 'legal grantedAt.text should match client payload');
|
|
262
|
-
assert.ok(userDoc?.consent?.legal?.grantedAt?.timestamp, 'legal grantedAt.timestamp should be set');
|
|
263
|
-
assert.equal(typeof userDoc?.consent?.legal?.grantedAt?.timestampUNIX, 'number', 'legal grantedAt.timestampUNIX should be number');
|
|
264
|
-
|
|
265
|
-
// Server-derived time MUST be used (the client-supplied 2000-01-01 should NOT appear).
|
|
266
|
-
// grantedAt is stamped from Auth's creationTime, the same source as metadata.created,
|
|
267
|
-
// so the two must be equal — and the client's 2000-01-01 (UNIX 946684800) is rejected.
|
|
268
|
-
const legalUNIX = userDoc.consent.legal.grantedAt.timestampUNIX;
|
|
269
|
-
const createdUNIX = userDoc.metadata.created.timestampUNIX;
|
|
270
|
-
assert.equal(
|
|
271
|
-
legalUNIX, createdUNIX,
|
|
272
|
-
`legal grantedAt.timestampUNIX (${legalUNIX}) should match metadata.created (${createdUNIX}) — both from Auth creationTime`
|
|
273
|
-
);
|
|
274
|
-
assert.notEqual(legalUNIX, 946684800, 'legal grantedAt must NOT be the client-supplied 2000-01-01 time');
|
|
275
|
-
|
|
276
|
-
// Marketing
|
|
277
|
-
assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'consent.marketing.status should be granted');
|
|
278
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.source, 'signup', 'marketing grantedAt.source should be signup-form');
|
|
279
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, consentText.marketing, 'marketing grantedAt.text should match client payload');
|
|
280
|
-
assert.equal(typeof userDoc?.consent?.marketing?.grantedAt?.timestampUNIX, 'number', 'marketing grantedAt.timestampUNIX should be number');
|
|
281
|
-
|
|
282
|
-
// revokedAt should be all-null sibling object (NOT undefined, NOT missing)
|
|
283
|
-
assert.ok(userDoc?.consent?.marketing?.revokedAt, 'marketing.revokedAt object should exist (not null)');
|
|
284
|
-
assert.equal(userDoc?.consent?.marketing?.revokedAt?.timestamp, null, 'marketing revokedAt.timestamp should be null');
|
|
285
|
-
assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, null, 'marketing revokedAt.source should be null');
|
|
286
|
-
},
|
|
287
|
-
},
|
|
288
|
-
|
|
289
|
-
{
|
|
290
|
-
name: 'consent-marketing-declined-records-revokedAt',
|
|
291
|
-
async run({ http, firestore, assert, accounts }) {
|
|
292
|
-
const legalText = 'I agree to the Terms of Service and Privacy Policy.';
|
|
293
|
-
|
|
294
|
-
const signupResponse = await http.as('consent-declined').post('backend-manager/user/signup', {
|
|
295
|
-
consent: {
|
|
296
|
-
legal: { granted: true, text: legalText },
|
|
297
|
-
marketing: { granted: false, text: 'Send me updates.' },
|
|
298
|
-
},
|
|
299
|
-
});
|
|
300
|
-
|
|
301
|
-
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
302
|
-
|
|
303
|
-
const userDoc = await firestore.get(`users/${accounts['consent-declined'].uid}`);
|
|
304
|
-
|
|
305
|
-
// Legal — granted normally
|
|
306
|
-
assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status should be granted');
|
|
307
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.source, 'signup', 'legal grantedAt.source should be signup-form');
|
|
308
|
-
|
|
309
|
-
// Marketing — revoked at signup
|
|
310
|
-
assert.equal(userDoc?.consent?.marketing?.status, 'revoked', 'marketing.status should be revoked');
|
|
311
|
-
|
|
312
|
-
// grantedAt MUST be all-null (never granted, even though client passed text)
|
|
313
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.timestamp, null, 'marketing grantedAt.timestamp should be null');
|
|
314
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.source, null, 'marketing grantedAt.source should be null');
|
|
315
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, null, 'marketing grantedAt.text should be null (declined)');
|
|
316
|
-
|
|
317
|
-
// revokedAt MUST have signup-form-declined source + server time
|
|
318
|
-
assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, 'signup', 'marketing revokedAt.source should be signup-form-declined');
|
|
319
|
-
assert.ok(userDoc?.consent?.marketing?.revokedAt?.timestamp, 'marketing revokedAt.timestamp should be set');
|
|
320
|
-
assert.equal(typeof userDoc?.consent?.marketing?.revokedAt?.timestampUNIX, 'number', 'marketing revokedAt.timestampUNIX should be number');
|
|
321
|
-
assert.equal(userDoc?.consent?.marketing?.revokedAt?.text, null, 'marketing revokedAt.text should be null (decline has no message)');
|
|
322
|
-
},
|
|
323
|
-
},
|
|
324
|
-
|
|
325
|
-
{
|
|
326
|
-
name: 'consent-missing-defaults-to-revoked',
|
|
327
|
-
async run({ http, firestore, assert, accounts }) {
|
|
328
|
-
// Client sends NO consent field at all (legacy or malformed payload).
|
|
329
|
-
// Expected: both legal + marketing default to revoked. No crash, no marketing sync.
|
|
330
|
-
const signupResponse = await http.as('consent-missing').post('backend-manager/user/signup', {});
|
|
331
|
-
|
|
332
|
-
assert.isSuccess(signupResponse, `Signup should succeed even with no consent: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
333
|
-
|
|
334
|
-
const userDoc = await firestore.get(`users/${accounts['consent-missing'].uid}`);
|
|
335
|
-
|
|
336
|
-
assert.ok(userDoc?.consent, 'consent object should exist');
|
|
337
|
-
assert.equal(userDoc?.consent?.legal?.status, 'revoked', 'legal.status should default to revoked');
|
|
338
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.timestamp, null, 'legal grantedAt.timestamp should be null');
|
|
339
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.source, null, 'legal grantedAt.source should be null');
|
|
340
|
-
|
|
341
|
-
assert.equal(userDoc?.consent?.marketing?.status, 'revoked', 'marketing.status should default to revoked');
|
|
342
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.timestamp, null, 'marketing grantedAt.timestamp should be null');
|
|
343
|
-
|
|
344
|
-
// Even when consent is missing entirely, the revokedAt block gets stamped with signup-form-declined.
|
|
345
|
-
// This ensures the user doc has a recorded decline event for audit.
|
|
346
|
-
assert.equal(userDoc?.consent?.marketing?.revokedAt?.source, 'signup', 'marketing revokedAt.source should be signup-form-declined when consent missing');
|
|
347
|
-
},
|
|
348
|
-
},
|
|
349
|
-
|
|
350
|
-
// --- Consent downgrade-protection tests ---
|
|
351
|
-
// Guards against data loss when a LEGACY account (signed up before the flags.signupProcessed
|
|
352
|
-
// flow existed, so flag never set) re-fires /user/signup on page load. Its localStorage
|
|
353
|
-
// consent is long gone, so the payload is empty — without the guard, buildConsentRecord
|
|
354
|
-
// would compute 'revoked' and the {merge:true} write would wipe the consent the user
|
|
355
|
-
// actually granted months ago. The guard preserves any existing 'granted' status.
|
|
356
|
-
{
|
|
357
|
-
name: 'consent-empty-payload-preserves-existing-grant',
|
|
358
|
-
async run({ http, firestore, assert, accounts }) {
|
|
359
|
-
const uid = accounts['consent-preserve'].uid;
|
|
360
|
-
|
|
361
|
-
// Seed the doc as an established account whose consent is already granted (as a real
|
|
362
|
-
// legacy signup would be after the OMEGA migration backfilled consent). flags is left
|
|
363
|
-
// at the schema default (signupProcessed: false) to mimic the legacy state exactly.
|
|
364
|
-
// merge:true — preserve the runner-provisioned auth.uid (pollForUserDoc needs it).
|
|
365
|
-
await firestore.set(`users/${uid}`, {
|
|
366
|
-
consent: {
|
|
367
|
-
legal: {
|
|
368
|
-
status: 'granted',
|
|
369
|
-
grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Legacy legal grant' },
|
|
370
|
-
},
|
|
371
|
-
marketing: {
|
|
372
|
-
status: 'granted',
|
|
373
|
-
grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Legacy marketing grant' },
|
|
374
|
-
revokedAt: { timestamp: null, timestampUNIX: null, source: null, ip: null, text: null },
|
|
375
|
-
},
|
|
376
|
-
},
|
|
377
|
-
flags: { signupProcessed: false },
|
|
378
|
-
}, { merge: true });
|
|
379
|
-
|
|
380
|
-
// Re-fire signup with NO consent payload (the legacy page-load case).
|
|
381
|
-
const signupResponse = await http.as('consent-preserve').post('backend-manager/user/signup', {});
|
|
382
|
-
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
383
|
-
|
|
384
|
-
const userDoc = await firestore.get(`users/${uid}`);
|
|
385
|
-
|
|
386
|
-
// CRITICAL: the prior grants must survive — NOT be downgraded to revoked.
|
|
387
|
-
assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status must stay granted (not downgraded by empty payload)');
|
|
388
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.text, 'Legacy legal grant', 'legal grantedAt must be the preserved original, not wiped');
|
|
389
|
-
assert.equal(userDoc?.consent?.legal?.grantedAt?.timestampUNIX, 1735689600, 'legal grantedAt timestamp must be preserved');
|
|
390
|
-
|
|
391
|
-
assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'marketing.status must stay granted (not downgraded by empty payload)');
|
|
392
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, 'Legacy marketing grant', 'marketing grantedAt must be the preserved original');
|
|
393
|
-
// No spurious revokedAt should have been stamped over the preserved grant.
|
|
394
|
-
assert.equal(userDoc?.consent?.marketing?.revokedAt?.timestamp, null, 'marketing revokedAt must stay null (no decline was recorded)');
|
|
395
|
-
|
|
396
|
-
// signupProcessed should now be flipped true by this run.
|
|
397
|
-
assert.equal(userDoc?.flags?.signupProcessed, true, 'signupProcessed should be set true after the run');
|
|
398
|
-
},
|
|
399
|
-
},
|
|
400
|
-
{
|
|
401
|
-
name: 'consent-explicit-decline-does-not-downgrade-existing-grant',
|
|
402
|
-
async run({ http, firestore, assert, accounts }) {
|
|
403
|
-
const uid = accounts['consent-preserve'].uid;
|
|
404
|
-
|
|
405
|
-
// Re-seed: granted marketing + UNSET signupProcessed so the route processes this call.
|
|
406
|
-
// Then send a payload that explicitly DECLINES marketing. The guard must still preserve
|
|
407
|
-
// the existing grant — only an explicit RE-GRANT may overwrite; a decline-over-grant on
|
|
408
|
-
// the signup path is treated as a non-grant and must not wipe a prior consent.
|
|
409
|
-
// merge:true — preserve the runner-provisioned auth.uid (pollForUserDoc needs it).
|
|
410
|
-
await firestore.set(`users/${uid}`, {
|
|
411
|
-
consent: {
|
|
412
|
-
marketing: {
|
|
413
|
-
status: 'granted',
|
|
414
|
-
grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Prior marketing grant' },
|
|
415
|
-
revokedAt: { timestamp: null, timestampUNIX: null, source: null, ip: null, text: null },
|
|
416
|
-
},
|
|
417
|
-
},
|
|
418
|
-
flags: { signupProcessed: false },
|
|
419
|
-
}, { merge: true });
|
|
420
|
-
|
|
421
|
-
const signupResponse = await http.as('consent-preserve').post('backend-manager/user/signup', {
|
|
422
|
-
consent: {
|
|
423
|
-
legal: { granted: true, text: 'Legal grant on re-fire' },
|
|
424
|
-
marketing: { granted: false, text: 'Declining marketing' },
|
|
425
|
-
},
|
|
426
|
-
});
|
|
427
|
-
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
428
|
-
|
|
429
|
-
const userDoc = await firestore.get(`users/${uid}`);
|
|
430
|
-
|
|
431
|
-
// Legal newly granted this call.
|
|
432
|
-
assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status should be granted from this call');
|
|
433
|
-
// Marketing was already granted; an explicit decline must NOT downgrade it.
|
|
434
|
-
assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'marketing.status must stay granted (decline cannot downgrade an existing grant on signup path)');
|
|
435
|
-
assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, 'Prior marketing grant', 'marketing grant must be the preserved original');
|
|
436
|
-
},
|
|
437
|
-
},
|
|
438
|
-
|
|
439
|
-
// --- buildUserRecord layered deep-merge tests ---
|
|
440
|
-
// The signup write must: (a) fill every schema leaf so the doc is complete (no migration
|
|
441
|
-
// churn), (b) PRESERVE existing real values (api keys, subscription, roles, affiliate.code,
|
|
442
|
-
// custom non-schema fields), and (c) apply the signup data on top — without Firestore's
|
|
443
|
-
// map-replace wiping nested data. These tests seed adversarial existing state and verify.
|
|
444
|
-
{
|
|
445
|
-
name: 'merge-preserves-existing-and-fills-schema',
|
|
446
|
-
async run({ http, firestore, assert, accounts }) {
|
|
447
|
-
const uid = accounts['signup-merge'].uid;
|
|
448
|
-
|
|
449
|
-
// Capture the REAL api keys onCreate generated — the signup write must preserve these
|
|
450
|
-
// exactly (regenerating them would break the user's API access AND this test's auth,
|
|
451
|
-
// since http.as() authenticates with api.privateKey). We assert against the real values,
|
|
452
|
-
// NOT a seeded fake (seeding a fake privateKey would 401 the request).
|
|
453
|
-
const before = await firestore.get(`users/${uid}`);
|
|
454
|
-
const realClientId = before?.api?.clientId;
|
|
455
|
-
const realPrivateKey = before?.api?.privateKey;
|
|
456
|
-
const realAffiliateCode = before?.affiliate?.code;
|
|
457
|
-
|
|
458
|
-
// Seed adversarial NON-auth state the signup write must NOT clobber: a paid subscription,
|
|
459
|
-
// admin role, a custom non-schema field, and a deliberately PARTIAL attribution (only
|
|
460
|
-
// affiliate.code) to prove leaves get filled, not replaced-away. We do NOT touch api.* —
|
|
461
|
-
// that's the auth credential and is asserted-preserved via the captured real values.
|
|
462
|
-
await firestore.set(`users/${uid}`, {
|
|
463
|
-
subscription: { product: { id: 'pro', name: 'Pro' }, status: 'active' },
|
|
464
|
-
roles: { admin: true, betaTester: false, developer: false },
|
|
465
|
-
attribution: { affiliate: { code: 'PARTIALONLY' } },
|
|
466
|
-
myCustomIntegration: { slackWebhook: 'https://hooks.slack.com/services/XXX' },
|
|
467
|
-
}, { merge: true });
|
|
468
|
-
|
|
469
|
-
const signupResponse = await http.as('signup-merge').post('backend-manager/user/signup', {
|
|
470
|
-
consent: { legal: { granted: true, text: 'I agree.' }, marketing: { granted: true, text: 'Updates please.' } },
|
|
471
|
-
attribution: { utm: { tags: { utm_source: 'newsletter' } } },
|
|
472
|
-
});
|
|
473
|
-
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
474
|
-
|
|
475
|
-
const doc = await firestore.get(`users/${uid}`);
|
|
476
|
-
|
|
477
|
-
// (b) Existing real values must survive untouched — NOT regenerated/reset by the schema layer.
|
|
478
|
-
assert.equal(doc?.api?.clientId, realClientId, 'api.clientId must be preserved (not regenerated)');
|
|
479
|
-
assert.equal(doc?.api?.privateKey, realPrivateKey, 'api.privateKey must be preserved (not regenerated)');
|
|
480
|
-
assert.equal(doc?.affiliate?.code, realAffiliateCode, 'affiliate.code must be preserved (not regenerated)');
|
|
481
|
-
assert.equal(doc?.subscription?.product?.id, 'pro', 'subscription must be preserved (not reset to basic)');
|
|
482
|
-
assert.equal(doc?.roles?.admin, true, 'roles.admin must be preserved (not reset to false)');
|
|
483
|
-
|
|
484
|
-
// (b) Custom non-schema field must survive the merge.
|
|
485
|
-
assert.equal(doc?.myCustomIntegration?.slackWebhook, 'https://hooks.slack.com/services/XXX', 'custom non-schema field must survive');
|
|
486
|
-
|
|
487
|
-
// (a) Every attribution leaf must be present (the bug: partial write flattened the map).
|
|
488
|
-
assert.hasProperty(doc, 'attribution.affiliate.code', 'attribution.affiliate.code must exist');
|
|
489
|
-
assert.hasProperty(doc, 'attribution.affiliate.url', 'attribution.affiliate.url must exist (filled)');
|
|
490
|
-
assert.hasProperty(doc, 'attribution.affiliate.page', 'attribution.affiliate.page must exist (filled)');
|
|
491
|
-
assert.hasProperty(doc, 'attribution.affiliate.timestamp', 'attribution.affiliate.timestamp must exist (filled)');
|
|
492
|
-
assert.hasProperty(doc, 'attribution.utm.url', 'attribution.utm.url must exist (filled)');
|
|
493
|
-
assert.hasProperty(doc, 'attribution.utm.page', 'attribution.utm.page must exist (filled)');
|
|
494
|
-
assert.hasProperty(doc, 'attribution.utm.timestamp', 'attribution.utm.timestamp must exist (filled)');
|
|
495
|
-
// filled leaves should be null, not undefined/missing
|
|
496
|
-
assert.equal(doc?.attribution?.affiliate?.url, null, 'unset attribution leaf should be null');
|
|
497
|
-
|
|
498
|
-
// (c) Signup data applied on top.
|
|
499
|
-
assert.equal(doc?.attribution?.affiliate?.code, 'PARTIALONLY', 'pre-existing affiliate.code preserved (signup did not send one)');
|
|
500
|
-
assert.equal(doc?.attribution?.utm?.tags?.utm_source, 'newsletter', 'signup utm tag applied');
|
|
501
|
-
assert.equal(doc?.flags?.signupProcessed, true, 'flags.signupProcessed set true');
|
|
502
|
-
assert.equal(doc?.consent?.legal?.status, 'granted', 'consent applied');
|
|
503
|
-
},
|
|
504
|
-
},
|
|
505
|
-
{
|
|
506
|
-
name: 'merge-fills-all-leaves-on-schema-complete-doc',
|
|
507
|
-
async run({ http, firestore, assert, accounts }) {
|
|
508
|
-
// Sanity: after signup, the doc must contain the full set of top-level schema sections,
|
|
509
|
-
// so a subsequent migration finds NOTHING to backfill. Reuses the signup-merge account
|
|
510
|
-
// (already processed above → re-fire is rejected, but the doc from the prior test is the
|
|
511
|
-
// artifact we assert against; this test just validates that doc's completeness).
|
|
512
|
-
const uid = accounts['signup-merge'].uid;
|
|
513
|
-
const doc = await firestore.get(`users/${uid}`);
|
|
514
|
-
|
|
515
|
-
for (const section of ['auth', 'roles', 'flags', 'affiliate', 'metadata', 'activity', 'api', 'personal', 'attribution', 'consent', 'subscription']) {
|
|
516
|
-
assert.hasProperty(doc, section, `doc must have top-level '${section}' section after signup`);
|
|
517
|
-
}
|
|
518
|
-
// Nested completeness spot-checks across the sections signup writes.
|
|
519
|
-
assert.hasProperty(doc, 'activity.geolocation.ip', 'activity.geolocation.ip must exist');
|
|
520
|
-
assert.hasProperty(doc, 'activity.client.userAgent', 'activity.client.userAgent must exist');
|
|
521
|
-
assert.hasProperty(doc, 'personal.name.first', 'personal.name.first must exist');
|
|
522
|
-
assert.hasProperty(doc, 'consent.marketing.revokedAt.source', 'consent.marketing.revokedAt.source must exist');
|
|
523
|
-
assert.hasProperty(doc, 'metadata.created.timestampUNIX', 'metadata.created.timestampUNIX must exist');
|
|
524
|
-
},
|
|
525
|
-
},
|
|
526
|
-
|
|
527
|
-
// --- Auth rejection test (at end per convention) ---
|
|
528
|
-
{
|
|
529
|
-
name: 'unauthenticated-rejected',
|
|
530
|
-
async run({ http, assert }) {
|
|
531
|
-
// Try to call POST /user/signup without authentication
|
|
532
|
-
const signupResponse = await http.as('none').post('backend-manager/user/signup', {
|
|
533
|
-
attribution: {
|
|
534
|
-
affiliate: { code: REFERRER_AFFILIATE_CODE },
|
|
535
|
-
},
|
|
536
|
-
});
|
|
537
|
-
|
|
538
|
-
assert.isError(signupResponse, 401, 'Signup should fail without authentication');
|
|
539
|
-
},
|
|
540
|
-
},
|
|
541
|
-
],
|
|
542
|
-
};
|
|
@@ -1,99 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Test: GET /user/subscription
|
|
3
|
-
* Tests the user get subscription info endpoint
|
|
4
|
-
* Returns subscription details for authenticated users
|
|
5
|
-
*/
|
|
6
|
-
module.exports = {
|
|
7
|
-
description: 'User get subscription info',
|
|
8
|
-
type: 'group',
|
|
9
|
-
tests: [
|
|
10
|
-
// Test 1: Basic user can get subscription info
|
|
11
|
-
{
|
|
12
|
-
name: 'basic-user-succeeds',
|
|
13
|
-
auth: 'basic',
|
|
14
|
-
timeout: 15000,
|
|
15
|
-
|
|
16
|
-
async run({ http, assert }) {
|
|
17
|
-
const response = await http.get('backend-manager/user/subscription', {});
|
|
18
|
-
|
|
19
|
-
assert.isSuccess(response, 'Get subscription info should succeed for authenticated user');
|
|
20
|
-
assert.hasProperty(response, 'data.subscription', 'Response should contain subscription object');
|
|
21
|
-
assert.hasProperty(response, 'data.subscription.product.id', 'Subscription should have id');
|
|
22
|
-
assert.hasProperty(response, 'data.subscription.expires', 'Subscription should have expires');
|
|
23
|
-
assert.hasProperty(response, 'data.subscription.trial', 'Subscription should have trial info');
|
|
24
|
-
assert.hasProperty(response, 'data.subscription.payment', 'Subscription should have payment info');
|
|
25
|
-
},
|
|
26
|
-
},
|
|
27
|
-
|
|
28
|
-
// Test 2: Subscription has correct structure
|
|
29
|
-
{
|
|
30
|
-
name: 'subscription-structure-valid',
|
|
31
|
-
auth: 'basic',
|
|
32
|
-
timeout: 15000,
|
|
33
|
-
|
|
34
|
-
async run({ http, assert }) {
|
|
35
|
-
const response = await http.get('backend-manager/user/subscription', {});
|
|
36
|
-
|
|
37
|
-
assert.isSuccess(response, 'Get subscription info should succeed');
|
|
38
|
-
|
|
39
|
-
const subscription = response.data.subscription;
|
|
40
|
-
|
|
41
|
-
// Check expires structure
|
|
42
|
-
assert.hasProperty(response, 'data.subscription.expires.timestamp', 'expires should have timestamp');
|
|
43
|
-
assert.hasProperty(response, 'data.subscription.expires.timestampUNIX', 'expires should have timestampUNIX');
|
|
44
|
-
|
|
45
|
-
// Check trial structure
|
|
46
|
-
assert.ok(
|
|
47
|
-
typeof subscription.trial.claimed === 'boolean',
|
|
48
|
-
'trial.claimed should be boolean'
|
|
49
|
-
);
|
|
50
|
-
|
|
51
|
-
// Check payment structure
|
|
52
|
-
assert.hasProperty(response, 'data.subscription.payment', 'subscription should have payment');
|
|
53
|
-
},
|
|
54
|
-
},
|
|
55
|
-
|
|
56
|
-
// Test 3: Premium user has active subscription
|
|
57
|
-
{
|
|
58
|
-
name: 'premium-user-has-active-subscription',
|
|
59
|
-
auth: 'premium-active',
|
|
60
|
-
timeout: 15000,
|
|
61
|
-
|
|
62
|
-
async run({ http, assert }) {
|
|
63
|
-
const response = await http.get('backend-manager/user/subscription', {});
|
|
64
|
-
|
|
65
|
-
assert.isSuccess(response, 'Get subscription info should succeed for premium user');
|
|
66
|
-
assert.hasProperty(response, 'data.subscription.product.id', 'Premium user should have subscription id');
|
|
67
|
-
assert.hasProperty(response, 'data.subscription.payment', 'Premium user should have payment info');
|
|
68
|
-
},
|
|
69
|
-
},
|
|
70
|
-
|
|
71
|
-
// Test 4: Expired premium user still gets info
|
|
72
|
-
{
|
|
73
|
-
name: 'expired-premium-returns-info',
|
|
74
|
-
auth: 'premium-expired',
|
|
75
|
-
timeout: 15000,
|
|
76
|
-
|
|
77
|
-
async run({ http, assert }) {
|
|
78
|
-
const response = await http.get('backend-manager/user/subscription', {});
|
|
79
|
-
|
|
80
|
-
assert.isSuccess(response, 'Get subscription info should succeed for expired premium');
|
|
81
|
-
assert.hasProperty(response, 'data.subscription.product.id', 'Should still have subscription id');
|
|
82
|
-
assert.hasProperty(response, 'data.subscription.expires.timestampUNIX', 'Should have expires timestamp');
|
|
83
|
-
},
|
|
84
|
-
},
|
|
85
|
-
|
|
86
|
-
// Test 5: Unauthenticated request fails
|
|
87
|
-
{
|
|
88
|
-
name: 'unauthenticated-rejected',
|
|
89
|
-
auth: 'none',
|
|
90
|
-
timeout: 15000,
|
|
91
|
-
|
|
92
|
-
async run({ http, assert }) {
|
|
93
|
-
const response = await http.get('backend-manager/user/subscription', {});
|
|
94
|
-
|
|
95
|
-
assert.isError(response, 401, 'Get subscription info should fail without authentication');
|
|
96
|
-
},
|
|
97
|
-
},
|
|
98
|
-
],
|
|
99
|
-
};
|