soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
1d2c2da9151ff855f88e2e10bc4e248028a89f22
fotospiel-app/tests/Feature/PaddleWebhookControllerTest.php
Codex Agent 8267b2bca3 paddle-logging verbessert
2025-12-23 08:53:00 +01:00

348 lines
12 KiB
PHP
Raw Blame History

<?php
namespace Tests\Feature;
use App\Models\CheckoutSession;
use App\Models\Package;
use App\Models\PackagePurchase;
use App\Models\Tenant;
use App\Models\TenantPackage;
use App\Models\User;
use App\Services\Checkout\CheckoutSessionService;
use Carbon\Carbon;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Arr;
use Tests\TestCase;
class PaddleWebhookControllerTest extends TestCase
{
use RefreshDatabase;
public function test_transaction_completed_finalises_checkout(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
[$tenant, $package, $session] = $this->prepareSession();
$payload = [
'event_type' => 'transaction.completed',
'data' => [
'id' => 'txn_123',
'status' => 'completed',
'checkout_id' => 'chk_456',
'details' => [
'totals' => [
'subtotal' => ['amount' => '10000'],
'discount' => ['amount' => '1000'],
'tax' => ['amount' => '1900'],
'total' => ['amount' => '10900'],
'currency_code' => 'EUR',
],
],
'custom_data' => [
'checkout_session_id' => $session->id,
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
],
];
$timestamp = time();
$signature = hash_hmac('sha256', $timestamp.':'.json_encode($payload), 'test_secret');
$header = sprintf('ts=%s,h1=%s', $timestamp, $signature);
$response = $this->withHeader('Paddle-Signature', $header)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$session->refresh();
$this->assertEquals(CheckoutSession::STATUS_COMPLETED, $session->status);
$this->assertSame('paddle', $session->provider);
$this->assertSame('txn_123', Arr::get($session->provider_metadata, 'paddle_transaction_id'));
$this->assertTrue(
TenantPackage::query()
->where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->where('active', true)
->exists()
);
$this->assertTrue(
PackagePurchase::query()
->where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->where('provider', 'paddle')
->exists()
);
$purchase = PackagePurchase::query()
->where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->first();
$this->assertNotNull($purchase);
$this->assertSame(109.0, (float) $purchase->price);
$this->assertSame('EUR', Arr::get($purchase->metadata, 'currency'));
$this->assertSame(109.0, (float) Arr::get($purchase->metadata, 'paddle_totals.total'));
$this->assertSame(109.0, (float) $session->amount_total);
}
public function test_duplicate_transaction_is_idempotent(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
[$tenant, $package, $session] = $this->prepareSession();
$payload = [
'event_type' => 'transaction.completed',
'data' => [
'id' => 'txn_dup',
'status' => 'completed',
'checkout_id' => 'chk_dup',
'custom_data' => [
'checkout_session_id' => $session->id,
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
],
];
$timestamp = time();
$signature = hash_hmac('sha256', $timestamp.':'.json_encode($payload), 'test_secret');
$header = sprintf('ts=%s,h1=%s', $timestamp, $signature);
$first = $this->withHeader('Paddle-Signature', $header)
->postJson('/paddle/webhook', $payload);
$first->assertOk()->assertJson(['status' => 'processed']);
$second = $this->withHeader('Paddle-Signature', $header)
->postJson('/paddle/webhook', $payload);
$second->assertStatus(200)->assertJson(['status' => 'processed']);
$this->assertSame(1, PackagePurchase::query()->count());
$session->refresh();
$this->assertEquals(CheckoutSession::STATUS_COMPLETED, $session->status);
$this->assertEquals('txn_dup', Arr::get($session->provider_metadata, 'paddle_transaction_id'));
}
public function test_transaction_completed_updates_tenant_status_for_one_time_package(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
$user = User::factory()->create(['email_verified_at' => now()]);
$tenant = Tenant::factory()->create([
'user_id' => $user->id,
'subscription_status' => 'free',
]);
$user->forceFill(['tenant_id' => $tenant->id])->save();
$package = Package::factory()->create([
'type' => 'endcustomer',
'price' => 49,
'paddle_price_id' => 'price_one_time',
]);
/** @var CheckoutSessionService $sessions */
$sessions = app(CheckoutSessionService::class);
$session = $sessions->createOrResume($user, $package, ['tenant' => $tenant]);
$sessions->selectProvider($session, CheckoutSession::PROVIDER_PADDLE);
$payload = [
'event_type' => 'transaction.completed',
'data' => [
'id' => 'txn_one_time',
'status' => 'completed',
'details' => [
'totals' => [
'total' => ['amount' => '4900'],
'currency_code' => 'EUR',
],
],
'custom_data' => [
'checkout_session_id' => $session->id,
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
],
];
$timestamp = time();
$signature = hash_hmac('sha256', $timestamp.':'.json_encode($payload), 'test_secret');
$header = sprintf('ts=%s,h1=%s', $timestamp, $signature);
$response = $this->withHeader('Paddle-Signature', $header)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$tenant->refresh();
$this->assertSame('active', $tenant->subscription_status);
$this->assertNotNull($tenant->subscription_expires_at);
}
public function test_rejects_invalid_signature(): void
{
config(['paddle.webhook_secret' => 'secret']);
$response = $this->withHeader('Paddle-Signature', 'invalid')
->postJson('/paddle/webhook', ['event_type' => 'transaction.completed']);
$response->assertStatus(400)->assertJson(['status' => 'invalid']);
}
public function test_unhandled_event_returns_accepted(): void
{
config(['paddle.webhook_secret' => null]);
$response = $this->postJson('/paddle/webhook', [
'event_type' => 'transaction.unknown',
'data' => [],
]);
$response->assertStatus(202)->assertJson(['status' => 'ignored']);
}
public function test_subscription_activation_creates_tenant_package(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
$tenant = Tenant::factory()->create([
'paddle_customer_id' => 'cus_123',
'subscription_status' => 'free',
]);
$package = Package::factory()->create([
'type' => 'reseller',
'price' => 129,
'paddle_price_id' => 'price_sub_1',
]);
$payload = [
'event_type' => 'subscription.created',
'data' => [
'id' => 'sub_123',
'status' => 'active',
'customer_id' => 'cus_123',
'created_at' => Carbon::now()->subDay()->toIso8601String(),
'next_billing_date' => Carbon::now()->addMonth()->toIso8601String(),
'custom_data' => [
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
'items' => [
[
'price_id' => 'price_sub_1',
],
],
],
];
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$tenant->refresh();
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->first();
$this->assertNotNull($tenantPackage);
$this->assertSame('sub_123', $tenantPackage->paddle_subscription_id);
$this->assertTrue($tenantPackage->active);
$this->assertEquals('active', $tenant->subscription_status);
$this->assertNotNull($tenant->subscription_expires_at);
}
public function test_subscription_cancellation_marks_package_inactive(): void
{
config(['paddle.webhook_secret' => 'test_secret']);
$tenant = Tenant::factory()->create([
'paddle_customer_id' => 'cus_cancel',
'subscription_status' => 'active',
]);
$package = Package::factory()->create([
'type' => 'reseller',
'price' => 199,
'paddle_price_id' => 'price_cancel',
]);
TenantPackage::factory()->create([
'tenant_id' => $tenant->id,
'package_id' => $package->id,
'paddle_subscription_id' => 'sub_cancel',
'active' => true,
]);
$payload = [
'event_type' => 'subscription.cancelled',
'data' => [
'id' => 'sub_cancel',
'status' => 'cancelled',
'customer_id' => 'cus_cancel',
'custom_data' => [
'tenant_id' => (string) $tenant->id,
'package_id' => (string) $package->id,
],
'items' => [
[
'price_id' => 'price_cancel',
],
],
],
];
$signature = hash_hmac('sha256', json_encode($payload), 'test_secret');
$response = $this->withHeader('Paddle-Webhook-Signature', $signature)
->postJson('/paddle/webhook', $payload);
$response->assertOk()->assertJson(['status' => 'processed']);
$tenant->refresh();
$tenantPackage = TenantPackage::where('tenant_id', $tenant->id)
->where('package_id', $package->id)
->first();
$this->assertNotNull($tenantPackage);
$this->assertFalse($tenantPackage->active);
$this->assertEquals('expired', $tenant->subscription_status);
}
/**
* @return array{\App\Models\Tenant, \App\Models\Package, \App\Models\CheckoutSession}
*/
protected function prepareSession(): array
{
$user = User::factory()->create(['email_verified_at' => now()]);
$tenant = Tenant::factory()->create(['user_id' => $user->id]);
$user->forceFill(['tenant_id' => $tenant->id])->save();
$package = Package::factory()->create([
'type' => 'reseller',
'price' => 99,
'paddle_price_id' => 'price_123',
]);
/** @var CheckoutSessionService $sessions */
$sessions = app(CheckoutSessionService::class);
$session = $sessions->createOrResume($user, $package, ['tenant' => $tenant]);
$sessions->selectProvider($session, CheckoutSession::PROVIDER_PADDLE);
return [$tenant, $package, $session];
}
}
Reference in New Issue View Git Blame Copy Permalink