Updated checkout to wait for backend confirmation before advancing, added a “Processing payment…” state with retry/ refresh fallback, and now use Paddle totals/currency for purchase records + confirmation emails (with new email translations).

tests/Feature/Checkout/CheckoutAuthTest.php

@@ -67,6 +67,28 @@ class CheckoutAuthTest extends TestCase
         ]);
     }
 
+    public function test_checkout_login_marks_pending_purchase_when_package_provided(): void
+    {
+        $user = User::factory()->create(['pending_purchase' => false]);
+        $package = Package::factory()->create();
+
+        $response = $this->postJson(route('checkout.login'), [
+            'identifier' => $user->email,
+            'password' => 'password',
+            'remember' => false,
+            'locale' => 'de',
+            'package_id' => $package->id,
+        ]);
+
+        $response->assertStatus(200)
+            ->assertJsonPath('user.pending_purchase', true);
+
+        $this->assertDatabaseHas('users', [
+            'id' => $user->id,
+            'pending_purchase' => true,
+        ]);
+    }
+
     public function test_checkout_login_returns_validation_errors_with_invalid_credentials()
     {
         $response = $this->postJson(route('checkout.login'), [

tests/Feature/Checkout/CheckoutFreeActivationTest.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace Tests\Feature\Checkout;
+
+use App\Models\CheckoutSession;
+use App\Models\Package;
+use App\Models\Tenant;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Mail;
+use Illuminate\Support\Facades\Notification;
+use Tests\TestCase;
+
+class CheckoutFreeActivationTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        Mail::fake();
+        Notification::fake();
+    }
+
+    public function test_free_checkout_activation_completes_session_and_assigns_package(): void
+    {
+        $tenant = Tenant::factory()->create();
+        $user = User::factory()->for($tenant)->create();
+        $package = Package::factory()->create([
+            'price' => 0,
+        ]);
+
+        $this->actingAs($user);
+
+        $response = $this->postJson(route('checkout.free-activate'), [
+            'package_id' => $package->id,
+            'accepted_terms' => true,
+            'accepted_waiver' => true,
+            'locale' => 'de',
+        ]);
+
+        $response->assertOk()
+            ->assertJsonPath('status', 'completed');
+
+        $this->assertDatabaseHas('checkout_sessions', [
+            'package_id' => $package->id,
+            'user_id' => $user->id,
+            'provider' => CheckoutSession::PROVIDER_FREE,
+            'status' => CheckoutSession::STATUS_COMPLETED,
+        ]);
+
+        $this->assertDatabaseHas('tenant_packages', [
+            'tenant_id' => $tenant->id,
+            'package_id' => $package->id,
+            'active' => true,
+        ]);
+
+        $this->assertDatabaseHas('package_purchases', [
+            'tenant_id' => $tenant->id,
+            'package_id' => $package->id,
+            'provider' => CheckoutSession::PROVIDER_FREE,
+        ]);
+    }
+
+    public function test_free_checkout_requires_waiver_when_package_activates_immediately(): void
+    {
+        $tenant = Tenant::factory()->create();
+        $user = User::factory()->for($tenant)->create();
+        $package = Package::factory()->create([
+            'price' => 0,
+        ]);
+
+        $this->actingAs($user);
+
+        $response = $this->postJson(route('checkout.free-activate'), [
+            'package_id' => $package->id,
+            'accepted_terms' => true,
+            'accepted_waiver' => false,
+            'locale' => 'de',
+        ]);
+
+        $response->assertStatus(422)
+            ->assertJsonValidationErrors(['accepted_waiver']);
+
+        $this->assertDatabaseMissing('package_purchases', [
+            'tenant_id' => $tenant->id,
+            'package_id' => $package->id,
+        ]);
+    }
+}

tests/Feature/Checkout/CheckoutSessionStatusTest.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace Tests\Feature\Checkout;
+
+use App\Models\CheckoutSession;
+use App\Models\Package;
+use App\Models\Tenant;
+use App\Models\User;
+use App\Services\Checkout\CheckoutSessionService;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class CheckoutSessionStatusTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_user_can_fetch_checkout_session_status(): void
+    {
+        $tenant = Tenant::factory()->create();
+        $user = User::factory()->for($tenant)->create();
+        $package = Package::factory()->create();
+
+        /** @var CheckoutSessionService $sessions */
+        $sessions = app(CheckoutSessionService::class);
+        $session = $sessions->createOrResume($user, $package, [
+            'tenant' => $tenant,
+        ]);
+        $sessions->markCompleted($session, now());
+
+        $this->actingAs($user);
+
+        $response = $this->getJson(route('checkout.session.status', $session));
+
+        $response->assertOk()
+            ->assertJsonPath('status', CheckoutSession::STATUS_COMPLETED);
+    }
+
+    public function test_user_cannot_fetch_other_users_checkout_session_status(): void
+    {
+        $tenant = Tenant::factory()->create();
+        $owner = User::factory()->for($tenant)->create();
+        $otherUser = User::factory()->create();
+        $package = Package::factory()->create();
+
+        /** @var CheckoutSessionService $sessions */
+        $sessions = app(CheckoutSessionService::class);
+        $session = $sessions->createOrResume($owner, $package, [
+            'tenant' => $tenant,
+        ]);
+
+        $this->actingAs($otherUser);
+
+        $response = $this->getJson(route('checkout.session.status', $session));
+
+        $response->assertForbidden();
+    }
+}