admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6dcf7976137e283ff8faf7d1054591d6a36235d0
honeyDueAPI/internal/services/subscription_service_test.go
Trey t 7690f07a2b Harden API security: input validation, safe auth extraction, new tests, and deploy config 
Comprehensive security hardening from audit findings:
- Add validation tags to all DTO request structs (max lengths, ranges, enums)
- Replace unsafe type assertions with MustGetAuthUser helper across all handlers
- Remove query-param token auth from admin middleware (prevents URL token leakage)
- Add request validation calls in handlers that were missing c.Validate()
- Remove goroutines in handlers (timezone update now synchronous)
- Add sanitize middleware and path traversal protection (path_utils)
- Stop resetting admin passwords on migration restart
- Warn on well-known default SECRET_KEY
- Add ~30 new test files covering security regressions, auth safety, repos, and services
- Add deploy/ config, audit digests, and AUDIT_FINDINGS documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 09:48:01 -06:00

182 lines
6.9 KiB
Go
Raw Blame History

package services
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
"github.com/treytartt/casera-api/internal/testutil"
)
// setupSubscriptionService creates a SubscriptionService with the given
// IAP clients (nil means "not configured"). It bypasses NewSubscriptionService
// which tries to load config from environment.
func setupSubscriptionService(t *testing.T, appleClient *AppleIAPClient, googleClient *GoogleIAPClient) (*SubscriptionService, *repositories.SubscriptionRepository) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
// Create a test user and subscription record for the test
user := testutil.CreateTestUser(t, db, "subuser", "subuser@test.com", "password")
// Create subscription record so GetOrCreate will find it
sub := &models.UserSubscription{
UserID: user.ID,
Tier: models.TierFree,
}
err := db.Create(sub).Error
require.NoError(t, err)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: appleClient,
googleClient: googleClient,
}
return svc, subscriptionRepo
}
func TestProcessApplePurchase_ClientNil_ReturnsError(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser", "subuser@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil, // Not configured
googleClient: nil,
}
_, err := svc.ProcessApplePurchase(user.ID, "fake-receipt", "")
assert.Error(t, err, "ProcessApplePurchase should return error when Apple IAP client is nil")
// Verify user was NOT upgraded to Pro
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier when IAP client is nil")
}
func TestProcessApplePurchase_ValidationFails_DoesNotUpgrade(t *testing.T) {
// We cannot easily create a real AppleIAPClient that will fail validation
// in a unit test (it requires real keys and network access).
// Instead, we test the code path logic:
// When appleClient is nil, the service must NOT upgrade the user.
// This is the same as TestProcessApplePurchase_ClientNil_ReturnsError
// but validates no fallback occurs for the specific case.
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser2", "subuser2@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil,
googleClient: nil,
}
// Neither receipt data nor transaction ID - should still not grant Pro
_, err := svc.ProcessApplePurchase(user.ID, "", "")
assert.Error(t, err, "ProcessApplePurchase should return error when client is nil, even with empty data")
// Verify no upgrade happened
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier")
}
func TestProcessGooglePurchase_ClientNil_ReturnsError(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser3", "subuser3@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil,
googleClient: nil, // Not configured
}
_, err := svc.ProcessGooglePurchase(user.ID, "fake-token", "com.tt.casera.pro.monthly")
assert.Error(t, err, "ProcessGooglePurchase should return error when Google IAP client is nil")
// Verify user was NOT upgraded to Pro
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier when IAP client is nil")
}
func TestProcessGooglePurchase_ValidationFails_DoesNotUpgrade(t *testing.T) {
db := testutil.SetupTestDB(t)
subscriptionRepo := repositories.NewSubscriptionRepository(db)
residenceRepo := repositories.NewResidenceRepository(db)
taskRepo := repositories.NewTaskRepository(db)
contractorRepo := repositories.NewContractorRepository(db)
documentRepo := repositories.NewDocumentRepository(db)
user := testutil.CreateTestUser(t, db, "subuser4", "subuser4@test.com", "password")
sub := &models.UserSubscription{UserID: user.ID, Tier: models.TierFree}
require.NoError(t, db.Create(sub).Error)
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
appleClient: nil,
googleClient: nil, // Not configured
}
// With empty token
_, err := svc.ProcessGooglePurchase(user.ID, "", "")
assert.Error(t, err, "ProcessGooglePurchase should return error when client is nil")
// Verify no upgrade happened
updatedSub, err := subscriptionRepo.GetOrCreate(user.ID)
require.NoError(t, err)
assert.Equal(t, models.TierFree, updatedSub.Tier, "User should remain on free tier")
}
Reference in New Issue View Git Blame Copy Permalink