Jennie Robinson Faber
208638e374
Day-of-launch deep-dive audit and remediation. 11 issues fixed across security, correctness, and reliability. Tests: 698 → 758 passing (+60), 0 failing, 2 skipped. CRITICAL (security) Fix #1 — HELCIM_API_TOKEN removed from runtimeConfig.public; dead useHelcim.js deleted. Production token MUST BE ROTATED post-deploy (was previously exposed in window.__NUXT__ payload). Fix #2 — /api/helcim/customer gated with origin check + per-IP/email rate limit + magic-link email verification (replaces unauthenticated setAuthCookie). Adds payment-bridge token for paid-tier signup so users can complete Helcim checkout before email verify. New utils: server/utils/{magicLink,rateLimit}.js. UX: signup success copy now prompts user to check email. Fix #3 — /api/events/[id]/payment deleted (dead code with unauth member-spoof bypass — processHelcimPayment was a permanent stub). Removes processHelcimPayment export and eventPaymentSchema. Fix #4 — /api/helcim/initialize-payment re-derives ticket amount server-side via calculateTicketPrice and calculateSeriesTicketPrice. Adds new series_ticket metadata type (was being shoved through event_ticket with seriesId in metadata.eventId). Fix #5 — /api/helcim/customer upgrades existing status:guest members in place rather than rejecting with 409. Lowercases email at lookup; preserves _id so prior event registrations stay linked. HIGH (correctness / reliability) Fix #6 — Daily reconciliation cron via Netlify scheduled function (@daily). New: netlify.toml, netlify/functions/reconcile-payments.mjs, server/api/internal/reconcile-payments.post.js. Shared-secret auth via NUXT_RECONCILE_TOKEN env var. Inline 3-retry exponential backoff on Helcim transactions API. Fix #7 — validateBeforeSave: false on event subdoc saves (waitlist endpoints) to dodge legacy location validators. Fix #8 — /api/series/[id]/tickets/purchase always upserts a guest Member when caller is unauthenticated, mirrors event-ticket flow byte-for-byte. SeriesPassPurchase.vue adds guest-account hint and client auth refresh on signedIn:true response. Fix #9 — /api/members/cancel-subscription leaves status active per ratified bylaws (was pending_payment). Adds lastCancelledAt audit field on Member model. Indirectly fixes false-positive detectStuckPendingPayment admin alert for cancelled members. Fix #10 — /api/auth/verify uses validateBody with strict() Zod schema (verifyMagicLinkSchema, max 2000 chars). Fix #11 — 8 vitest cases for cancel-subscription handler (was uncovered). Specs and audit at docs/superpowers/specs/2026-04-25-fix-*.md and docs/superpowers/plans/2026-04-25-launch-readiness-fixes.md. LAUNCH_READINESS.md updated with new test count, 3 deploy-time tasks (rotate Helcim token, set NUXT_RECONCILE_TOKEN, verify Netlify scheduled function), and Fixed-2026-04-25 fix log.
201 lines
6.2 KiB
JavaScript
201 lines
6.2 KiB
JavaScript
import { describe, it, expect, vi, beforeEach } from 'vitest'
|
|
|
|
import Member from '../../../server/models/member.js'
|
|
import { cancelHelcimSubscription } from '../../../server/utils/helcim.js'
|
|
import handler from '../../../server/api/members/cancel-subscription.post.js'
|
|
import { createMockEvent } from '../helpers/createMockEvent.js'
|
|
|
|
vi.mock('../../../server/models/member.js', () => ({
|
|
default: { findByIdAndUpdate: vi.fn() }
|
|
}))
|
|
vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() }))
|
|
vi.mock('../../../server/utils/auth.js', () => ({ requireAuth: vi.fn() }))
|
|
vi.mock('../../../server/utils/helcim.js', () => ({
|
|
cancelHelcimSubscription: vi.fn(),
|
|
}))
|
|
|
|
// Nitro auto-imports — stub as globals
|
|
const logActivityMock = vi.fn()
|
|
vi.stubGlobal('logActivity', logActivityMock)
|
|
|
|
function setMember(mockMember) {
|
|
globalThis.requireAuth = vi.fn().mockResolvedValue(mockMember)
|
|
}
|
|
|
|
function buildEvent() {
|
|
return createMockEvent({
|
|
method: 'POST',
|
|
path: '/api/members/cancel-subscription',
|
|
body: {},
|
|
})
|
|
}
|
|
|
|
describe('cancel-subscription endpoint', () => {
|
|
beforeEach(() => {
|
|
vi.clearAllMocks()
|
|
})
|
|
|
|
it('happy path: active paid member → cancels Helcim, drops to free tier (status stays active), returns success', async () => {
|
|
const mockMember = {
|
|
_id: 'member-1',
|
|
status: 'active',
|
|
contributionAmount: 15,
|
|
helcimSubscriptionId: 'sub-1',
|
|
}
|
|
setMember(mockMember)
|
|
cancelHelcimSubscription.mockResolvedValue({})
|
|
Member.findByIdAndUpdate.mockResolvedValue({})
|
|
|
|
const result = await handler(buildEvent())
|
|
|
|
expect(cancelHelcimSubscription).toHaveBeenCalledWith('sub-1')
|
|
expect(Member.findByIdAndUpdate).toHaveBeenCalledWith(
|
|
'member-1',
|
|
expect.objectContaining({
|
|
$set: expect.objectContaining({
|
|
status: 'active',
|
|
contributionAmount: 0,
|
|
helcimSubscriptionId: null,
|
|
paymentMethod: 'none',
|
|
}),
|
|
$unset: expect.objectContaining({ nextBillingDate: 1 }),
|
|
}),
|
|
{ runValidators: false }
|
|
)
|
|
// Per Fix #9: lastCancelledAt must be set as a Date
|
|
const updateArg = Member.findByIdAndUpdate.mock.calls[0][1]
|
|
expect(updateArg.$set.lastCancelledAt).toBeInstanceOf(Date)
|
|
expect(result).toEqual(expect.objectContaining({
|
|
success: true,
|
|
message: 'Subscription cancelled successfully',
|
|
status: 'active',
|
|
contributionAmount: 0,
|
|
}))
|
|
})
|
|
|
|
it('persists subscriptionEndDate as a Date instance', async () => {
|
|
setMember({
|
|
_id: 'member-2',
|
|
status: 'active',
|
|
contributionAmount: 5,
|
|
helcimSubscriptionId: 'sub-2',
|
|
})
|
|
cancelHelcimSubscription.mockResolvedValue({})
|
|
Member.findByIdAndUpdate.mockResolvedValue({})
|
|
|
|
await handler(buildEvent())
|
|
|
|
const call = Member.findByIdAndUpdate.mock.calls[0]
|
|
expect(call[1].$set.subscriptionEndDate).toBeInstanceOf(Date)
|
|
})
|
|
|
|
it('emits subscription_cancelled activity log entry', async () => {
|
|
setMember({
|
|
_id: 'member-3',
|
|
status: 'active',
|
|
contributionAmount: 15,
|
|
helcimSubscriptionId: 'sub-3',
|
|
})
|
|
cancelHelcimSubscription.mockResolvedValue({})
|
|
Member.findByIdAndUpdate.mockResolvedValue({})
|
|
|
|
await handler(buildEvent())
|
|
|
|
expect(logActivityMock).toHaveBeenCalledWith(
|
|
'member-3',
|
|
'subscription_cancelled',
|
|
expect.objectContaining({ effectiveDate: expect.any(String) })
|
|
)
|
|
})
|
|
|
|
it('free-tier member (contributionAmount=0): no Helcim call, no DB write, returns no-op success', async () => {
|
|
const mockMember = {
|
|
_id: 'member-4',
|
|
status: 'active',
|
|
contributionAmount: 0,
|
|
helcimSubscriptionId: null,
|
|
}
|
|
setMember(mockMember)
|
|
|
|
const result = await handler(buildEvent())
|
|
|
|
expect(cancelHelcimSubscription).not.toHaveBeenCalled()
|
|
expect(Member.findByIdAndUpdate).not.toHaveBeenCalled()
|
|
expect(logActivityMock).not.toHaveBeenCalled()
|
|
expect(result).toEqual({
|
|
success: true,
|
|
message: 'No active subscription to cancel',
|
|
status: 'active',
|
|
contributionAmount: 0,
|
|
})
|
|
})
|
|
|
|
it('member without helcimSubscriptionId (data inconsistency): no Helcim call, no DB write', async () => {
|
|
setMember({
|
|
_id: 'member-5',
|
|
status: 'active',
|
|
contributionAmount: 15,
|
|
helcimSubscriptionId: null,
|
|
})
|
|
|
|
const result = await handler(buildEvent())
|
|
|
|
expect(cancelHelcimSubscription).not.toHaveBeenCalled()
|
|
expect(Member.findByIdAndUpdate).not.toHaveBeenCalled()
|
|
expect(result.success).toBe(true)
|
|
expect(result.message).toBe('No active subscription to cancel')
|
|
})
|
|
|
|
it('Helcim cancel failure: swallows error, still updates Member to free tier (status stays active)', async () => {
|
|
setMember({
|
|
_id: 'member-6',
|
|
status: 'active',
|
|
contributionAmount: 15,
|
|
helcimSubscriptionId: 'sub-6',
|
|
})
|
|
cancelHelcimSubscription.mockRejectedValue(new Error('Helcim 503'))
|
|
Member.findByIdAndUpdate.mockResolvedValue({})
|
|
|
|
const result = await handler(buildEvent())
|
|
|
|
expect(cancelHelcimSubscription).toHaveBeenCalledWith('sub-6')
|
|
expect(Member.findByIdAndUpdate).toHaveBeenCalledWith(
|
|
'member-6',
|
|
expect.objectContaining({
|
|
$set: expect.objectContaining({ status: 'active', helcimSubscriptionId: null }),
|
|
}),
|
|
{ runValidators: false }
|
|
)
|
|
expect(result.success).toBe(true)
|
|
expect(result.status).toBe('active')
|
|
})
|
|
|
|
it('unauthenticated: requireAuth throws → handler rejects with that statusCode', async () => {
|
|
globalThis.requireAuth = vi.fn().mockRejectedValue(
|
|
Object.assign(new Error('Unauthorized'), { statusCode: 401 })
|
|
)
|
|
|
|
await expect(handler(buildEvent())).rejects.toMatchObject({
|
|
statusCode: 401,
|
|
})
|
|
|
|
expect(cancelHelcimSubscription).not.toHaveBeenCalled()
|
|
expect(Member.findByIdAndUpdate).not.toHaveBeenCalled()
|
|
})
|
|
|
|
it('Mongo update failure: rejects with 500', async () => {
|
|
setMember({
|
|
_id: 'member-7',
|
|
status: 'active',
|
|
contributionAmount: 15,
|
|
helcimSubscriptionId: 'sub-7',
|
|
})
|
|
cancelHelcimSubscription.mockResolvedValue({})
|
|
Member.findByIdAndUpdate.mockRejectedValue(new Error('Mongo down'))
|
|
|
|
await expect(handler(buildEvent())).rejects.toMatchObject({
|
|
statusCode: 500,
|
|
statusMessage: 'Mongo down',
|
|
})
|
|
})
|
|
})
|