deemanone/padelnomics
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add hybrid calculator refactor and comprehensive billing test suite

Browse Source 
Move planner financial model from client-side JS to server-side Python
(calculator.py + /planner/calculate endpoint). Add full test coverage:
227 calculator tests and 371 billing tests covering SQL helpers,
webhooks, routes, and subscription gating with Hypothesis fuzzing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Deeman
2026-02-13 12:05:03 +01:00
parent cf11add1e5
commit 9703651562
14 changed files with 2905 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
padelnomics/tests/conftest.py Normal file
View File

@@ -0,0 +1,180 @@
"""
Shared test fixtures for the padelnomics test suite.
"""
import hashlib
import hmac
from datetime import datetime
from pathlib import Path
from unittest.mock import AsyncMock, patch
import aiosqlite
import pytest
from padelnomics import core
from padelnomics.app import create_app
from padelnomics.billing.routes import VARIANT_TO_PLAN
SCHEMA_PATH = Path(__file__).parent.parent / "src" / "padelnomics" / "migrations" / "schema.sql"
# ── Database ─────────────────────────────────────────────────
@pytest.fixture
async def db():
"""In-memory SQLite with full schema, patches core._db."""
conn = await aiosqlite.connect(":memory:")
conn.row_factory = aiosqlite.Row
await conn.execute("PRAGMA foreign_keys=ON")
schema = SCHEMA_PATH.read_text()
await conn.executescript(schema)
await conn.commit()
original_db = core._db
core._db = conn
yield conn
core._db = original_db
await conn.close()
# ── App & client ─────────────────────────────────────────────
@pytest.fixture
async def app(db):
"""Quart app with DB already initialized (init_db/close_db patched to no-op)."""
with patch.object(core, "init_db", new_callable=AsyncMock), \
patch.object(core, "close_db", new_callable=AsyncMock):
application = create_app()
application.config["TESTING"] = True
yield application
@pytest.fixture
async def client(app):
"""Unauthenticated test client."""
async with app.test_client() as c:
yield c
# ── Users ────────────────────────────────────────────────────
@pytest.fixture
async def test_user(db):
"""Create a test user, return dict with id/email/name."""
now = datetime.utcnow().isoformat()
async with db.execute(
"INSERT INTO users (email, name, created_at) VALUES (?, ?, ?)",
("test@example.com", "Test User", now),
) as cursor:
user_id = cursor.lastrowid
await db.commit()
return {"id": user_id, "email": "test@example.com", "name": "Test User"}
@pytest.fixture
async def auth_client(app, test_user):
"""Test client with session['user_id'] pre-set."""
async with app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
yield c
# ── Subscriptions ────────────────────────────────────────────
@pytest.fixture
def create_subscription(db):
"""Factory: create a subscription row for a user."""
async def _create(
user_id: int,
plan: str = "pro",
status: str = "active",
ls_customer_id: str = "cust_123",
ls_subscription_id: str = "sub_456",
current_period_end: str = "2025-03-01T00:00:00Z",
) -> int:
now = datetime.utcnow().isoformat()
async with db.execute(
"""INSERT INTO subscriptions
(user_id, plan, status, lemonsqueezy_customer_id,
lemonsqueezy_subscription_id, current_period_end, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
(user_id, plan, status, ls_customer_id, ls_subscription_id,
current_period_end, now, now),
) as cursor:
sub_id = cursor.lastrowid
await db.commit()
return sub_id
return _create
# ── Config ───────────────────────────────────────────────────
@pytest.fixture(autouse=True)
def patch_config():
"""Set test LemonSqueezy config values. Clears variant cache on teardown."""
original_values = {}
test_values = {
"LEMONSQUEEZY_API_KEY": "test_api_key_123",
"LEMONSQUEEZY_STORE_ID": "store_999",
"LEMONSQUEEZY_WEBHOOK_SECRET": "whsec_test_secret",
"LEMONSQUEEZY_MONTHLY_VARIANT_ID": "variant_monthly_100",
"LEMONSQUEEZY_YEARLY_VARIANT_ID": "variant_yearly_200",
"BASE_URL": "http://localhost:5000",
"DEBUG": True,
}
for key, val in test_values.items():
original_values[key] = getattr(core.config, key, None)
setattr(core.config, key, val)
VARIANT_TO_PLAN.clear()
yield
VARIANT_TO_PLAN.clear()
for key, val in original_values.items():
setattr(core.config, key, val)
# ── Webhook helpers ──────────────────────────────────────────
def make_webhook_payload(
event_name: str,
subscription_id: str = "sub_456",
user_id: str = "1",
variant_id: str = "variant_monthly_100",
status: str = "active",
customer_id: int = 67890,
renews_at: str = "2025-03-01T00:00:00.000000Z",
) -> dict:
"""Build a LemonSqueezy webhook payload dict."""
return {
"meta": {
"event_name": event_name,
"custom_data": {"user_id": user_id},
"webhook_id": "wh_test_123",
},
"data": {
"type": "subscriptions",
"id": subscription_id,
"attributes": {
"store_id": 12345,
"customer_id": customer_id,
"order_id": 11111,
"product_id": 22222,
"variant_id": variant_id,
"status": status,
"renews_at": renews_at,
"ends_at": None,
"created_at": "2025-02-01T00:00:00.000000Z",
"updated_at": "2025-02-01T00:00:00.000000Z",
},
},
}
def sign_payload(payload_bytes: bytes, secret: str = "whsec_test_secret") -> str:
"""Compute HMAC-SHA256 signature for a webhook payload."""
return hmac.new(secret.encode(), payload_bytes, hashlib.sha256).hexdigest()

335
padelnomics/tests/test_billing_helpers.py Normal file
View File

@@ -0,0 +1,335 @@
"""
Unit tests for billing SQL helpers, feature/limit access, and plan determination.
"""
import pytest
from hypothesis import HealthCheck, given
from hypothesis import settings as h_settings
from hypothesis import strategies as st
from padelnomics.billing.routes import (
VARIANT_TO_PLAN,
can_access_feature,
determine_plan,
get_subscription,
get_subscription_by_provider_id,
is_within_limits,
update_subscription_status,
upsert_subscription,
)
from padelnomics.core import config
# ════════════════════════════════════════════════════════════
# get_subscription
# ════════════════════════════════════════════════════════════
class TestGetSubscription:
async def test_returns_none_for_user_without_subscription(self, db, test_user):
result = await get_subscription(test_user["id"])
assert result is None
async def test_returns_subscription_for_user(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="active")
result = await get_subscription(test_user["id"])
assert result is not None
assert result["plan"] == "pro"
assert result["status"] == "active"
assert result["user_id"] == test_user["id"]
# ════════════════════════════════════════════════════════════
# upsert_subscription
# ════════════════════════════════════════════════════════════
class TestUpsertSubscription:
async def test_insert_new_subscription(self, db, test_user):
sub_id = await upsert_subscription(
user_id=test_user["id"],
plan="pro",
status="active",
provider_customer_id="cust_abc",
provider_subscription_id="sub_xyz",
current_period_end="2025-06-01T00:00:00Z",
)
assert sub_id > 0
row = await get_subscription(test_user["id"])
assert row["plan"] == "pro"
assert row["status"] == "active"
assert row["lemonsqueezy_customer_id"] == "cust_abc"
assert row["lemonsqueezy_subscription_id"] == "sub_xyz"
assert row["current_period_end"] == "2025-06-01T00:00:00Z"
async def test_update_existing_subscription(self, db, test_user, create_subscription):
original_id = await create_subscription(
test_user["id"], plan="starter", status="active",
ls_subscription_id="sub_old",
)
returned_id = await upsert_subscription(
user_id=test_user["id"],
plan="pro",
status="active",
provider_customer_id="cust_new",
provider_subscription_id="sub_new",
)
assert returned_id == original_id
row = await get_subscription(test_user["id"])
assert row["plan"] == "pro"
assert row["lemonsqueezy_subscription_id"] == "sub_new"
async def test_upsert_with_none_period_end(self, db, test_user):
await upsert_subscription(
user_id=test_user["id"],
plan="pro",
status="active",
provider_customer_id="cust_1",
provider_subscription_id="sub_1",
current_period_end=None,
)
row = await get_subscription(test_user["id"])
assert row["current_period_end"] is None
# ════════════════════════════════════════════════════════════
# get_subscription_by_provider_id
# ════════════════════════════════════════════════════════════
class TestGetSubscriptionByProviderId:
async def test_returns_none_for_unknown_id(self, db):
result = await get_subscription_by_provider_id("nonexistent")
assert result is None
async def test_finds_by_lemonsqueezy_subscription_id(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_findme")
result = await get_subscription_by_provider_id("sub_findme")
assert result is not None
assert result["user_id"] == test_user["id"]
# ════════════════════════════════════════════════════════════
# update_subscription_status
# ════════════════════════════════════════════════════════════
class TestUpdateSubscriptionStatus:
async def test_updates_status(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], status="active", ls_subscription_id="sub_upd")
await update_subscription_status("sub_upd", status="cancelled")
row = await get_subscription(test_user["id"])
assert row["status"] == "cancelled"
assert row["updated_at"] is not None
async def test_updates_extra_fields(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_extra")
await update_subscription_status(
"sub_extra",
status="active",
plan="starter",
current_period_end="2026-01-01T00:00:00Z",
)
row = await get_subscription(test_user["id"])
assert row["status"] == "active"
assert row["plan"] == "starter"
assert row["current_period_end"] == "2026-01-01T00:00:00Z"
async def test_noop_for_unknown_provider_id(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_known", status="active")
await update_subscription_status("sub_unknown", status="expired")
row = await get_subscription(test_user["id"])
assert row["status"] == "active" # unchanged
# ════════════════════════════════════════════════════════════
# can_access_feature
# ════════════════════════════════════════════════════════════
class TestCanAccessFeature:
async def test_no_subscription_gets_free_features(self, db, test_user):
assert await can_access_feature(test_user["id"], "basic") is True
assert await can_access_feature(test_user["id"], "export") is False
assert await can_access_feature(test_user["id"], "api") is False
async def test_active_pro_gets_all_features(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="active")
assert await can_access_feature(test_user["id"], "basic") is True
assert await can_access_feature(test_user["id"], "export") is True
assert await can_access_feature(test_user["id"], "api") is True
assert await can_access_feature(test_user["id"], "priority_support") is True
async def test_active_starter_gets_starter_features(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="starter", status="active")
assert await can_access_feature(test_user["id"], "basic") is True
assert await can_access_feature(test_user["id"], "export") is True
assert await can_access_feature(test_user["id"], "api") is False
async def test_cancelled_still_has_features(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="cancelled")
assert await can_access_feature(test_user["id"], "api") is True
async def test_on_trial_has_features(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="on_trial")
assert await can_access_feature(test_user["id"], "api") is True
async def test_expired_falls_back_to_free(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="expired")
assert await can_access_feature(test_user["id"], "api") is False
assert await can_access_feature(test_user["id"], "basic") is True
async def test_past_due_falls_back_to_free(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="past_due")
assert await can_access_feature(test_user["id"], "export") is False
async def test_paused_falls_back_to_free(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="paused")
assert await can_access_feature(test_user["id"], "api") is False
async def test_nonexistent_feature_returns_false(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="active")
assert await can_access_feature(test_user["id"], "teleportation") is False
# ════════════════════════════════════════════════════════════
# is_within_limits
# ════════════════════════════════════════════════════════════
class TestIsWithinLimits:
async def test_free_user_within_limits(self, db, test_user):
assert await is_within_limits(test_user["id"], "items", 50) is True
async def test_free_user_at_limit(self, db, test_user):
assert await is_within_limits(test_user["id"], "items", 100) is False
async def test_free_user_over_limit(self, db, test_user):
assert await is_within_limits(test_user["id"], "items", 150) is False
async def test_pro_unlimited(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="active")
assert await is_within_limits(test_user["id"], "items", 999999) is True
assert await is_within_limits(test_user["id"], "api_calls", 999999) is True
async def test_starter_limits(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="starter", status="active")
assert await is_within_limits(test_user["id"], "items", 999) is True
assert await is_within_limits(test_user["id"], "items", 1000) is False
async def test_expired_pro_gets_free_limits(self, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="expired")
assert await is_within_limits(test_user["id"], "items", 100) is False
async def test_unknown_resource_returns_false(self, db, test_user):
assert await is_within_limits(test_user["id"], "unicorns", 0) is False
# ════════════════════════════════════════════════════════════
# determine_plan
# ════════════════════════════════════════════════════════════
class TestDeterminePlan:
def test_monthly_variant_returns_pro(self):
VARIANT_TO_PLAN.clear()
assert determine_plan("variant_monthly_100") == "pro"
def test_yearly_variant_returns_pro(self):
VARIANT_TO_PLAN.clear()
assert determine_plan("variant_yearly_200") == "pro"
def test_unknown_variant_returns_free(self):
VARIANT_TO_PLAN.clear()
assert determine_plan("unknown_variant") == "free"
def test_integer_variant_id_coerced(self):
VARIANT_TO_PLAN.clear()
assert determine_plan(12345) == "free"
def test_none_variant_returns_free(self):
VARIANT_TO_PLAN.clear()
assert determine_plan(None) == "free"
# ════════════════════════════════════════════════════════════
# Parameterized: status × feature access matrix
# ════════════════════════════════════════════════════════════
STATUSES = ["free", "active", "on_trial", "cancelled", "past_due", "paused", "expired"]
FEATURES = ["basic", "export", "api", "priority_support"]
ACTIVE_STATUSES = {"active", "on_trial", "cancelled"}
@pytest.mark.parametrize("status", STATUSES)
@pytest.mark.parametrize("feature", FEATURES)
async def test_feature_access_matrix(db, test_user, create_subscription, status, feature):
if status != "free":
await create_subscription(test_user["id"], plan="pro", status=status)
result = await can_access_feature(test_user["id"], feature)
if status in ACTIVE_STATUSES:
expected = feature in config.PLAN_FEATURES["pro"]
else:
expected = feature in config.PLAN_FEATURES["free"]
assert result == expected, f"status={status}, feature={feature}"
# ════════════════════════════════════════════════════════════
# Parameterized: plan × feature matrix (active status)
# ════════════════════════════════════════════════════════════
PLANS = ["free", "starter", "pro"]
@pytest.mark.parametrize("plan", PLANS)
@pytest.mark.parametrize("feature", FEATURES)
async def test_plan_feature_matrix(db, test_user, create_subscription, plan, feature):
if plan != "free":
await create_subscription(test_user["id"], plan=plan, status="active")
result = await can_access_feature(test_user["id"], feature)
expected = feature in config.PLAN_FEATURES.get(plan, [])
assert result == expected, f"plan={plan}, feature={feature}"
# ════════════════════════════════════════════════════════════
# Parameterized: plan × resource limit boundaries
# ════════════════════════════════════════════════════════════
@pytest.mark.parametrize("plan", PLANS)
@pytest.mark.parametrize("resource,at_limit", [
("items", 100),
("items", 1000),
("api_calls", 1000),
("api_calls", 10000),
])
async def test_plan_limit_matrix(db, test_user, create_subscription, plan, resource, at_limit):
if plan != "free":
await create_subscription(test_user["id"], plan=plan, status="active")
plan_limit = config.PLAN_LIMITS.get(plan, {}).get(resource, 0)
result = await is_within_limits(test_user["id"], resource, at_limit)
if plan_limit == -1:
assert result is True
elif at_limit < plan_limit:
assert result is True
else:
assert result is False
# ════════════════════════════════════════════════════════════
# Hypothesis: limit boundaries
# ════════════════════════════════════════════════════════════
class TestLimitsHypothesis:
@given(count=st.integers(min_value=0, max_value=10000))
@h_settings(max_examples=100, deadline=2000, suppress_health_check=[HealthCheck.function_scoped_fixture])
async def test_free_limit_boundary_items(self, db, test_user, count):
result = await is_within_limits(test_user["id"], "items", count)
assert result == (count < 100)
@given(count=st.integers(min_value=0, max_value=100000))
@h_settings(max_examples=100, deadline=2000, suppress_health_check=[HealthCheck.function_scoped_fixture])
async def test_pro_always_within_limits(self, db, test_user, create_subscription, count):
# Use upsert to avoid duplicate inserts across Hypothesis examples
await upsert_subscription(
user_id=test_user["id"], plan="pro", status="active",
provider_customer_id="cust_hyp", provider_subscription_id="sub_hyp",
)
result = await is_within_limits(test_user["id"], "items", count)
assert result is True

308
padelnomics/tests/test_billing_routes.py Normal file
View File

@@ -0,0 +1,308 @@
"""
Route tests for billing pages, checkout, manage, cancel, resume.
External LemonSqueezy API calls mocked with respx.
"""
import json
import httpx
import pytest
import respx
# ════════════════════════════════════════════════════════════
# GET /billing/pricing
# ════════════════════════════════════════════════════════════
class TestPricingPage:
async def test_accessible_without_auth(self, client, db):
response = await client.get("/billing/pricing")
assert response.status_code == 200
async def test_accessible_with_auth(self, auth_client, db, test_user):
response = await auth_client.get("/billing/pricing")
assert response.status_code == 200
async def test_with_subscription(self, auth_client, db, test_user, create_subscription):
await create_subscription(test_user["id"], plan="pro", status="active")
response = await auth_client.get("/billing/pricing")
assert response.status_code == 200
# ════════════════════════════════════════════════════════════
# GET /billing/success
# ════════════════════════════════════════════════════════════
class TestSuccessPage:
async def test_requires_auth(self, client, db):
response = await client.get("/billing/success")
assert response.status_code == 302
assert "/auth/login" in response.headers["Location"]
async def test_accessible_with_auth(self, auth_client, db, test_user):
response = await auth_client.get("/billing/success")
assert response.status_code == 200
# ════════════════════════════════════════════════════════════
# GET /billing/checkout/<plan>
# ════════════════════════════════════════════════════════════
class TestCheckoutRoute:
async def test_requires_auth(self, client, db):
response = await client.get("/billing/checkout/monthly")
assert response.status_code == 302
assert "/auth/login" in response.headers["Location"]
@respx.mock
async def test_monthly_redirects_to_checkout_url(self, auth_client, db, test_user):
checkout_url = "https://checkout.lemonsqueezy.com/checkout/test123"
respx.post("https://api.lemonsqueezy.com/v1/checkouts").mock(
return_value=httpx.Response(
200, json={"data": {"attributes": {"url": checkout_url}}},
)
)
response = await auth_client.get("/billing/checkout/monthly")
assert response.status_code == 302
assert response.headers["Location"] == checkout_url
@respx.mock
async def test_yearly_redirects_to_checkout_url(self, auth_client, db, test_user):
checkout_url = "https://checkout.lemonsqueezy.com/checkout/yearly456"
respx.post("https://api.lemonsqueezy.com/v1/checkouts").mock(
return_value=httpx.Response(
200, json={"data": {"attributes": {"url": checkout_url}}},
)
)
response = await auth_client.get("/billing/checkout/yearly")
assert response.status_code == 302
assert response.headers["Location"] == checkout_url
async def test_invalid_plan_redirects_to_pricing(self, auth_client, db, test_user):
response = await auth_client.get("/billing/checkout/enterprise")
assert response.status_code == 302
assert "/billing/pricing" in response.headers["Location"]
@respx.mock
async def test_ajax_returns_json(self, auth_client, db, test_user):
checkout_url = "https://checkout.lemonsqueezy.com/checkout/ajax789"
respx.post("https://api.lemonsqueezy.com/v1/checkouts").mock(
return_value=httpx.Response(
200, json={"data": {"attributes": {"url": checkout_url}}},
)
)
response = await auth_client.get(
"/billing/checkout/monthly",
headers={"X-Requested-With": "XMLHttpRequest"},
)
assert response.status_code == 200
data = await response.get_json()
assert data["checkout_url"] == checkout_url
@respx.mock
async def test_sends_correct_api_payload(self, auth_client, db, test_user):
route = respx.post("https://api.lemonsqueezy.com/v1/checkouts").mock(
return_value=httpx.Response(
200, json={"data": {"attributes": {"url": "https://example.com"}}},
)
)
await auth_client.get("/billing/checkout/monthly")
assert route.called
sent_json = json.loads(route.calls.last.request.content)
assert sent_json["data"]["type"] == "checkouts"
assert sent_json["data"]["attributes"]["checkout_data"]["email"] == test_user["email"]
assert sent_json["data"]["attributes"]["checkout_data"]["custom"]["user_id"] == str(test_user["id"])
assert sent_json["data"]["relationships"]["store"]["data"]["id"] == "store_999"
assert sent_json["data"]["relationships"]["variant"]["data"]["id"] == "variant_monthly_100"
@respx.mock
async def test_api_error_propagates(self, auth_client, db, test_user):
respx.post("https://api.lemonsqueezy.com/v1/checkouts").mock(
return_value=httpx.Response(500, json={"error": "server error"})
)
with pytest.raises(httpx.HTTPStatusError):
await auth_client.get("/billing/checkout/monthly")
# ════════════════════════════════════════════════════════════
# POST /billing/manage
# ════════════════════════════════════════════════════════════
class TestManageRoute:
async def test_requires_auth(self, client, db):
response = await client.post("/billing/manage")
assert response.status_code == 302
assert "/auth/login" in response.headers["Location"]
async def test_no_subscription_redirects(self, auth_client, db, test_user):
response = await auth_client.post("/billing/manage")
assert response.status_code == 302
assert "/dashboard" in response.headers["Location"]
@respx.mock
async def test_redirects_to_portal(self, auth_client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_manage_001")
portal_url = "https://app.lemonsqueezy.com/my-orders/portal"
respx.get("https://api.lemonsqueezy.com/v1/subscriptions/sub_manage_001").mock(
return_value=httpx.Response(200, json={
"data": {"attributes": {"urls": {"customer_portal": portal_url}}}
})
)
response = await auth_client.post("/billing/manage")
assert response.status_code == 302
assert response.headers["Location"] == portal_url
# ════════════════════════════════════════════════════════════
# POST /billing/cancel
# ════════════════════════════════════════════════════════════
class TestCancelRoute:
async def test_requires_auth(self, client, db):
response = await client.post("/billing/cancel")
assert response.status_code == 302
assert "/auth/login" in response.headers["Location"]
async def test_no_subscription_redirects(self, auth_client, db, test_user):
response = await auth_client.post("/billing/cancel")
assert response.status_code == 302
assert "/dashboard" in response.headers["Location"]
@respx.mock
async def test_sends_cancel_patch(self, auth_client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_cancel_route")
route = respx.patch(
"https://api.lemonsqueezy.com/v1/subscriptions/sub_cancel_route"
).mock(return_value=httpx.Response(200, json={}))
response = await auth_client.post("/billing/cancel")
assert response.status_code == 302
assert "/dashboard" in response.headers["Location"]
assert route.called
sent_json = json.loads(route.calls.last.request.content)
assert sent_json["data"]["attributes"]["cancelled"] is True
# ════════════════════════════════════════════════════════════
# POST /billing/resume
# ════════════════════════════════════════════════════════════
class TestResumeRoute:
async def test_requires_auth(self, client, db):
response = await client.post("/billing/resume")
assert response.status_code == 302
assert "/auth/login" in response.headers["Location"]
@respx.mock
async def test_sends_resume_patch(self, auth_client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_resume_route")
route = respx.patch(
"https://api.lemonsqueezy.com/v1/subscriptions/sub_resume_route"
).mock(return_value=httpx.Response(200, json={}))
response = await auth_client.post("/billing/resume")
assert response.status_code == 302
assert "/dashboard" in response.headers["Location"]
assert route.called
sent_json = json.loads(route.calls.last.request.content)
assert sent_json["data"]["attributes"]["cancelled"] is False
# ════════════════════════════════════════════════════════════
# subscription_required decorator
# ════════════════════════════════════════════════════════════
class TestSubscriptionRequired:
@pytest.fixture
async def gated_app(self, app):
"""Register a test route using subscription_required with restricted allowed."""
from padelnomics.billing.routes import subscription_required
@app.route("/test-gated")
@subscription_required(allowed=("active", "on_trial"))
async def gated():
return "OK", 200
return app
async def test_no_session_redirects_to_login(self, gated_app, db):
async with gated_app.test_client() as c:
response = await c.get("/test-gated")
assert response.status_code == 302
assert "/auth/login" in response.headers["Location"]
async def test_no_subscription_redirects_to_pricing(self, gated_app, db, test_user):
async with gated_app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
response = await c.get("/test-gated")
assert response.status_code == 302
assert "/billing/pricing" in response.headers["Location"]
async def test_active_passes(self, gated_app, db, test_user, create_subscription):
await create_subscription(test_user["id"], status="active")
async with gated_app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
response = await c.get("/test-gated")
assert response.status_code == 200
async def test_on_trial_passes(self, gated_app, db, test_user, create_subscription):
await create_subscription(test_user["id"], status="on_trial")
async with gated_app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
response = await c.get("/test-gated")
assert response.status_code == 200
async def test_cancelled_rejected_when_not_in_allowed(self, gated_app, db, test_user, create_subscription):
await create_subscription(test_user["id"], status="cancelled")
async with gated_app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
response = await c.get("/test-gated")
assert response.status_code == 302
assert "/billing/pricing" in response.headers["Location"]
async def test_expired_redirects(self, gated_app, db, test_user, create_subscription):
await create_subscription(test_user["id"], status="expired")
async with gated_app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
response = await c.get("/test-gated")
assert response.status_code == 302
# ════════════════════════════════════════════════════════════
# Parameterized: subscription_required default allowed
# ════════════════════════════════════════════════════════════
ALL_STATUSES = ["free", "active", "on_trial", "cancelled", "past_due", "paused", "expired"]
DEFAULT_ALLOWED = ("active", "on_trial", "cancelled")
@pytest.mark.parametrize("status", ALL_STATUSES)
async def test_subscription_required_default_allowed(app, db, test_user, create_subscription, status):
from padelnomics.billing.routes import subscription_required
@app.route(f"/test-gate-{status}")
@subscription_required()
async def gated():
return "OK", 200
if status != "free":
await create_subscription(test_user["id"], status=status)
async with app.test_client() as c:
async with c.session_transaction() as sess:
sess["user_id"] = test_user["id"]
response = await c.get(f"/test-gate-{status}")
if status in DEFAULT_ALLOWED:
assert response.status_code == 200
else:
assert response.status_code == 302

450
padelnomics/tests/test_billing_webhooks.py Normal file
View File

@@ -0,0 +1,450 @@
"""
Integration tests for the LemonSqueezy webhook endpoint.
Tests signature verification, all event types, parameterized status
transitions, and Hypothesis fuzzing.
"""
import json
import pytest
from conftest import make_webhook_payload, sign_payload
from hypothesis import HealthCheck, given
from hypothesis import settings as h_settings
from hypothesis import strategies as st
from padelnomics.billing.routes import get_subscription
WEBHOOK_PATH = "/billing/webhook/lemonsqueezy"
# ════════════════════════════════════════════════════════════
# Signature verification
# ════════════════════════════════════════════════════════════
class TestWebhookSignatureVerification:
async def test_valid_signature_returns_200(self, client, db, test_user):
payload = make_webhook_payload("subscription_created", user_id=str(test_user["id"]))
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code == 200
async def test_invalid_signature_returns_401(self, client, db):
payload = make_webhook_payload("subscription_created")
payload_bytes = json.dumps(payload).encode()
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": "bad_signature", "Content-Type": "application/json"},
)
assert response.status_code == 401
data = await response.get_json()
assert data["error"] == "Invalid signature"
async def test_missing_signature_returns_401(self, client, db):
payload_bytes = json.dumps(make_webhook_payload("subscription_created")).encode()
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"Content-Type": "application/json"},
)
assert response.status_code == 401
async def test_empty_signature_returns_401(self, client, db):
payload_bytes = json.dumps(make_webhook_payload("subscription_created")).encode()
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": "", "Content-Type": "application/json"},
)
assert response.status_code == 401
async def test_tampered_payload_returns_401(self, client, db, test_user):
payload = make_webhook_payload("subscription_created", user_id=str(test_user["id"]))
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
tampered = payload_bytes + b"extra"
response = await client.post(
WEBHOOK_PATH,
data=tampered,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code == 401
# ════════════════════════════════════════════════════════════
# subscription_created
# ════════════════════════════════════════════════════════════
class TestWebhookSubscriptionCreated:
async def test_creates_new_subscription(self, client, db, test_user):
payload = make_webhook_payload(
"subscription_created",
subscription_id="sub_new_001",
user_id=str(test_user["id"]),
variant_id="variant_monthly_100",
status="active",
customer_id=99999,
)
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code == 200
sub = await get_subscription(test_user["id"])
assert sub is not None
assert sub["plan"] == "pro"
assert sub["status"] == "active"
assert sub["lemonsqueezy_subscription_id"] == "sub_new_001"
assert sub["lemonsqueezy_customer_id"] == "99999"
async def test_unknown_variant_gets_free_plan(self, client, db, test_user):
payload = make_webhook_payload(
"subscription_created",
user_id=str(test_user["id"]),
variant_id="unknown_variant",
)
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["plan"] == "free"
async def test_missing_user_id_causes_db_error(self, client, db):
"""When user_id is absent, the handler passes user_id=0 which violates the FK constraint."""
payload = make_webhook_payload("subscription_created")
payload["meta"]["custom_data"] = {}
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
with pytest.raises(Exception):
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
# ════════════════════════════════════════════════════════════
# subscription_updated
# ════════════════════════════════════════════════════════════
class TestWebhookSubscriptionUpdated:
async def test_updates_existing_subscription(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_upd_001", plan="starter")
payload = make_webhook_payload(
"subscription_updated",
subscription_id="sub_upd_001",
variant_id="variant_yearly_200",
status="active",
renews_at="2026-01-01T00:00:00Z",
)
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code == 200
sub = await get_subscription(test_user["id"])
assert sub["plan"] == "pro"
assert sub["current_period_end"] == "2026-01-01T00:00:00Z"
# ════════════════════════════════════════════════════════════
# subscription_payment_success
# ════════════════════════════════════════════════════════════
class TestWebhookPaymentSuccess:
async def test_updates_status_and_period(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_pay_001")
payload = make_webhook_payload(
"subscription_payment_success",
subscription_id="sub_pay_001",
status="active",
renews_at="2026-06-01T00:00:00Z",
)
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "active"
assert sub["current_period_end"] == "2026-06-01T00:00:00Z"
# ════════════════════════════════════════════════════════════
# subscription_cancelled
# ════════════════════════════════════════════════════════════
class TestWebhookSubscriptionCancelled:
async def test_sets_status_to_cancelled(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_cancel_001", status="active")
payload = make_webhook_payload("subscription_cancelled", subscription_id="sub_cancel_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "cancelled"
# ════════════════════════════════════════════════════════════
# subscription_expired
# ════════════════════════════════════════════════════════════
class TestWebhookSubscriptionExpired:
async def test_sets_status_to_expired(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_exp_001")
payload = make_webhook_payload("subscription_expired", subscription_id="sub_exp_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "expired"
# ════════════════════════════════════════════════════════════
# order_refunded
# ════════════════════════════════════════════════════════════
class TestWebhookOrderRefunded:
async def test_sets_status_to_expired(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_refund_001")
payload = make_webhook_payload("order_refunded", subscription_id="sub_refund_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "expired"
# ════════════════════════════════════════════════════════════
# subscription_payment_failed
# ════════════════════════════════════════════════════════════
class TestWebhookPaymentFailed:
async def test_sets_status_to_past_due(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_fail_001")
payload = make_webhook_payload("subscription_payment_failed", subscription_id="sub_fail_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "past_due"
# ════════════════════════════════════════════════════════════
# subscription_paused
# ════════════════════════════════════════════════════════════
class TestWebhookSubscriptionPaused:
async def test_sets_status_to_paused(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_pause_001")
payload = make_webhook_payload("subscription_paused", subscription_id="sub_pause_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "paused"
# ════════════════════════════════════════════════════════════
# subscription_unpaused / subscription_resumed
# ════════════════════════════════════════════════════════════
class TestWebhookSubscriptionUnpaused:
async def test_unpaused_sets_active(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_unpause_001", status="paused")
payload = make_webhook_payload("subscription_unpaused", subscription_id="sub_unpause_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "active"
async def test_resumed_sets_active(self, client, db, test_user, create_subscription):
await create_subscription(test_user["id"], ls_subscription_id="sub_resume_001", status="paused")
payload = make_webhook_payload("subscription_resumed", subscription_id="sub_resume_001")
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
sub = await get_subscription(test_user["id"])
assert sub["status"] == "active"
# ════════════════════════════════════════════════════════════
# Unknown event
# ════════════════════════════════════════════════════════════
class TestWebhookUnknownEvent:
async def test_unknown_event_returns_200(self, client, db, test_user):
payload = make_webhook_payload("some_future_event", user_id=str(test_user["id"]))
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code == 200
# ════════════════════════════════════════════════════════════
# Parameterized: event → expected status
# ════════════════════════════════════════════════════════════
WEBHOOK_EVENT_STATUS_MAP = [
("subscription_cancelled", "cancelled"),
("subscription_expired", "expired"),
("order_refunded", "expired"),
("subscription_payment_failed", "past_due"),
("subscription_paused", "paused"),
("subscription_unpaused", "active"),
("subscription_resumed", "active"),
]
@pytest.mark.parametrize("event_name,expected_status", WEBHOOK_EVENT_STATUS_MAP)
async def test_webhook_event_status_transition(
client, db, test_user, create_subscription, event_name, expected_status,
):
sub_id = f"sub_param_{event_name}"
await create_subscription(test_user["id"], ls_subscription_id=sub_id, status="active")
payload = make_webhook_payload(event_name, subscription_id=sub_id)
payload_bytes = json.dumps(payload).encode()
sig = sign_payload(payload_bytes)
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code == 200
sub = await get_subscription(test_user["id"])
assert sub["status"] == expected_status
# ════════════════════════════════════════════════════════════
# Hypothesis: fuzz webhook payloads
# ════════════════════════════════════════════════════════════
webhook_event_names = st.sampled_from([
"subscription_created", "subscription_updated", "subscription_payment_success",
"subscription_cancelled", "subscription_expired", "order_refunded",
"subscription_payment_failed", "subscription_paused",
"subscription_unpaused", "subscription_resumed",
"unknown_event", "order_created",
])
fuzz_payload = st.fixed_dictionaries({
"meta": st.fixed_dictionaries({
"event_name": webhook_event_names,
"custom_data": st.fixed_dictionaries({
"user_id": st.from_regex(r"[0-9]{1,6}", fullmatch=True),
}),
"webhook_id": st.text(min_size=1, max_size=20),
}),
"data": st.fixed_dictionaries({
"type": st.just("subscriptions"),
"id": st.text(min_size=1, max_size=30).filter(lambda x: x.strip()),
"attributes": st.fixed_dictionaries({
"store_id": st.integers(1, 99999),
"customer_id": st.integers(1, 99999),
"order_id": st.integers(1, 99999),
"product_id": st.integers(1, 99999),
"variant_id": st.text(min_size=1, max_size=30),
"status": st.sampled_from(["active", "on_trial", "cancelled", "past_due", "paused", "expired"]),
"renews_at": st.from_regex(r"2025-\d{2}-\d{2}T00:00:00Z", fullmatch=True),
}),
}),
})
class TestWebhookHypothesis:
@given(payload_dict=fuzz_payload)
@h_settings(max_examples=50, deadline=5000, suppress_health_check=[HealthCheck.function_scoped_fixture])
async def test_webhook_never_500s(self, client, db, test_user, payload_dict):
# Pin user_id to the test user so subscription_created events don't hit FK violations
payload_dict["meta"]["custom_data"]["user_id"] = str(test_user["id"])
payload_bytes = json.dumps(payload_dict).encode()
sig = sign_payload(payload_bytes)
response = await client.post(
WEBHOOK_PATH,
data=payload_bytes,
headers={"X-Signature": sig, "Content-Type": "application/json"},
)
assert response.status_code < 500

1065
padelnomics/tests/test_calculator.py Normal file
View File

File diff suppressed because it is too large Load Diff