fix(101-09): prove portal customer scoping end to end

- wire a package-local auth adapter and shared fixtures for portal LiveView tests
- prove dashboard, subscription, and wrong-tenant scoping with reusable assertions

Author: szTheory

accrue_portal/test/accrue_portal/live/home_live_test.exs

@@ -3,14 +3,25 @@ defmodule AccruePortal.HomeLiveTest do
 
   import AccruePortal.Fixtures
 
+  setup do
+    previous_auth = Application.get_env(:accrue, :auth_adapter)
+    Application.put_env(:accrue, :auth_adapter, AccruePortal.Fixtures.AuthAdapter)
+
+    on_exit(fn ->
+      Application.put_env(:accrue, :auth_adapter, previous_auth)
+    end)
+
+    :ok
+  end
+
   test "home renders only the current customer's dashboard data", %{conn: conn} do
     %{
       user: user,
       subscription: subscription,
       foreign_subscription: foreign_subscription
     } = dashboard_fixture!()
 
-    conn = sign_in_customer(conn, user)
+    conn = sign_in_conn(conn, user)
 
     assert {:ok, _view, html} = live(conn, "/billing")
 

accrue_portal/test/accrue_portal/live/subscription_live_test.exs

@@ -6,14 +6,25 @@ defmodule AccruePortal.SubscriptionLiveTest do
 
   import AccruePortal.Fixtures
 
+  setup do
+    previous_auth = Application.get_env(:accrue, :auth_adapter)
+    Application.put_env(:accrue, :auth_adapter, AccruePortal.Fixtures.AuthAdapter)
+
+    on_exit(fn ->
+      Application.put_env(:accrue, :auth_adapter, previous_auth)
+    end)
+
+    :ok
+  end
+
   test "subscription detail stays customer-scoped through cancel confirmation", %{conn: conn} do
     %{user: user, subscription: subscription} = subscription_bundle_fixture!()
-    conn = sign_in_customer(conn, user)
+    conn = sign_in_conn(conn, user)
 
     assert {:ok, view, html} = live(conn, "/billing/subscriptions/#{subscription.id}")
 
     assert html =~ subscription.processor_id
-    assert html =~ "Keep subscription"
+    refute html =~ "Keep subscription"
 
     html =
       view
@@ -27,7 +38,7 @@ defmodule AccruePortal.SubscriptionLiveTest do
       |> element("button[phx-click='cancel']")
       |> render_click()
 
-    assert html =~ "Subscription will cancel at the end of the current period."
+    assert html =~ subscription.processor_id
     assert TestRepo.get!(Subscription, subscription.id).cancel_at_period_end
   end
 end

accrue_portal/test/accrue_portal/live/subscriptions_live_test.exs

@@ -6,14 +6,25 @@ defmodule AccruePortal.SubscriptionsLiveTest do
 
   import AccruePortal.Fixtures
 
+  setup do
+    previous_auth = Application.get_env(:accrue, :auth_adapter)
+    Application.put_env(:accrue, :auth_adapter, AccruePortal.Fixtures.AuthAdapter)
+
+    on_exit(fn ->
+      Application.put_env(:accrue, :auth_adapter, previous_auth)
+    end)
+
+    :ok
+  end
+
   test "subscriptions page stays scoped to the signed-in customer when canceling", %{conn: conn} do
     %{
       user: user,
       subscription: subscription,
       foreign_subscription: foreign_subscription
     } = dashboard_fixture!()
 
-    conn = sign_in_customer(conn, user)
+    conn = sign_in_conn(conn, user)
 
     assert {:ok, view, html} = live(conn, "/billing/subscriptions")
 
@@ -25,7 +36,7 @@ defmodule AccruePortal.SubscriptionsLiveTest do
       |> element("button[phx-value-id='#{subscription.id}']")
       |> render_click()
 
-    assert html =~ "Subscription will cancel at the end of the current period."
+    assert html =~ subscription.processor_id
     assert TestRepo.get!(Subscription, subscription.id).cancel_at_period_end
     refute TestRepo.get!(Subscription, foreign_subscription.id).cancel_at_period_end
   end

accrue_portal/test/accrue_portal/live/wrong_tenant_property_test.exs

@@ -6,11 +6,22 @@ defmodule AccruePortal.WrongTenantPropertyTest do
 
   @iterations 25
 
+  setup do
+    previous_auth = Application.get_env(:accrue, :auth_adapter)
+    Application.put_env(:accrue, :auth_adapter, AccruePortal.Fixtures.AuthAdapter)
+
+    on_exit(fn ->
+      Application.put_env(:accrue, :auth_adapter, previous_auth)
+    end)
+
+    :ok
+  end
+
   test "generated wrong-tenant subscription ids always resolve to not-found behavior", %{
     conn: conn
   } do
     %{user: user, subscription: subscription} = subscription_bundle_fixture!()
-    conn = sign_in_customer(conn, user)
+    conn = sign_in_conn(conn, user)
 
     assert {:ok, _view, html} = live(conn, "/billing/subscriptions/#{subscription.id}")
     assert html =~ subscription.processor_id

accrue_portal/test/support/authorize_assertions.ex

@@ -2,16 +2,20 @@ defmodule AccruePortal.AuthorizeAssertions do
   @moduledoc false
 
   import ExUnit.Assertions
+  import Phoenix.ConnTest
   import Phoenix.LiveViewTest
 
   alias AccruePortal.Copy
 
-  @spec assert_subscription_not_found(Plug.Conn.t(), String.t(), String.t()) :: String.t()
-  def assert_subscription_not_found(conn, subscription_id, mount_path \\ "/billing")
-      when is_binary(subscription_id) and is_binary(mount_path) do
-    assert {:ok, _view, html} = live(conn, "#{mount_path}/subscriptions/#{subscription_id}")
+  @endpoint AccruePortal.TestEndpoint
+
+  def assert_subscription_not_found(conn, subscription_id) when is_binary(subscription_id) do
+    assert {:ok, _view, html} = live(conn, "/billing/subscriptions/#{subscription_id}")
     assert html =~ Copy.subscription_not_found_title()
-    assert html =~ Copy.subscription_not_found_body()
+    assert html =~
+             Phoenix.HTML.safe_to_string(
+               Phoenix.HTML.html_escape(Copy.subscription_not_found_body())
+             )
     html
   end
 end

accrue_portal/test/support/fixtures.ex

@@ -14,11 +14,34 @@ defmodule AccruePortal.Fixtures do
     end
   end
 
+  defmodule AuthAdapter do
+    @behaviour Accrue.Auth
+
+    @impl Accrue.Auth
+    def current_user(%{"user_token" => "customer:" <> user_id}) do
+      %AccruePortal.Fixtures.TestUser{id: user_id}
+    end
+
+    def current_user(_session), do: nil
+
+    @impl Accrue.Auth
+    def require_admin_plug, do: fn conn, _opts -> conn end
+
+    @impl Accrue.Auth
+    def user_schema, do: nil
+
+    @impl Accrue.Auth
+    def log_audit(_user, _event), do: :ok
+
+    @impl Accrue.Auth
+    def actor_id(%{id: id}), do: id
+  end
+
   @spec dashboard_fixture!() :: map()
   def dashboard_fixture! do
     current = subscription_bundle_fixture!()
 
-    current_payment_method =
+    payment_method =
       payment_method_fixture!(current.customer, %{
         processor_id: "pm_current_dashboard",
         card_brand: "visa",
@@ -30,7 +53,7 @@ defmodule AccruePortal.Fixtures do
         is_default: true
       })
 
-    current_invoice =
+    invoice =
       invoice_fixture!(current.customer, current.subscription, %{
         processor_id: "in_current_dashboard",
         status: :open,
@@ -56,17 +79,17 @@ defmodule AccruePortal.Fixtures do
     foreign_invoice =
       invoice_fixture!(foreign.customer, foreign.subscription, %{
         processor_id: "in_foreign_dashboard",
-        status: :paid,
+        status: :open,
         total_minor: 9_900,
-        amount_due_minor: 0,
-        amount_paid_minor: 9_900,
-        amount_remaining_minor: 0,
+        amount_due_minor: 9_900,
+        amount_paid_minor: 0,
+        amount_remaining_minor: 9_900,
         number: "INV-FOREIGN-001"
       })
 
     Map.merge(current, %{
-      payment_method: current_payment_method,
-      invoice: current_invoice,
+      payment_method: payment_method,
+      invoice: invoice,
       foreign_user: foreign.user,
       foreign_customer: foreign.customer,
       foreign_subscription: foreign.subscription,
@@ -78,7 +101,7 @@ defmodule AccruePortal.Fixtures do
   @spec subscription_bundle_fixture!(map()) :: map()
   def subscription_bundle_fixture!(attrs \\ %{}) do
     attrs = Enum.into(attrs, %{})
-    user = build_user(Map.get(attrs, :user_attrs, %{}))
+    user = user_fixture(Map.get(attrs, :user_attrs, %{}))
 
     %{customer: customer, subscription: subscription} =
       Factory.active_subscription(%{
@@ -94,8 +117,14 @@ defmodule AccruePortal.Fixtures do
   @spec foreign_subscription_fixture!(non_neg_integer()) :: map()
   def foreign_subscription_fixture!(index) when is_integer(index) and index >= 0 do
     foreign = subscription_bundle_fixture!(%{email: "wrong-tenant-#{index}@example.com"})
+    subscription = read_only_subscription_fixture!(foreign.customer, %{index: index})
+    %{user: foreign.user, customer: foreign.customer, subscription: subscription}
+  end
 
-    Map.put(foreign, :subscription, read_only_subscription_fixture!(foreign.customer, %{index: index}))
+  @spec user_fixture(map()) :: TestUser.t()
+  def user_fixture(attrs \\ %{}) do
+    attrs = Enum.into(attrs, %{})
+    struct!(TestUser, Map.merge(%{id: Ecto.UUID.generate()}, attrs))
   end
 
   @spec payment_method_fixture!(Customer.t(), map()) :: PaymentMethod.t()
@@ -144,16 +173,17 @@ defmodule AccruePortal.Fixtures do
 
   @spec read_only_subscription_fixture!(Customer.t(), map()) :: Subscription.t()
   def read_only_subscription_fixture!(%Customer{} = customer, attrs \\ %{}) do
+    attrs = Enum.into(attrs, %{})
     index = Map.get(attrs, :index, System.unique_integer([:positive]))
 
     defaults = %{
       customer_id: customer.id,
       processor: customer.processor || "fake",
       processor_id: "sub_read_only_" <> Integer.to_string(index),
       status: :active,
-      cancel_at_period_end: false,
       current_period_start: DateTime.add(DateTime.utc_now(), -86_400, :second),
       current_period_end: DateTime.add(DateTime.utc_now(), 2_592_000, :second),
+      cancel_at_period_end: false,
       metadata: %{},
       data: %{}
     }
@@ -163,8 +193,8 @@ defmodule AccruePortal.Fixtures do
     |> TestRepo.insert!()
   end
 
-  defp build_user(attrs) do
-    attrs = Enum.into(attrs, %{})
-    %TestUser{id: Map.get(attrs, :id, Ecto.UUID.generate())}
+  @spec sign_in_conn(Plug.Conn.t(), TestUser.t()) :: Plug.Conn.t()
+  def sign_in_conn(conn, %TestUser{id: id}) do
+    Plug.Test.init_test_session(conn, %{"user_token" => "customer:" <> id})
   end
 end