soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

switched to paddle inline checkout, removed paypal and most of stripe. added product sync between app and paddle.

Browse Source
This commit is contained in:
Codex Agent
2025-10-27 17:26:39 +01:00
parent ecf5a23b28
commit 5432456ffd
117 changed files with 4114 additions and 3639 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/Feature/EventControllerTest.php
View File

@@ -54,6 +54,7 @@ class EventControllerTest extends TestCase
'event_id' => $event->id,
'package_id' => $package->id,
'type' => 'endcustomer_event',
'provider' => 'manual',
'provider_id' => 'manual',
]);
}

16
tests/Feature/FullUserFlowTest.php
View File

@@ -2,19 +2,17 @@
namespace Tests\Feature;
use App\Mail\Welcome;
use App\Models\Package;
use App\Models\User;
use App\Models\Tenant;
use App\Models\PackagePurchase;
use App\Models\Tenant;
use App\Models\TenantPackage;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Mail;
use App\Mail\Welcome;
use App\Mail\PurchaseConfirmation;
use Stripe\StripeClient;
use Mockery;
use Tests\TestCase;
class FullUserFlowTest extends TestCase
{
@@ -85,9 +83,9 @@ class FullUserFlowTest extends TestCase
$paidPackage = Package::factory()->reseller()->create(['price' => 10]);
// Mock Stripe für Erfolg
$this->mock(StripeClient::class, function ($mock) use ($user, $tenant, $paidPackage) {
$this->mock(StripeClient::class, function ($mock) {
$mock->shouldReceive('checkout->sessions->create')
->andReturn((object)['url' => 'https://mock-stripe.com']);
->andReturn((object) ['url' => 'https://mock-stripe.com']);
});
// Simuliere Kauf (GET zu buy.packages, aber da es Redirect ist, prüfe Session oder folge)
@@ -108,6 +106,7 @@ class FullUserFlowTest extends TestCase
'tenant_id' => $tenant->id,
'package_id' => $paidPackage->id,
'type' => 'reseller_subscription',
'provider' => 'stripe',
'provider_id' => 'stripe',
'price' => 10,
'purchased_at' => now(),
@@ -120,6 +119,7 @@ class FullUserFlowTest extends TestCase
'tenant_id' => $tenant->id,
'package_id' => $paidPackage->id,
'type' => 'reseller_subscription',
'provider' => 'stripe',
]);
// Überprüfe, dass 2 Purchases existieren (Free + Paid)

55
tests/Feature/PaddleSyncPackagesCommandTest.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
namespace Tests\Feature;
use App\Jobs\SyncPackageToPaddle;
use App\Models\Package;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Bus as BusFacade;
use Tests\TestCase;
class PaddleSyncPackagesCommandTest extends TestCase
{
use RefreshDatabase;
public function test_command_dispatches_jobs_for_packages(): void
{
Package::factory()->count(2)->create();
BusFacade::fake();
$this->artisan('paddle:sync-packages', [
'--dry-run' => true,
'--queue' => true,
])->assertExitCode(0);
BusFacade::assertDispatched(SyncPackageToPaddle::class, 2);
}
public function test_command_filters_packages_by_id(): void
{
$package = Package::factory()->create();
Package::factory()->create();
BusFacade::fake();
$this->artisan('paddle:sync-packages', [
'--dry-run' => true,
'--queue' => true,
'--package' => [$package->id],
])->assertExitCode(0);
BusFacade::assertDispatched(SyncPackageToPaddle::class, function (SyncPackageToPaddle $job) use ($package) {
return $this->getJobPackageId($job) === $package->id;
});
}
protected function getJobPackageId(SyncPackageToPaddle $job): int
{
$reflection = new \ReflectionClass($job);
$property = $reflection->getProperty('packageId');
$property->setAccessible(true);
return (int) $property->getValue($job);
}
}

228
tests/Feature/PaddleWebhookControllerTest.php Normal file
View File

@@ -0,0 +1,228 @@
<?php
namespace Tests\Feature;
use App\Models\CheckoutSession;
use App\Models\Package;
use App\Models\PackagePurchase;
use App\Models\Tenant;
use App\Models\TenantPackage;
use App\Models\User;
use App\Services\Checkout\CheckoutSessionService;
use Carbon\Carbon;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Arr;
use Tests\TestCase;
class PaddleWebhookControllerTest extends TestCase
{
use RefreshDatabase;
public function test_transaction_completed_finalises_checkout(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
[$tenant, $package, $session] = $this->prepareSession();
$payload = [
'event_type' => 'transaction.completed',
'data' => [
'id' => 'txn_123',
'status' => 'completed',
'checkout_id' => 'chk_456',
'metadata' => [
'checkout_session_id' => $session->id,
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
],
];
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$session->refresh();
$this->assertEquals(CheckoutSession::STATUS_COMPLETED, $session->status);
$this->assertSame('paddle', $session->provider);
$this->assertSame('txn_123', Arr::get($session->provider_metadata, 'paddle_transaction_id'));
$this->assertTrue(
TenantPackage::query()
->where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->where('active', true)
->exists()
);
$this->assertTrue(
PackagePurchase::query()
->where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->where('provider', 'paddle')
->exists()
);
}
public function test_rejects_invalid_signature(): void
{
config(['paddle.webhook_secret' => 'secret']);
$response = $this->withHeader('Paddle-Webhook-Signature', 'invalid')
->postJson('/paddle/webhook', ['event_type' => 'transaction.completed']);
$response->assertStatus(400)->assertJson(['status' => 'invalid']);
}
public function test_unhandled_event_returns_accepted(): void
{
config(['paddle.webhook_secret' => null]);
$response = $this->postJson('/paddle/webhook', [
'event_type' => 'transaction.unknown',
'data' => [],
]);
$response->assertStatus(202)->assertJson(['status' => 'ignored']);
}
public function test_subscription_activation_creates_tenant_package(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
$tenant = Tenant::factory()->create([
'paddle_customer_id' => 'cus_123',
'subscription_status' => 'free',
]);
$package = Package::factory()->create([
'type' => 'reseller',
'price' => 129,
'paddle_price_id' => 'price_sub_1',
]);
$payload = [
'event_type' => 'subscription.created',
'data' => [
'id' => 'sub_123',
'status' => 'active',
'customer_id' => 'cus_123',
'created_at' => Carbon::now()->subDay()->toIso8601String(),
'next_billing_date' => Carbon::now()->addMonth()->toIso8601String(),
'metadata' => [
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
'items' => [
[
'price_id' => 'price_sub_1',
],
],
],
];
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$tenant->refresh();
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->first();
$this->assertNotNull($tenantPackage);
$this->assertSame('sub_123', $tenantPackage->paddle_subscription_id);
$this->assertTrue($tenantPackage->active);
$this->assertEquals('active', $tenant->subscription_status);
$this->assertNotNull($tenant->subscription_expires_at);
}
public function test_subscription_cancellation_marks_package_inactive(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
$tenant = Tenant::factory()->create([
'paddle_customer_id' => 'cus_cancel',
'subscription_status' => 'active',
]);
$package = Package::factory()->create([
'type' => 'reseller',
'price' => 199,
'paddle_price_id' => 'price_cancel',
]);
TenantPackage::factory()->create([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'paddle_subscription_id' => 'sub_cancel',
'active' => true,
]);
$payload = [
'event_type' => 'subscription.cancelled',
'data' => [
'id' => 'sub_cancel',
'status' => 'cancelled',
'customer_id' => 'cus_cancel',
'metadata' => [
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
'items' => [
[
'price_id' => 'price_cancel',
],
],
],
];
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$tenant->refresh();
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->first();
$this->assertNotNull($tenantPackage);
$this->assertFalse($tenantPackage->active);
$this->assertEquals('expired', $tenant->subscription_status);
}
/**
* @return array{\App\Models\Tenant, \App\Models\Package, \App\Models\CheckoutSession}
*/
protected function prepareSession(): array
{
$user = User::factory()->create(['email_verified_at' => now()]);
$tenant = Tenant::factory()->create(['user_id' => $user->id]);
$user->forceFill(['tenant_id' => $tenant->id])->save();
$package = Package::factory()->create([
'type' => 'reseller',
'price' => 99,
'paddle_price_id' => 'price_123',
]);
/** @var CheckoutSessionService $sessions */
$sessions = app(CheckoutSessionService::class);
$session = $sessions->createOrResume($user, $package, ['tenant' => $tenant]);
$sessions->selectProvider($session, CheckoutSession::PROVIDER_PADDLE);
return [$tenant, $package, $session];
}
}

75
tests/Feature/PayPalWebhookControllerTest.php
View File

@@ -1,75 +0,0 @@
<?php
namespace Tests\Feature;
use App\Models\Package;
use App\Models\Tenant;
use App\Models\TenantPackage;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
class PayPalWebhookControllerTest extends TestCase
{
use RefreshDatabase;
public function test_subscription_activation_marks_tenant_active(): void
{
$tenant = Tenant::factory()->create(['subscription_status' => 'free']);
$package = Package::factory()->reseller()->create();
$payload = [
'webhook_id' => 'WH-activation',
'webhook_event' => [
'event_type' => 'BILLING.SUBSCRIPTION.ACTIVATED',
'resource' => [
'id' => 'I-123456',
'custom_id' => json_encode([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
]),
],
],
];
$response = $this->postJson('/paypal/webhook', $payload);
$response->assertOk()
->assertJson(['status' => 'SUCCESS']);
$this->assertEquals('active', $tenant->fresh()->subscription_status);
}
public function test_subscription_cancellation_deactivates_tenant_package(): void
{
$tenant = Tenant::factory()->create(['subscription_status' => 'active']);
$package = Package::factory()->reseller()->create();
TenantPackage::factory()->create([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'active' => true,
]);
$payload = [
'webhook_id' => 'WH-cancel',
'webhook_event' => [
'event_type' => 'BILLING.SUBSCRIPTION.CANCELLED',
'resource' => [
'id' => 'I-123456',
'custom_id' => json_encode([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
]),
],
],
];
$response = $this->postJson('/paypal/webhook', $payload);
$response->assertOk()
->assertJson(['status' => 'SUCCESS']);
$this->assertEquals('expired', $tenant->fresh()->subscription_status);
$this->assertFalse($tenant->tenantPackages()->first()->fresh()->active);
}
}

326
tests/Feature/PurchaseTest.php
View File

@@ -3,18 +3,12 @@
namespace Tests\Feature;
use App\Models\Package;
use App\Models\PackagePurchase;
use App\Models\Tenant;
use App\Models\TenantPackage;
use App\Models\User;
use App\Services\PayPal\PaypalClientFactory;
use App\Services\Paddle\PaddleCheckoutService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Auth;
use Mockery;
use Tests\TestCase;
use PaypalServerSdkLib\PaypalServerSdkClient;
use PaypalServerSdkLib\Controllers\OrdersController;
use PaypalServerSdkLib\Http\ApiResponse;
class PurchaseTest extends TestCase
{
@@ -26,298 +20,96 @@ class PurchaseTest extends TestCase
parent::tearDown();
}
public function test_paypal_checkout_creates_order(): void
public function test_create_paddle_checkout_requires_paddle_price(): void
{
[$tenant, $package] = $this->seedTenantWithPackage(price: 10);
Auth::login($tenant->user);
[$tenant, $package] = $this->seedTenantWithPackage(includePaddlePrice: false);
$this->actingAs($tenant->user);
$apiResponse = $this->apiResponse((object) [
'id' => 'ORDER-123',
'links' => [
(object) ['rel' => 'approve', 'href' => 'https://paypal.test/approve/ORDER-123'],
],
$response = $this->postJson('/paddle/create-checkout', [
'package_id' => $package->id,
]);
$ordersController = Mockery::mock(OrdersController::class);
$ordersController->shouldReceive('createOrder')
$response->assertStatus(422)
->assertJsonValidationErrors('package_id');
}
public function test_create_paddle_checkout_returns_checkout_url(): void
{
[$tenant, $package] = $this->seedTenantWithPackage(includePaddlePrice: true);
$this->actingAs($tenant->user);
$service = Mockery::mock(PaddleCheckoutService::class);
$service->shouldReceive('createCheckout')
->once()
->andReturn($apiResponse);
->with(
Mockery::on(fn ($arg) => $arg instanceof Tenant && $arg->is($tenant)),
Mockery::on(fn ($arg) => $arg instanceof Package && $arg->is($package)),
Mockery::on(function ($options) {
return ($options['success_url'] ?? null) === null
&& ($options['return_url'] ?? null) === null
&& isset($options['metadata']['checkout_session_id']);
})
)
->andReturn([
'checkout_url' => 'https://paddle.test/checkout/abc',
]);
$clientMock = Mockery::mock(PaypalServerSdkClient::class);
$clientMock->shouldReceive('getOrdersController')->andReturn($ordersController);
$this->app->instance(PaddleCheckoutService::class, $service);
$factory = Mockery::mock(PaypalClientFactory::class);
$factory->shouldReceive('make')->andReturn($clientMock);
$this->app->instance(PaypalClientFactory::class, $factory);
$response = $this->postJson('/paypal/create-order', [
$response = $this->postJson('/paddle/create-checkout', [
'package_id' => $package->id,
]);
$response->assertOk()
->assertJson([
'id' => 'ORDER-123',
'approve_url' => 'https://paypal.test/approve/ORDER-123',
'checkout_url' => 'https://paddle.test/checkout/abc',
]);
}
public function test_paypal_capture_creates_purchase_and_package(): void
public function test_create_paddle_checkout_inline_returns_items(): void
{
[$tenant, $package] = $this->seedTenantWithPackage(price: 15);
Auth::login($tenant->user);
[$tenant, $package] = $this->seedTenantWithPackage(includePaddlePrice: true);
$this->actingAs($tenant->user);
$metadata = json_encode([
'tenant_id' => $tenant->id,
$service = Mockery::mock(PaddleCheckoutService::class);
$service->shouldNotReceive('createCheckout');
$this->app->instance(PaddleCheckoutService::class, $service);
$response = $this->postJson('/paddle/create-checkout', [
'package_id' => $package->id,
'type' => 'endcustomer_event',
'inline' => true,
]);
$apiResponse = $this->apiResponse((object) [
'id' => 'ORDER-456',
'purchaseUnits' => [
(object) [
'customId' => $metadata,
'amount' => (object) ['value' => '15.00'],
$response->assertOk()
->assertJson([
'mode' => 'inline',
])
->assertJsonStructure([
'mode',
'items' => [
['priceId', 'quantity'],
],
],
]);
$ordersController = Mockery::mock(OrdersController::class);
$ordersController->shouldReceive('captureOrder')
->once()
->andReturn($apiResponse);
$clientMock = Mockery::mock(PaypalServerSdkClient::class);
$clientMock->shouldReceive('getOrdersController')->andReturn($ordersController);
$factory = Mockery::mock(PaypalClientFactory::class);
$factory->shouldReceive('make')->andReturn($clientMock);
$this->app->instance(PaypalClientFactory::class, $factory);
$response = $this->postJson('/paypal/capture-order', [
'order_id' => 'ORDER-456',
]);
$response->assertOk()
->assertJson(['status' => 'captured']);
$this->assertDatabaseHas('package_purchases', [
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'provider_id' => 'ORDER-456',
'price' => 15,
]);
$this->assertDatabaseHas('tenant_packages', [
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'price' => 15,
'active' => true,
]);
$this->assertEquals('active', $tenant->fresh()->subscription_status);
}
public function test_paypal_capture_failure_returns_error(): void
{
[$tenant, $package] = $this->seedTenantWithPackage();
Auth::login($tenant->user);
$ordersController = Mockery::mock(OrdersController::class);
$ordersController->shouldReceive('captureOrder')
->once()
->andThrow(new \RuntimeException('Capture failed'));
$clientMock = Mockery::mock(PaypalServerSdkClient::class);
$clientMock->shouldReceive('getOrdersController')->andReturn($ordersController);
$factory = Mockery::mock(PaypalClientFactory::class);
$factory->shouldReceive('make')->andReturn($clientMock);
$this->app->instance(PaypalClientFactory::class, $factory);
$response = $this->postJson('/paypal/capture-order', [
'order_id' => 'ORDER-999',
]);
$response->assertStatus(500)
->assertJson(['error' => 'Capture failed']);
$this->assertDatabaseCount('package_purchases', 0);
$this->assertDatabaseCount('tenant_packages', 0);
}
public function test_paypal_subscription_creation_creates_initial_records(): void
{
[$tenant, $package] = $this->seedTenantWithPackage(price: 99, type: 'reseller');
Auth::login($tenant->user);
$apiResponse = $this->apiResponse((object) [
'id' => 'ORDER-SUB-1',
'links' => [
(object) ['rel' => 'approve', 'href' => 'https://paypal.test/approve/ORDER-SUB-1'],
],
]);
$ordersController = Mockery::mock(OrdersController::class);
$ordersController->shouldReceive('createOrder')
->once()
->andReturn($apiResponse);
$clientMock = Mockery::mock(PaypalServerSdkClient::class);
$clientMock->shouldReceive('getOrdersController')->andReturn($ordersController);
$factory = Mockery::mock(PaypalClientFactory::class);
$factory->shouldReceive('make')->andReturn($clientMock);
$this->app->instance(PaypalClientFactory::class, $factory);
$response = $this->postJson('/paypal/create-subscription', [
'package_id' => $package->id,
'plan_id' => 'PLAN-123',
]);
$response->assertOk()
->assertJson([
'order_id' => 'ORDER-SUB-1',
'approve_url' => 'https://paypal.test/approve/ORDER-SUB-1',
'custom_data' => ['tenant_id', 'package_id', 'checkout_session_id'],
]);
$this->assertDatabaseHas('tenant_packages', [
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'price' => 99,
'active' => true,
]);
$this->assertDatabaseHas('package_purchases', [
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'provider_id' => 'ORDER-SUB-1_sub_PLAN-123',
]);
$payload = $response->json();
$this->assertSame($package->paddle_price_id, $payload['items'][0]['priceId']);
$this->assertSame(1, $payload['items'][0]['quantity']);
}
public function test_paypal_webhook_capture_completes_purchase(): void
{
[$tenant, $package] = $this->seedTenantWithPackage(price: 20);
$metadata = json_encode([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
]);
$apiResponse = $this->apiResponse((object) [
'purchaseUnits' => [
(object) ['customId' => $metadata],
],
]);
$ordersController = Mockery::mock(OrdersController::class);
$ordersController->shouldReceive('showOrder')
->andReturn($apiResponse);
$clientMock = Mockery::mock(PaypalServerSdkClient::class);
$clientMock->shouldReceive('getOrdersController')->andReturn($ordersController);
$factory = Mockery::mock(PaypalClientFactory::class);
$factory->shouldReceive('make')->andReturn($clientMock);
$this->app->instance(PaypalClientFactory::class, $factory);
$event = [
'event_type' => 'PAYMENT.CAPTURE.COMPLETED',
'resource' => [
'id' => 'CAPTURE-1',
'order_id' => 'ORDER-WEBHOOK-1',
],
];
$response = $this->postJson('/paypal/webhook', [
'webhook_id' => 'WH-1',
'webhook_event' => $event,
]);
$response->assertOk()
->assertJson(['status' => 'SUCCESS']);
$this->assertDatabaseHas('package_purchases', [
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'provider_id' => 'ORDER-WEBHOOK-1',
]);
$this->assertDatabaseHas('tenant_packages', [
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'active' => true,
]);
$this->assertEquals('active', $tenant->fresh()->subscription_status);
}
public function test_paypal_webhook_capture_is_idempotent(): void
{
[$tenant, $package] = $this->seedTenantWithPackage(price: 25);
$metadata = json_encode([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
]);
$apiResponse = $this->apiResponse((object) [
'purchaseUnits' => [
(object) ['customId' => $metadata],
],
]);
$ordersController = Mockery::mock(OrdersController::class);
$ordersController->shouldReceive('showOrder')
->andReturn($apiResponse);
$clientMock = Mockery::mock(PaypalServerSdkClient::class);
$clientMock->shouldReceive('getOrdersController')->andReturn($ordersController);
$factory = Mockery::mock(PaypalClientFactory::class);
$factory->shouldReceive('make')->andReturn($clientMock);
$this->app->instance(PaypalClientFactory::class, $factory);
$event = [
'event_type' => 'PAYMENT.CAPTURE.COMPLETED',
'resource' => [
'id' => 'CAPTURE-2',
'order_id' => 'ORDER-WEBHOOK-2',
],
];
$payload = [
'webhook_id' => 'WH-3',
'webhook_event' => $event,
];
$this->postJson('/paypal/webhook', $payload)->assertOk();
$this->postJson('/paypal/webhook', $payload)->assertOk();
$this->assertDatabaseCount('package_purchases', 1);
$this->assertDatabaseHas('package_purchases', [
'provider_id' => 'ORDER-WEBHOOK-2',
]);
}
private function apiResponse(object $result, int $status = 201): ApiResponse
{
$response = Mockery::mock(ApiResponse::class);
$response->shouldReceive('getStatusCode')->andReturn($status);
$response->shouldReceive('getResult')->andReturn($result);
return $response;
}
private function seedTenantWithPackage(int $price = 10, string $type = 'endcustomer'): array
private function seedTenantWithPackage(int $price = 10, string $type = 'endcustomer', bool $includePaddlePrice = true): array
{
$user = User::factory()->create(['email_verified_at' => now()]);
$tenant = Tenant::factory()->create(['user_id' => $user->id]);
$user->forceFill(['tenant_id' => $tenant->id])->save();
$package = Package::factory()->create([
'price' => $price,
'type' => $type,
'paddle_price_id' => $includePaddlePrice ? 'price_123' : null,
]);
return [$tenant->fresh(), $package];
return [$tenant, $package];
}
}

120
tests/Feature/StripeWebhookTest.php
View File

@@ -1,120 +0,0 @@
<?php
namespace Tests\Feature;
use App\Http\Controllers\Api\StripeWebhookController;
use App\Models\Package;
use App\Models\PackagePurchase;
use App\Models\EventPackage;
use App\Models\TenantPackage;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Stripe\Webhook;
use Tests\TestCase;
class StripeWebhookTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
// Mock Stripe secret
config(['services.stripe.webhook_secret' => 'whsec_test_secret']);
}
public function test_handle_payment_intent_succeeded_creates_event_package(): void
{
$tenant = \App\Models\Tenant::factory()->create();
$event = \App\Models\Event::factory()->create(['tenant_id' => $tenant->id]);
$package = Package::factory()->create(['type' => 'endcustomer']);
$payload = [
'id' => 'evt_test',
'type' => 'payment_intent.succeeded',
'data' => [
'object' => [
'id' => 'pi_test',
'metadata' => [
'type' => 'endcustomer_event',
'tenant_id' => (string) $tenant->id,
'event_id' => (string) $event->id,
'package_id' => (string) $package->id,
],
],
],
];
$sigHeader = 't=12345,v1=' . base64_encode(hash_hmac('sha256', json_encode($payload), 'whsec_test_secret', true));
$response = $this->postJson('/api/v1/stripe/webhook', $payload, [
'Stripe-Signature' => $sigHeader,
]);
$response->assertStatus(200);
$this->assertDatabaseHas('package_purchases', [
'package_id' => $package->id,
'tenant_id' => $tenant->id,
'event_id' => $event->id,
'type' => 'endcustomer_event',
'provider_id' => 'pi_test',
]);
$this->assertDatabaseHas('event_packages', [
'event_id' => $event->id,
'package_id' => $package->id,
]);
}
public function test_handle_invoice_paid_renews_tenant_package(): void
{
$tenant = \App\Models\Tenant::factory()->create();
$package = Package::factory()->create(['type' => 'reseller']);
$payload = [
'id' => 'evt_test',
'type' => 'invoice.paid',
'data' => [
'object' => [
'subscription' => 'sub_test',
'metadata' => [
'type' => 'reseller_subscription',
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
],
],
];
$sigHeader = 't=12345,v1=' . base64_encode(hash_hmac('sha256', json_encode($payload), 'whsec_test_secret', true));
$response = $this->postJson('/api/v1/stripe/webhook', $payload, [
'Stripe-Signature' => $sigHeader,
]);
$response->assertStatus(200);
$this->assertDatabaseHas('package_purchases', [
'package_id' => $package->id,
'tenant_id' => $tenant->id,
'type' => 'reseller_subscription',
]);
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)->first();
$this->assertNotNull($tenantPackage);
$this->assertTrue($tenantPackage->expires_at->isFuture());
}
public function test_webhook_rejects_invalid_signature(): void
{
$payload = ['type' => 'invalid'];
$sigHeader = 'invalid';
$response = $this->postJson('/api/v1/stripe/webhook', $payload, [
'Stripe-Signature' => $sigHeader,
]);
$response->assertStatus(400);
}
}

83
tests/Feature/SyncPackageToPaddleJobTest.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
namespace Tests\Feature;
use App\Jobs\SyncPackageToPaddle;
use App\Models\Package;
use App\Services\Paddle\PaddleCatalogService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Mockery;
use Tests\TestCase;
class SyncPackageToPaddleJobTest extends TestCase
{
use RefreshDatabase;
protected function tearDown(): void
{
parent::tearDown();
Mockery::close();
}
public function test_job_creates_product_and_price_and_updates_package(): void
{
$package = Package::factory()->create([
'paddle_product_id' => null,
'paddle_price_id' => null,
'price' => 15.50,
'slug' => 'silver-plan',
]);
$service = Mockery::mock(PaddleCatalogService::class);
$service->shouldReceive('createProduct')
->once()
->withArgs(function ($pkg, $overrides) use ($package) {
return $pkg->is($package) && $overrides === [];
})
->andReturn(['id' => 'pro_123']);
$service->shouldReceive('createPrice')
->once()
->withArgs(function ($pkg, $productId, $overrides) use ($package) {
return $pkg->is($package) && $productId === 'pro_123' && $overrides === [];
})
->andReturn(['id' => 'pri_123']);
$service->shouldReceive('buildProductPayload')
->andReturn(['payload' => 'product']);
$service->shouldReceive('buildPricePayload')
->andReturn(['payload' => 'price']);
$job = new SyncPackageToPaddle($package->id);
$job->handle($service);
$package->refresh();
$this->assertSame('pro_123', $package->paddle_product_id);
$this->assertSame('pri_123', $package->paddle_price_id);
$this->assertSame('synced', $package->paddle_sync_status);
$this->assertNotNull($package->paddle_synced_at);
$this->assertSame(['payload' => 'product'], $package->paddle_snapshot['payload']['product']);
$this->assertSame(['payload' => 'price'], $package->paddle_snapshot['payload']['price']);
}
public function test_dry_run_stores_snapshot_without_calling_paddle(): void
{
$package = Package::factory()->create([
'slug' => 'gold-plan',
]);
$service = Mockery::mock(PaddleCatalogService::class);
$service->shouldReceive('buildProductPayload')->andReturn(['payload' => 'product']);
$service->shouldReceive('buildPricePayload')->andReturn(['payload' => 'price']);
$job = new SyncPackageToPaddle($package->id, ['dry_run' => true]);
$job->handle($service);
$package->refresh();
$this->assertSame('dry-run', $package->paddle_sync_status);
$this->assertTrue($package->paddle_snapshot['dry_run']);
$this->assertSame(['payload' => 'product'], $package->paddle_snapshot['payload']['product']);
$this->assertSame(['payload' => 'price'], $package->paddle_snapshot['payload']['price']);
}
}

76
tests/Unit/PaddleCatalogServiceTest.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
namespace Tests\Unit;
use App\Models\Package;
use App\Services\Paddle\PaddleCatalogService;
use App\Services\Paddle\PaddleClient;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Mockery;
use Tests\TestCase;
class PaddleCatalogServiceTest extends TestCase
{
use RefreshDatabase;
protected function tearDown(): void
{
parent::tearDown();
Mockery::close();
}
public function test_build_product_payload_includes_translations_and_features(): void
{
$package = Package::factory()->create([
'name' => 'Starter',
'slug' => 'starter',
'description' => '<p>Great package</p>',
'name_translations' => [
'de' => 'Starter DE',
'en' => 'Starter EN',
],
'description_translations' => [
'de' => 'Beschreibung',
'en' => 'Description',
],
'features' => [
'custom_domain' => true,
'advanced_analytics' => false,
],
]);
$service = new PaddleCatalogService(Mockery::mock(PaddleClient::class));
$payload = $service->buildProductPayload($package);
$this->assertSame('Starter', $payload['name']);
$this->assertSame('Great package', $payload['description']);
$this->assertSame('standard', $payload['tax_category']);
$this->assertSame('standard', $payload['type']);
$this->assertArrayHasKey('custom_data', $payload);
$this->assertSame((string) $package->id, $payload['custom_data']['fotospiel_package_id']);
$this->assertSame('starter', $payload['custom_data']['slug']);
$this->assertSame(['de' => 'Starter DE', 'en' => 'Starter EN'], $payload['custom_data']['translations']['name']);
$this->assertArrayHasKey('features', $payload['custom_data']);
}
public function test_build_price_payload_converts_price_and_currency(): void
{
$package = Package::factory()->create([
'price' => 29.99,
'description' => null,
'name' => 'Silver Plan',
]);
$service = new PaddleCatalogService(Mockery::mock(PaddleClient::class));
$payload = $service->buildPricePayload($package, 'pro_123');
$this->assertSame('pro_123', $payload['product_id']);
$this->assertSame('2999', $payload['unit_price']['amount']);
$this->assertSame('EUR', $payload['unit_price']['currency_code']);
$this->assertSame('Silver Plan package', $payload['description']);
$this->assertArrayHasKey('custom_data', $payload);
}
}

200
tests/e2e/checkout-payment.test.ts
View File

@@ -4,11 +4,12 @@ import { execSync } from 'child_process';
const LOGIN_EMAIL = 'checkout-e2e@example.com';
const LOGIN_PASSWORD = 'Password123!';
test.describe('Checkout Payment Step Stripe & PayPal states', () => {
test.describe('Checkout Payment Step Paddle flow', () => {
test.beforeAll(async () => {
execSync(
`php artisan tenant:add-dummy --email=${LOGIN_EMAIL} --password=${LOGIN_PASSWORD} --first_name=Checkout --last_name=Tester --address="Playwrightstr. 1" --phone="+4912345678"`
);
execSync(
`php artisan tinker --execute="App\\\\Models\\\\User::where('email', '${LOGIN_EMAIL}')->update(['email_verified_at' => now()]);"`
);
@@ -22,110 +23,103 @@ test.describe('Checkout Payment Step Stripe & PayPal states', () => {
await expect(page).toHaveURL(/dashboard/);
});
test('Stripe payment intent error surfaces descriptive status', async ({ page }) => {
await page.route('**/stripe/create-payment-intent', async (route) => {
test('opens Paddle checkout and shows success notice', async ({ page }) => {
await page.route('**/paddle/create-checkout', async (route) => {
const request = route.request();
const postData = request.postDataJSON() as { inline?: boolean } | null;
const inline = Boolean(postData?.inline);
if (inline) {
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
mode: 'inline',
items: [
{ priceId: 'pri_123', quantity: 1 },
],
custom_data: {
tenant_id: '1',
package_id: '2',
checkout_session_id: 'cs_123',
},
customer: {
email: LOGIN_EMAIL,
},
}),
});
return;
}
await route.fulfill({
status: 422,
status: 200,
contentType: 'application/json',
body: JSON.stringify({ error: 'Test payment intent failure' }),
body: JSON.stringify({
checkout_url: 'https://paddle.test/checkout/success',
}),
});
});
await page.route('https://cdn.paddle.com/paddle/v2/paddle.js', async (route) => {
await route.fulfill({
status: 200,
contentType: 'application/javascript',
body: `
window.Paddle = {
Environment: { set: function(env) { window.__paddleEnv = env; } },
Initialize: function(opts) { window.__paddleInit = opts; },
Checkout: {
open: function(config) {
window.__paddleOpenConfig = config;
}
}
};
`,
});
});
await openCheckoutPaymentStep(page);
await page.evaluate(() => {
window.__openedUrls = [];
window.open = (url: string, target?: string | null, features?: string | null) => {
window.__openedUrls.push({ url, target: target ?? null, features: features ?? null });
return null;
};
});
await page.getByRole('button', { name: /Continue with Paddle|Weiter mit Paddle/ }).click();
await expect(
page.locator('text=/Fehler beim Laden der Zahlungsdaten|Error loading payment data/')
page.locator(
'text=/Paddle checkout is running in a secure overlay|Der Paddle-Checkout läuft jetzt in einem Overlay/'
)
).toBeVisible();
await expect(
page.locator('text=/Zahlungsformular bereit|Payment form ready/')
).not.toBeVisible();
await expect.poll(async () => {
return page.evaluate(() => window.__paddleOpenConfig?.items?.[0]?.priceId ?? null);
}).toBe('pri_123');
await expect.poll(async () => {
return page.evaluate(() => window.__openedUrls?.length ?? 0);
}).toBe(0);
});
test('Stripe payment intent ready state renders when backend responds', async ({ page }) => {
await page.route('**/stripe/create-payment-intent', async (route) => {
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ client_secret: 'pi_test_secret' }),
});
});
await openCheckoutPaymentStep(page);
await expect(
page.locator('text=/Zahlungsformular bereit\\. Bitte gib deine Daten ein\\.|Payment form ready\\./')
).toBeVisible();
});
test('PayPal approval success updates status', async ({ page }) => {
await stubPayPalSdk(page);
await page.route('**/paypal/create-order', async (route) => {
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ id: 'ORDER_TEST', status: 'CREATED' }),
});
});
await page.route('**/paypal/capture-order', async (route) => {
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ status: 'captured' }),
});
});
await openCheckoutPaymentStep(page);
await selectPayPalMethod(page);
await page.waitForFunction(() => window.__paypalButtonsConfig !== undefined);
await page.evaluate(async () => {
const config = window.__paypalButtonsConfig;
if (!config) return;
await config.createOrder();
await config.onApprove({ orderID: 'ORDER_TEST' });
});
await expect(
page.locator('text=/Zahlung bestätigt\\. Bestellung wird abgeschlossen|Payment confirmed/')
).toBeVisible();
});
test('PayPal capture failure notifies user', async ({ page }) => {
await stubPayPalSdk(page);
await page.route('**/paypal/create-order', async (route) => {
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ id: 'ORDER_FAIL', status: 'CREATED' }),
});
});
await page.route('**/paypal/capture-order', async (route) => {
test('shows error state when Paddle checkout creation fails', async ({ page }) => {
await page.route('**/paddle/create-checkout', async (route) => {
await route.fulfill({
status: 500,
contentType: 'application/json',
body: JSON.stringify({ error: 'capture_failed' }),
body: JSON.stringify({ message: 'test-error' }),
});
});
await openCheckoutPaymentStep(page);
await selectPayPalMethod(page);
await page.waitForFunction(() => window.__paypalButtonsConfig !== undefined);
await page.evaluate(async () => {
const config = window.__paypalButtonsConfig;
if (!config) return;
await config.createOrder();
await config.onApprove({ orderID: 'ORDER_FAIL' });
});
await page.getByRole('button', { name: /Continue with Paddle|Weiter mit Paddle/ }).click();
await expect(
page.locator('text=/PayPal capture failed|PayPal-Abbuchung fehlgeschlagen|PayPal capture error/')
page.locator('text=/Paddle checkout could not be started|Paddle-Checkout konnte nicht gestartet werden/')
).toBeVisible();
});
});
@@ -151,41 +145,11 @@ async function openCheckoutPaymentStep(page: import('@playwright/test').Page) {
await page.waitForSelector('text=/Zahlung|Payment/');
}
async function selectPayPalMethod(page: import('@playwright/test').Page) {
const paypalButton = page.getByRole('button', { name: /PayPal/ });
if (await paypalButton.isVisible()) {
await paypalButton.click();
}
}
async function stubPayPalSdk(page: import('@playwright/test').Page) {
await page.route('https://www.paypal.com/sdk/js**', async (route) => {
await route.fulfill({
status: 200,
contentType: 'application/javascript',
body: `
window.paypal = {
Buttons: function (config) {
window.__paypalButtonsConfig = config;
return {
render: function () {
// noop
},
};
},
};
`,
});
});
}
declare global {
interface Window {
__paypalButtonsConfig?: {
createOrder: () => Promise<string>;
onApprove: (data: { orderID: string }) => Promise<void>;
onError?: (error: unknown) => void;
};
__openedUrls?: Array<{ url: string; target?: string | null; features?: string | null }>;
__paddleOpenConfig?: { url?: string; items?: Array<{ priceId: string; quantity: number }>; settings?: { displayMode?: string } };
__paddleEnv?: string;
__paddleInit?: Record<string, unknown>;
}
}

112
tests/e2e/event-admin-dashboard.test.ts
View File

@@ -1,39 +1,109 @@
import type { Page } from '@playwright/test';
import { test, expectFixture as expect } from './utils/test-fixtures';
test.describe('Tenant Admin core flows', () => {
test('dashboard shows key sections for seeded tenant', async ({ signInTenantAdmin, page }) => {
await signInTenantAdmin();
const futureDate = (daysAhead = 10): string => {
const date = new Date();
date.setDate(date.getDate() + daysAhead);
return date.toISOString().slice(0, 10);
};
await expect(page).toHaveURL(/\/event-admin(\/welcome)?/);
async function ensureOnDashboard(page: Page): Promise<void> {
await page.goto('/event-admin/dashboard');
await page.waitForLoadState('networkidle');
if (page.url().includes('/event-admin/welcome')) {
await page.getByRole('button', { name: /Direkt zum Dashboard/i }).click();
if (page.url().includes('/event-admin/welcome')) {
const directButton = page.getByRole('button', { name: /Direkt zum Dashboard/i });
if (await directButton.isVisible()) {
await directButton.click();
await page.waitForURL(/\/event-admin\/dashboard$/, { timeout: 15_000 });
}
}
}
test.describe('Tenant Admin PWA end-to-end coverage', () => {
test.beforeEach(async ({ signInTenantAdmin }) => {
await signInTenantAdmin();
});
test('dashboard highlights core stats and quick actions', async ({ page }) => {
await ensureOnDashboard(page);
await expect(page.getByRole('heading', { name: /Hallo/i })).toBeVisible();
await expect(page.getByRole('button', { name: /Neues Event/i })).toBeVisible();
await expect(page.getByRole('button', { name: /Guided Setup/i })).toBeVisible();
await expect(page.getByRole('heading', { name: /Hallo Lumen Moments!/i })).toBeVisible();
await expect(page.getByRole('button', { name: /Neues Event/i })).toBeVisible();
await expect(page.getByRole('button', { name: /Guided Setup/i })).toBeVisible();
await expect(page.getByText(/Schnellaktionen/i)).toBeVisible();
await expect(page.getByText(/Kommende Events/i)).toBeVisible();
});
test('events overview lists published and draft events', async ({ signInTenantAdmin, page }) => {
await signInTenantAdmin();
test('event creation flow and detail subsections', async ({ page }) => {
const eventName = `Playwright Event ${Date.now()}`;
const eventDate = futureDate(14);
await page.goto('/event-admin/events/new');
await page.waitForLoadState('networkidle');
await expect(page.getByRole('heading', { name: /Eventdetails/i })).toBeVisible();
await page.getByLabel(/Eventname/i).fill(eventName);
await page.getByLabel(/Datum/i).fill(eventDate);
const eventTypeTrigger = page.getByRole('combobox', { name: /Event-Typ/i });
await eventTypeTrigger.click();
const firstOption = page.getByRole('option').first();
await expect(firstOption).toBeVisible({ timeout: 5_000 });
await firstOption.click();
await page.getByRole('button', { name: /^Speichern/i }).click();
await expect(page).toHaveURL(/\/event-admin\/events\/[a-z0-9-]+$/, { timeout: 20_000 });
const createdSlug = page.url().split('/').pop() ?? '';
await expect(page.getByRole('heading', { name: /Eventdetails/i })).toBeVisible();
await page.goto('/event-admin/events');
await page.waitForLoadState('networkidle');
await expect(page.getByText(eventName, { exact: false })).toBeVisible();
await expect(page.getByRole('heading', { name: /Deine Events/i })).toBeVisible({ timeout: 15_000 });
await expect(page.getByRole('button', { name: /Neues Event/i })).toBeVisible();
await page.goto(`/event-admin/events/${createdSlug}/photos`);
await expect(page.getByRole('heading', { name: /Fotos moderieren/i })).toBeVisible();
await expect(page.getByText(/Noch keine Fotos vorhanden/i)).toBeVisible();
await page.goto(`/event-admin/events/${createdSlug}/members`);
await expect(page.getByRole('heading', { name: /Event-Mitglieder/i })).toBeVisible();
await page.goto(`/event-admin/events/${createdSlug}/tasks`);
await expect(page.getByRole('heading', { name: /Event-Tasks/i })).toBeVisible();
await expect(page.getByText(/Noch keine Tasks zugewiesen/i)).toBeVisible();
});
test('billing page lists the active package and history', async ({ signInTenantAdmin, page }) => {
await signInTenantAdmin();
await page.goto('/event-admin/billing');
test('task library allows creating custom tasks', async ({ page }) => {
await page.goto('/event-admin/tasks');
await page.waitForLoadState('networkidle');
await expect(page.getByRole('heading', { name: /Pakete & Abrechnung/i })).toBeVisible({ timeout: 15_000 });
await expect(page.getByRole('heading', { name: /Paketübersicht/i })).toBeVisible();
await expect(page.getByText(/Paket-Historie/)).toBeVisible();
await expect(page.getByRole('heading', { name: /Task Bibliothek/i })).toBeVisible();
const taskTitle = `Playwright Task ${Date.now()}`;
await page.getByRole('button', { name: /^Neu$/i }).click();
await page.getByLabel(/Titel/i).fill(taskTitle);
await page.getByLabel(/Beschreibung/i).fill('Automatisierter Testfall');
await page.getByRole('button', { name: /^Speichern$/i }).click();
await expect(page.getByText(taskTitle)).toBeVisible({ timeout: 10_000 });
await page.goto('/event-admin/task-collections');
await page.waitForLoadState('networkidle');
await expect(page.getByRole('heading', { name: /Aufgabenvorlagen/i })).toBeVisible();
});
test('supporting sections (emotions, billing, settings) load successfully', async ({ page }) => {
await page.goto('/event-admin/emotions');
await page.waitForLoadState('networkidle');
await expect(page.getByRole('heading', { name: /Emotionen/i })).toBeVisible();
await page.goto('/event-admin/billing');
await page.waitForLoadState('networkidle');
await expect(page.getByRole('heading', { name: /Pakete & Abrechnung/i })).toBeVisible();
await page.goto('/event-admin/settings');
await page.waitForLoadState('networkidle');
await expect(page.getByRole('heading', { name: /Einstellungen/i })).toBeVisible();
});
});

11
tests/e2e/tenant-onboarding-flow.test.ts
View File

@@ -6,7 +6,7 @@ import { test, expectFixture as expect } from './utils/test-fixtures';
* This suite is currently skipped until we have stable seed data and
* authentication helpers for Playwright. Once those are in place we can
* remove the skip and let the flow exercise the welcome -> packages -> summary
* steps with mocked Stripe/PayPal APIs.
* steps with mocked Stripe/Paddle APIs.
*/
test.describe('Tenant Onboarding Welcome Flow', () => {
test('redirects unauthenticated users to login', async ({ page }) => {
@@ -47,7 +47,7 @@ test.describe('Tenant Onboarding Welcome Flow', () => {
await expect(page).toHaveURL(/\/event-admin\/welcome\/summary/);
await expect(page.getByRole('heading', { name: /Bestellübersicht/i })).toBeVisible();
// Validate payment sections. Depending on env we either see Stripe/PayPal widgets or configuration warnings.
// Validate payment sections. Depending on env we either see Stripe/Paddle widgets or configuration warnings.
const stripeConfigured = Boolean(process.env.VITE_STRIPE_PUBLISHABLE_KEY);
if (stripeConfigured) {
await expect(page.getByRole('heading', { name: /Kartenzahlung \(Stripe\)/i })).toBeVisible();
@@ -57,12 +57,7 @@ test.describe('Tenant Onboarding Welcome Flow', () => {
).toBeVisible();
}
const paypalConfigured = Boolean(process.env.VITE_PAYPAL_CLIENT_ID);
if (paypalConfigured) {
await expect(page.getByRole('heading', { name: /^PayPal$/i })).toBeVisible();
} else {
await expect(page.getByText(/PayPal nicht konfiguriert/i)).toBeVisible();
}
await expect(page.getByRole('heading', { name: /^Paddle$/i })).toBeVisible();
// Continue to the setup step without completing a purchase.
await page.getByRole('button', { name: /Weiter zum Setup/i }).click();

2
tests/e2e/utils/test-fixtures.ts
View File

@@ -64,6 +64,7 @@ type StoredTokenPayload = {
refreshToken: string;
expiresAt: number;
scope?: string;
clientId?: string;
};
async function exchangeTokens(request: APIRequestContext): Promise<StoredTokenPayload> {
@@ -124,6 +125,7 @@ async function exchangeTokens(request: APIRequestContext): Promise<StoredTokenPa
refreshToken: body.refresh_token,
expiresAt: Date.now() + Math.max(expiresIn - 30, 0) * 1000,
scope: body.scope,
clientId,
};
}