refactor(auth): rename paymentBridge → signupBridge

After commit 90acc35 issued the cookie for $0 signups too, the "payment" framing was wrong — there's no payment in a $0 signup. The cookie is about bridging the gap between signup-form submit and email verify, not about payment specifically. Changes: - setPaymentBridgeCookie → setSignupBridgeCookie - getPaymentBridgeMember → getSignupBridgeMember - Cookie wire name payment-bridge → signup-bridge - JWT scope payment_bridge → signup_bridge Touches both /api/helcim/subscription (signup activation) and /api/helcim/initialize-payment (paid Helcim checkout) which both consume the cookie. In-flight signup sessions started before this lands will need to re-submit the form (cookie name mismatch); cutover hasn't happened yet, so the only impact is local dev sessions.
2026-04-30 15:31:54 +01:00 · 2026-04-30 15:31:54 +01:00 · 9b79ae6bf4
commit 9b79ae6bf4
parent c6a5e25d06
8 changed files with 36 additions and 35 deletions
--- a/tests/server/api/activation-auto-flag.test.js
+++ b/tests/server/api/activation-auto-flag.test.js
@ -45,7 +45,7 @@ vi.mock('../../../server/models/preRegistration.js', () => ({
 vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() }))
 vi.mock('../../../server/utils/auth.js', () => ({
  requireAuth: vi.fn(),
-  getPaymentBridgeMember: vi.fn().mockResolvedValue(null),
+  getSignupBridgeMember: vi.fn().mockResolvedValue(null),
  setAuthCookie: vi.fn()
 }))
 vi.mock('../../../server/utils/slack.ts', () => ({
--- a/tests/server/api/free-signup-flow.test.js
+++ b/tests/server/api/free-signup-flow.test.js
@ -60,9 +60,9 @@ const SUBSCRIPTION_BODY = {
 function extractBridgeCookie(event) {
  const setCookie = event.node.res.getHeader('set-cookie')
  const cookies = Array.isArray(setCookie) ? setCookie : [setCookie].filter(Boolean)
-  const match = cookies.find(c => typeof c === 'string' && c.startsWith('payment-bridge='))
+  const match = cookies.find(c => typeof c === 'string' && c.startsWith('signup-bridge='))
  if (!match) return null
-  return match.match(/payment-bridge=([^;]+)/)[1]
+  return match.match(/signup-bridge=([^;]+)/)[1]
 }

 describe('signup → subscription bridge-cookie hand-off', () => {
@ -104,7 +104,7 @@ describe('signup → subscription bridge-cookie hand-off', () => {
    expect(result1.member.status).toBe('pending_payment')

    const bridgeToken = extractBridgeCookie(customerEvent)
-    expect(bridgeToken, 'payment-bridge cookie missing on $0 signup').toBeTruthy()
+    expect(bridgeToken, 'signup-bridge cookie missing on $0 signup').toBeTruthy()

    Member.findOneAndUpdate.mockResolvedValue({ _id: MEMBER_ID, status: 'pending_payment' })
    Member.findById.mockResolvedValue({
@ -120,7 +120,7 @@ describe('signup → subscription bridge-cookie hand-off', () => {
      method: 'POST',
      path: '/api/helcim/subscription',
      headers: { origin: ALLOWED_ORIGIN },
-      cookies: { 'payment-bridge': bridgeToken },
+      cookies: { 'signup-bridge': bridgeToken },
      body: SUBSCRIPTION_BODY
    })

--- a/tests/server/api/helcim-customer.test.js
+++ b/tests/server/api/helcim-customer.test.js
@ -3,7 +3,7 @@ import { describe, it, expect, vi, beforeEach } from 'vitest'
 import Member from '../../../server/models/member.js'
 import { createHelcimCustomer } from '../../../server/utils/helcim.js'
 import { sendMagicLink } from '../../../server/utils/magicLink.js'
-import { setAuthCookie, setPaymentBridgeCookie } from '../../../server/utils/auth.js'
+import { setAuthCookie, setSignupBridgeCookie } from '../../../server/utils/auth.js'
 import customerHandler from '../../../server/api/helcim/customer.post.js'
 import { resetRateLimit } from '../../../server/utils/rateLimit.js'
 import { createMockEvent } from '../helpers/createMockEvent.js'
@ -24,7 +24,7 @@ vi.mock('../../../server/utils/magicLink.js', () => ({
 }))
 vi.mock('../../../server/utils/auth.js', () => ({
  setAuthCookie: vi.fn(),
-  setPaymentBridgeCookie: vi.fn()
+  setSignupBridgeCookie: vi.fn()
 }))

 // helcimCustomerSchema is auto-imported in the handler — stub it to a passthrough
@ -303,7 +303,7 @@ describe('POST /api/helcim/customer', () => {
        'guest@example.com',
        expect.objectContaining({ subject: 'Verify your Ghost Guild signup' })
      )
-      expect(setPaymentBridgeCookie).toHaveBeenCalled()
+      expect(setSignupBridgeCookie).toHaveBeenCalled()
      expect(setAuthCookie).not.toHaveBeenCalled()

      // Response shape mirrors new-signup case AND surfaces the preserved _id.
@ -365,7 +365,7 @@ describe('POST /api/helcim/customer', () => {
      )
    })

-    it('sets a payment-bridge cookie on paid-tier signup so checkout can proceed', async () => {
+    it('sets a signup-bridge cookie on paid-tier signup so checkout can proceed', async () => {
      const event = build({
        body: {
          name: 'Paid User',
@ -376,7 +376,7 @@ describe('POST /api/helcim/customer', () => {
        }
      })
      await customerHandler(event)
-      expect(setPaymentBridgeCookie).toHaveBeenCalled()
+      expect(setSignupBridgeCookie).toHaveBeenCalled()
      expect(sendMagicLink).toHaveBeenCalledWith(
        'paid@example.com',
        expect.objectContaining({ subject: 'Verify your Ghost Guild signup' })
--- a/tests/server/api/helcim-subscription.test.js
+++ b/tests/server/api/helcim-subscription.test.js
@ -15,7 +15,7 @@ vi.mock('../../../server/models/member.js', () => ({
 vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() }))
 vi.mock('../../../server/utils/auth.js', () => ({
  requireAuth: vi.fn(),
-  getPaymentBridgeMember: vi.fn().mockResolvedValue(null)
+  getSignupBridgeMember: vi.fn().mockResolvedValue(null)
 }))
 vi.mock('../../../server/utils/slack.ts', () => ({
  getSlackService: vi.fn().mockReturnValue(null)