add persistent email session for order lookup and reviews
All checks were successful
deploy / deploy (push) Successful in 1m13s
All checks were successful
deploy / deploy (push) Successful in 1m13s
Replaces the short-lived (1 hour) session-based order lookup with a persistent cookie-based email session lasting 30 days. This foundation enables customers to leave reviews and view orders without re-verifying their email each time. - Add EmailSession module for signed cookie management - Add EmailSession plug to load verified email into session - Set email session on order lookup verification - Set email session on checkout completion (via /checkout/complete) - Update orders and order detail pages to use email session - Add reviews system plan document Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jamey
64
test/berrypod/email_session_test.exs
Normal file
64
test/berrypod/email_session_test.exs
Normal file
@@ -0,0 +1,64 @@
|
||||
defmodule Berrypod.EmailSessionTest do
|
||||
use BerrypodWeb.ConnCase, async: true
|
||||
|
||||
alias Berrypod.EmailSession
|
||||
|
||||
describe "put_session/2" do
|
||||
test "sets a signed cookie with the email", %{conn: conn} do
|
||||
conn = EmailSession.put_session(conn, "test@example.com")
|
||||
|
||||
assert cookie = conn.resp_cookies[EmailSession.cookie_name()]
|
||||
assert cookie.max_age == 30 * 24 * 60 * 60
|
||||
assert cookie.http_only == true
|
||||
assert cookie.same_site == "Lax"
|
||||
end
|
||||
|
||||
test "normalises email to lowercase", %{conn: conn} do
|
||||
conn = EmailSession.put_session(conn, "TEST@EXAMPLE.COM")
|
||||
cookie = conn.resp_cookies[EmailSession.cookie_name()]
|
||||
|
||||
# The cookie value is a signed token, so we verify by getting it back
|
||||
conn = %{conn | cookies: %{EmailSession.cookie_name() => cookie.value}}
|
||||
assert {:ok, "test@example.com"} = EmailSession.get_email(conn)
|
||||
end
|
||||
|
||||
test "trims whitespace from email", %{conn: conn} do
|
||||
conn = EmailSession.put_session(conn, " test@example.com ")
|
||||
cookie = conn.resp_cookies[EmailSession.cookie_name()]
|
||||
|
||||
conn = %{conn | cookies: %{EmailSession.cookie_name() => cookie.value}}
|
||||
assert {:ok, "test@example.com"} = EmailSession.get_email(conn)
|
||||
end
|
||||
end
|
||||
|
||||
describe "get_email/1" do
|
||||
test "returns the email from a valid cookie", %{conn: conn} do
|
||||
conn = EmailSession.put_session(conn, "buyer@shop.com")
|
||||
cookie = conn.resp_cookies[EmailSession.cookie_name()]
|
||||
|
||||
conn = %{conn | cookies: %{EmailSession.cookie_name() => cookie.value}}
|
||||
assert {:ok, "buyer@shop.com"} = EmailSession.get_email(conn)
|
||||
end
|
||||
|
||||
test "returns :error when no cookie present", %{conn: conn} do
|
||||
conn = %{conn | cookies: %{}}
|
||||
assert :error = EmailSession.get_email(conn)
|
||||
end
|
||||
|
||||
test "returns :error for invalid token", %{conn: conn} do
|
||||
conn = %{conn | cookies: %{EmailSession.cookie_name() => "invalid-token"}}
|
||||
assert :error = EmailSession.get_email(conn)
|
||||
end
|
||||
end
|
||||
|
||||
describe "clear_session/1" do
|
||||
test "deletes the cookie", %{conn: conn} do
|
||||
conn =
|
||||
conn
|
||||
|> EmailSession.put_session("test@example.com")
|
||||
|> EmailSession.clear_session()
|
||||
|
||||
assert conn.resp_cookies[EmailSession.cookie_name()].max_age == 0
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,45 @@
|
||||
defmodule BerrypodWeb.CheckoutSuccessControllerTest do
|
||||
use BerrypodWeb.ConnCase, async: false
|
||||
|
||||
import Berrypod.AccountsFixtures
|
||||
import Berrypod.OrdersFixtures
|
||||
|
||||
alias Berrypod.{EmailSession, Orders}
|
||||
|
||||
setup do
|
||||
user_fixture()
|
||||
{:ok, _} = Berrypod.Settings.set_site_live(true)
|
||||
:ok
|
||||
end
|
||||
|
||||
describe "GET /checkout/complete" do
|
||||
test "sets email session cookie and redirects to success page when order found", %{conn: conn} do
|
||||
order = order_fixture(%{customer_email: "buyer@test.com"})
|
||||
{:ok, order} = Orders.set_stripe_session(order, "cs_test_123")
|
||||
|
||||
conn = get(conn, ~p"/checkout/complete", %{"session_id" => order.stripe_session_id})
|
||||
|
||||
assert redirected_to(conn) == "/checkout/success?session_id=cs_test_123"
|
||||
|
||||
# Verify the email session cookie was set
|
||||
cookie = conn.resp_cookies[EmailSession.cookie_name()]
|
||||
assert cookie != nil
|
||||
assert cookie.max_age == 30 * 24 * 60 * 60
|
||||
end
|
||||
|
||||
test "redirects without setting cookie when order not found", %{conn: conn} do
|
||||
conn = get(conn, ~p"/checkout/complete", %{"session_id" => "nonexistent"})
|
||||
|
||||
assert redirected_to(conn) == "/checkout/success?session_id=nonexistent"
|
||||
|
||||
# No cookie should be set
|
||||
assert conn.resp_cookies[EmailSession.cookie_name()] == nil
|
||||
end
|
||||
|
||||
test "redirects to home when no session_id provided", %{conn: conn} do
|
||||
conn = get(conn, ~p"/checkout/complete")
|
||||
|
||||
assert redirected_to(conn) == "/"
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -4,6 +4,8 @@ defmodule BerrypodWeb.OrderLookupControllerTest do
|
||||
import Berrypod.AccountsFixtures
|
||||
import Berrypod.OrdersFixtures
|
||||
|
||||
alias Berrypod.EmailSession
|
||||
|
||||
setup do
|
||||
user_fixture()
|
||||
{:ok, _} = Berrypod.Settings.set_site_live(true)
|
||||
@@ -34,4 +36,27 @@ defmodule BerrypodWeb.OrderLookupControllerTest do
|
||||
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "enter your email"
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /orders/verify/:token" do
|
||||
test "sets email session cookie and redirects to orders page", %{conn: conn} do
|
||||
order_fixture(%{customer_email: "buyer@test.com", payment_status: "paid"})
|
||||
token = BerrypodWeb.OrderLookupController.generate_token("buyer@test.com")
|
||||
|
||||
conn = get(conn, ~p"/orders/verify/#{token}")
|
||||
|
||||
assert redirected_to(conn) == "/orders"
|
||||
|
||||
# Verify the email session cookie was set
|
||||
cookie = conn.resp_cookies[EmailSession.cookie_name()]
|
||||
assert cookie != nil
|
||||
assert cookie.max_age == 30 * 24 * 60 * 60
|
||||
end
|
||||
|
||||
test "returns error for invalid token", %{conn: conn} do
|
||||
conn = get(conn, ~p"/orders/verify/invalid-token")
|
||||
|
||||
assert redirected_to(conn) == "/contact"
|
||||
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~ "invalid"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -14,7 +14,7 @@ defmodule BerrypodWeb.Shop.OrdersTest do
|
||||
defp with_lookup_email(conn, email) do
|
||||
conn
|
||||
|> Phoenix.ConnTest.init_test_session(%{})
|
||||
|> Plug.Conn.put_session("order_lookup_email", email)
|
||||
|> Plug.Conn.put_session("email_session", email)
|
||||
end
|
||||
|
||||
describe "orders list — no session email" do
|
||||
|
||||
Reference in New Issue
Block a user