jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(helcim): accept signup-bridge cookie in verify-payment
All checks were successful
Test / vitest (push) Successful in 13m42s
Details
Test / playwright (push) Successful in 19m35s
Details
Test / Notify on failure (push) Has been skipped
Details

Browse source 
Membership signup verifies the card before email verification, so the
signup-bridge cookie set by /api/helcim/customer now satisfies auth in
verify-payment when no session exists. Adds a cloudflared tunnel script
for testing the Helcim flow locally against a production build.
This commit is contained in:
Jennie Robinson Faber 2026-05-24 14:01:02 +01:00
parent 151481f1ec
commit 10a28ac5ef
3 changed files with 107 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

28
tests/server/api/helcim-payment.test.js
View file

@ -1,6 +1,6 @@
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
import { requireAuth, getOptionalMember } from '../../../server/utils/auth.js'
import { requireAuth, getOptionalMember, getSignupBridgeMember } from '../../../server/utils/auth.js'
import { validateBody as importedValidateBody } from '../../../server/utils/validateBody.js'
import { loadPublicEvent } from '../../../server/utils/loadEvent.js'
import { loadPublicSeries } from '../../../server/utils/loadSeries.js'
@ -12,7 +12,8 @@ import { createMockEvent } from '../helpers/createMockEvent.js'
vi.mock('../../../server/utils/auth.js', () => ({
requireAuth: vi.fn(),
getOptionalMember: vi.fn()
getOptionalMember: vi.fn(),
getSignupBridgeMember: vi.fn()
}))
vi.mock('../../../server/utils/validateBody.js', () => ({ validateBody: vi.fn() }))
vi.mock('../../../server/utils/schemas.js', () => ({ paymentVerifySchema: {} }))
@ -367,4 +368,27 @@ describe('verify-payment endpoint', () => {
statusMessage: 'Payment method not found or does not belong to this customer'
})
})
it('accepts the signup-bridge cookie without requiring auth', async () => {
const body = { customerId: 'cust-1', cardToken: 'tok-match' }
getSignupBridgeMember.mockResolvedValue({ _id: 'm1' })
importedValidateBody.mockResolvedValue(body)
mockFetch.mockResolvedValue({
ok: true,
text: async () => JSON.stringify([{ cardToken: 'tok-match' }])
})
const event = createMockEvent({
method: 'POST',
path: '/api/helcim/verify-payment',
body
})
const result = await verifyPaymentHandler(event)
expect(result.success).toBe(true)
expect(getSignupBridgeMember).toHaveBeenCalledWith(event)
expect(requireAuth).not.toHaveBeenCalled()
})
})