Checkout‑Registrierung validiert jetzt die E‑Mail‑Länge, und die Checkout‑Flows sind Paddle‑only: Stripe‑Endpoints/

Services/Helpers sind entfernt, API/Frontend angepasst, Tests auf Paddle umgestellt. Außerdem wurde die CSP gestrafft
  und Stripe‑Texte in den Abandoned‑Checkout‑Mails ersetzt.

resources/js/admin/api.ts

@@ -2194,39 +2194,13 @@ export async function getTenantAddonHistory(page = 1, perPage = 25): Promise<{
   return { data: rows, meta };
 }
 
-export async function createTenantPackagePaymentIntent(packageId: number): Promise<string> {
-  const response = await authorizedFetch('/api/v1/tenant/packages/payment-intent', {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({ package_id: packageId }),
-  });
-
-  const data = await jsonOrThrow<{ client_secret: string }>(
-    response,
-    'Failed to create package payment intent'
-  );
-
-  if (!data.client_secret) {
-    throw new Error('Missing client secret in response');
-  }
-
-  return data.client_secret;
-}
-
 export async function completeTenantPackagePurchase(params: {
   packageId: number;
-  paymentMethodId?: string;
-  paddleTransactionId?: string;
+  paddleTransactionId: string;
 }): Promise<void> {
-  const { packageId, paymentMethodId, paddleTransactionId } = params;
+  const { packageId, paddleTransactionId } = params;
   const payload: Record<string, unknown> = { package_id: packageId };
 
-  if (paymentMethodId) {
-    payload.payment_method_id = paymentMethodId;
-  }
-
   if (paddleTransactionId) {
     payload.paddle_transaction_id = paddleTransactionId;
   }

resources/js/admin/lib/__tests__/apiError.test.ts

@@ -0,0 +1,20 @@
+import { describe, expect, it } from 'vitest';
+import { getApiValidationMessage, ApiError } from '../apiError';
+
+describe('getApiValidationMessage', () => {
+  it('prefers validation errors when present', () => {
+    const error = new ApiError('Fallback', 422, undefined, {
+      errors: {
+        event_date: ['Das Event-Datum darf nicht in der Vergangenheit liegen.'],
+      },
+    });
+
+    expect(getApiValidationMessage(error, 'Fallback')).toBe('Das Event-Datum darf nicht in der Vergangenheit liegen.');
+  });
+
+  it('falls back to the error message when no validation errors exist', () => {
+    const error = new ApiError('Server error');
+
+    expect(getApiValidationMessage(error, 'Fallback')).toBe('Server error');
+  });
+});

resources/js/admin/lib/apiError.ts

@@ -34,6 +34,17 @@ export function getApiErrorMessage(error: unknown, fallback: string): string {
   return fallback;
 }
 
+export function getApiValidationMessage(error: unknown, fallback: string): string {
+  if (isApiError(error)) {
+    const errors = normalizeValidationErrors(error.meta);
+    if (errors.length) {
+      return errors.join('\n');
+    }
+  }
+
+  return getApiErrorMessage(error, fallback);
+}
+
 export type ApiErrorEventDetail = {
   message: string;
   status?: number;
@@ -64,3 +75,18 @@ export function registerApiErrorListener(handler: (detail: ApiErrorEventDetail)
   window.addEventListener(API_ERROR_EVENT, listener as EventListener);
   return () => window.removeEventListener(API_ERROR_EVENT, listener as EventListener);
 }
+
+function normalizeValidationErrors(meta?: Record<string, unknown>): string[] {
+  if (!meta || typeof meta !== 'object') {
+    return [];
+  }
+
+  const errors = meta.errors;
+  if (!errors || typeof errors !== 'object') {
+    return [];
+  }
+
+  return Object.values(errors as Record<string, unknown>)
+    .flatMap((value) => (Array.isArray(value) ? value : [value]))
+    .filter((value): value is string => typeof value === 'string' && value.trim() !== '');
+}

resources/js/admin/mobile/EventFormPage.tsx

@@ -8,9 +8,11 @@ import { Switch } from '@tamagui/switch';
 import { MobileShell } from './components/MobileShell';
 import { MobileCard, CTAButton } from './components/Primitives';
 import { createEvent, getEvent, updateEvent, getEventTypes, TenantEvent, TenantEventType } from '../api';
+import { resolveEventSlugAfterUpdate } from './eventFormNavigation';
 import { adminPath } from '../constants';
 import { isAuthError } from '../auth/tokens';
-import { getApiErrorMessage } from '../lib/apiError';
+import { getApiValidationMessage } from '../lib/apiError';
+import toast from 'react-hot-toast';
 
 type FormState = {
   name: string;
@@ -99,7 +101,7 @@ export default function MobileEventFormPage() {
     setError(null);
       try {
         if (isEdit && slug) {
-          await updateEvent(slug, {
+          const updated = await updateEvent(slug, {
             name: form.name,
             event_date: form.date || undefined,
             event_type_id: form.eventTypeId ?? undefined,
@@ -110,7 +112,8 @@ export default function MobileEventFormPage() {
               engagement_mode: form.tasksEnabled ? 'tasks' : 'photo_only',
             },
           });
-          navigate(adminPath(`/mobile/events/${slug}`));
+          const nextSlug = resolveEventSlugAfterUpdate(slug, updated);
+          navigate(adminPath(`/mobile/events/${nextSlug}`));
         } else {
           const payload = {
             name: form.name || t('eventForm.fields.name.fallback', 'Event'),
@@ -129,7 +132,9 @@ export default function MobileEventFormPage() {
       }
     } catch (err) {
       if (!isAuthError(err)) {
-        setError(getApiErrorMessage(err, t('eventForm.errors.saveFailed', 'Event could not be saved.')));
+        const message = getApiValidationMessage(err, t('eventForm.errors.saveFailed', 'Event could not be saved.'));
+        setError(message);
+        toast.error(message);
       }
     } finally {
       setSaving(false);
@@ -359,6 +364,7 @@ function renderName(name: TenantEvent['name']): string {
   return '';
 }
 
+
 function toDateTimeLocal(value?: string | null): string {
   if (!value) return '';
   const parsed = new Date(value);

resources/js/admin/mobile/__tests__/eventFormNavigation.test.ts

@@ -0,0 +1,17 @@
+import { describe, expect, it } from 'vitest';
+import { resolveEventSlugAfterUpdate } from '../eventFormNavigation';
+import type { TenantEvent } from '../../api';
+
+describe('resolveEventSlugAfterUpdate', () => {
+  it('returns the updated slug when it changes', () => {
+    const updated = { slug: 'updated-slug' } as TenantEvent;
+
+    expect(resolveEventSlugAfterUpdate('original-slug', updated)).toBe('updated-slug');
+  });
+
+  it('keeps the current slug when it is unchanged', () => {
+    const updated = { slug: 'original-slug' } as TenantEvent;
+
+    expect(resolveEventSlugAfterUpdate('original-slug', updated)).toBe('original-slug');
+  });
+});

resources/js/admin/mobile/eventFormNavigation.ts

@@ -0,0 +1,9 @@
+import type { TenantEvent } from '../api';
+
+export function resolveEventSlugAfterUpdate(currentSlug: string, updated: TenantEvent): string {
+  if (updated.slug && updated.slug !== currentSlug) {
+    return updated.slug;
+  }
+
+  return currentSlug;
+}

resources/js/pages/marketing/checkout/types.ts

@@ -41,7 +41,6 @@ export interface CheckoutWizardState {
     name?: string;
     pending_purchase?: boolean;
   } | null;
-  paymentProvider?: 'stripe' | 'paddle';
   isProcessing?: boolean;
 }
 
@@ -51,7 +50,6 @@ export interface CheckoutWizardContextValue extends CheckoutWizardState {
   previousStep: () => void;
   setSelectedPackage: (pkg: CheckoutPackage) => void;
   markAuthenticated: (user: CheckoutWizardState['authUser']) => void;
-  setPaymentProvider: (provider: CheckoutWizardState['paymentProvider']) => void;
   resetPaymentState: () => void;
   cancelCheckout: () => void;
 }

resources/js/utils/stripe.ts

@@ -1,21 +0,0 @@
-import type { Stripe } from '@stripe/stripe-js';
-
-const stripePromiseCache = new Map<string, Promise<Stripe | null>>();
-
-export async function getStripe(publishableKey?: string): Promise<Stripe | null> {
-  if (!publishableKey) {
-    return null;
-  }
-
-  if (!stripePromiseCache.has(publishableKey)) {
-    const promise = import('@stripe/stripe-js').then(({ loadStripe }) => loadStripe(publishableKey));
-    stripePromiseCache.set(publishableKey, promise);
-  }
-
-  return stripePromiseCache.get(publishableKey) ?? null;
-}
-
-export function clearStripeCache(): void {
-  stripePromiseCache.clear();
-}
-

resources/lang/de/emails.php

@@ -38,7 +38,7 @@ return [
 
         'benefits_title' => 'Warum jetzt kaufen?',
         'benefit1' => 'Schneller Checkout in 2 Minuten',
-        'benefit2' => 'Sichere Zahlung mit Stripe',
+        'benefit2' => 'Sichere Zahlung mit Paddle',
         'benefit3' => 'Sofortiger Zugriff nach Zahlung',
         'benefit4' => '10% Rabatt sichern',
 

resources/lang/en/emails.php

@@ -38,7 +38,7 @@ return [
 
         'benefits_title' => 'Why buy now?',
         'benefit1' => 'Quick checkout in 2 minutes',
-        'benefit2' => 'Secure payment with Stripe',
+        'benefit2' => 'Secure payment with Paddle',
         'benefit3' => 'Instant access after payment',
         'benefit4' => 'Secure 10% discount',