berrypod/test/berrypod_web/controllers/order_lookup_controller_test.exs

defmodule BerrypodWeb.OrderLookupControllerTest do
  use BerrypodWeb.ConnCase, async: false

  import Berrypod.AccountsFixtures
  import Berrypod.OrdersFixtures

  alias Berrypod.EmailSession

  setup do
    user_fixture()
    {:ok, _} = Berrypod.Settings.set_site_live(true)
    :ok
  end

  describe "POST /contact/lookup" do
    test "sends lookup email and redirects when orders exist", %{conn: conn} do
      order_fixture(%{customer_email: "buyer@test.com", payment_status: "paid"})

      conn = post(conn, ~p"/contact/lookup", %{"email" => "buyer@test.com"})

      assert redirected_to(conn) == "/contact"
      assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "sent a link"
    end

    test "shows error when no orders found", %{conn: conn} do
      conn = post(conn, ~p"/contact/lookup", %{"email" => "nobody@test.com"})

      assert redirected_to(conn) == "/contact"
      assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "No orders found"
    end

    test "shows error when email is missing", %{conn: conn} do
      conn = post(conn, ~p"/contact/lookup", %{})

      assert redirected_to(conn) == "/contact"
      assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "enter your email"
    end
  end

  describe "GET /orders/verify/:token" do
    test "sets email session cookie and redirects to orders page", %{conn: conn} do
      order_fixture(%{customer_email: "buyer@test.com", payment_status: "paid"})
      token = BerrypodWeb.OrderLookupController.generate_token("buyer@test.com")

      conn = get(conn, ~p"/orders/verify/#{token}")

      assert redirected_to(conn) == "/orders"

      # Verify the email session cookie was set
      cookie = conn.resp_cookies[EmailSession.cookie_name()]
      assert cookie != nil
      assert cookie.max_age == 30 * 24 * 60 * 60
    end

    test "returns error for invalid token", %{conn: conn} do
      conn = get(conn, ~p"/orders/verify/invalid-token")

      assert redirected_to(conn) == "/contact"
      assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "invalid"
    end
  end
end
add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`defmodule BerrypodWeb.OrderLookupControllerTest do`
			`use BerrypodWeb.ConnCase, async: false`

			`import Berrypod.AccountsFixtures`
			`import Berrypod.OrdersFixtures`

add persistent email session for order lookup and reviews Replaces the short-lived (1 hour) session-based order lookup with a persistent cookie-based email session lasting 30 days. This foundation enables customers to leave reviews and view orders without re-verifying their email each time. - Add EmailSession module for signed cookie management - Add EmailSession plug to load verified email into session - Set email session on order lookup verification - Set email session on checkout completion (via /checkout/complete) - Update orders and order detail pages to use email session - Add reviews system plan document Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 09:44:53 +01:00			`alias Berrypod.EmailSession`

add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`setup do`
			`user_fixture()`
			`{:ok, _} = Berrypod.Settings.set_site_live(true)`
			`:ok`
			`end`

			`describe "POST /contact/lookup" do`
			`test "sends lookup email and redirects when orders exist", %{conn: conn} do`
			`order_fixture(%{customer_email: "buyer@test.com", payment_status: "paid"})`

			`conn = post(conn, ~p"/contact/lookup", %{"email" => "buyer@test.com"})`

			`assert redirected_to(conn) == "/contact"`
			`assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "sent a link"`
			`end`

			`test "shows error when no orders found", %{conn: conn} do`
			`conn = post(conn, ~p"/contact/lookup", %{"email" => "nobody@test.com"})`

			`assert redirected_to(conn) == "/contact"`
			`assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "No orders found"`
			`end`

			`test "shows error when email is missing", %{conn: conn} do`
			`conn = post(conn, ~p"/contact/lookup", %{})`

			`assert redirected_to(conn) == "/contact"`
			`assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "enter your email"`
			`end`
			`end`
add persistent email session for order lookup and reviews Replaces the short-lived (1 hour) session-based order lookup with a persistent cookie-based email session lasting 30 days. This foundation enables customers to leave reviews and view orders without re-verifying their email each time. - Add EmailSession module for signed cookie management - Add EmailSession plug to load verified email into session - Set email session on order lookup verification - Set email session on checkout completion (via /checkout/complete) - Update orders and order detail pages to use email session - Add reviews system plan document Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 09:44:53 +01:00
			`describe "GET /orders/verify/:token" do`
			`test "sets email session cookie and redirects to orders page", %{conn: conn} do`
			`order_fixture(%{customer_email: "buyer@test.com", payment_status: "paid"})`
			`token = BerrypodWeb.OrderLookupController.generate_token("buyer@test.com")`

			`conn = get(conn, ~p"/orders/verify/#{token}")`

			`assert redirected_to(conn) == "/orders"`

			`# Verify the email session cookie was set`
			`cookie = conn.resp_cookies[EmailSession.cookie_name()]`
			`assert cookie != nil`
			`assert cookie.max_age == 30 * 24 * 60 * 60`
			`end`

			`test "returns error for invalid token", %{conn: conn} do`
			`conn = get(conn, ~p"/orders/verify/invalid-token")`

			`assert redirected_to(conn) == "/contact"`
			`assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "invalid"`
			`end`
			`end`
add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`end`