backend-manager 5.9.7 → 5.9.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +5 -3
- package/templates/_.env +42 -0
- package/templates/_.gitignore +60 -0
- package/templates/backend-manager-config.json +249 -0
- package/templates/database.rules.json +83 -0
- package/templates/firebase.json +66 -0
- package/templates/firestore.indexes.json +4 -0
- package/templates/firestore.rules +112 -0
- package/templates/public/404.html +26 -0
- package/templates/public/index.html +24 -0
- package/templates/remoteconfig.template.json +1 -0
- package/templates/storage-lifecycle-config-1-day.json +9 -0
- package/templates/storage-lifecycle-config-30-days.json +9 -0
- package/templates/storage.rules +8 -0
- package/test/_init/accounts-validation.js +58 -0
- package/test/_legacy/ai/index.js +231 -0
- package/test/_legacy/ai/test.jpg +0 -0
- package/test/_legacy/ai/test.pdf +0 -0
- package/test/_legacy/index.js +31 -0
- package/test/_legacy/payment-resolver/chargebee/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/chargebee/orders/unpaid.json +98 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/active.json +578 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-in-trial.json +38 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-skipped-to-active.json +135 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active-to-cancelled.json +42 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-active.json +44 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-cancelled.json +39 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-refund.json +143 -0
- package/test/_legacy/payment-resolver/chargebee/subscriptions/trial-to-suspended.json +48 -0
- package/test/_legacy/payment-resolver/coinbase/orders/regular.json +204 -0
- package/test/_legacy/payment-resolver/coinbase/subscriptions/cancelled.json +204 -0
- package/test/_legacy/payment-resolver/coinbase/subscriptions/paid-2.json +125 -0
- package/test/_legacy/payment-resolver/index.js +1558 -0
- package/test/_legacy/payment-resolver/paypal/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/paypal/orders/regular.json +120 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/active-refund-previous-stmnt.json +323 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/active.json +192 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-in-trial.json +125 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-not-complete.json +76 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue-2.json +114 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-payment-overdue.json +114 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active-to-cancelled.json +111 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-active.json +132 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-cancelled.json +107 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-expired.json +91 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-refund.json +147 -0
- package/test/_legacy/payment-resolver/paypal/subscriptions/trial-to-suspended.json +120 -0
- package/test/_legacy/payment-resolver/stripe/orders/refunded.json +0 -0
- package/test/_legacy/payment-resolver/stripe/orders/regular.json +91 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/active.json +421 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-in-trial.json +349 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active-failed-authorization.json +430 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-active.json +319 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-cancelled.json +319 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-refund.json +414 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/trial-to-suspended.json +319 -0
- package/test/_legacy/payment-resolver/stripe/subscriptions/unsure.json +339 -0
- package/test/_legacy/test-new +1178 -0
- package/test/_legacy/test.md +89 -0
- package/test/_legacy/usage.js +175 -0
- package/test/_legacy/user.js +31 -0
- package/test/ai/tools-live.js +170 -0
- package/test/boot/emulator-boots.js +37 -0
- package/test/content/blog-generate.js +160 -0
- package/test/email/campaign-send.js +45 -0
- package/test/email/consent-lifecycle.js +257 -0
- package/test/email/feedback-and-plain-send.js +52 -0
- package/test/email/fixtures/clean.json +30 -0
- package/test/email/fixtures/editorial.json +30 -0
- package/test/email/fixtures/field-report.json +53 -0
- package/test/email/marketing-lifecycle.js +132 -0
- package/test/email/newsletter-generate.js +819 -0
- package/test/email/newsletter-templates.js +491 -0
- package/test/email/templates.js +207 -0
- package/test/email/transactional-send.js +34 -0
- package/test/email/transactional.js +560 -0
- package/test/email/validation.js +710 -0
- package/test/events/auth-delete-race.js +201 -0
- package/test/events/payments/journey-payments-cancel-endpoint.js +100 -0
- package/test/events/payments/journey-payments-cancel.js +182 -0
- package/test/events/payments/journey-payments-discount.js +89 -0
- package/test/events/payments/journey-payments-failure.js +146 -0
- package/test/events/payments/journey-payments-legacy-product.js +149 -0
- package/test/events/payments/journey-payments-one-time-failure.js +111 -0
- package/test/events/payments/journey-payments-one-time.js +136 -0
- package/test/events/payments/journey-payments-plan-change.js +144 -0
- package/test/events/payments/journey-payments-refund-webhook.js +180 -0
- package/test/events/payments/journey-payments-suspend.js +181 -0
- package/test/events/payments/journey-payments-trial-cancel.js +130 -0
- package/test/events/payments/journey-payments-trial.js +171 -0
- package/test/events/payments/journey-payments-uid-resolution.js +132 -0
- package/test/events/payments/journey-payments-upgrade.js +135 -0
- package/test/fixtures/chargebee/invoice-one-time.json +27 -0
- package/test/fixtures/chargebee/subscription-active.json +44 -0
- package/test/fixtures/chargebee/subscription-cancelled.json +42 -0
- package/test/fixtures/chargebee/subscription-in-trial.json +41 -0
- package/test/fixtures/chargebee/subscription-legacy-plan.json +41 -0
- package/test/fixtures/chargebee/subscription-non-renewing.json +41 -0
- package/test/fixtures/chargebee/subscription-paused.json +42 -0
- package/test/fixtures/chargebee/webhook-payment-failed.json +51 -0
- package/test/fixtures/chargebee/webhook-subscription-created.json +47 -0
- package/test/fixtures/paypal/order-approved.json +62 -0
- package/test/fixtures/paypal/order-completed.json +110 -0
- package/test/fixtures/paypal/subscription-active.json +76 -0
- package/test/fixtures/paypal/subscription-cancelled.json +50 -0
- package/test/fixtures/paypal/subscription-suspended.json +65 -0
- package/test/fixtures/stripe/checkout-session-completed.json +130 -0
- package/test/fixtures/stripe/invoice-payment-failed.json +148 -0
- package/test/fixtures/stripe/invoice-subscription-payment-failed.json +28 -0
- package/test/fixtures/stripe/subscription-active.json +161 -0
- package/test/fixtures/stripe/subscription-canceled.json +161 -0
- package/test/fixtures/stripe/subscription-trialing.json +161 -0
- package/test/functions/admin/database-read.js +134 -0
- package/test/functions/admin/database-write.js +159 -0
- package/test/functions/admin/edit-post.js +366 -0
- package/test/functions/admin/firestore-query.js +207 -0
- package/test/functions/admin/firestore-read.js +129 -0
- package/test/functions/admin/firestore-write.js +105 -0
- package/test/functions/admin/get-stats.js +115 -0
- package/test/functions/admin/send-email.js +119 -0
- package/test/functions/admin/send-notification.js +208 -0
- package/test/functions/admin/write-repo-content.js +223 -0
- package/test/functions/general/add-marketing-contact.js +335 -0
- package/test/functions/general/fetch-post.js +54 -0
- package/test/functions/general/generate-uuid.js +114 -0
- package/test/functions/test/authenticate.js +64 -0
- package/test/functions/user/create-custom-token.js +73 -0
- package/test/functions/user/delete.js +135 -0
- package/test/functions/user/get-active-sessions.js +111 -0
- package/test/functions/user/get-subscription-info.js +99 -0
- package/test/functions/user/regenerate-api-keys.js +156 -0
- package/test/functions/user/resolve.js +52 -0
- package/test/functions/user/sign-out-all-sessions.js +94 -0
- package/test/functions/user/sign-up.js +252 -0
- package/test/functions/user/submit-feedback.js +104 -0
- package/test/functions/user/validate-settings.js +82 -0
- package/test/helpers/ai-request-payload.js +300 -0
- package/test/helpers/ai-test-provider.js +202 -0
- package/test/helpers/ai-tools-format.js +383 -0
- package/test/helpers/content/blog-auto-publisher.js +484 -0
- package/test/helpers/content/feed-parser.js +528 -0
- package/test/helpers/content/ghostii-blocks.js +134 -0
- package/test/helpers/content/ghostii-feed-integration.js +404 -0
- package/test/helpers/content/ghostii-write-article.js +243 -0
- package/test/helpers/environment.js +230 -0
- package/test/helpers/infer-contact.js +113 -0
- package/test/helpers/merge-line-files.js +271 -0
- package/test/helpers/payment/chargebee/parse-webhook.js +413 -0
- package/test/helpers/payment/chargebee/to-unified-one-time.js +147 -0
- package/test/helpers/payment/chargebee/to-unified-subscription.js +648 -0
- package/test/helpers/payment/paypal/parse-webhook.js +539 -0
- package/test/helpers/payment/paypal/to-unified-one-time.js +382 -0
- package/test/helpers/payment/paypal/to-unified-subscription.js +820 -0
- package/test/helpers/payment/stripe/parse-webhook.js +447 -0
- package/test/helpers/payment/stripe/to-unified-one-time.js +306 -0
- package/test/helpers/payment/stripe/to-unified-subscription.js +708 -0
- package/test/helpers/sanitize.js +222 -0
- package/test/helpers/slugify.js +394 -0
- package/test/helpers/storage.js +194 -0
- package/test/helpers/user.js +755 -0
- package/test/helpers/webhook-forward.js +418 -0
- package/test/mcp/discovery.js +53 -0
- package/test/mcp/oauth.js +161 -0
- package/test/mcp/protocol.js +268 -0
- package/test/mcp/roles.js +188 -0
- package/test/mcp/utils.js +245 -0
- package/test/routes/admin/create-post.js +364 -0
- package/test/routes/admin/database.js +131 -0
- package/test/routes/admin/deduplicate-image-alts.js +190 -0
- package/test/routes/admin/email.js +114 -0
- package/test/routes/admin/firestore-query.js +204 -0
- package/test/routes/admin/firestore.js +127 -0
- package/test/routes/admin/infer-contact.js +218 -0
- package/test/routes/admin/notification.js +198 -0
- package/test/routes/admin/post-resize-image.js +184 -0
- package/test/routes/admin/post.js +368 -0
- package/test/routes/admin/repo-content.js +223 -0
- package/test/routes/admin/stats.js +112 -0
- package/test/routes/content/post.js +54 -0
- package/test/routes/general/uuid.js +115 -0
- package/test/routes/marketing/campaign.js +125 -0
- package/test/routes/marketing/contact.js +370 -0
- package/test/routes/marketing/email-preferences.js +292 -0
- package/test/routes/marketing/push-send.js +32 -0
- package/test/routes/marketing/webhook-forward.js +61 -0
- package/test/routes/marketing/webhook.js +639 -0
- package/test/routes/payments/cancel.js +163 -0
- package/test/routes/payments/discount.js +80 -0
- package/test/routes/payments/dispute-alert.js +320 -0
- package/test/routes/payments/intent.js +336 -0
- package/test/routes/payments/portal.js +92 -0
- package/test/routes/payments/refund.js +179 -0
- package/test/routes/payments/trial-eligibility.js +71 -0
- package/test/routes/payments/webhook.js +107 -0
- package/test/routes/test/authenticate.js +59 -0
- package/test/routes/test/schema.js +554 -0
- package/test/routes/test/usage.js +342 -0
- package/test/routes/user/api-keys.js +156 -0
- package/test/routes/user/delete.js +136 -0
- package/test/routes/user/feedback.js +104 -0
- package/test/routes/user/sessions.js +199 -0
- package/test/routes/user/settings-validate.js +82 -0
- package/test/routes/user/signup.js +542 -0
- package/test/routes/user/subscription.js +99 -0
- package/test/routes/user/token.js +73 -0
- package/test/routes/user/user.js +157 -0
- package/test/rules/notifications.js +410 -0
- package/test/rules/payments-carts.js +371 -0
- package/test/rules/user.js +396 -0
|
@@ -0,0 +1,342 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Test: POST /test/usage
|
|
3
|
+
* Tests the usage tracking API
|
|
4
|
+
* This is a suite because we need to track state and verify increments
|
|
5
|
+
*/
|
|
6
|
+
module.exports = {
|
|
7
|
+
description: 'Usage tracking API',
|
|
8
|
+
type: 'suite',
|
|
9
|
+
timeout: 30000,
|
|
10
|
+
|
|
11
|
+
tests: [
|
|
12
|
+
// Test 1: Store initial usage state
|
|
13
|
+
{
|
|
14
|
+
name: 'store-initial-usage',
|
|
15
|
+
async run({ firestore, assert, state, accounts }) {
|
|
16
|
+
// Get the basic account's current usage to track changes
|
|
17
|
+
const userDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
18
|
+
|
|
19
|
+
state.initialUsage = userDoc?.usage || {};
|
|
20
|
+
|
|
21
|
+
// Store initial values for requests metric (may not exist yet)
|
|
22
|
+
state.initialMonthly = state.initialUsage?.requests?.monthly || 0;
|
|
23
|
+
state.initialDaily = state.initialUsage?.requests?.daily || 0;
|
|
24
|
+
state.initialTotal = state.initialUsage?.requests?.total || 0;
|
|
25
|
+
|
|
26
|
+
assert.ok(true, 'Initial usage state captured');
|
|
27
|
+
},
|
|
28
|
+
},
|
|
29
|
+
|
|
30
|
+
// Test 2: Increment usage with default values
|
|
31
|
+
{
|
|
32
|
+
name: 'increment-default',
|
|
33
|
+
async run({ http, assert, state }) {
|
|
34
|
+
const response = await http.as('basic').post('backend-manager/test/usage', {});
|
|
35
|
+
|
|
36
|
+
assert.isSuccess(response, 'Usage increment should succeed');
|
|
37
|
+
assert.hasProperty(response, 'data.metric', 'Response should contain metric name');
|
|
38
|
+
assert.hasProperty(response, 'data.amount', 'Response should contain amount');
|
|
39
|
+
assert.hasProperty(response, 'data.before', 'Response should contain before values');
|
|
40
|
+
assert.hasProperty(response, 'data.after', 'Response should contain after values');
|
|
41
|
+
|
|
42
|
+
// Verify defaults
|
|
43
|
+
assert.equal(response.data.metric, 'requests', 'Metric should be requests');
|
|
44
|
+
assert.equal(response.data.amount, 1, 'Default amount should be 1');
|
|
45
|
+
|
|
46
|
+
// Verify monthly incremented
|
|
47
|
+
assert.equal(
|
|
48
|
+
response.data.after.monthly,
|
|
49
|
+
response.data.before.monthly + 1,
|
|
50
|
+
'Monthly should be incremented by 1'
|
|
51
|
+
);
|
|
52
|
+
|
|
53
|
+
// Verify daily incremented
|
|
54
|
+
assert.equal(
|
|
55
|
+
response.data.after.daily,
|
|
56
|
+
response.data.before.daily + 1,
|
|
57
|
+
'Daily should be incremented by 1'
|
|
58
|
+
);
|
|
59
|
+
|
|
60
|
+
// Verify total incremented
|
|
61
|
+
assert.equal(
|
|
62
|
+
response.data.after.total,
|
|
63
|
+
response.data.before.total + 1,
|
|
64
|
+
'Total should be incremented by 1'
|
|
65
|
+
);
|
|
66
|
+
|
|
67
|
+
// Store for next test
|
|
68
|
+
state.afterFirstIncrement = response.data.after;
|
|
69
|
+
},
|
|
70
|
+
},
|
|
71
|
+
|
|
72
|
+
// Test 3: Verify usage persisted to Firestore
|
|
73
|
+
{
|
|
74
|
+
name: 'verify-usage-persisted',
|
|
75
|
+
async run({ firestore, assert, state, accounts }) {
|
|
76
|
+
const userDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
77
|
+
|
|
78
|
+
assert.ok(userDoc?.usage, 'User should have usage object');
|
|
79
|
+
assert.ok(userDoc?.usage?.requests, 'User should have requests usage');
|
|
80
|
+
|
|
81
|
+
assert.equal(
|
|
82
|
+
userDoc.usage.requests.monthly,
|
|
83
|
+
state.afterFirstIncrement.monthly,
|
|
84
|
+
'Persisted monthly should match API response'
|
|
85
|
+
);
|
|
86
|
+
assert.equal(
|
|
87
|
+
userDoc.usage.requests.daily,
|
|
88
|
+
state.afterFirstIncrement.daily,
|
|
89
|
+
'Persisted daily should match API response'
|
|
90
|
+
);
|
|
91
|
+
assert.equal(
|
|
92
|
+
userDoc.usage.requests.total,
|
|
93
|
+
state.afterFirstIncrement.total,
|
|
94
|
+
'Persisted total should match API response'
|
|
95
|
+
);
|
|
96
|
+
|
|
97
|
+
// Verify last timestamp exists
|
|
98
|
+
assert.ok(userDoc.usage.requests.last, 'Should have last object');
|
|
99
|
+
assert.ok(userDoc.usage.requests.last.timestamp, 'Should have last.timestamp');
|
|
100
|
+
assert.ok(userDoc.usage.requests.last.timestampUNIX, 'Should have last.timestampUNIX');
|
|
101
|
+
},
|
|
102
|
+
},
|
|
103
|
+
|
|
104
|
+
// Test 4: Increment with custom amount
|
|
105
|
+
{
|
|
106
|
+
name: 'increment-custom-amount',
|
|
107
|
+
async run({ http, assert, state }) {
|
|
108
|
+
const response = await http.as('basic').post('backend-manager/test/usage', {
|
|
109
|
+
amount: 5,
|
|
110
|
+
});
|
|
111
|
+
|
|
112
|
+
assert.isSuccess(response, 'Custom amount increment should succeed');
|
|
113
|
+
assert.equal(response.data.amount, 5, 'Amount should be 5');
|
|
114
|
+
|
|
115
|
+
// Verify all counters incremented by 5
|
|
116
|
+
assert.equal(
|
|
117
|
+
response.data.after.monthly,
|
|
118
|
+
response.data.before.monthly + 5,
|
|
119
|
+
'Monthly should be incremented by 5'
|
|
120
|
+
);
|
|
121
|
+
assert.equal(
|
|
122
|
+
response.data.after.daily,
|
|
123
|
+
response.data.before.daily + 5,
|
|
124
|
+
'Daily should be incremented by 5'
|
|
125
|
+
);
|
|
126
|
+
assert.equal(
|
|
127
|
+
response.data.after.total,
|
|
128
|
+
response.data.before.total + 5,
|
|
129
|
+
'Total should be incremented by 5'
|
|
130
|
+
);
|
|
131
|
+
|
|
132
|
+
state.afterCustomAmount = response.data.after;
|
|
133
|
+
},
|
|
134
|
+
},
|
|
135
|
+
|
|
136
|
+
// Test 5: Verify custom amount persisted
|
|
137
|
+
{
|
|
138
|
+
name: 'verify-custom-amount-persisted',
|
|
139
|
+
async run({ firestore, assert, state, accounts }) {
|
|
140
|
+
const userDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
141
|
+
|
|
142
|
+
assert.ok(userDoc?.usage?.requests, 'User should have requests usage');
|
|
143
|
+
|
|
144
|
+
assert.equal(
|
|
145
|
+
userDoc.usage.requests.monthly,
|
|
146
|
+
state.afterCustomAmount.monthly,
|
|
147
|
+
'Requests monthly should be persisted'
|
|
148
|
+
);
|
|
149
|
+
assert.equal(
|
|
150
|
+
userDoc.usage.requests.daily,
|
|
151
|
+
state.afterCustomAmount.daily,
|
|
152
|
+
'Requests daily should be persisted'
|
|
153
|
+
);
|
|
154
|
+
assert.equal(
|
|
155
|
+
userDoc.usage.requests.total,
|
|
156
|
+
state.afterCustomAmount.total,
|
|
157
|
+
'Requests total should be persisted'
|
|
158
|
+
);
|
|
159
|
+
},
|
|
160
|
+
},
|
|
161
|
+
|
|
162
|
+
// Test 6: Multiple increments accumulate
|
|
163
|
+
{
|
|
164
|
+
name: 'multiple-increments-accumulate',
|
|
165
|
+
async run({ http, assert, state }) {
|
|
166
|
+
// First increment
|
|
167
|
+
const response1 = await http.as('basic').post('backend-manager/test/usage', {});
|
|
168
|
+
|
|
169
|
+
assert.isSuccess(response1, 'First increment should succeed');
|
|
170
|
+
|
|
171
|
+
// Second increment
|
|
172
|
+
const response2 = await http.as('basic').post('backend-manager/test/usage', {});
|
|
173
|
+
|
|
174
|
+
assert.isSuccess(response2, 'Second increment should succeed');
|
|
175
|
+
|
|
176
|
+
// Third increment with custom amount
|
|
177
|
+
const response3 = await http.as('basic').post('backend-manager/test/usage', {
|
|
178
|
+
amount: 3,
|
|
179
|
+
});
|
|
180
|
+
|
|
181
|
+
assert.isSuccess(response3, 'Third increment should succeed');
|
|
182
|
+
|
|
183
|
+
// Verify accumulation: should be initial + 1 (test 2) + 5 (test 4) + 1 + 1 + 3 = initial + 11
|
|
184
|
+
const expectedMonthly = state.initialMonthly + 11;
|
|
185
|
+
const expectedDaily = state.initialDaily + 11;
|
|
186
|
+
const expectedTotal = state.initialTotal + 11;
|
|
187
|
+
|
|
188
|
+
assert.equal(
|
|
189
|
+
response3.data.after.monthly,
|
|
190
|
+
expectedMonthly,
|
|
191
|
+
`Monthly should accumulate to ${expectedMonthly}`
|
|
192
|
+
);
|
|
193
|
+
assert.equal(
|
|
194
|
+
response3.data.after.daily,
|
|
195
|
+
expectedDaily,
|
|
196
|
+
`Daily should accumulate to ${expectedDaily}`
|
|
197
|
+
);
|
|
198
|
+
assert.equal(
|
|
199
|
+
response3.data.after.total,
|
|
200
|
+
expectedTotal,
|
|
201
|
+
`Total should accumulate to ${expectedTotal}`
|
|
202
|
+
);
|
|
203
|
+
},
|
|
204
|
+
},
|
|
205
|
+
|
|
206
|
+
// Test 7: Unauthenticated usage tracks by IP in usage collection
|
|
207
|
+
{
|
|
208
|
+
name: 'unauthenticated-usage-by-ip',
|
|
209
|
+
async run({ http, assert, state }) {
|
|
210
|
+
// Unauthenticated requests use IP as key (no proxy headers in emulator, so falls back to 'unknown')
|
|
211
|
+
state.unauthKey = 'unknown';
|
|
212
|
+
|
|
213
|
+
const response = await http.as('none').post('backend-manager/test/usage', {});
|
|
214
|
+
|
|
215
|
+
assert.isSuccess(response, 'Unauthenticated usage increment should succeed');
|
|
216
|
+
assert.equal(response.data.authenticated, false, 'Should report as unauthenticated');
|
|
217
|
+
assert.equal(response.data.key, state.unauthKey, 'Key should be unknown');
|
|
218
|
+
|
|
219
|
+
// Verify all counters incremented
|
|
220
|
+
assert.equal(response.data.after.monthly, response.data.before.monthly + 1, 'Monthly should increment by 1');
|
|
221
|
+
assert.equal(response.data.after.daily, response.data.before.daily + 1, 'Daily should increment by 1');
|
|
222
|
+
|
|
223
|
+
state.unauthMonthly = response.data.after.monthly;
|
|
224
|
+
},
|
|
225
|
+
},
|
|
226
|
+
|
|
227
|
+
// Test 8: Verify unauthenticated usage persisted to usage collection
|
|
228
|
+
{
|
|
229
|
+
name: 'verify-unauthenticated-usage-persisted',
|
|
230
|
+
async run({ firestore, assert, state }) {
|
|
231
|
+
const usageDoc = await firestore.get(`usage/${state.unauthKey}`);
|
|
232
|
+
|
|
233
|
+
assert.ok(usageDoc, 'Usage doc should exist in usage collection');
|
|
234
|
+
assert.ok(usageDoc?.requests, 'Usage doc should have the requests metric');
|
|
235
|
+
assert.equal(usageDoc.requests.monthly, state.unauthMonthly, 'Persisted monthly should match');
|
|
236
|
+
},
|
|
237
|
+
},
|
|
238
|
+
|
|
239
|
+
// Test 9: Cron resets daily counters for authenticated users
|
|
240
|
+
{
|
|
241
|
+
name: 'cron-resets-daily-counters',
|
|
242
|
+
// bm_cronDaily runs all daily jobs serially; reset-usage is at the end of
|
|
243
|
+
// the alphabetical sequence. In EXTENDED mode the real-API jobs ahead of
|
|
244
|
+
// it can take ~50s combined — override the suite's 30s default.
|
|
245
|
+
timeout: 75000,
|
|
246
|
+
async run({ assert, firestore, state, accounts, waitFor, pubsub }) {
|
|
247
|
+
// Verify daily counter is > 0 before cron
|
|
248
|
+
const beforeDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
249
|
+
assert.ok(beforeDoc?.usage?.requests?.daily > 0, 'Daily counter should be > 0 before cron');
|
|
250
|
+
|
|
251
|
+
// Store monthly and total before cron (should NOT be reset by daily cron)
|
|
252
|
+
state.monthlyBeforeCron = beforeDoc.usage.requests.monthly;
|
|
253
|
+
state.totalBeforeCron = beforeDoc.usage.requests.total;
|
|
254
|
+
|
|
255
|
+
// Trigger cron via PubSub
|
|
256
|
+
await pubsub.trigger('bm_cronDaily');
|
|
257
|
+
|
|
258
|
+
// Wait for cron to reset daily counter.
|
|
259
|
+
// bm_cronDaily executes every registered daily job sequentially. In EXTENDED
|
|
260
|
+
// mode the real-API jobs (marketing-newsletter-generate, expire-paypal-cancellations,
|
|
261
|
+
// blog-auto-publisher, etc.) can take 40-50s combined before reset-usage
|
|
262
|
+
// (alphabetical tail) gets its turn. 70s gives that the headroom it needs;
|
|
263
|
+
// the per-test `timeout` below matches.
|
|
264
|
+
try {
|
|
265
|
+
await waitFor(
|
|
266
|
+
async () => {
|
|
267
|
+
const doc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
268
|
+
return doc?.usage?.requests?.daily === 0;
|
|
269
|
+
},
|
|
270
|
+
70000,
|
|
271
|
+
500
|
|
272
|
+
);
|
|
273
|
+
assert.ok(true, 'Daily counter was reset to 0 by cron');
|
|
274
|
+
} catch (error) {
|
|
275
|
+
assert.fail('Daily counter should be reset to 0 within 70s');
|
|
276
|
+
}
|
|
277
|
+
},
|
|
278
|
+
},
|
|
279
|
+
|
|
280
|
+
// Test 10: Cron preserves monthly and total counters (non-1st of month)
|
|
281
|
+
{
|
|
282
|
+
name: 'cron-preserves-monthly-and-total',
|
|
283
|
+
async run({ assert, firestore, state, accounts }) {
|
|
284
|
+
const afterDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
285
|
+
|
|
286
|
+
assert.equal(
|
|
287
|
+
afterDoc.usage.requests.monthly,
|
|
288
|
+
state.monthlyBeforeCron,
|
|
289
|
+
'Monthly counter should be preserved after daily cron'
|
|
290
|
+
);
|
|
291
|
+
assert.equal(
|
|
292
|
+
afterDoc.usage.requests.total,
|
|
293
|
+
state.totalBeforeCron,
|
|
294
|
+
'Total counter should be preserved after daily cron'
|
|
295
|
+
);
|
|
296
|
+
},
|
|
297
|
+
},
|
|
298
|
+
|
|
299
|
+
// Test 11: Cron deletes unauthenticated usage collection
|
|
300
|
+
{
|
|
301
|
+
name: 'cron-deletes-unauthenticated-usage',
|
|
302
|
+
async run({ assert, firestore, state, waitFor }) {
|
|
303
|
+
// The cron was already triggered in test 9, so the usage collection should be deleted
|
|
304
|
+
try {
|
|
305
|
+
await waitFor(
|
|
306
|
+
async () => {
|
|
307
|
+
const doc = await firestore.get(`usage/${state.unauthKey}`);
|
|
308
|
+
return !doc;
|
|
309
|
+
},
|
|
310
|
+
10000,
|
|
311
|
+
500
|
|
312
|
+
);
|
|
313
|
+
assert.ok(true, 'Usage collection doc was deleted by cron');
|
|
314
|
+
} catch (error) {
|
|
315
|
+
assert.fail('Usage collection doc should be deleted within 10s');
|
|
316
|
+
}
|
|
317
|
+
},
|
|
318
|
+
},
|
|
319
|
+
|
|
320
|
+
// Test 12: Daily counter accumulates after cron reset
|
|
321
|
+
{
|
|
322
|
+
name: 'daily-counter-accumulates-after-reset',
|
|
323
|
+
async run({ http, assert }) {
|
|
324
|
+
// After cron reset daily to 0, new increments should start from 0
|
|
325
|
+
const response = await http.as('basic').post('backend-manager/test/usage', {
|
|
326
|
+
amount: 3,
|
|
327
|
+
});
|
|
328
|
+
|
|
329
|
+
assert.isSuccess(response, 'Increment after cron reset should succeed');
|
|
330
|
+
assert.equal(response.data.before.daily, 0, 'Daily should be 0 after cron reset');
|
|
331
|
+
assert.equal(response.data.after.daily, 3, 'Daily should be 3 after increment');
|
|
332
|
+
|
|
333
|
+
// Monthly should have continued accumulating (not reset)
|
|
334
|
+
assert.equal(
|
|
335
|
+
response.data.after.monthly,
|
|
336
|
+
response.data.before.monthly + 3,
|
|
337
|
+
'Monthly should continue accumulating'
|
|
338
|
+
);
|
|
339
|
+
},
|
|
340
|
+
},
|
|
341
|
+
],
|
|
342
|
+
};
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Test: POST /user/api-keys
|
|
3
|
+
* Tests the user regenerate API keys endpoint
|
|
4
|
+
* This is a suite because we need to track state and restore original keys
|
|
5
|
+
*/
|
|
6
|
+
module.exports = {
|
|
7
|
+
description: 'User regenerate API keys',
|
|
8
|
+
type: 'suite',
|
|
9
|
+
timeout: 30000,
|
|
10
|
+
|
|
11
|
+
tests: [
|
|
12
|
+
// Test 1: Store original keys
|
|
13
|
+
{
|
|
14
|
+
name: 'store-original-keys',
|
|
15
|
+
async run({ firestore, assert, state, accounts }) {
|
|
16
|
+
// Get the basic account's current keys to restore later
|
|
17
|
+
const userDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
18
|
+
|
|
19
|
+
assert.ok(userDoc, 'User doc should exist');
|
|
20
|
+
assert.hasProperty({ data: userDoc }, 'data.api.clientId', 'User should have clientId');
|
|
21
|
+
assert.hasProperty({ data: userDoc }, 'data.api.privateKey', 'User should have privateKey');
|
|
22
|
+
|
|
23
|
+
state.originalClientId = userDoc.api.clientId;
|
|
24
|
+
state.originalPrivateKey = userDoc.api.privateKey;
|
|
25
|
+
|
|
26
|
+
assert.ok(state.originalClientId, 'Original clientId should exist');
|
|
27
|
+
assert.ok(state.originalPrivateKey, 'Original privateKey should exist');
|
|
28
|
+
},
|
|
29
|
+
},
|
|
30
|
+
|
|
31
|
+
// Test 2: Regenerate both keys (default)
|
|
32
|
+
{
|
|
33
|
+
name: 'regenerate-both-keys',
|
|
34
|
+
async run({ http, assert, state }) {
|
|
35
|
+
const response = await http.as('basic').post('backend-manager/user/api-keys', {});
|
|
36
|
+
|
|
37
|
+
assert.isSuccess(response, 'Regenerate API keys should succeed');
|
|
38
|
+
assert.hasProperty(response, 'data.clientId', 'Response should contain new clientId');
|
|
39
|
+
assert.hasProperty(response, 'data.privateKey', 'Response should contain new privateKey');
|
|
40
|
+
|
|
41
|
+
// Keys should be different from original
|
|
42
|
+
assert.notEqual(
|
|
43
|
+
response.data.clientId,
|
|
44
|
+
state.originalClientId,
|
|
45
|
+
'New clientId should be different from original'
|
|
46
|
+
);
|
|
47
|
+
assert.notEqual(
|
|
48
|
+
response.data.privateKey,
|
|
49
|
+
state.originalPrivateKey,
|
|
50
|
+
'New privateKey should be different from original'
|
|
51
|
+
);
|
|
52
|
+
|
|
53
|
+
// Store new keys for verification
|
|
54
|
+
state.newClientId = response.data.clientId;
|
|
55
|
+
state.newPrivateKey = response.data.privateKey;
|
|
56
|
+
},
|
|
57
|
+
},
|
|
58
|
+
|
|
59
|
+
// Test 3: Verify keys are persisted in Firestore
|
|
60
|
+
{
|
|
61
|
+
name: 'verify-keys-persisted',
|
|
62
|
+
async run({ firestore, assert, state, accounts }) {
|
|
63
|
+
const userDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
64
|
+
|
|
65
|
+
assert.equal(
|
|
66
|
+
userDoc.api.clientId,
|
|
67
|
+
state.newClientId,
|
|
68
|
+
'Persisted clientId should match returned value'
|
|
69
|
+
);
|
|
70
|
+
assert.equal(
|
|
71
|
+
userDoc.api.privateKey,
|
|
72
|
+
state.newPrivateKey,
|
|
73
|
+
'Persisted privateKey should match returned value'
|
|
74
|
+
);
|
|
75
|
+
},
|
|
76
|
+
},
|
|
77
|
+
|
|
78
|
+
// Test 4: Regenerate only clientId
|
|
79
|
+
// Note: After test 2, the privateKey changed so we need to use the new one
|
|
80
|
+
{
|
|
81
|
+
name: 'regenerate-only-clientId',
|
|
82
|
+
async run({ http, assert, state }) {
|
|
83
|
+
// Use the new privateKey from test 2 since old one is invalid
|
|
84
|
+
const response = await http.withPrivateKey(state.newPrivateKey).post('backend-manager/user/api-keys', {
|
|
85
|
+
keys: ['clientId'],
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
assert.isSuccess(response, 'Regenerate clientId only should succeed');
|
|
89
|
+
assert.hasProperty(response, 'data.clientId', 'Response should contain new clientId');
|
|
90
|
+
assert.ok(
|
|
91
|
+
!response.data.privateKey,
|
|
92
|
+
'Response should NOT contain privateKey when only clientId requested'
|
|
93
|
+
);
|
|
94
|
+
assert.notEqual(
|
|
95
|
+
response.data.clientId,
|
|
96
|
+
state.newClientId,
|
|
97
|
+
'New clientId should be different from previous'
|
|
98
|
+
);
|
|
99
|
+
},
|
|
100
|
+
},
|
|
101
|
+
|
|
102
|
+
// Test 5: Regenerate only privateKey
|
|
103
|
+
{
|
|
104
|
+
name: 'regenerate-only-privateKey',
|
|
105
|
+
async run({ http, assert, state, accounts, firestore }) {
|
|
106
|
+
// Get current clientId to verify it stays the same
|
|
107
|
+
const beforeDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
108
|
+
const currentClientId = beforeDoc.api.clientId;
|
|
109
|
+
|
|
110
|
+
// Still use newPrivateKey since test 4 didn't change it
|
|
111
|
+
const response = await http.withPrivateKey(state.newPrivateKey).post('backend-manager/user/api-keys', {
|
|
112
|
+
keys: ['privateKey'],
|
|
113
|
+
});
|
|
114
|
+
|
|
115
|
+
assert.isSuccess(response, 'Regenerate privateKey only should succeed');
|
|
116
|
+
assert.hasProperty(response, 'data.privateKey', 'Response should contain new privateKey');
|
|
117
|
+
assert.ok(
|
|
118
|
+
!response.data.clientId,
|
|
119
|
+
'Response should NOT contain clientId when only privateKey requested'
|
|
120
|
+
);
|
|
121
|
+
|
|
122
|
+
// Verify clientId stayed the same
|
|
123
|
+
const afterDoc = await firestore.get(`users/${accounts.basic.uid}`);
|
|
124
|
+
assert.equal(
|
|
125
|
+
afterDoc.api.clientId,
|
|
126
|
+
currentClientId,
|
|
127
|
+
'clientId should remain unchanged when only privateKey regenerated'
|
|
128
|
+
);
|
|
129
|
+
},
|
|
130
|
+
},
|
|
131
|
+
|
|
132
|
+
// Test 6: Unauthenticated request fails
|
|
133
|
+
{
|
|
134
|
+
name: 'unauthenticated-rejected',
|
|
135
|
+
async run({ http, assert }) {
|
|
136
|
+
const response = await http.as('none').post('backend-manager/user/api-keys', {});
|
|
137
|
+
|
|
138
|
+
assert.isError(response, 401, 'Regenerate API keys should fail without authentication');
|
|
139
|
+
},
|
|
140
|
+
},
|
|
141
|
+
|
|
142
|
+
// Test 7: Restore original keys
|
|
143
|
+
{
|
|
144
|
+
name: 'restore-original-keys',
|
|
145
|
+
async run({ firestore, state, accounts }) {
|
|
146
|
+
// Restore original keys so other tests aren't affected
|
|
147
|
+
await firestore.set(`users/${accounts.basic.uid}`, {
|
|
148
|
+
api: {
|
|
149
|
+
clientId: state.originalClientId,
|
|
150
|
+
privateKey: state.originalPrivateKey,
|
|
151
|
+
},
|
|
152
|
+
}, { merge: true });
|
|
153
|
+
},
|
|
154
|
+
},
|
|
155
|
+
],
|
|
156
|
+
};
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Test: DELETE /user
|
|
3
|
+
* User deletion flow tests
|
|
4
|
+
* Tests:
|
|
5
|
+
* - Users with active subscriptions cannot delete themselves
|
|
6
|
+
* - Users cannot delete other users
|
|
7
|
+
* - Users can delete themselves after subscription is removed
|
|
8
|
+
* - Admins can delete any user
|
|
9
|
+
*/
|
|
10
|
+
module.exports = {
|
|
11
|
+
description: 'User deletion flow',
|
|
12
|
+
type: 'suite',
|
|
13
|
+
|
|
14
|
+
tests: [
|
|
15
|
+
// --- Self-deletion tests ---
|
|
16
|
+
{
|
|
17
|
+
name: 'verify-delete-user-exists',
|
|
18
|
+
async run({ firestore, assert, state, accounts }) {
|
|
19
|
+
// Get the delete test account uid
|
|
20
|
+
state.deleteUid = accounts.delete.uid;
|
|
21
|
+
|
|
22
|
+
// Verify the user doc exists
|
|
23
|
+
const userDoc = await firestore.get(`users/${state.deleteUid}`);
|
|
24
|
+
|
|
25
|
+
assert.ok(userDoc, 'Delete user doc should exist before deletion');
|
|
26
|
+
assert.ok(userDoc?.auth?.uid === state.deleteUid, 'User doc should have correct uid');
|
|
27
|
+
},
|
|
28
|
+
},
|
|
29
|
+
|
|
30
|
+
{
|
|
31
|
+
name: 'delete-blocked-with-subscription',
|
|
32
|
+
async run({ http, assert }) {
|
|
33
|
+
// Auth as the delete user and try to delete themselves
|
|
34
|
+
// Should be blocked due to active subscription
|
|
35
|
+
const deleteResponse = await http.as('delete').delete('backend-manager/user', {});
|
|
36
|
+
|
|
37
|
+
assert.isError(deleteResponse, 400, 'Deletion should be blocked with active subscription');
|
|
38
|
+
assert.ok(
|
|
39
|
+
deleteResponse.error?.includes('paid subscription'),
|
|
40
|
+
`Error should mention paid subscription: ${deleteResponse.error}`,
|
|
41
|
+
);
|
|
42
|
+
},
|
|
43
|
+
},
|
|
44
|
+
|
|
45
|
+
// NOTE: The DELETE /user API ignores the payload uid parameter for non-admin users.
|
|
46
|
+
// It always uses the authenticated user's uid from resolveUser().
|
|
47
|
+
// This means non-admins cannot delete other users by design - the uid param is simply ignored.
|
|
48
|
+
// A test for "delete other user blocked" would be misleading since it would actually
|
|
49
|
+
// try to delete the authenticated user (basic), not the target user.
|
|
50
|
+
// If we want to explicitly block this, the API should be updated to check payload.uid
|
|
51
|
+
// against user.auth.uid and return a 403 if they don't match.
|
|
52
|
+
|
|
53
|
+
{
|
|
54
|
+
name: 'remove-subscription-from-delete-user',
|
|
55
|
+
async run({ firestore, state }) {
|
|
56
|
+
// Remove the subscription (set to null to overwrite)
|
|
57
|
+
await firestore.set(`users/${state.deleteUid}`, { subscription: null }, { merge: true });
|
|
58
|
+
},
|
|
59
|
+
},
|
|
60
|
+
|
|
61
|
+
{
|
|
62
|
+
name: 'delete-user-succeeds',
|
|
63
|
+
async run({ http, assert }) {
|
|
64
|
+
// Auth as the delete user and delete themselves
|
|
65
|
+
const deleteResponse = await http.as('delete').delete('backend-manager/user', {});
|
|
66
|
+
|
|
67
|
+
assert.isSuccess(deleteResponse, `DELETE /user should succeed: ${JSON.stringify(deleteResponse, null, 2)}`);
|
|
68
|
+
},
|
|
69
|
+
},
|
|
70
|
+
|
|
71
|
+
{
|
|
72
|
+
name: 'verify-firestore-doc-deleted',
|
|
73
|
+
async run({ firestore, assert, state, waitFor }) {
|
|
74
|
+
// on-delete handler deletes Firestore doc when Auth user is deleted
|
|
75
|
+
// Wait for the deletion to complete
|
|
76
|
+
const docDeleted = await waitFor(async () => {
|
|
77
|
+
const userDoc = await firestore.get(`users/${state.deleteUid}`);
|
|
78
|
+
return !userDoc;
|
|
79
|
+
}, 10000, 500);
|
|
80
|
+
|
|
81
|
+
assert.ok(docDeleted, 'Firestore doc should be deleted after Auth user deletion');
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
|
|
85
|
+
// --- Admin deletion tests ---
|
|
86
|
+
{
|
|
87
|
+
name: 'verify-admin-delete-target-exists',
|
|
88
|
+
async run({ firestore, assert, state, accounts }) {
|
|
89
|
+
// Get the delete-by-admin test account uid
|
|
90
|
+
state.adminDeleteUid = accounts['delete-by-admin'].uid;
|
|
91
|
+
|
|
92
|
+
// Verify the user doc exists
|
|
93
|
+
const userDoc = await firestore.get(`users/${state.adminDeleteUid}`);
|
|
94
|
+
|
|
95
|
+
assert.ok(userDoc, 'Admin delete target user doc should exist');
|
|
96
|
+
assert.ok(userDoc?.auth?.uid === state.adminDeleteUid, 'User doc should have correct uid');
|
|
97
|
+
},
|
|
98
|
+
},
|
|
99
|
+
|
|
100
|
+
{
|
|
101
|
+
name: 'admin-can-delete-other-user',
|
|
102
|
+
async run({ http, assert, state }) {
|
|
103
|
+
// Auth as admin (using backendManagerKey) and delete another user
|
|
104
|
+
const deleteResponse = await http.as('admin').delete('backend-manager/user', {
|
|
105
|
+
uid: state.adminDeleteUid,
|
|
106
|
+
});
|
|
107
|
+
|
|
108
|
+
assert.isSuccess(deleteResponse, `Admin should be able to delete another user: ${JSON.stringify(deleteResponse, null, 2)}`);
|
|
109
|
+
},
|
|
110
|
+
},
|
|
111
|
+
|
|
112
|
+
{
|
|
113
|
+
name: 'verify-admin-deleted-user-firestore-deleted',
|
|
114
|
+
async run({ firestore, assert, state, waitFor }) {
|
|
115
|
+
// on-delete handler deletes Firestore doc when Auth user is deleted
|
|
116
|
+
// Wait for the deletion to complete
|
|
117
|
+
const docDeleted = await waitFor(async () => {
|
|
118
|
+
const userDoc = await firestore.get(`users/${state.adminDeleteUid}`);
|
|
119
|
+
return !userDoc;
|
|
120
|
+
}, 10000, 500);
|
|
121
|
+
|
|
122
|
+
assert.ok(docDeleted, 'Firestore doc should be deleted after admin deletion');
|
|
123
|
+
},
|
|
124
|
+
},
|
|
125
|
+
|
|
126
|
+
// --- Auth rejection test (at end per convention) ---
|
|
127
|
+
{
|
|
128
|
+
name: 'unauthenticated-rejected',
|
|
129
|
+
async run({ http, assert }) {
|
|
130
|
+
const deleteResponse = await http.as('none').delete('backend-manager/user', {});
|
|
131
|
+
|
|
132
|
+
assert.isError(deleteResponse, 401, 'Delete should fail without authentication');
|
|
133
|
+
},
|
|
134
|
+
},
|
|
135
|
+
],
|
|
136
|
+
};
|