268 lines
8.8 KiB
PHP
268 lines
8.8 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature;
|
|
|
|
use App\Models\CheckoutSession;
|
|
use App\Models\Package;
|
|
use App\Models\PackagePurchase;
|
|
use App\Models\Tenant;
|
|
use App\Models\TenantPackage;
|
|
use App\Models\User;
|
|
use App\Services\Checkout\CheckoutSessionService;
|
|
use Carbon\Carbon;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Arr;
|
|
use Tests\TestCase;
|
|
|
|
class PaddleWebhookControllerTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_transaction_completed_finalises_checkout(): void
|
|
{
|
|
config(['paddle.webhook_secret' => 'test_secret']);
|
|
|
|
[$tenant, $package, $session] = $this->prepareSession();
|
|
|
|
$payload = [
|
|
'event_type' => 'transaction.completed',
|
|
'data' => [
|
|
'id' => 'txn_123',
|
|
'status' => 'completed',
|
|
'checkout_id' => 'chk_456',
|
|
'metadata' => [
|
|
'checkout_session_id' => $session->id,
|
|
'tenant_id' => (string) $tenant->id,
|
|
'package_id' => (string) $package->id,
|
|
],
|
|
],
|
|
];
|
|
|
|
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
|
|
|
|
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
|
|
->postJson('/paddle/webhook', $payload);
|
|
|
|
$response->assertOk()->assertJson(['status' => 'processed']);
|
|
|
|
$session->refresh();
|
|
|
|
$this->assertEquals(CheckoutSession::STATUS_COMPLETED, $session->status);
|
|
$this->assertSame('paddle', $session->provider);
|
|
$this->assertSame('txn_123', Arr::get($session->provider_metadata, 'paddle_transaction_id'));
|
|
|
|
$this->assertTrue(
|
|
TenantPackage::query()
|
|
->where('tenant_id', $tenant->id)
|
|
->where('package_id', $package->id)
|
|
->where('active', true)
|
|
->exists()
|
|
);
|
|
|
|
$this->assertTrue(
|
|
PackagePurchase::query()
|
|
->where('tenant_id', $tenant->id)
|
|
->where('package_id', $package->id)
|
|
->where('provider', 'paddle')
|
|
->exists()
|
|
);
|
|
}
|
|
|
|
public function test_duplicate_transaction_is_idempotent(): void
|
|
{
|
|
config(['paddle.webhook_secret' => 'test_secret']);
|
|
|
|
[$tenant, $package, $session] = $this->prepareSession();
|
|
|
|
$payload = [
|
|
'event_type' => 'transaction.completed',
|
|
'data' => [
|
|
'id' => 'txn_dup',
|
|
'status' => 'completed',
|
|
'checkout_id' => 'chk_dup',
|
|
'metadata' => [
|
|
'checkout_session_id' => $session->id,
|
|
'tenant_id' => (string) $tenant->id,
|
|
'package_id' => (string) $package->id,
|
|
],
|
|
],
|
|
];
|
|
|
|
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
|
|
|
|
$first = $this->withHeader('Paddle-Webhook-Signature', $signature)
|
|
->postJson('/paddle/webhook', $payload);
|
|
|
|
$first->assertOk()->assertJson(['status' => 'processed']);
|
|
|
|
$second = $this->withHeader('Paddle-Webhook-Signature', $signature)
|
|
->postJson('/paddle/webhook', $payload);
|
|
|
|
$second->assertStatus(200)->assertJson(['status' => 'processed']);
|
|
|
|
$this->assertSame(1, PackagePurchase::query()->count());
|
|
|
|
$session->refresh();
|
|
$this->assertEquals(CheckoutSession::STATUS_COMPLETED, $session->status);
|
|
$this->assertEquals('txn_dup', Arr::get($session->provider_metadata, 'paddle_transaction_id'));
|
|
}
|
|
|
|
public function test_rejects_invalid_signature(): void
|
|
{
|
|
config(['paddle.webhook_secret' => 'secret']);
|
|
|
|
$response = $this->withHeader('Paddle-Webhook-Signature', 'invalid')
|
|
->postJson('/paddle/webhook', ['event_type' => 'transaction.completed']);
|
|
|
|
$response->assertStatus(400)->assertJson(['status' => 'invalid']);
|
|
}
|
|
|
|
public function test_unhandled_event_returns_accepted(): void
|
|
{
|
|
config(['paddle.webhook_secret' => null]);
|
|
|
|
$response = $this->postJson('/paddle/webhook', [
|
|
'event_type' => 'transaction.unknown',
|
|
'data' => [],
|
|
]);
|
|
|
|
$response->assertStatus(202)->assertJson(['status' => 'ignored']);
|
|
}
|
|
|
|
public function test_subscription_activation_creates_tenant_package(): void
|
|
{
|
|
config(['paddle.webhook_secret' => 'test_secret']);
|
|
|
|
$tenant = Tenant::factory()->create([
|
|
'paddle_customer_id' => 'cus_123',
|
|
'subscription_status' => 'free',
|
|
]);
|
|
|
|
$package = Package::factory()->create([
|
|
'type' => 'reseller',
|
|
'price' => 129,
|
|
'paddle_price_id' => 'price_sub_1',
|
|
]);
|
|
|
|
$payload = [
|
|
'event_type' => 'subscription.created',
|
|
'data' => [
|
|
'id' => 'sub_123',
|
|
'status' => 'active',
|
|
'customer_id' => 'cus_123',
|
|
'created_at' => Carbon::now()->subDay()->toIso8601String(),
|
|
'next_billing_date' => Carbon::now()->addMonth()->toIso8601String(),
|
|
'metadata' => [
|
|
'tenant_id' => (string) $tenant->id,
|
|
'package_id' => (string) $package->id,
|
|
],
|
|
'items' => [
|
|
[
|
|
'price_id' => 'price_sub_1',
|
|
],
|
|
],
|
|
],
|
|
];
|
|
|
|
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
|
|
|
|
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
|
|
->postJson('/paddle/webhook', $payload);
|
|
|
|
$response->assertOk()->assertJson(['status' => 'processed']);
|
|
|
|
$tenant->refresh();
|
|
|
|
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)
|
|
->where('package_id', $package->id)
|
|
->first();
|
|
|
|
$this->assertNotNull($tenantPackage);
|
|
$this->assertSame('sub_123', $tenantPackage->paddle_subscription_id);
|
|
$this->assertTrue($tenantPackage->active);
|
|
$this->assertEquals('active', $tenant->subscription_status);
|
|
$this->assertNotNull($tenant->subscription_expires_at);
|
|
}
|
|
|
|
public function test_subscription_cancellation_marks_package_inactive(): void
|
|
{
|
|
config(['paddle.webhook_secret' => 'test_secret']);
|
|
|
|
$tenant = Tenant::factory()->create([
|
|
'paddle_customer_id' => 'cus_cancel',
|
|
'subscription_status' => 'active',
|
|
]);
|
|
|
|
$package = Package::factory()->create([
|
|
'type' => 'reseller',
|
|
'price' => 199,
|
|
'paddle_price_id' => 'price_cancel',
|
|
]);
|
|
|
|
TenantPackage::factory()->create([
|
|
'tenant_id' => $tenant->id,
|
|
'package_id' => $package->id,
|
|
'paddle_subscription_id' => 'sub_cancel',
|
|
'active' => true,
|
|
]);
|
|
|
|
$payload = [
|
|
'event_type' => 'subscription.cancelled',
|
|
'data' => [
|
|
'id' => 'sub_cancel',
|
|
'status' => 'cancelled',
|
|
'customer_id' => 'cus_cancel',
|
|
'metadata' => [
|
|
'tenant_id' => (string) $tenant->id,
|
|
'package_id' => (string) $package->id,
|
|
],
|
|
'items' => [
|
|
[
|
|
'price_id' => 'price_cancel',
|
|
],
|
|
],
|
|
],
|
|
];
|
|
|
|
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
|
|
|
|
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
|
|
->postJson('/paddle/webhook', $payload);
|
|
|
|
$response->assertOk()->assertJson(['status' => 'processed']);
|
|
|
|
$tenant->refresh();
|
|
|
|
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)
|
|
->where('package_id', $package->id)
|
|
->first();
|
|
|
|
$this->assertNotNull($tenantPackage);
|
|
$this->assertFalse($tenantPackage->active);
|
|
$this->assertEquals('expired', $tenant->subscription_status);
|
|
}
|
|
|
|
/**
|
|
* @return array{\App\Models\Tenant, \App\Models\Package, \App\Models\CheckoutSession}
|
|
*/
|
|
protected function prepareSession(): array
|
|
{
|
|
$user = User::factory()->create(['email_verified_at' => now()]);
|
|
$tenant = Tenant::factory()->create(['user_id' => $user->id]);
|
|
$user->forceFill(['tenant_id' => $tenant->id])->save();
|
|
|
|
$package = Package::factory()->create([
|
|
'type' => 'reseller',
|
|
'price' => 99,
|
|
'paddle_price_id' => 'price_123',
|
|
]);
|
|
|
|
/** @var CheckoutSessionService $sessions */
|
|
$sessions = app(CheckoutSessionService::class);
|
|
$session = $sessions->createOrResume($user, $package, ['tenant' => $tenant]);
|
|
$sessions->selectProvider($session, CheckoutSession::PROVIDER_PADDLE);
|
|
|
|
return [$tenant, $package, $session];
|
|
}
|
|
}
|